The inStore is an online grocery and food delivery platform operated by TVB Network (Pty) Ltd, a company incorporated in accordance with the laws of the Republic of South Africa.
As the Responsible Party under POPIA, TVB Network (Pty) Ltd determines the purpose and means of processing personal information collected through The inStore web and mobile application.
TVB Network (Pty) Ltd
Registered in the Republic of South Africa · Operating as The inStore · Registration details available on request via
privacy@theinstore.co.za
We collect only the personal information that is necessary to provide you with our services. This includes:
- Identity Information: Full name, surname, and profile photo (if provided)
- Contact Information: Email address, phone number, and physical delivery address
- Account Information: Username, password (stored encrypted), and account preferences
- Order & Transaction Information: Order history, items purchased, payment method type (not full card details), and delivery instructions
- Device & Technical Information: IP address, device type, operating system, browser type, and app version
- Location Data: Delivery address and, with your consent, approximate real-time location for delivery tracking
- Communication Records: Messages sent to our customer support team
- Marketing Preferences: Your opt-in/opt-out status for newsletters and push notifications
We do not collect sensitive information
We do not process special personal information (such as race, health, biometric, or political data) as defined in Section 26 of POPIA, unless specifically required and with your explicit consent.
Under POPIA, we are required to have a lawful basis for processing your personal information. We process your data on the following grounds:
- Contractual Necessity: To create and manage your account and fulfil orders you place through The inStore
- Legitimate Interest: To improve platform security, detect fraud, analyse usage patterns, and enhance user experience
- Consent: For marketing communications, push notifications, and optional features such as location tracking — you may withdraw consent at any time
- Legal Obligation: To comply with applicable South African legislation, including tax, consumer protection, and financial regulations
- Public Interest: Where required by a public body or for statistical or research purposes with appropriate safeguards
Your personal information is used for the following purposes:
- Creating and maintaining your The inStore account
- Processing and delivering orders, including communicating order status updates
- Sending transactional notifications (order confirmations, delivery updates, payment receipts)
- Providing customer support and resolving disputes
- Personalising your shopping experience and product recommendations
- Sending marketing emails and promotional offers (only where you have opted in)
- Preventing fraudulent transactions and unauthorised account access
- Analysing platform performance and improving our services
- Complying with legal and regulatory requirements
Marketing Opt-Out
You can unsubscribe from marketing communications at any time by clicking the "Unsubscribe" link in any email, adjusting your notification settings in the app, or contacting us at
privacy@theinstore.co.za.
We do not sell your personal information to third parties. We may share your information only in the following circumstances and with appropriate safeguards:
- Delivery Partners & Drivers: Your name, delivery address, and contact number are shared with our delivery personnel solely to fulfil your order
- Vendor/Store Partners: Order details are shared with the relevant merchant to prepare your items
- Payment Processors: We use PCI-DSS compliant third-party payment gateways to process transactions securely
- Cloud & Hosting Providers: Our platform is hosted on secure cloud infrastructure; providers are contractually bound to protect your data
- Analytics Providers: Anonymised, aggregated usage data may be shared with analytics tools to improve platform performance
- Legal Authorities: We may disclose information where required by law, court order, or to protect the rights and safety of our users or the public
All third-party operators are contractually required to process your information only for the purposes for which it was shared and to maintain adequate security measures.
POPIA affords you the following rights regarding your personal information. To exercise any of these rights, contact our Information Officer at privacy@theinstore.co.za.
Right of Access
Request a copy of the personal information we hold about you (POPIA Section 23).
Right to Correction
Request correction or update of inaccurate, incomplete, or misleading information.
Right to Deletion
Request erasure of your personal information where it is no longer necessary or lawfully held.
Right to Object
Object to processing of your personal information for direct marketing or other purposes.
Right to Complain
Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated.
Withdraw Consent
Withdraw any consent you previously granted for processing at any time without penalty.
We will respond to all verifiable data subject requests within 30 days of receipt, in accordance with POPIA requirements.
In accordance with POPIA, TVB Network (Pty) Ltd has designated an Information Officer responsible for overseeing compliance with data protection obligations and responding to data subject requests.
The Information Officer
Organisation: TVB Network (Pty) Ltd — The inStore
Role: Designated Information Officer (POPIA)
Email: privacy@theinstore.co.za
Response Time: Within 5 business days for general enquiries; 30 days for formal requests
We retain your personal information only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. Our general retention schedules are as follows:
- Account Information: Retained for the duration of your account, plus 3 years after account closure
- Order & Transaction Records: Retained for 5 years in accordance with financial record-keeping requirements
- Customer Support Communications: Retained for 2 years from the date of resolution
- Marketing Consent Records: Retained for 3 years or until consent is withdrawn
- Technical & Usage Logs: Retained for 12 months, then anonymised or deleted
Once the applicable retention period has expired, your personal information is securely deleted, anonymised, or de-identified in accordance with our data disposal procedures.
We implement comprehensive technical and organisational security measures to protect your personal information against unauthorised access, loss, misuse, alteration, or destruction. These include:
- Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols
- Password Security: User passwords are hashed using bcrypt and are never stored in plain text
- Access Controls: Internal access to personal information is restricted on a need-to-know basis with role-based access control
- Secure Payment Processing: Payment card information is processed via PCI-DSS Level 1 compliant payment gateways — we do not store full card numbers
- Regular Security Audits: We conduct periodic security assessments and penetration testing of our systems
- Incident Response: We maintain a data breach response plan and will notify affected data subjects and the Information Regulator within the required timeframes in the event of a security incident
Security Incident Notification
In the event of a data breach that poses a risk to your rights, we will notify you and the South African Information Regulator as required under POPIA Section 22 without unreasonable delay.
If you believe that we have violated your rights under POPIA and we have not adequately resolved your concern, you have the right to lodge a complaint directly with the South African Information Regulator.
The inStore