Privacy Policy

Last updated: April 2021

1. Arlogenix (Pty) Ltd

Arlogenix (Pty) Ltd, together with its subsidiaries and affiliates (collectively referred to as "we"," "our" or "us"), recognizes the critical importance of protecting the privacy of our customers and is strongly committed to protecting your privacy in accordance with this policy. This commitment extends to the personal information collected through our domestic and international websites (collectively, our "Websites") and our web-based, mobile software applications and services (collectively, our "Applications").

Arlogenix (Pty) Ltd incorporates elements of POPIA and follows South African data protection legislation. This approach ensures compliance with the local data protection framework and emphasizes the following issues:

- GDPR: General Data Protection Regulation
- POPIA: Personal Data Protection Act, 2013
- Users/customers/clients: Individuals, organizations or entities that use our services
- Third party: Any person or organization associated with Arlogenix (Pty) Ltd
- Arlogenix (Pty) Ltd: The organization

Key personal data protection issues:
1. Choice and consent
2. Privacy Principles
3. Data Security
4. General provisions
5. Lawful, fair and transparent processing
6. Data minimization
7. Security
8. Cross-border data transfers
9. Notification of data breaches

Please read this policy carefully to understand that we are committed to complying with South African data protection laws and are committed to protecting your privacy.

2. Information We Collect

In order to effectively provide our services, Arlogenix (Pty) Ltd may collect, use and disclose information provided by users, including but not limited to personal

Information that can identify an individual. Users have the option not to disclose personal information at certain times while using our product.
However, should a user choose not to provide essential data required for services, a particular product or feature, they may not be able to access the services or use said product or feature. The data we collect includes, but is not limited to:

- Names and contact information (e.g. phone number, email address).
- Travel information (e.g. passport number, driving license number, nationality, date of birth, gender).
- Travel and meeting preferences (e.g. seating and meal preferences, frequent flyer miles).
- Payment and banking information (e.g. credit card details).
- We do not store credit card information; Peach Payment serves as our secure payment gateway service provider.
- Credentials, including logins, employee IDs, passwords and user IDs.

3. Location Data

We collect location data over a certain period of time. These location data records are not linked to the user’s profile. This information includes latitude, longitude, time and speed of travel and geographic identities. We collect the user’s endpoint location information associated with the lifecycle of a user’s journey.

location data is only collected while the product is in the foreground of a user’s device (unless the product explicitly states otherwise) and if you have granted the product access to your device’s location services.

The Product collects your preferences, including preferred routes, saved locations and other personal customisations or disabled Product networks.

The Product also automatically collects usage details each time you use our Product, including the country of origin, the searches you perform, the routes you interact with, the type of phone or operating system you use, etc.

When you book or purchase mobility services directly through the Product, in supported cities, we may collect your name, phone number, postcode, email address, physical address, payment information and other elements necessary to complete a transaction.

We do access the contacts and calendar events on your device if you give us explicit permission to do so, but this information is stored locally on your device and is not stored or uploaded to our servers.

Unless you give your consent, Arlogenix (Pty) Ltd will not collect or share your information for direct marketing purposes.

4. Data Protection Principles

We are committed to processing data in accordance with POPIA and GDPR. POPIA protects personal data by striking a balance between privacy and other rights and protecting vital interests. Article 5 of the GDPR requires specific, lawful data collection, limited processing and secure storage. We are committed to complying with these principles for responsible and secure data processing.

5. Lawful, Fair And Transparent Processing

The provision of services involves the fulfilment of obligations to customers, while communication involves contacting customers by email, post, telephone or via our websites/apps. Understanding users focuses on understanding user preferences and tailoring offers accordingly, and customer care is dedicated to providing support services. Payment processing covers the processing of payments for customer transactions.

Marketing communication includes the sending of information about products or services with prior consent. Analyses and reports include the creation of pseudonymised profiles for reporting purposes, and the restoration of settings ensures that user preferences are restored on different devices.

We measure product usage and certain features and offer rewards such as credits or promo codes for mobility providers. Location data processing includes the generation of real-time vehicle location data, and data security and transfer focuses on the secure transfer of usage details and proof of authorisation.

Our commitment to product development focuses on continuous improvement based on user feedback, while research and analysis focuses on understanding user habits and the use of public transport. Identifying and correcting bugs is part of our commitment to a seamless product, and customer support includes responding to emails and providing assistance.

We strictly adhere to data protection regulations and ensure compliance with applicable laws and obligations. If you have any concerns, please do not hesitate to contact us at

6. Accuracy

a. As a significant portion of our data comes from third party providers, the organisation disclaims liability for complications arising from inaccuracies in the data they provide. However, in the event of litigation or other circumstances requiring disclosure of data sources, the organisation undertakes to disclose these sources responsibly, taking into account the interests of the parties involved.

b. In order to maintain the lawful basis for data processing, proactive measures will be taken as necessary to ensure the accuracy and timeliness of personal data.

7. Archiving / Removal

a. To ensure that the personal data is not kept longer than necessary, the Organization shall put in place an archiving policy for each area in which personal data is processed and review this process annually.

b. The archiving policy shall consider what data should/must be retained, for how long, and why.

8. Security

a. The Organization shall ensure that personal data is stored securely using modern software that is kept-up-to-date.

b. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.

c. Based on the relevant legislative provision (i.e Section 23 of the FICA act) When personal data is deleted the organization would retain a backup copy. Once the timeframe elapses, the removal of such records should be done safely to ensure that the data is irrecoverable.

9. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, the organization shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the relevant authorities.

We're here to help

Contact Us