Privacy Policy
Effective date: 1 March 2026 | Bushwizard Information Technology, Namibia
1. Who We Are
Bushwizard Information Technology (“Bushwizard”, “we”, “us”, “our”) operates the online race-entry platform at bushwizard.events (“the Platform”). We are the data controller responsible for personal data collected through the Platform.
Contact: [email protected]
2. Personal Data We Collect
We collect and process the following categories of personal data:
Account & Identity
- Full name, email address, password (stored as a one-way hash)
- Date of birth, gender, nationality
- Namibian identity number or passport number and type
- Residential address
Contact & Racing Profile
- Mobile phone number
- Club / team affiliation, sponsor name
- NamCF licence number, Athletics Namibia licence number
- T-shirt size
Health & Safety
- Emergency contact name and phone number
- Medical aid name and membership number
- Medical information relevant to race participation (optional, self-disclosed)
Technical Data
- IP address and browser/device information (server logs)
- Session and authentication tokens
- Payment reference numbers (we do not store card or bank details)
3. How We Use Your Data
| Purpose | Legal Basis (PDPA) |
|---|---|
| Creating and managing your account | Contract / Consent |
| Processing event registrations and assigning bib numbers | Contract |
| Calculating age categories for fair competition | Contract / Legitimate interest |
| Processing payments via PayToday (Nedbank) | Contract |
| Sending booking confirmations and payment receipts | Contract |
| Sharing entry details with the relevant race organiser | Contract / Legitimate interest |
| Publishing race results (name, category, finish time) | Legitimate interest |
| Sending marketing communications about upcoming events | Consent (opt-in only) |
| Complying with legal obligations | Legal obligation |
4. Who We Share Your Data With
- Race Organisers — receive the entry details (name, category, bib, contact, emergency contact, medical info) for events you enter. Organisers may only access data for their own events.
- PayToday (Nedbank) — our payment processor. Your payment card details are handled solely by PayToday and are not stored on our servers.
- SMTP / Email providers — used to send transactional emails (confirmation, password reset). Email content is limited to what is necessary.
- Public results — finish time, category position, and name may be published on the Platform and shared with timing partners. If you do not wish your results to be published, contact us.
We do not sell your personal data to third parties.
5. Data Retention
- Account data — retained for as long as your account is active. If you delete your account, your personal profile data is erased within 30 days. Registration history and results records may be retained in anonymised form for statistical purposes.
- Payment records — retained for 5 years to comply with Namibian financial record-keeping requirements.
- Email verification and password-reset tokens — expire within 24 hours (verification) or 1 hour (password reset) and are deleted upon use.
- Server logs — retained for up to 90 days for security purposes.
6. Your Rights Under the PDPA
Under the Namibia Personal Data Protection Act (2023) you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — update inaccurate or incomplete data via your profile page.
- Erasure — request deletion of your account and personal data (subject to legal retention obligations).
- Object — object to processing for marketing purposes at any time.
- Portability — request your data in a structured, machine-readable format.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
7. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Passwords stored as one-way bcrypt hashes (never in plain text)
- HTTPS (TLS) enforced for all connections
- Authentication tokens with short expiry periods
- Database access restricted to the application server
8. Cookies & Tracking
The Platform uses session cookies required for authentication. We do not use third-party advertising or analytics tracking cookies. If this changes, this policy will be updated and you will be notified.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform.
10. Contact & Complaints
For privacy-related enquiries, contact us at [email protected].