Governance & Policies

TAASA · Privacy Policy

Privacy Policy

How TAASA — the Traditional Archery Association of South Africa — collects, uses, stores, and protects your personal information, in line with POPIA.

  • Effective 13 June 2026
  • Updated 13 June 2026
  • 15 sections

Who we are

This Privacy Policy explains how the Traditional Archery Association of South Africa ("TAASA", "we", "us", "our") collects, uses, stores, and protects your personal information when you use our website and member platform at traditionalarchery.org.za and user.traditionalarchery.org.za (the "Platform").

TAASA is the responsible party (as defined in the Protection of Personal Information Act, 4 of 2013 — "POPIA") for the personal information processed through the Platform.

  • Legal name: Traditional Archery Association of South Africa NPC
  • Registration number: 2025/669909/08
  • Registered address: Pinati Estate, Cape Town, Western Cape, 7780
  • Email: traditionalarcherysa@gmail.com

We are committed to processing your personal information lawfully, fairly, and transparently, in accordance with POPIA.

Our Information Officer

In terms of POPIA, our Information Officer is responsible for ensuring our compliance with the Act and for handling requests and complaints relating to personal information. Our Information Officer is registered with the Information Regulator (South Africa).

You may contact our Information Officer in respect of any matter dealt with in this policy.

The personal information we collect

We collect and process the following categories of personal information:

  • Identity and contact details — your name, surname, email address, mobile number, date of birth, nationality, and competition category.
  • Identity verification — your South African ID number or passport number, which we use to verify your identity and membership eligibility.
  • Address — your suburb, city, province, and postal code.
  • Membership and archery information — your club or school affiliation, membership category and status, and archery background (such as the disciplines you practise, the year you began practising, and your home club or affiliation).
  • Emergency contact — where you provide one, the name, relationship, and mobile number of your emergency contact.
  • Guardian details (members under 18) — for a youth member, the name, relationship, telephone number, and email address of the parent or legal guardian who provides consent, and the date that consent was given.
  • Account and authentication data — your email address and password, which you use to sign in to your account. Passwords are never stored in plain text; they are stored only in hashed form (a one-way transformation that cannot be reversed).
  • Documents you upload — any documents or images you submit through the Platform (for example, your South African ID or passport document and a profile photograph). Where you upload images, location metadata (EXIF) is stripped on upload.
  • Technical information — limited technical data generated when you use the Platform, such as your IP address and browser type, processed by our hosting provider to deliver and secure the service.

We collect personal information directly from you when you register, complete or update your profile, request membership changes, upload documents, or otherwise correspond with us.

Why we process your personal information

We process your personal information for the following purposes:

  • to create and manage your member account and authenticate your sign-in;
  • to administer your TAASA membership, including club and school affiliations;
  • to communicate with you about your membership, events, and Platform updates;
  • to process and review documents and profile change requests you submit;
  • to maintain the security and integrity of the Platform; and
  • to comply with our legal and regulatory obligations.

We rely on one or more of the following lawful grounds under POPIA: your consent; the conclusion or performance of a contract with you (your membership); compliance with a legal obligation; and our legitimate interests in running the Association and its Platform.

Providing your personal information is voluntary, but certain information is necessary to create and maintain a member account. If you choose not to provide it, we may be unable to offer you membership or Platform access.

Members who are minors

Membership is open to applicants aged 14 and older. Where an applicant is under 18, the sign-up process flags them as a youth member and requires a parent or legal guardian to provide their details and consent before we process the minor's personal information, in accordance with POPIA. A parent or guardian may exercise the rights set out in this policy on the minor's behalf. If you believe we have collected a minor's information without the required consent, please contact our Information Officer and we will take appropriate steps.

Special personal information

We do not intentionally collect "special personal information" (such as information about your health, religious or philosophical beliefs, or biometric data) unless you voluntarily provide it or it is necessary for a specific, lawful purpose. Where we do, we process it only with your consent or as otherwise permitted by POPIA.

Who we share your information with

We do not sell your personal information. We share it only with the service providers ("operators") that we rely on to run the Platform, and only to the extent necessary. These include:

  • Cloudflare — website and application hosting, content delivery, database (D1), and file storage (R2).
  • Resend — delivery of transactional and notification emails (such as password-reset and set-password links, and membership notifications).

These operators process personal information on our behalf under agreements that require them to keep it secure and to process it only on our instructions. We may also disclose personal information where required by law or to protect our rights.

Cross-border transfers

Some of our operators process or store personal information outside South Africa. In particular, Cloudflare operates a global network and may process data on servers located in various countries, and Resend processes email delivery from the European region (Ireland).

Where personal information is transferred outside South Africa, we take reasonable steps to ensure it is afforded a level of protection consistent with POPIA, including by relying on operators who are subject to laws, binding rules, or contractual arrangements that provide adequate protection, as required by section 72 of POPIA.

How we keep your information secure

We apply appropriate technical and organisational measures to safeguard your personal information against loss, unauthorised access, and unlawful processing, including:

  • passwords stored only in hashed form, never in plain text;
  • authenticated, access-controlled serving of uploaded documents;
  • stripping of location metadata (EXIF) from uploaded images; and
  • encrypted transmission of data over the Platform.

While we take reasonable measures to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

How long we keep your information

We keep your personal information for as long as you remain a TAASA member. Membership runs in renewal cycles: when your membership is due for renewal we email you and flag your profile so you can confirm your details are still correct, which renews your membership and keeps your information accurate and your consent current.

If your membership lapses and is not renewed, we retain your profile for up to 12 months — so you can rejoin easily — after which we delete or de-identify it; each renewal resets this period. Records of payments are kept for 5 years to meet our tax and accounting obligations. Identity documents and your SA ID or passport number are kept only while needed to verify your membership and are deleted sooner, leaving only your verified status. For members under 18, we keep information until they reach 18, after which the above applies. You may request deletion of your account and associated personal information at any time, subject to any retention we are legally required to maintain.

Cookies and analytics

The Platform uses cookies and similar technologies that are strictly necessary to keep you signed in and to operate securely. We do not use analytics or advertising cookies. Our sign-in and password-reset forms use Cloudflare Turnstile to help prevent automated abuse, which may set a cookie strictly for that security purpose.

Your rights as a data subject

Under POPIA, you have the right to:

  • be notified that we are collecting your personal information;
  • request access to the personal information we hold about you;
  • request that we correct, update, or delete inaccurate, irrelevant, or excessive personal information;
  • object, on reasonable grounds, to the processing of your personal information;
  • withdraw consent where processing is based on consent (this does not affect processing already carried out); and
  • lodge a complaint with the Information Regulator.

To exercise any of these rights, please contact our Information Officer using the details in section 2.

Lodging a complaint

If you believe we have not handled your personal information in accordance with POPIA, we ask that you first contact our Information Officer so that we can address your concern. You also have the right to lodge a complaint directly with the Information Regulator:

Information Regulator (South Africa)

(Please confirm the Regulator's current contact details on their website before publishing.)

Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on the Platform, with the "Last updated" date amended accordingly. Material changes will be communicated to members where appropriate.

Contact us

For any questions about this Privacy Policy or how we handle your personal information, contact our Information Officer at tariqjacobs@gmail.com.

Privacy Policy · Effective 13 June 2026 · Last updated 13 June 2026.

All governing documents