Privacy Policy

Last Updated: October 10, 2025

1. Introduction

VUNA Exchange Ltd ("we," "our," or "us"), a company incorporated in England and Wales under company registration number 16840719, is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our B2B marketplace platform connecting UK businesses with South African BPO service providers.

By accessing or using VUNA Exchange, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account Registration: Company name, registration number, email address, password, contact person details, phone number, physical address
  • Profile Information: Industry focus, services offered/needed, company size, website, business description, compliance documentation
  • Communications: Messages exchanged through our platform, support inquiries, feedback
  • Payment Information: Billing details, transaction history (payment processing handled by third-party providers)
  • Verification Documents: Business registration certificates, compliance certifications, POPIA attestations, industry accreditations

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, search queries, match interactions, time spent on platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Location Data: General geographic location based on IP address
  • Cookies and Tracking: Session data, preferences, authentication tokens

3. How We Use Your Information

We use collected information for the following purposes:

  • Platform Operations: Create and manage accounts, facilitate B2B matchmaking, enable communications between parties
  • Service Improvement: Analyze platform usage, develop new features, enhance matching algorithms
  • Verification and Security: Verify business legitimacy, prevent fraud, ensure platform security, maintain data integrity
  • Communications: Send transactional emails, platform updates, marketing communications (with consent), support responses
  • Legal Compliance: Comply with UK and South African legal obligations, respond to legal requests, enforce our terms
  • Analytics: Generate aggregated statistics, produce anonymized reports, measure platform performance

4. Information Sharing and Disclosure

4.1 With Other Platform Users

Your company profile information (excluding contact details for non-premium users) is visible to other verified platform users to facilitate business matching. Contact information is only shared with Premium (Partner+) plan subscribers or upon mutual agreement.

4.2 Service Providers

We may share information with trusted third-party service providers who assist in operating our platform, including hosting providers, payment processors, email service providers, and analytics services. These providers are contractually obligated to maintain confidentiality and use data only for specified purposes.

4.3 Legal Requirements

We may disclose information when required by law, legal process, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to regulatory requirements.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit and at rest using TLS/SSL protocols
  • Secure authentication mechanisms and password hashing
  • Regular security audits and vulnerability assessments
  • Access controls and authorization protocols
  • Secure cloud infrastructure with industry-leading providers
  • Regular backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to enhance our security measures.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Following account closure, we retain certain information as necessary for legitimate business purposes, legal compliance, dispute resolution, and enforcement of our agreements. Anonymized data may be retained indefinitely for analytics purposes.

Specific retention periods:

  • Active account data: Duration of account plus 12 months
  • Transaction records: 7 years (UK/SA tax and financial compliance)
  • Communications: 3 years from last interaction
  • Compliance documents: 7 years post-relationship

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request copies of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for specific purposes
  • Restriction: Request limitation of processing in certain circumstances
  • Withdrawal: Withdraw consent where processing is based on consent
  • Complaint: Lodge a complaint with relevant data protection authorities

To exercise these rights, contact us at privacy@vunaexchange.com or through your account settings.

8. International Data Transfers

VUNA Exchange operates across UK and South African jurisdictions. Your information may be transferred to, stored, and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Compliance with GDPR and POPIA requirements
  • Appropriate technical and organizational security measures

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance platform functionality, analyze usage, and provide personalized experiences. You can control cookie preferences through your browser settings, though some platform features may be affected.

Types of cookies used: Essential (authentication, security), Functional (preferences, settings), Analytics (usage statistics), Marketing (with consent).

10. Children's Privacy

VUNA Exchange is a B2B platform intended for business use only. We do not knowingly collect information from individuals under 18 years of age. If we become aware of such collection, we will take steps to delete the information promptly.

11. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or platform features. Material changes will be communicated via email or platform notification. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Officer

VUNA Exchange Ltd

Email: privacy@vunaexchange.com

Email: dpo@vunaexchange.com

13. Regulatory Compliance

This Privacy Policy is designed to comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (UK)
  • Protection of Personal Information Act (POPIA) 2013 (South Africa)
  • Electronic Communications and Transactions Act (ECTA) 2002 (South Africa)
  • Other applicable international data protection laws

We value your privacy

Vuna Exchange uses essential cookies to operate securely. With your consent, we also use analytics cookies to improve the platform during beta testing. Cookie Policy