This manual was prepared in accordance with the Protection of Personal Information Act 4 of 2014 (as amended)
INDEX
An Introduction and Purpose of this Privacy Policy
Responsible Party and Data Protection Contact
What is Personal Information
Purpose and Legal Basis of Data Processing
Access Authorizations on Your Device
Cookies and Similar Technologies
Integrated Third-Party Services
Sources and Categories of Data from Third Parties
Recipients of Personal Data
Destruction of Information
Use of Personal Information
Your Rights as a Data Subject
Links to Third-Party Offerings
Security
Effective Date
PRIVACY POLICY
1. An introduction and Purpose of this Privacy Policy
1.1.  We, LSM Distributors (Pty) Ltd t/a Kyalami Grand Prix Circuit & International Convention Centre (hereinafter referred to as “we”, “us”, or “Kyalami”), are committed to protecting your personal information and respecting your privacy.
1.2.  This Privacy Policy outlines how we collect, use, and safeguard your personal data in accordance with the Protection of Personal Information Act (“POPIA”), and where applicable, the General Data Protection Regulation (“GDPR”).
1.3.  The purpose of this policy is to acknowledge the importance of, and provide a framework for, the appropriate level of protection in the identification, collection, holding, use, dissemination, merging, collating, disclosure, and safeguarding of personal information (“processing”) of current, past, and prospective consumers, customers, suppliers, business contacts, employees, and other individuals encountered in the course of our business activities (“data subjects”).
2. Responsible Party and Data Protection Contact
2.1. The party responsible for data processing under applicable data protection laws is:
Alexandra Tydeman
Telephone: +27 (0)11 466 0204
Email: alexandra.t@kyalamigrandprixcircuit.com
3. What is Personal Information?
3.1. Â Personal information refers to any data that identifies or can be used to identify a natural or juristic person.
3.2.  At Kyalami, this includes—but is not limited to—names, addresses, contact numbers, email and website addresses, identification or registration numbers, VAT and tax reference numbers, and usage data collected through our online platforms.
3.3. Â We may also process sensitive information such as race, health status, criminal records, and remuneration details of employees and candidates, which constitutes Special Personal Information under the POPIA.
3.4. Personal information is collected directly from data subjects, via the internet and social media, and in some cases from third parties such as agents, service providers, customers, advisers, and government departments. This may include correspondence, banking details, and authorised representative information, as well as personal data received from responsible parties where Kyalami acts as an operator.
4. Purpose and Legal Basis of Data Processing
4.1. Â At Kyalami, we process personal information in accordance with the POPIA, and where applicable, the GDPR. Personal data may be processed in connection with enquiries or interactions with our online services, even in the absence of formal registration.
4.2. Â We process personal information for the following purposes and on the following legal bases:
Consent: Where you have provided explicit consent for a defined purpose. You may withdraw your consent at any time, with future effect.
Change of Purpose: If we intend to use your personal information for a purpose other than that for which it was originally collected, we will assess the compatibility of the original and new purposes before proceeding.
Profiling: While we do not engage in automated decision making, profiling may be conducted strictly within the scope of the purposes outlined in this Privacy Policy.
4.3. Â We collect personal information from various sources, including:
Directly from data subjects;
Documentation provided by data subjects;
Customers, service providers, and other third parties;
Our websites and social media platforms, including through cookies and other sign-ups;
Telephone calls, emails, and other communications; and
4.4. This framework ensures that all data processing activities are lawful, transparent, and aligned with the rights and expectations of our data subjects.
5. Access Authorizations on Your Device
5.1. Certain features of our online services may require access to your device (e.g., location services, camera). Granting these permissions is voluntary and can be revoked manually at any time.
6. Cookies and Similar Technologies
6.1. Â We use cookies and similar technologies to enhance your experience.
Essential cookies are required for core functionality.
Analytical and marketing cookies are used only with your explicit consent.
6.2. Â You can manage your preferences via our Consent Management Platform.
7. Integrated Third-Party Services
7.1. We may integrate third-party services (e.g., video players, maps) to enhance your experience. These services may involve data processing necessary to deliver the selected functionality. Please refer to the respective third-party provider’s privacy policy for more information.
8. Sources and Categories of Data from Third Parties
8.1. We may process personal information obtained from third parties or publicly available sources, including:Â
9. Recipients of Personal Data
9.1. It is not Kyalami’s policy to share personal information with third parties, except in specific circumstances. Where contact information is required for event-related services to be rendered by approved subcontractors, the type of information to be shared will be discussed with the client.
9.2. When personal information is shared with third-party operators:
They are carefully selected and required to implement appropriate security measures.
They must sign an agreement with Kyalami that complies with sections 19 to 22 of POPIA.
For international transfers, section 72 of POPIA will be adhered to.
9.3. In certain cases, personal information may be disclosed to law enforcement agencies without the data subject’s consent, but only to the extent permitted by law and after verifying the legitimacy of the request, including seeking legal counsel where necessary.
10. Destruction of Information
10.1. Â Personal information will be securely destroyed upon:
Expiry of the retention period; and/or
Approval of a deletion request by the Information Officer.
10.2. Â Secure destruction methods include:
Shredding paper documents locally or via approved bulk disposal.
Physical destruction of electronic devices and media to prevent data recovery.
Ensuring third-party destruction services comply with this policy and applicable laws.
10.3. Â Destruction may be suspended in cases of pending litigation, audits, or investigations. Employees and processors will be notified of any such suspension.
11. Use of Personal Information
11.1. For non-employees:
Product and service delivery;
Communication and marketing (with consent);
Business operations, analytics, and customer service;
IT infrastructure and records management;
Complaint and query handling;
Contractual compliance; and/or
Payroll and HR records;
Emergency communication and health/safety; and/or
Internal communication and legal compliance;v
11.3. Â Kyalami does not sell, trade, or rent personal information to third parties for marketing purposes. Data subjects may opt out of communications at any time.
12. Your Rights as a Data Subject
12.1. You have the right to:
Access your data;
Request correction or deletion;
Restrict processing;
Data portability;
Object to processing or direct marketing;
Withdraw consent; and/or
Lodge a complaint with a supervisory authority.
13. Links to Third-Party Offerings
13.1. Our Online Services may include links to third-party services. These are operated independently, and we are not responsible for their content or data processing practices. Please consult their privacy policies.
14. Security
14.1. We implement appropriate safeguards to protect your personal data. This includes administrative, technical, and physical measures. While we strive to protect your data, no system is entirely immune to risks.
15. Effective Date
15.1. This Privacy Policy is effective as of 1 January 2025 and will be updated as necessary to reflect changes in legal requirements, business practices, or technology.