Campaigns Policy

This Campaigns Policy applies when any customer, venue, reseller, administrator, user, or authorised representative uses Triotek’s platform to create, manage, schedule, approve, distribute, or analyse marketing, promotional, service, or customer-engagement communications. It must be read together with Triotek’s Terms of Use and Privacy Policy.

1. Introduction and Company Details

This Campaigns Policy governs the campaign, audience, and messaging functionality made available through portal.triotek.co.za, triotek.co.za, and any related Triotek-managed campaign tools, interfaces, integrations, APIs, or services.

The platform is owned and operated by Triotek (Pty) Ltd, a private company registered in the Republic of South Africa with registration number 2023/804559/07 ("Triotek", "we", "us", or "our"). Triotek operates from Pretoria, Gauteng, South Africa.

For campaign-related support, compliance queries, opt-out concerns, or abuse reports, you may contact us at help@triotek.co.za or on 087 821 7274.

By using the campaign functionality, you agree to comply with this Campaigns Policy, all applicable South African laws, and any additional channel-specific rules imposed by service providers such as SMS aggregators, Meta, WhatsApp, email delivery providers, domain providers, hosting providers, and mobile network operators.

2. Purpose of the Campaign Module

Triotek’s campaign module is designed to help authorised venues, customers, and resellers communicate with audiences who have been lawfully collected, segmented, imported, or selected through the Triotek platform. Campaigns may include promotional messages, venue updates, loyalty messages, surveys, event notices, customer engagement messages, operational notices, and other communications permitted by law and by the recipient’s consent status.

The campaign module may support one or more channels, including SMS, email, WhatsApp, web forms, captive portal messaging, in-platform notifications, or future communication channels added by Triotek. The availability of a channel may depend on your subscription, reseller arrangement, third-party account setup, sender verification, platform configuration, campaign approval, and compliance status.

The campaign module must not be used as a spam tool, bulk-harassment tool, scraping tool, data resale tool, phishing tool, political manipulation tool, unlawful lead-generation tool, or mechanism to bypass consent requirements.

3. Relationship Between Triotek, Resellers, Venues and Campaign Users

Campaign functionality may be used by different parties, including Triotek, resellers, venues, venue owners, venue managers, customer administrators, staff users, and authorised marketing personnel. The responsibilities of each party may differ depending on the commercial arrangement and the way the audience data was collected.

Unless Triotek expressly agrees otherwise in writing, the customer, venue, or reseller that determines the purpose of a campaign, selects the audience, controls the message content, decides the timing of the campaign, or uploads recipient data is responsible for ensuring that the campaign is lawful, accurate, consent-based where required, and compliant with this policy.

Triotek may act as a technology platform provider, service provider, operator, processor, message distributor, integration facilitator, or support provider. Triotek does not automatically become the owner of your uploaded campaign data merely because the data is stored, processed, transmitted, or analysed through the platform.

Where a venue uses customer information collected through a captive portal, guest Wi-Fi sign-up journey, voucher journey, web form, CRM import, or other customer acquisition channel, the venue must ensure that the original collection notice, opt-in wording, privacy notice, and consent records support the intended campaign use.

4. Compliance with South African Law

You must comply with all laws, regulations, codes, guidance notes, industry standards, and platform rules that apply to your campaign activities. This includes, without limitation, the Protection of Personal Information Act, 4 of 2013 ("POPIA"), the Consumer Protection Act, 68 of 2008 ("CPA"), the Electronic Communications and Transactions Act, 25 of 2002 ("ECTA"), advertising standards, consumer protection requirements, and any rules applicable to the communication channel used.

You may not use the platform to send direct marketing or promotional messages unless you have a lawful basis to do so. Where consent is required, the consent must be specific, informed, voluntary, clear, recorded, and capable of being withdrawn. A silent opt-out, pre-ticked box, implied permission, purchased list, scraped list, or vague general permission will not be treated as sufficient where the law requires express consent.

You are responsible for monitoring developments in law and regulatory guidance that affect direct marketing. This includes any consumer opt-out registry, pre-emptive block mechanism, Information Regulator guidance, NCC requirement, network operator rule, or platform rule that applies to direct marketing in South Africa.

5. Consent, Lawful Basis and Audience Eligibility

Before sending or scheduling a campaign, you must be able to prove that every recipient in the selected audience may lawfully receive that specific type of communication, on that channel, from that sender, for that purpose.

You must keep proper records showing when, where, how, and for what purpose each recipient consented or otherwise became eligible to receive campaign communications. These records should include the collection source, date and time of consent, opt-in wording, channel selected, venue or brand involved, IP address or device details where available, and any later opt-out or preference changes.

If you rely on an existing customer relationship, soft opt-in, legitimate interest, or another lawful basis instead of direct opt-in consent, you remain responsible for ensuring that this basis is legally valid, properly documented, and suitable for the message being sent.

You may not upload, import, select, or use an audience if the audience was purchased, rented, scraped, harvested, obtained through deception, obtained from public directories without a lawful basis, obtained from another venue without permission, or collected for a materially different purpose that does not support the intended campaign.

If Triotek requests proof of consent, lawful basis, opt-in wording, source documentation, or related compliance records, you must provide it within the period requested. Failure to provide satisfactory proof may result in campaign rejection, suspension, deletion of the audience, account suspension, or termination of campaign access.

6. Opt-Outs, Unsubscribes and Preference Management

Every direct marketing campaign must include a clear, simple, and functional way for recipients to opt out, unsubscribe, or object to future direct marketing. The opt-out method must be appropriate for the channel used and must not be hidden, confusing, unreasonable, or dependent on unnecessary steps.

Where the platform provides automatic opt-out, unsubscribe, suppression, preference, or consent-management tools, you must use them correctly and must not bypass them. Where opt-outs are received outside the platform, including by email, phone, WhatsApp, in person, social media, or through a reseller, you must ensure that the recipient is removed or suppressed without unreasonable delay.

You may not continue sending direct marketing to a recipient who has opted out, objected, withdrawn consent, used a stop instruction, unsubscribed, or requested that communications cease, unless a later lawful opt-in is recorded.

You must not charge a recipient to opt out, require them to log in to opt out, force them to provide excessive information to opt out, or make opt-out more difficult than opt-in. If a channel requires a specific opt-out word, link, footer, reply instruction, or template wording, you must include and honour it.

7. Direct Marketing Times and Frequency

You must comply with all applicable rules on the timing and frequency of direct marketing communications. Unless Triotek has approved stricter or different campaign rules in writing, direct marketing campaigns may only be sent during reasonable South African business and consumer-contact hours.

As a default platform rule, promotional direct marketing campaigns should not be sent on Sundays or South African public holidays, should not be sent before 09:00 or after 13:00 on Saturdays, and should not be sent before 08:00 or after 20:00 on other days. Triotek may enforce, modify, or tighten campaign scheduling rules from time to time to align with law, network requirements, consumer expectations, or platform risk controls.

You must also avoid excessive campaign frequency. Even where consent exists, repeated or aggressive messaging may be treated as abuse, spam, or misuse of the platform. Triotek may throttle, reject, delay, or suspend campaigns that appear excessive, harmful, reputationally risky, or likely to generate complaints.

8. Campaign Content Standards

You are solely responsible for the legality, accuracy, truthfulness, and appropriateness of the content you create, upload, approve, or send through the platform.

Campaign messages must be honest, clear, accurate, and not misleading. They must identify the sender or brand clearly, must not impersonate another person or organisation, must not misrepresent the relationship between the sender and recipient, and must not hide the commercial purpose of the message where the message is promotional.

You may not send messages that contain or promote unlawful content, hate speech, harassment, intimidation, threats, discrimination, malware, spyware, phishing, scams, fraudulent offers, fake competitions, pyramid schemes, illegal gambling, illegal financial services, misleading health claims, adult sexual content, prohibited products, counterfeit goods, weapons, illegal substances, or any other content that Triotek considers harmful, unlawful, abusive, or damaging to its platform or reputation.

You must ensure that all prices, promotions, expiry dates, availability claims, terms, conditions, discounts, competitions, prize draws, vouchers, and offers are accurate and legally compliant. Where a campaign references a promotion, you must be able to provide the full promotional terms and must honour any lawful consumer rights created by the campaign.

You may not use URL shorteners, misleading links, deceptive sender names, cloaked landing pages, or domains that could confuse recipients, trigger security concerns, or make the campaign appear fraudulent. Triotek may reject campaigns containing links or attachments that it considers unsafe or suspicious.

9. Captive Portal, Guest Wi-Fi and Venue Audience Data

Where campaign audiences are created from guest Wi-Fi, captive portal journeys, venue registration pages, voucher activations, loyalty forms, or other venue-based interactions, the venue must ensure that guests are given a fair opportunity to understand what data is collected and how it may be used.

Guests must not be misled into believing that marketing consent is mandatory for internet access unless the law and the specific campaign model permit that approach. Where separate marketing consent is required, the opt-in wording should be separate, clear, and specific enough to support later marketing use.

Venue-based audiences may only be used by the venue, brand, reseller, or customer who is authorised to use that audience. You may not export, sell, share, combine, trade, or reuse venue audience data for unrelated third parties, unrelated brands, unrelated venues, or unrelated campaigns without a lawful basis and any required consent.

If a venue is transferred, sold, rebranded, removed from a reseller, or no longer participates in Triotek’s platform, Triotek may restrict campaign access to that venue’s audience data until ownership, authorisation, and lawful processing responsibilities are clarified.

10. SMS Campaigns

SMS campaigns may incur message costs, setup fees, monthly fees, sender ID fees, routing costs, failed-delivery costs, reseller fees, or other charges determined by Triotek, the reseller, SMS provider, or network operator from time to time.

You are responsible for the content, timing, recipient selection, consent status, and commercial consequences of all SMS campaigns sent from your account. Triotek does not guarantee that SMS messages will be delivered, delivered instantly, displayed correctly on every handset, or free from filtering by mobile networks, spam controls, device settings, or third-party routing systems.

You must not attempt to evade SMS compliance controls by splitting campaigns, changing sender names, rotating accounts, disguising the sender, using misleading URLs, or resending to recipients who have opted out.

11. Email Campaigns and Delivery Providers

Where email campaign functionality is available, it may rely on third-party email delivery providers such as Postmark or another provider selected or approved by Triotek. You may be required to configure your own verified sending domain, provide API credentials, complete DNS authentication, comply with anti-spam rules, maintain acceptable bounce and complaint rates, and pay provider fees directly or through your reseller.

You are responsible for ensuring that email recipients have lawfully opted in or may lawfully be contacted, that unsubscribe links are included and honoured, and that your sender identity, subject line, preview text, reply-to address, and message body are not misleading.

Triotek may suspend email sending if your campaigns generate excessive bounces, complaints, spam reports, blocklist issues, provider warnings, domain reputation damage, or any other deliverability or compliance risk.

12. WhatsApp Campaigns, Meta and Business Messaging

Where WhatsApp campaign functionality is available, it may require a Meta Business account, WhatsApp Business Platform access, verified phone number, approved templates, valid business credentials, and compliance with Meta’s and WhatsApp’s own business messaging policies.

You are responsible for obtaining and maintaining all Meta, WhatsApp, business, template, phone number, payment, billing, verification, and policy approvals needed for your campaigns. Triotek is not responsible if Meta, WhatsApp, or any related provider rejects a template, limits throughput, suspends a number, changes pricing, changes a policy, delays approval, blocks messages, or disables an account.

WhatsApp marketing messages may only be sent where recipients have given the required permission and where the message complies with WhatsApp’s template, opt-in, opt-out, business, and commerce policies. You must not use WhatsApp to send unsolicited messages, sensitive content without a lawful basis, misleading offers, or messages that recipients would not reasonably expect from your business or venue.

Transactional WhatsApp messages, support messages, OTP messages, service updates, and direct marketing messages may be subject to different rules. You must correctly classify message types and must not disguise a marketing message as a transactional or service message to avoid consent, template, or opt-out requirements.

13. Imported Lists, Uploaded Data and Data Quality

If you upload or import recipient data, you warrant that you have the right to upload, store, process, and use that data through the platform. You must ensure that the data is accurate, current, relevant, lawfully obtained, and not excessive for the intended campaign purpose.

You must not upload special personal information, children’s information, health information, financial account information, identity document numbers, precise location trails, biometric information, or other sensitive data unless Triotek has expressly approved the use case in writing and you have a clear lawful basis to process that information.

Triotek may reject or remove imported lists that appear suspicious, outdated, purchased, scraped, duplicated, complaint-heavy, or inconsistent with acceptable marketing practices.

14. Campaign Review, Approval and Rejection

Triotek may, but is not obliged to, review campaigns, templates, audiences, sender details, links, attachments, domains, or campaign settings before or after sending. Approval by Triotek does not transfer legal responsibility for the campaign to Triotek and does not guarantee that the campaign complies with every applicable law or third-party rule.

Triotek may reject, pause, delay, cancel, throttle, or require changes to any campaign where we believe that the campaign may be unlawful, misleading, non-compliant, abusive, high-risk, poorly consented, reputationally harmful, technically unsafe, likely to trigger complaints, or contrary to this policy.

Triotek may also require additional verification, consent evidence, identity confirmation, sender authorisation, domain authentication, reseller approval, or management approval before allowing certain campaigns to be sent.

15. Fees, Billing and Reseller Arrangements

Campaign use may be subject to platform fees, monthly venue fees, audience-access fees, SMS fees, WhatsApp conversation or template fees, email delivery fees, setup fees, support fees, reseller fees, or other usage-based charges. Charges may differ by channel, provider, reseller, venue, package, volume, or commercial arrangement.

Where your account is managed by a reseller, your reseller may invoice you for campaign access, message usage, campaign setup, support, or related services. You remain responsible for paying all valid campaign-related fees according to your agreement with Triotek or your reseller.

Third-party fees charged by Meta, WhatsApp, email providers, SMS providers, domain providers, or other service providers are separate from Triotek’s own fees unless expressly included in your written agreement. Triotek is not responsible for changes in third-party pricing, currency fluctuations, taxes, provider billing failures, or provider account suspensions.

Triotek may suspend campaign functionality if fees are unpaid, if provider balances are insufficient, if billing details are invalid, if reseller approval is withdrawn, or if continued sending creates financial or compliance risk.

16. Security, Credentials and Access Control

You must keep your platform login details, API credentials, Meta credentials, email provider tokens, SMS credentials, and related access details confidential and secure. You are responsible for all activity performed through your account unless you can show that the activity resulted from Triotek’s own proven security failure.

You must ensure that only authorised staff, contractors, or representatives can create, approve, schedule, export, or send campaigns. You must promptly remove access for users who leave your organisation, change roles, or no longer require campaign access.

You must not share user accounts, bypass role controls, use another person’s login, create false accounts, interfere with audit trails, disable compliance controls, or attempt to gain unauthorised access to another venue, reseller, customer, or audience.

17. Reporting, Analytics and Campaign Results

The platform may provide delivery reports, open reports, click reports, bounce reports, opt-out reports, engagement statistics, audience summaries, campaign logs, error messages, spend summaries, or other analytics. These reports are provided for operational insight and may depend on third-party provider data.

Triotek does not guarantee that reports will always be complete, real-time, error-free, or available for every channel. Delivery, open, click, read, reply, and conversion statistics may be affected by device settings, privacy controls, network filtering, provider limitations, recipient behaviour, and technical limitations.

You may not use campaign reports to make unlawful, discriminatory, unfair, or harmful decisions about recipients.

18. Data Retention, Suppression and Deletion

Triotek may retain campaign records, logs, consent evidence, opt-out records, delivery events, billing records, audit trails, templates, message content, provider responses, and related technical data for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, support audits, manage opt-outs, investigate abuse, and protect Triotek’s legal rights.

Opt-out and suppression records may need to be retained even after a recipient is removed from an active audience, because deleting all suppression records could result in the recipient being contacted again by mistake.

Where you request deletion of campaign data, Triotek may refuse, delay, or limit deletion where retention is required or justified for legal, security, billing, audit, dispute, fraud-prevention, or compliance reasons.

19. Abuse, Complaints and Investigations

Triotek may investigate suspected abuse, spam complaints, recipient objections, unsubscribe failures, phishing reports, provider warnings, reseller complaints, data protection complaints, excessive bounce rates, unusual campaign behaviour, or any other issue affecting campaign compliance or platform integrity.

You must cooperate with any investigation and provide requested information, including proof of consent, campaign instructions, recipient source records, staff authorisations, third-party approvals, and copies of promotional terms.

Triotek may disclose relevant campaign records to regulators, courts, law enforcement, third-party providers, resellers, affected venues, affected recipients, or legal advisers where reasonably necessary to investigate complaints, comply with law, enforce this policy, or protect rights and safety.

20. Suspension and Termination

Triotek may suspend, restrict, or terminate campaign functionality immediately if we believe that you have breached this policy, breached applicable law, sent unlawful direct marketing, failed to honour opt-outs, used poor-quality or unlawful data, caused complaints, failed to pay fees, misused third-party services, created reputational risk, or placed Triotek, a reseller, a provider, a venue, or recipients at risk.

Suspension may apply to a single campaign, channel, sender, venue, audience, user, reseller, customer account, or the entire campaign module. Triotek may also require remedial action before reinstating access.

Termination or suspension does not remove your responsibility for campaigns already sent, outstanding fees, legal claims, opt-out obligations, or indemnities arising from your use of the platform.

21. Warranties and Undertakings by Campaign Users

Each time you create, approve, schedule, import, upload, or send a campaign, you warrant and undertake that:

• you are authorised to act for the venue, brand, customer, reseller, or sender named in the campaign;
• the audience was lawfully collected and may lawfully be used for the campaign;
• the campaign complies with POPIA, the CPA, ECTA, applicable consumer laws, channel rules, and this policy;
• all opt-outs, objections, withdrawals of consent, suppression requests, and unsubscribe requests have been honoured;
• the message content is accurate, lawful, fair, and not misleading;
• the campaign does not infringe any third-party intellectual property, privacy, publicity, consumer, or contractual rights;
• you have obtained all internal approvals, reseller approvals, third-party approvals, sender approvals, and provider approvals required for the campaign; and
• you will retain enough evidence to prove campaign compliance if requested.

22. Limitation of Liability

To the maximum extent permitted by law, Triotek is not liable for indirect, special, incidental, punitive, exemplary, or consequential loss arising from campaign use, including loss of profit, loss of revenue, loss of goodwill, loss of reputation, loss of data, loss of opportunity, failed delivery, delayed delivery, blocked messages, inaccurate analytics, provider downtime, account suspension by a third party, or claims arising from your campaign content or recipient selection.

Triotek does not guarantee that any campaign will produce sales, engagement, foot traffic, conversions, leads, bookings, revenue, or any particular business outcome. Campaign performance depends on many factors outside Triotek’s control.

Nothing in this policy limits liability that cannot lawfully be limited under South African law.

23. Indemnity

You indemnify Triotek, its directors, employees, contractors, service providers, resellers, and affiliates against all claims, complaints, losses, damages, penalties, fines, costs, legal fees, investigations, regulatory actions, third-party provider claims, recipient claims, and expenses arising from or connected to your campaign use.

This indemnity includes claims arising from unlawful data collection, lack of consent, unlawful direct marketing, failure to honour opt-outs, misleading content, unlawful promotions, breach of POPIA, breach of the CPA, breach of ECTA, breach of third-party provider rules, intellectual property infringement, misuse of credentials, uploaded data, imported lists, or any instruction given by you or your authorised users.

24. Changes to this Campaigns Policy

Triotek may update this Campaigns Policy from time to time to reflect changes in law, platform functionality, third-party provider rules, commercial terms, security practices, or operational requirements.

Where a change is material, Triotek may notify users through the platform, by email, through reseller communication, or by updating this page. Continued use of the campaign module after an updated policy becomes effective means that you accept the updated policy.

25. Governing Law and Jurisdiction

This Campaigns Policy is governed by the laws of the Republic of South Africa. Any dispute arising from or relating to this policy, the campaign module, or campaign use will be subject to the jurisdiction of the South African courts, unless a written agreement between the parties provides otherwise.

26. Contact Information

For questions, opt-out concerns, campaign abuse reports, reseller queries, or compliance notices relating to this Campaigns Policy, please contact:

Triotek (Pty) Ltd
Registration number: 2023/804559/07
Operating location: Pretoria, Gauteng, South Africa
E-mail: help@triotek.co.za
Phone: 087 821 7274

When reporting a campaign issue, please include the message received, sender details, date and time received, mobile number or email address involved, venue or brand name if known, and any opt-out instruction already sent.

27. Important Legal Review Notice

This Campaigns Policy is intended to provide a practical compliance framework for the Triotek platform. It is not a substitute for legal advice. Customers, venues, resellers, and campaign users should obtain independent legal advice where they are unsure about their direct marketing, POPIA, CPA, ECTA, consent, opt-out, or data protection obligations.