Black Tower Privacy Notice
Purpose of this privacy notice
Black Tower respects your privacy and is committed to protecting your personal information. This privacy notice explains how we will collect, use, share and otherwise your personal information in connection with your use of our Black Tower mobile application downloaded and stored on your device (App) and the products and services provided to you on or through our App, being electric vehicle charging products and services and ancillary and related services (Services).
Please read the following carefully to understand our practices regarding your personal information and how we will treat it.
Where we refer to “personal information”, it means “personal information” as defined in the Protection of Personal Information Act, 4 of 2013 and other definitions of personal information or personal data within the Data Protection Laws. Please see the Glossary below that gives the meaning of some of the terms used in this privacy notice.
Important information and who we are
Black Tower EVC (Pty) Ltd is part of the Red Rocket group of companies. When we use “Black Tower “, “we” or “us”, we are referring to Black Tower EVC (Pty) Ltd who is the Responsible Party for our App, which means that we are responsible for deciding how we hold and use your personal information. As a member of the Red Rocket group, Black Tower EVC (Pty) Ltd will share your personal information with other members of the Red Rocket group as set out in Disclosures of your personal information below.
Contact details
If you have any questions about this privacy notice or would like to enforce any rights that you may have under Data Protection Laws, please contact us at:
Black Tower EVC (Pty) Ltd
Name / Title:
Email address: m.brambilla@redrocket.energy / info@blacktower.energy
Address: 2nd Floor, Cape Town Cruise Terminal Building, V&A Waterfront, Cape Town, 8001
If you believe we are using your personal information unlawfully, please contact us in the first instance. You have the right to make a complaint at any time to the Information Regulator (South Africa) or other relevant supervisory authority:
Information Regulator
Woodmead North Office Park, 54 Maxwell Drive,
Woodmead, Johannesburg, 2191
Tel No. +27 (0) 10 023 5200, +27 (0) 800 017 160
Complaints: POPIAComplaints@inforegulator.co.za
General enquiries: enquiries@inforegulator.co.za
Changes to this privacy notice and your duty to inform us of changes
We keep this privacy notice under regular review. This version was last updated in November 2025. We reserve the right to update this privacy notice and we will provide you with a new privacy notice when we make substantial updates. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Third party links and service providers
Our App and Services may, from time to time, contain links to and from third party websites, plug-ins, applications, APIs and/or services (e.g. our online payment service provider). Please note that these websites, plug-ins, applications and/or services are controlled by those third parties and are not covered by this privacy notice. You should review their own privacy notices to understand how they use your personal information before you submit any personal information to them.
We collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
- Identity Data (e.g., first name, last name, company details, company registration number, VAT number and Profile Data).
- Contact Data (e.g., email address, phone number).
- Profile Data: (e.g. your email address, password, client identifier number).
- Transaction Data: (e.g. history of your payments, purchases, refunds).
- Device Data: (e.g. [the type of device you use,] [your unique device identifier,] [mobile network information,] [your mobile operating system,] [the type of mobile browser you use,] [IP address,] [time zone ]).
- Content Data: (e.g. information that you store in our App).
- Usage Data: (e.g. logs and detail of your use of our App and Services, any error or debugging information, Cookies Data).
- Security Data: (e.g. information we collect about your use of our App and Services to ensure your and our other users’ safety and security, being Usage Data, Cookies Data and the information provided to us by our online payment service provider).
- Cookies Data: (e.g. the information collected through the cookies and similar technologies listed in our Cookies Notice available here [insert link]).
- Marketing Data: (e.g., your preferences in receiving marketing from us).
- Location Data: (e.g. your current location as disclosed by GPS technology).
- Personalisation Data: (e.g. Cookies Data, Device Data, Content Data, Transaction Data, Usage Data, Location Data, and the preferences we have inferred you have and use to personalise our App and Services).
We do not collect any special personal information about you. This includes information about your religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, and biometric information, or criminal behaviour (to the extent it relates to alleged offenses or related proceedings). Our App and Services are not intended for children, and we do not knowingly collect information relating to children.
We use different methods to collect personal information from and about you, including through:
- We collect your Identity Data and Contact Data when you register your account with us.
- When you communicate with us via email or telephone we collect your Contact Data. If the communication relates to an error or problem you are having with our App or Services, we will also collect Usage Data for diagnosis and improvement.
- Information you generate when using our App and Services. Each time you access and use our App and Services we collect Device, Cookies, Personalisation and Usage Data. We collect Content Data where you upload it to our App.
- Information we collect through monitoring the use of our App and Services. Each time you access and use our App and Services we collect information about that access and use, being Device, Content, Cookies, and Usage Data.
- Additional information we otherwise collect through our App and Services where we have your consent to do so. Where you provide your consent, we collect your Location Data on an ongoing basis while you have our App installed on your device.
- We collect Marketing Data when we add you to our marketing database or you request to change your marketing preferences.
We use cookies (small files placed on your device) on our App to improve your experience and our development of our App and Services. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our Cookies Notice [insert link].
- How we use your personal information
We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
- Where we have your Consent.
- Where we need to process your personal information in the Performance of a contract for you.
- Where it is necessary for our Legitimate interest.
- Where we need to comply with a Legal obligation.
Please see the Glossary to find out more about the types of lawful basis that we will rely on to process your personal information.
Purposes for which we will use your personal information
We have set out below, in a table format, a non-exhaustive description of the ways we plan to process your personal information and which of the lawful bases we rely on to do so.
| Purpose or activity | Type of personal information | Lawful basis for processing |
| To install our App and register you as a new App user | Identity
Contact Device |
Performance of a contract
Legitimate interests (e.g. delivering our App to you) |
| To provide you with Services, process and fulfil in-App purchases, including managing payments and sending you service communications | Identity
Contact Transaction Device Location |
Performance of a contract |
| Enforce our terms and conditions | Identity | Legitimate interests (e.g. recovering debts due to us) |
| Combining the information we collect about you into a single customer account profile | Contact
Marketing |
Legitimate Interests (e.g. growing our business) |
| To send you marketing communications via email, text and/or push notification | Contact
Device Marketing |
Consent
|
| To administer, monitor and improve our business, App and Services including troubleshooting, data analysis and system testing | Identity
Contact Device |
Legitimate interests (e.g. running our business, maintaining the security of our App and Services) |
| Applying security measures to our processing of your personal information, including processing in connection with our App | All personal information under this privacy notice | Legal obligation |
| Complying with our other legal obligations, including compliance with tax legislation and regulatory requests | All personal information under this privacy notice | Legal obligation |
| To deploy and process personal information collected via cookies, as set out in the Cookies Notice [insert link] | Cookies | Legitimate interests (e.g. delivering and securing our App and Services)
Consent |
| To notify you of changes to our App, Services, your purchases and our terms and conditions for ongoing contracts, and of updates to this privacy notice | Contact | Performance of a contract
Legitimate interests (e.g. servicing our users and prospective users) |
| To notify you of updates to this privacy notice, respond to your requests and enquiries | Contact
As relevant to your request |
Legal obligation
Legitimate interests (e.g. servicing our users and prospective users) |
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may also process your personal information without your knowledge or consent where this is required or permitted by law.
Marketing
You will receive marketing communications from us if you have given us your consent. We will not share your personal information with any third party for marketing purposes. You can withdraw your consent at any time by contacting us or by following the opt-out links on any marketing message sent to you.
Examples of third parties that we may share your personal information include:
- Service providers based in South Africa and Ireland who provide cloud hosting services for our App, payment processing, administration and financial services.
- Professional advisers such as lawyers and accountants based in South Africa that provide legal and accounting services.
- Your service providers that you have appointed and that we need to contact to fulfil your requests, such as your banking or payment card provider to process your transactions.
- The South African Revenue Service (SARS) and other regulators based in South Africa who require reporting in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy notice.
We may also share your personal information internally with other companies in the Red Rocket group of companies who are based in South Africa and provide administrative or support services.
International transfers
Some of our third parties, for example cloud hosting service providers, may be based outside of South Africa, so their processing of your personal information will involve a transfer of data. Whenever we transfer your personal information internationally, we ensure a similar and adequate degree of protection is afforded to it by ensuring safeguards are implemented, for example:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information (for example, by the Information Regulator or the European Commission).
- Where we use certain service providers, we may use specific standard contracts which give personal information the necessary level of protection (for example, model clauses approved by the European Commission).
Please contact us if you want further information on how we transfer your personal information internationally.
- Data security
All information you provide to us is stored on our or our service providers’ secure servers. Any payment transactions carried out by our third party provider of online payment services will be encrypted. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to protect your personal information from loss, unauthorised use or access. We have put in place procedures to detect and respond to personal information breaches and notify you and the Information Regulator (and any other applicable regulator) when we are legally required to do so.
- Data retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see Your legal rights below.
Once we no longer have a legal right to hold your personal information, we will delete or, in some circumstances, we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have the following rights under Data Protection Laws in relation to your personal information. If you wish to exercise any of the rights set out above, please contact us using the contact details stated above.
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request deletion of your personal information where there is no good reason for us continuing to process it. You also can ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we need to delete your personal information to comply with law. (In some cases, we may need to continue to retain some of your personal information where required by law.)
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in specific circumstances, for example while we are reviewing the accuracy or completeness of information or deciding whether any request for deletion is valid.
Request the transfer of your personal information. The right to data portability means you have the right to receive, move, copy or transfer your personal information to you or a third party in a structured, commonly used, machine-readable format. This right only applies when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
Withdraw consent at any time where we are processing your personal information based on consent. This does not affect the lawfulness of any processing carried out before you withdraw your consent, and after withdrawal, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Complain to the Information Regulator. If you are unhappy with how we process your personal information, we ask that you contact us first using the contact details listed above so that we have the chance to put it right. However, you also have the right to make a complaint to the Information Regulator at any time.
- General
Automated decision-making. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Time limit to respond. We try to respond to all legitimate requests as soon as is reasonably practicable and in any event within the statutory time-limits. It could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Glossary
Comply with a legal obligation means processing your personal information where it is necessary for compliance with a legal obligation that we are subject to.
Consent means where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
Data Protection Laws means the Protection of Personal Information Act, 4 of 2013 and other data protection or privacy laws applicable to you and/or Black Tower.
Legal obligation means where we need to use your personal information to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps.
Legitimate interest means where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Operator means an organisation that processes personal information on behalf of a Responsible Party. It is also responsible for establishing practices and policies in line with Data Protection Laws and its contractual obligations with Responsible Parties.
Performance of contract means where we need to process your personal information to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
Processing or process means any activity that involves the use of personal information. It includes obtaining, recording or holding the information, or carrying out any operation or set of operations on the information including organising, amending, retrieving, using, disclosing, deleting or destroying it. Processing also includes transmitting or transferring personal information to third parties.
Responsible Party means an organisation that determines when, why and how to process personal information. It is responsible for establishing practices and policies in line with Data Protection Laws.
BLACK TOWER COOKIES NOTICE
This Cookies Notice should be read together with our Privacy Notice [insert link]. All terms and conditions, including defined terms, of our Privacy Notice are incorporated by reference into this Cookies Notice and have the same meaning unless the context indicates otherwise. In the event of any conflict between the terms of our Privacy Notice and the terms of this Cookies Notice, this Cookies Notice will prevail. We keep this Cookies Notice under regular review. This version was last updated in November 2025.
- Application of this Cookies Notice
Our App uses cookies to distinguish you from other users, provide you with a good, personalised experience, and to help us improve our App. By continuing to use our App you are agreeing to our use of cookies.
- Description of cookies
A cookie or identifier is a small file of letters and numbers that we store on your device, your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your device.
- Types of cookies
There are two main categories of cookies on our App. “Session cookies” last for the duration of your use of our App; they delete themselves when you close down the App. Persistent cookies stay on your device when you close down the App. The cookies we use can be broken down further depending on their purpose:
- Strictly necessary cookies. These are cookies that are required for the operation of our App. These essential cookies are always enabled because our App won’t work properly without them.
- Analytical/performance cookies. We use these cookies to recognise and count the number of users of our App and to see how users move around it. This helps us to improve the way our App works, for example, by ensuring that our users can easily find what they are looking for.
- Functionality cookies. These cookies are used to recognise you when you return to our App. This enables us to personalise our content for you and remember your preferences.
- Targeting cookies. These cookies record your visit to our App, and how you have used it (e.g. the pages you have used and the links you have followed). We will use this information to make our App relevant to your interests.
Some of the cookies on our App collect data for more than one use.
- Third party cookies
Please note that third parties (for example, our payment processing provider) may also use cookies, over which we have no control. These cookies are usually analytical/performance cookies or targeting cookies.
- Cookies and personal information
Cookies allow us to identify you and are therefore your personal information. If you would like to find out more about how we handle your personal information, please review our Privacy Notice [insert link].
- Changing or turning off cookies
You can change your preferences on your device (e.g. by using the “settings” functions), which will activate or de-activate settings that allow you to refuse all or some cookies. However, depending on what you change, this may mean you may not be able to use all or parts of our App.
- Specific cookies used by us
We use [Google ] on our App. Data is gathered by Google Analytics from our users’ IP address (in an anonymised form), whereby we can see information about our users. The data is then transmitted by Google Analytics onto a server in the U.S. where it is stored. You can prevent [Google Analytics] from collecting your data on your mobile device by setting an “opt out” preference that blocks the collection of your data on future visits to our App.
If you have any questions or concerns about our use of cookies, please send us an email at info@blacktower.energy.