This policy supplements the POPIA notice with operational detail on cookies, analytics and the access/deletion process.
pitchkit.sid): essential, HttpOnly, Secure. Identifies a logged-in admin session. Expires when the browser closes or after 14 days.pitchkit.reg): holds the in-progress registration state between the four wizard steps. Expires when the wizard finishes or after one hour.pitchkit.csrf): protects against cross-site request forgery on admin and registration POST requests. Per-session.We do not set marketing, tracking or third-party cookies.
We run a single first-party log of HTTP requests for capacity planning and abuse detection. We do not run Google Analytics or any equivalent third-party tracker. We do not embed Facebook pixels, LinkedIn tags or advertising SDKs.
Under POPIA section 23 you may request a copy of the personal information we hold about you. To exercise this right:
/p/<handle>.You can edit most personal information yourself once logged in (name spelling, jersey number, hometown, position). For data you cannot self-edit (date of birth, ID number, club affiliation), email your federation administrator. They will verify and submit the correction.
Under POPIA section 24 you may request erasure of personal information that is no longer necessary or that you no longer consent to. Send the request to admin@digitalbits.co.za. The default behaviour is:
We do not sell or rent personal information. We do not share it with advertisers, data brokers, or recruitment platforms. The only third parties who see player data are: the federations and clubs the player is registered with; the verification provider chosen by the federation; and the card production partner. All are governed by Operator Agreements under POPIA.
All personal data is stored on infrastructure within the European Union and the Republic of South Africa. We do not transfer personal data to jurisdictions that do not provide adequate protection under POPIA. The verification provider may briefly process data within South Africa to perform the DHA lookup; this is governed by their own POPIA registration.
See the dedicated Children’s Act notice. In short: every minor’s registration requires a separate, guardian-signed consent; public profiles default to off; data minimisation principles apply more strictly.
If you believe we have mishandled your personal information, please contact our Information Officer first (admin@digitalbits.co.za). You also have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.