Privacy Policy

APPLIES FROM 08/12/2021




Table Mountain Bikers, a company which is unincorporated and operating from South Africa.


Website Platform
A website that is operated by the Company and available at


Mobile Platform
No mobile platform available yet


Collective name that can refer to either or both the Mobile and Website Platforms


Privacy Policy
Latest version of the Table Mountain Bikers Privacy Policy


An individual user starting at age 18 or a legal entity that has read and agreed to the Terms of Business of Table Mountain Bikers and uses services of the Company provided through the Mobile or Website Platforms. May or may not have an account with the company.


The General Data Protection Regulation (EU) 2016/679 or such other equivalent regulation in any other country.


Purpose, Scope and Other Definitions

The Policy is meant for use by the Companies Users.

The Company is compliant with the applicable domestic and international laws for the General Data Processing Regulation, as well as other legislation applicable in the home country and country of services of the Company.

The Company has established this Privacy Policy in accordance with General Data Processing Regulation and laws, regulations and/or directives issued pursuant to GDPR and also other equivalent laws of the countries in which it operates.
This policy aims to provide Company’s Users with information on what type of information the Company collects, how it is used and the circumstances in which it could be shared with third parties.

Throughout this privacy statement, User’s data may be called either “personal data” or “personal information”. The Company may also sometimes collectively refer to handling, collecting, protecting and storing User’s personal data or any such action as “processing” of such personal data.

For the purposes of this statement, personal data shall mean any information relating to the User, which identifies or may identify the User and which includes, for example, User’s name, address and identification number.


Collection of personal data

The Company shall collect information necessary to fulfil legal obligations for the provision of services and to improve its service to you.

The Company will gather information and documentation to identify, contact or locate Users and may gather information from third parties and or other sources, which will help it to offer its services effectively.

As a User, an individual is responsible for providing true and accurate information and for keeping the Company informed of any changes in User’s personal information or circumstance by emailing The Company support


Purpose of collecting and processing personal data

In order to process transactions, render services and enhance User support. User’s personal data will be used for specific, explicit and legitimate purposes only.


Performance of contractual obligations

The personal data collected from Users is used to verify User’s identity, to manage User’s account on the Platform, to process User’s transactions, to provide Users with post-transaction information, to inform Users of additional products and/or services relevant to the User’s profile, to produce analysis and statistical data which will help the Company improve its products and services, and improve the Platform.


Compliance with legal obligations

There are a number of legal obligations arising from the relevant laws to which the Company is subject, as well as other statutory requirements.

Such obligations and requirements impose on the Company the necessity to perform personal data processing activities for possible credit checks, identity verification, compliance with court orders, tax law or other reporting obligations, if any.


Purposes of safeguarding legitimate interests

The Company processes personal data to safeguard legitimate interests pursued by the Company or by a third party. A legitimate interest is when the Company has a business or commercial reason to use the User’s information. Even then, it must not unfairly go against what is right and best for the User.

Examples of such processing activities include:

initiating court proceedings and preparing our defence in litigation procedures;
measures and processes we undertake to provide the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures;
measures to manage business and further develop the Company’s products and services;
the transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons and/or charge and/or encumbrance over, any or all of the Company’s benefits, rights, title or interest under any agreement between the User and the Company.


Marketing Purposes

The Company may use User data, such as location or transaction history to deliver any news, analysis, research, reports, campaigns or training opportunities that may interest the User, to their registered email address.
User always has the right to change the option if they no longer wish to receive such information.


Controlling and processing User’s personal data

The Company and any agents that it engages for the purpose of collecting, storing or processing personal data and any third parties acting on the Company’s behalf may collect, process and store personal data provided by the User.
For the purpose of processing and storage of personal data provided by the User in any jurisdiction within the European Union or outside of the European Union, the Company hereby confirms that this will be done in accordance with all applicable laws.


Authorised Processor

The company may also use authorised external processors for User data processing based on concluded service agreements, which are governed by instructions from the Company for protection of User-related data. The agreements are important so that both parties understand their responsibilities and liabilities.

The Company has a regulatory obligation to supervise and effectively oversee the outsourced functions and to act appropriately when it determines that the service provider is not performing the said functions effectively and in accordance with applicable legislation.

The Company may use or disclose personal information without User’s consent only in certain circumstances:

if required by law or by order of a court, administrative agency, or other government entities;

if there are reasonable grounds showing disclosure is necessary to protect the rights, privacy, property, or safety of users or others;

if the Company believes the information is related to a breach of an agreement or violation of the law, that has been, is being, or is about to be committed;

if it is necessary for fraud protection, risk reduction, or the establishment or collection of funds owed to the Company;

if it is necessary to enforce or apply the Terms and Conditions and other agreements, to pursue remedies, or to limit damages to the Company;

for other reasons allowed or required by law;

if the information is public.

When the Company is required or permitted to disclose information without consent, the Company will not disclose more information than necessary to fulfil the disclosure purpose.

the Company urges all Users to maintain confidentially and not share with others their usernames or passwords whether private or as provided by the Company. The Company bears no responsibility for any unlawful or unauthorised use of Users’ personal information due to misuse or misplacement of Users’ access codes (i.e. passwords /credentials), negligent or malicious, however conducted.


How the Company treats User’s personal data for marketing activities

The Company may process User’s personal data to inform Users about products, services or offers that may be of interest to them. The personal data that the Company processes for this purpose consists of information Users provide to the Company and data the Company collects and/or infers when Users use the services on the Platform, such as information on User’s transactions. The Company studies all such information to form a view of what is needed or what may be of interest to the Users.

In some cases, profiling may be used. Profiling is a process where User’s data is automatically processed with the aim of evaluating certain personal aspects and further providing the User with targeted marketing information on products.

the Company can only use User’s personal data to promote its products and services if the Company has the User’s explicit consent to do so – by clicking the check box when filling out the form to open an account or, in certain cases, if the Company considers that it is in the User’s legitimate interest to do so.

Further, Users have the option to choose whether they wish to receive marketing-related emails (Company news, information about campaigns, the Company’s newsletter, etc.) sent to the User’s provided email address by clicking the relevant check box when filling out the form to open an account.

Users have the right to object at any time to the processing of User’s personal data for marketing purposes or unsubscribe from receiving marketing-related emails from the Company, by contacting the Company’s User support department at any time in the following ways:

By Email:
Website customer support


Period of keeping User’s personal information

The Company will keep User’s personal data for:

As long as a business relationship exists with the User, either as an individual or a legal entity, which the User is authorised to represent or of which the User is a beneficial owner;

Once business relationship with a User has ended, the Company is required to keep the User’s data for a period of five years to meet regulatory and legal requirements. In some cases, this period may be extended.

When the Company no longer needs to keep the User’s personal data, it will securely delete or destroy it.


User’s rights

User has the right to request copies of his/hers personal data. Information must be provided without delay and within one month of receipt of request at the latest. The Company may extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, it will inform Users within one month of the receipt of request and explain why the extension is necessary.

The Company must provide a copy of the information free of charge. However, the Company can charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive.

The fee, if applied, will be based on the administrative cost of providing the information and on delivery expenses if the User requests that the information be delivered in hard copy. If at any time the Company refuses to respond to a request, it will explain why to the User, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and within one month at the latest.


When information is provided:

The Company will verify the identity of the person making the request, using reasonable means.


When should personal data be rectified?

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
Users can make a request for rectification verbally or in writing.

If the Company has disclosed personal data in question to others, it must contact each recipient and inform them of the restriction on processing the personal data, unless this proves impossible or involves disproportionate effort. If asked to, the Company must also inform the individuals about these recipients.


Other related information

The Company uses appropriate technical, organisational and administrative security measures to protect any information it holds in its records from loss, misuse, unauthorised access, disclosure, alteration or destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure and other factors may compromise the security of User information at any time.

Among other practices, User’s account is protected by a password for User’s privacy and security. Users must prevent unauthorised access to User’s account and Personal Information by selecting and protecting User’s password carefully and limiting access to User’s computer or device and browser by signing off after finishing accessing the User’s account.

Transmission of information via regular email exchange is not always completely secure. The Company, however, exercises all possible means to protect Users’ personal data; yet it cannot guarantee the security of User data that is transmitted via email; any transmission is at the Users’ own risk. Once the Company has received User information it will use procedures and security features in an attempt to prevent unauthorised access.

When Users email the Company (via the “Contact Us” page or by using the Live Chat feature) a person may be requested to provide some additional personal data, like their name or email address. Such data will be used to respond to their query and verify their identity. Emails are stored in the Company’s standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.


Raising a concern

Users have the right to be confident that the Company handles User’s personal information responsibly and in line with good practices.

If a User has a concern about the way the Company handles User’s information, or if a User feels the Company may, for example;

not keep User’s information secure;

hold inaccurate information about the User;

have disclosed information about the User;

keep information about the User for longer than is necessary; or

collect information for one reason and use it for something else;

Then the User must contact the company and/or stop using its services. The Company takes all concerns seriously and will work with the User to resolve any such concerns.

Any concerns and/or requests may be raised with the appointed Data Protection Officer whose contact information is below:

If the User is not satisfied with any response provided by the Company, the User has a right to raise such matters with the relevant government authority.

The User has the right go to court or to escalate their complaint to the data protection regulator in their jurisdiction for the protection of rights, unless applicable laws prescribe a different procedure for handling such claims.


Changes to this privacy statement

The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.

If any changes are made to this privacy statement, the Company shall notify the Users accordingly. The Company does, however, encourage the Users to review this privacy statement occasionally so as to always be informed about how the Company processes and protects the User’s personal information.



The Company’s website uses small files known as cookies to enhance its functionality and improve User’s experience.

A cookie is a small text file that is stored on a User’s computer for record-keeping purposes. The Company uses cookies on the Platform(s). The Company links the information it stores in cookies to any personally identifiable information the User submits while on the Platform. The Company uses both session ID cookies and persistent cookies. A session ID cookie does not expire when the User closes the browser. A persistent cookie remains on User’s hard drive for an extended period of time.

A User can remove persistent cookies by following directions provided in the User’s Internet browser’s “help” file.

The Company sets persistent cookies for statistical purposes. Persistent cookies also enable the Company to track and target the location and interests of the Users and to enhance the experience of Company’s services on the Platform.

If a User rejects cookies, the User may still use the Platform

Some of Company’s business partners use cookies on the Platform. The Company has no access to or control over these cookies.


Monitoring and Review

The Company will monitor the effectiveness of this Policy on a regular basis and, in particular, the quality of execution of the procedures explained in the Policy and, where appropriate, it reserves the right to correct any deficiencies.

In addition, the Company will review the Policy at least annually. A review will also be carried out whenever a material change occurs that affects the ability of the Company to continue to the best possible result for the execution of its Users’ orders on a consistent basis using the venues included in this Policy.

The Company will inform its Users of any material changes to this Policy by posting an updated version of this Policy on its Website(s).