PRIVACY POLICY

TABLE OF CONTENTS
1. INTRODUCTION
2. WHY DO WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION?
3. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
4. DO WE COLLECT INFORMATION OF MINORS?
5. HOW LONG DO WE KEEP YOUR INFORMATION?
6. HOW DO WE KEEP YOUR INFORMATION SAFE?
7. WHAT ARE YOUR RIGHTS IN TERMS OF POPIA?
8. DATA BREACH?
9. DO WE MAKE UPDATES TO THIS POLICY?
10. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

1. INTRODUCTION
At The Fat Butcher, we are committed to protecting your Personal Information and your right to privacy. We have adopted this Privacy Policy to let you know how, why, and when we use your Personal Information. We also strive to comply with the Protection of Personal Information Act 4 of 2013 (“the POPI Act”).

Reading this Privacy Policy will help you make informed decisions about sharing your Personal Information with us.

Keep in mind that “Personal Information” has the meaning ascribed to it in the POPI Act, which refers to information relating to an identifiable, living, natural person, and in certain instances, an identifiable, existing juristic person (like a company), for example information relating to your gender, date of birth, physical address, telephone number, financial information, and history etc.

2. WHY DO WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION?
We use the Personal Information we collect for a variety of legitimate business purposes. When you contact us or use our websites, we collect the information you share to be able to respond to you, confirm your reservation, understand your requirements, process your product orders, deliver the products that you have purchased and to otherwise make our services and products available to you. To do so, we might need to identify you, be able to
contact you, enter into a contract with you and, know your delivery address.

We do our best to collect and process Personal Information in a manner that is reasonable, relevant, non-excessive and purpose-specific. The Personal Information that we collect and process will therefore depend on your interaction with us.

3. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
We will only share information with your consent, to comply with laws, to provide the services and products to you, to protect your rights, or to fulfil business obligations.

We may have to share your personal information with some of our trusted service providers and suppliers.

We use these service providers and suppliers to:
- assist us with our communication with you;
- make it easier for you to make bookings and payments with us;
- ensure that we provide the best possible experience for you;
- provide our IT infrastructure;
- store our data and information;
- maintain our website; and
- help us manage our business.

We use Payfast by Network, an online payment processing service, to accept online payments when you buy a product on our online store at https://shop.fatbutcher.co.za. When you purchase a product your personal information may be processed through Payfast by Network’s servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here
(https://payfast.io/privacy-policy/).

We use Microsoft Office 365’s cloud service to store our information, including our customers’ information. Microsoft stores all our content on its servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://privacy.microsoft.com/engb/
privacystatement).

We process and store customer information through Dineplan to manage our reservations. Dineplan stores the information on its servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://www.dineplan.com/terms/privacy).

We use Sage VIP and Paster for our accounting and payroll. Some of the information will be stored on Sage’s services. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://www.sage.com/en-za/legal/privacy-and-cookies/protection-ofpersonal-
information/).
We also use Snapscan and Yoco payment gateways to accept payments from our customers.

Snapscan. We believe that they both provide an adequate level of protection for the personal information you
provide to them when making a payment. You can read their respective privacy policies at the following links:
https://www.snapscan.co.za/privacy-statement and https://a.storyblok.com/f/111633/x/e7e1e1778c/privacypolicy-
28-august-2024.pdf
Other information we collect:
Like many businesses, we also collect information through cookies and similar technologies. Our websites
automatically collect and process some of your information when you access and use them.
This information does not reveal your identity (like your name or contact information) but may include device and usage information, like your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site and other
technical information.
This information is primarily needed to maintain the security and operation of the sites, and for our internal analytics and reporting purposes. When you visit the sites, we will request your consent to collect this information in our cookie notice.

4. DO WE COLLECT INFORMATION OF MINORS?
We do not knowingly collect data from or market our services to minors, unless a minor makes a reservation with us without disclosing that they are a minor.
If we learn that the Personal Information of a minor has been collected, we will take reasonable measures to promptly delete all related Personal Information data from our records. If you become aware of any data we have collected from a minor, please contact us immediately.

5. HOW LONG DO WE KEEP YOUR INFORMATION?
We will keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we do not have a purpose for which we need to process or retain your Personal Information, we will either delete or anonymise it as soon as possible.

Your access to and use of the site and our services mean that you consent to us retaining records of your Personal Information for no longer than may be necessary to achieve the original purpose for which the information was collected or processed.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented reasonable and appropriate technical and organizational security measures designed to protect the security and integrity of any Personal Information we process. This is to prevent loss of, damage to, or unauthorised destruction of Personal Information and unlawful access to, and processing of, Personal Information.
Our servers are all password protected and we encrypt any information that we can through our service providers. We also do not open our organizational services to third parties without ensuring that they will adhere to this policy.

7. WHAT ARE YOUR RIGHTS IN TERMS OF POPIA?
If you can prove that Personal Information belongs to you by proving your identity, you have the right to:
1. ask what personal information we have about you;
2. ask what personal information was sent to our suppliers, service providers, or any third party;
3. ask us to update, correct, or delete any out-of-date or incorrect personal information we have about you;
4. unsubscribe from any direct marketing communications we may send you,
5. object to the processing of your personal information; and
6. submit a complaint to the Information Regulator (the contact details of the Information Regulator are available at: https://justice.gov.za/inforeg).

We must comply with your requests within 21 days unless we have a credible reason for being unable to. If we cannot agree whether to correct or delete your Personal Information as requested we will indicate that a correction or deletion was requested but was not made.

8. DATA BREACH?
We have implemented reasonable security measures based on the sensitivity of the information we hold. These measures are in place to protect the information from being disclosed without authorisation, from loss, misuse and unauthorised access, and from being altered or destroyed. If you suspect that we (or you) may have had a security
breach, please notify our Information Officer immediately by sending an email to rita@fatbutcher.co.za. Please include as much information about the suspected breach as possible.

9. DO WE MAKE UPDATES TO THIS POLICY?
We will update this Privacy Policy every now and then. The updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we will notify you either by posting a notice of such changes or by directly sending you a notification.

10. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may contact us at the details below.

Business name: Fat Butcher Restaurants (Pty) Ltd, a private company with limited liability
registered in South Africa with registration number 2012/150044/07
Physical address: 1 Van Riebeeck Street, Stellenbosch, Western Cape, South Africa, 7600
We also choose this address for the service of legal documents.
Information Officer: Rita Swart
Phone number: +27 21 882 8705
Websites: www.fatbutcher.co.za & shop.fatbutcher.co.za
Email address: rita@fatbutcher.co.za