PRIVACY POLICY

Privacy Policy

Urban voices holding power to account in South Africa

Mzansi Urban Report — Privacy Policy

Last updated: May 11, 2026

Welcome to Mzansi Urban Report (mzansiurbanreport.com). We are a regional tribune-style news site serving readers across South Africa. We respect your privacy and handle personal data in accordance with applicable data-protection laws, including the EU General Data Protection Regulation (GDPR) and South Africa’s POPIA where relevant. This policy explains who is responsible for your data, what we collect, why we process it, how long we keep it, your rights, and how to contact us.

Data controller

The data controller for personal data collected via this website is: - Mzansi Urban Report
- Cape Town, South Africa
For privacy requests and questions, please use our online /contact/ form or email [email protected].

Personal data we collect

We collect only the personal data necessary to operate the site and provide services. Typical categories include: - Contact information you provide (name, email) when you sign up for newsletters, register an account, comment, or submit a tip. - Technical data automatically collected when you visit (IP address, device, browser, pages visited, referrer, timestamps) for security and analytics. - Cookies and similar identifiers (see Cookies section). - Payment or billing details only if you subscribe to paid services (processed by third-party payment providers). - Communications you send via the contact form or comments. - Any content you post publicly (comments, profile information).

We do not sell personal information.

Lawful basis for processing

We rely on one or more lawful bases under the GDPR and similar principles under POPIA: - Consent: where you have opted in (e.g., newsletter subscription, marketing communications, optional cookies). You may withdraw consent at any time. - Performance of a contract: to provide paid subscriptions, account services, or other requested features. - Legitimate interests: for site security, fraud prevention, personalization of content, analytics, and improving our services, balanced against your rights and freedoms. - Legal obligation: to comply with laws or respond to lawful requests from authorities.

When relying on legitimate interests we document and regularly review the necessity and proportionality of the processing.

How we use your data

Examples of processing activities: - To deliver content and services, manage accounts, and handle subscriptions. - To respond to inquiries you send via the /contact/ form or email. - To moderate comments and prevent abuse. - To perform analytics and measure site performance and audience engagement. - To enforce our terms of service, detect fraud, and maintain site security. - To send newsletters and service messages where you have subscribed.

Retention periods

We retain personal data only as long as necessary for the purposes described: - Newsletter and marketing lists: until you unsubscribe + up to 3 years of backup retention. - Account/profile and comment data: for the duration of the account plus up to 2 years after last activity, unless a longer retention is required for legal reasons. - Contact form messages and correspondence: retained for up to 3 years to handle ongoing matters and legal obligations. - Analytics and log data: aggregated where possible; raw logs retained for up to 24 months. - Payment records: retained according to legal and tax requirements (typically up to 7 years where applicable) and our payment processors’ policies. - Backups: encrypted backups stored for up to 90 days.

If you request deletion, we will remove personal data subject to any legal or legitimate retention obligations.

Cookies and tracking

We use cookies and similar technologies to deliver core functionality and measure site usage.

Types of cookies: - Essential cookies: necessary for site operation (session management, login). These cannot be disabled without affecting the site. - Preference cookies: remember display settings and preferences. - Analytics cookies: third-party tools (e.g., Google Analytics) to measure traffic and improve the site. These are used under our legitimate interest and/or your consent. - Advertising cookies: used by third parties for personalised advertising when you consent.

You can control cookies via your browser settings and opt out of many analytics and advertising cookies using the cookie banner or opt-out mechanisms provided by third-party providers. For cookie control, visit the /contact/ form or email [email protected] if you need assistance.

Third parties and international transfers

We use trusted third-party service providers for hosting, analytics, email delivery, advertising, and payment processing. These providers may process personal data outside South Africa or the EU. When we transfer personal data internationally we use appropriate safeguards such as: - Transfers to countries with an adequacy decision; - Standard contractual clauses (SCCs) or other approved transfer mechanisms; - Data processing agreements that require adequate protection of personal data.

Where transfers rely on your consent, we will inform you and obtain that consent prior to transfer.

Your rights

Subject to applicable law, you have the following rights: - Right of access: request a copy of personal data we hold about you. - Right to rectification: correct inaccurate or incomplete data. - Right to erasure: request deletion of personal data where there is no overriding lawful reason to retain it. - Right to restriction of processing: ask us to restrict processing in certain circumstances. - Right to data portability: receive personal data you provided in a structured, commonly used format. - Right to object: object to processing based on legitimate interests or direct marketing. - Right to withdraw consent: where processing is based on consent. - Right not to be subject to solely automated decision-making or profiling with legal or similarly significant effects.

To exercise any of these rights, please use our /contact/ form or email [email protected]. We will verify your identity before responding and will respond without undue delay and in accordance with legal timeframes. If you are not satisfied you may lodge a complaint with the Information Regulator of South Africa or, where applicable, a relevant EU supervisory authority.

Security

We implement technical and organisational measures designed to protect personal data against unauthorized access, disclosure, alteration or destruction. Measures include encryption of data in transit, secure servers, access controls, and regular security reviews. No method of transmission or storage is completely secure; if a breach occurs we will follow our legal obligations to notify affected individuals and authorities where required.

Children

Our services are not directed at children. We do not knowingly collect personal data from children under 16. If you believe we have collected personal data from a child under 16, please contact us via the /contact/ form or at [email protected] so we can delete the information.

Changes to this policy

We may update this policy as our practices or legal requirements change. Material changes will be posted on this page with a revised “Last updated” date.

Contact

For privacy requests, questions, or to exercise your rights, please use our /contact/ form or email [email protected].

If you wish to contact the site for other inquiries, please use the same /contact/ form or [email protected].