Every employee must implement our system of internal control in his/her responsibility area.
Privacy policy
Version 1a

1. Introduction

This Privacy Policy explains how personal information is collected, used, stored, and protected when using the Service.

The Provider is committed to processing personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA).

2. Information Collected

The Service may collect:

  • Names and addresses (first names and last names);
  • email addresses;
  • usernames;
  • organisational information;
  • audit logs and system activity records;
  • authentication information;
  • technical information relating to system access.

The Organisation is responsible for ensuring that personal information uploaded to the Service is collected and processed lawfully.

3. Purpose of Processing

Personal information may be processed for:

  • user authentication;
  • operation of the Service;
  • communication with users;
  • billing and subscription management;
  • security monitoring;
  • legal and regulatory compliance.

4. Lawful Basis for Processing

Personal information is processed:

  • with consent where required;
  • to perform contractual obligations;
  • to comply with legal obligations;
  • for legitimate business purposes related to operation of the Service.

5. Information Sharing

The Provider does not sell personal information.

Information may be shared only:

  • with service providers assisting in operation of the Service;
  • where required by law;
  • where necessary to protect legal rights;
  • with the Organisation to which the user belongs.

6. Security Measures

Reasonable technical and organisational safeguards are implemented to protect personal information against:

  • unauthorised access;
  • loss;
  • destruction;
  • disclosure;
  • alteration.

No internet-based system can guarantee absolute security.

7. Retention

Personal information is retained only for as long as reasonably necessary for operational, contractual, legal, regulatory, or security purposes.

8. Data Subject Rights

Subject to applicable law, users may request:

  • access to personal information;
  • correction of inaccurate information;
  • deletion where legally permissible;
  • objection to certain processing activities.

Requests may be submitted through the Organisation's Administrators or directly to the Provider where appropriate.

9. Cookies and Technical Data

The Service may use cookies, session identifiers, and similar technologies to maintain security and functionality.

Users may disable cookies through browser settings, although some features may not function correctly.

10. Cross-Border Transfers

Where personal information is transferred outside South Africa, the Provider shall take reasonable steps to ensure that appropriate safeguards are in place as required by POPIA.

11. Contact Information

Questions regarding privacy or personal information processing may be directed to the Provider using the contact details published on the Service.

12. Changes to this Policy

This Privacy Policy may be updated periodically.

Continued use of the Service following publication of revisions constitutes acceptance of the updated Policy.