WhatsApp Us

Privacy Policy

Last Updated: 27 March 2026

1. Introduction

Kimberley Driving School (“KDS”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal information in accordance with the Constitution of the Republic of South Africa, the Protection of Personal Information Act 4 of 2013 (“POPIA”), applicable PAIA requirements, and other applicable South African laws.

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information when you:

  • visit our website;
  • contact us by phone, email, WhatsApp, social media or online forms;
  • enquire about or register for learners, theory, simulator, video training or driving lessons;
  • make payments to us;
  • attend theory classes, simulator sessions, practical video training or on-road lessons; or
  • otherwise interact with Kimberley Driving School.

By using our website or providing your personal information to us, you acknowledge that you have read this Privacy Policy and understand how your personal information will be processed, subject always to your rights under POPIA.

2. Responsible Party

For purposes of POPIA, the responsible party is:

Kimberley Driving School
Email: info@kbydriving.co.za
Phone / WhatsApp: 061 868 3072
Location: 14 Long Street, New Park, Kimberley, South Africa

For privacy-related requests, objections, corrections, deletions, complaints or access requests, you may contact us using the details above and mark your request for the attention of the Information Officer.

3. What Personal Information We Collect

Depending on how you interact with us, we may collect and process the following categories of personal information:

3.1 Identification and contact information

  • full names and surname;
  • ID number or other identification details;
  • date of birth;
  • phone number;
  • WhatsApp number;
  • email address;
  • residential or postal address;
  • emergency contact details; and
  • parent or guardian details where the learner is under 18.

3.2 Service and training information

  • the code/course you are applying for;
  • hours purchased;
  • current learners licence status;
  • appointment and test-related information;
  • trip, booking and scheduling information;
  • training history;
  • instructor notes;
  • client training checklists;
  • compulsory assessment results;
  • theory test results;
  • readiness-for-test assessments; and
  • other information needed to provide theory training, practical video training, simulator sessions and driving lessons.

3.3 Supporting documents and records

  • proof of address;
  • proof of payment;
  • photographs;
  • eye-test confirmation or related documentation;
  • learner’s licence records;
  • blue forms and similar licensing-related documents; and
  • records submitted for bookings, appointments or testing support.

3.4 Communications and enquiry information

  • messages submitted through our website;
  • email correspondence;
  • WhatsApp communications;
  • call records or call notes;
  • complaints, feedback and service queries; and
  • preferences relating to services or communications.

3.5 Website and technical information

When you visit our website, we may collect:

  • IP address;
  • browser type;
  • operating system;
  • referring website;
  • device identifiers;
  • pages viewed;
  • dates and times of visits; and
  • cookie and similar technology data.

3.6 Marketing and media content

Where you have given consent, or where another lawful basis applies, we may process:

  • photographs;
  • videos;
  • testimonials;
  • pass announcements; and
  • other promotional content featuring you.

KDS’s current service agreements already contemplate collection of identity details, proof of address, eye test information, photos, WhatsApp numbers, emergency contacts, payment proof, learner and driver appointment data, compulsory assessments, and photo use for marketing.

4. How We Collect Personal Information

We collect personal information:

  • directly from you when you complete website forms, register for services, contact us, make payments, submit documents, or attend lessons;
  • from a parent, guardian or competent person where the learner is a child;
  • from public authorities, testing centres or licensing-related bodies where necessary and lawful for bookings, scheduling, test readiness, or compliance;
  • from service providers acting on our instructions, such as website hosts, email providers, payment providers, booking tools or technical support providers;
  • automatically through cookies, logs and analytics tools when you use our website; and
  • from social media or messaging platforms when you communicate with us through those platforms.

POPIA requires transparency when personal information is collected and gives data subjects rights to be informed, to access, to correct, to object, and to complain.

5. Why We Process Your Personal Information

We process personal information only for specific, lawful and business-related purposes, including to:

  • respond to enquiries and provide quotations;
  • register you for learners, theory, simulator, video training and practical driving lessons;
  • schedule, reschedule and manage lessons, theory classes, assessments and appointments;
  • assist with learners and driver testing administration;
  • verify identity and keep accurate student records;
  • communicate with you by phone, email or WhatsApp regarding bookings, reminders, payments, lessons, tests and support;
  • collect payments, allocate payments and keep accounting records;
  • provide customer service and handle complaints;
  • maintain safety, quality control and training records;
  • comply with legal, tax, regulatory or contractual obligations;
  • protect our rights, staff, instructors, vehicles, property and systems;
  • improve our website, services and customer experience;
  • send service updates and, where lawful, marketing communications; and
  • use photographs, videos or testimonials for marketing only where appropriate consent or another lawful basis exists.

Under POPIA, personal information may generally be processed where the data subject or a competent person consents, where processing is necessary for a contract, where it is required by law, where it protects a legitimate interest, or where it is necessary for the legitimate interests of the responsible party or a third party.

6. Lawful Grounds for Processing

We rely on one or more of the following lawful grounds under POPIA, depending on the situation:

  • your consent;
  • the conclusion or performance of a contract with you;
  • compliance with a legal obligation;
  • protection of your legitimate interests;
  • our legitimate interests in operating, securing and improving our business; and
  • in the case of children, consent by a competent person where required.

Where we rely on consent, you may withdraw that consent at any time, subject to legal and operational limits and subject to the lawfulness of earlier processing.

7. Children’s Personal Information

Because KDS may provide services to persons under the age of 18, we may process the personal information of children. Where required by POPIA, we will obtain consent from a parent, guardian or other competent person before processing a child’s personal information, especially where that information is used for enrolment, emergency contact purposes, or marketing-related photographs or videos.

We take extra care when processing children’s personal information and limit such processing to what is necessary, lawful and appropriate for the relevant service. The Information Regulator has issued specific guidance on the processing of children’s personal information, and POPIA places additional controls on it.

8. Special Personal Information

We do not intentionally collect or process special personal information unless it is strictly necessary and lawful to do so.

Where relevant to driving-related administration or safety, we may process limited health-related information, such as eye-test confirmation, or similar supporting information, where:

  • it is required by law;
  • it is necessary for the exercise of legal rights or obligations;
  • you or your competent person have consented; or
  • another lawful exception under POPIA applies.

We apply additional caution and access controls where special personal information is involved. The Information Regulator has separately issued guidance on special personal information under POPIA.

9. Cookies, Analytics and Website Technologies

Our website may use cookies and similar technologies to:

  • make the website function properly;
  • remember preferences;
  • protect forms and systems;
  • understand how visitors use the website;
  • improve content and user experience; and
  • where enabled, support analytics or marketing.

Some cookies are strictly necessary for the website to function. Others are optional, such as analytics or marketing cookies. Where required, we will ask for your consent before placing non-essential cookies on your device.

You can usually manage cookies through your browser settings, but disabling some cookies may affect how the website works.

Government privacy notices in South Africa commonly distinguish between essential site functionality and optional analytical tracking, and POPIA applies where cookie data is linked to identifiable users.

10. WhatsApp, Email and Social Media Communications

KDS’s service agreements indicate that WhatsApp is a main communication platform for the business.

If you contact us through WhatsApp, Facebook, Instagram, email or similar platforms, please note:

  • those platforms may process your information under their own privacy terms;
  • we will still treat the information we receive through those platforms in accordance with this Privacy Policy; and
  • you should avoid sending unnecessary sensitive information over open channels unless specifically requested and securely handled.

11. Photographs, Videos, Testimonials and Marketing Content

We may from time to time take or receive photographs, videos, testimonials, pass announcements or similar media relating to our services.

We will only use identifiable personal media for marketing or promotional purposes where:

  • you have consented;
  • a parent, guardian or competent person has consented where required for a child; or
  • another lawful basis applies.

You may withdraw marketing-related consent going forward, but this will not affect uses already lawfully made before withdrawal, such as printed material already distributed or social content already published.

KDS’s current service agreements already include clauses authorising use of client photos for future marketing material.

12. When We Share Personal Information

We do not sell your personal information.

We may share personal information only where lawful and necessary, including with:

  • our staff, instructors and authorised administrators on a need-to-know basis;
  • website hosts, email providers, IT support providers and cloud service providers;
  • payment processors, accountants, auditors or advisors;
  • licensing or testing-related bodies where required for bookings, administration or compliance;
  • legal, regulatory or government authorities where required by law;
  • insurers, investigators or law enforcement where necessary to protect rights, safety or property; and
  • marketing or media providers, but only where appropriate consent or another lawful basis exists.

Where third parties process personal information on our behalf, they act as operators or service providers and must process that information only on our instructions and with appropriate confidentiality and security safeguards. POPIA requires written operator arrangements and prompt breach notification by operators.

13. Cross-Border Transfers

Some of our service providers or technology tools may store or process personal information outside South Africa.

If we transfer personal information outside South Africa, we will do so only where permitted by POPIA, including where:

  • the recipient is subject to adequate legal or contractual protections;
  • you have consented;
  • the transfer is necessary to perform a contract with you; or
  • another lawful ground under POPIA applies.

POPIA limits transfers of personal information outside the Republic unless specific safeguards or exceptions apply.

14. Retention of Personal Information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, unless a longer period is required or permitted by law, needed for proof, needed for legal claims, or reasonably required for our legitimate business records.

Retention periods may vary depending on the type of record, for example:

  • enquiry records;
  • course registrations;
  • payment and accounting records;
  • complaints and incident records;
  • training and assessment records;
  • marketing consents; and
  • records needed for legal or regulatory compliance.

When personal information is no longer needed, we will securely delete, destroy or de-identify it, subject to any legal duty to retain it. POPIA requires information not to be kept longer than necessary and requires appropriate security safeguards.

15. Security Safeguards

We take appropriate, reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, destruction, disclosure or alteration.

These measures may include:

  • controlled access to records;
  • password protection and user permissions;
  • staff confidentiality obligations;
  • secure storage of physical and digital records;
  • anti-malware, backups and device protection;
  • operator/service-provider contracts;
  • document handling procedures; and
  • ongoing review of risks and safeguards.

POPIA requires responsible parties to secure the integrity and confidentiality of personal information and to update safeguards in response to reasonably foreseeable risks.

16. Security Compromises

If there are reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, we will investigate and, where required by law, notify the Information Regulator and affected data subjects as soon as reasonably possible.

The Information Regulator publishes forms and guidance for security compromise notifications under section 22 of POPIA.

17. Direct Marketing

We may send you service-related messages without separate marketing consent where those messages are necessary for your booking, lessons, payments, reminders, support or compliance.

We will only send you direct marketing communications where permitted by law. You may object to direct marketing at any time and may unsubscribe from marketing messages using the unsubscribe option in the communication or by contacting us directly.

The Information Regulator issued updated direct-marketing guidance in December 2024, and POPIA gives data subjects the right to object to processing for direct marketing.

18. Your Rights Under POPIA

Subject to POPIA and any lawful limitations, you have the right to:

  • be notified that we are collecting your personal information;
  • request access to personal information we hold about you;
  • request correction, updating or deletion of inaccurate, irrelevant, excessive, outdated, incomplete, misleading or unlawfully obtained personal information;
  • object to certain processing;
  • object to direct marketing;
  • withdraw consent where processing is based on consent;
  • be notified of certain security compromises;
  • lodge a complaint with the Information Regulator; and
  • institute civil proceedings where permitted by law.

The Information Regulator provides official POPIA forms for objection, correction/deletion and complaints.

19. How To Exercise Your Rights

To exercise any of your privacy rights, please contact us using the contact details in section 2 and provide enough information for us to:

  • verify your identity;
  • understand your request; and
  • locate the relevant records.

We may request reasonable proof of identity before acting on your request. Where legally permitted, we may refuse or limit a request if POPIA or another law allows us to do so, but we will explain our decision where required.

20. Access to Information Under PAIA

Separate from your privacy rights under POPIA, you may also have rights to request access to records under the Promotion of Access to Information Act, 2000 (“PAIA”).

Where required, requests for records may need to be made in terms of PAIA and may be subject to identity verification, procedural requirements, prescribed forms, and any lawful fees or grounds of refusal.

PAIA exists to give effect to the constitutional right of access to information held by public and private bodies where required for the exercise or protection of rights, and private bodies are addressed specifically under PAIA’s framework.

21. Information Officer and PAIA Manual

KDS should maintain an internal privacy compliance process and, where required by law, a PAIA manual and an Information Officer registration record.

The Information Regulator states that public and private bodies must register their Information Officers, and the Information Officer is responsible for encouraging compliance, handling requests, maintaining the PAIA manual and overseeing internal privacy measures.

22. Third-Party Websites

Our website may contain links to third-party websites, platforms or tools. We are not responsible for the privacy practices, security or content of those third-party websites. You should read their privacy policies before providing them with your personal information.

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, website or service changes. The updated version will be published on our website with a revised effective date. Your continued use of our website or services after an update will be subject to the then-current version, to the extent permitted by law.

24. Complaints

If you believe that we have processed your personal information unlawfully or in a manner that infringes your rights, please contact us first so that we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Regulator (South Africa).

Information Regulator (South Africa)
Website: Information Regulator official website
Email: enquiries@inforegulator.org.za
Phone: 010 023 5200

The Information Regulator is the independent statutory body established under POPIA to monitor and enforce compliance with POPIA and PAIA.

25. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact:

Kimberley Driving School
Email: info@kbydriving.co.za
Phone / WhatsApp: 061 868 3072
Location: 14 Long Street, New Park, Kimberley, South Africa