Your data is important to us, and to you. By using our services, we need to collect some of your data, and it is important that you understand what we collect, why, and how that data is used.
This policy may update from time to time, and periodic checks of this policy are recommended.
- What is stored
-
Client details to allow for the provision and billing of services for clients. This data may include but is not limited to:
- Email addresses
- Names
- Contact numbers
- Physical and/or billing addresses
- Client files as you may put them on their website(s) or submit them to us as part of our services offered
- Banking details when provided and/or required for billing purposes (e.g., debit orders or requested refunds)
- Correspondence with clients
- Billing history
- We may record how and when you use our services and products; your IP address; and cookie data.
- This information is collected automatically, and is used for auditing, security purposes, and to enhance user experience.
- Backups of this data, maintained on a Monthly, Weekly, and rolling 6 Day cycle.
- We retain this information as long as you use our products or services and for at least one year after your last order as required by the Electronic Communications and Transactions Act 25 of 2005.
- Order details are kept for 5 years after tax submission as required by the Tax Administration Act 28 of 2011.
- Where it is stored
- On dedicated and cloud-based servers managed within hosted datacenters in South Africa and Germany.
- Data on German servers is encrypted with keys held only in South Africa. This data is encrypted in transit and at rest (while being transferred and while it is stored). Our German servers and Third-Party Operators fall under GDPR, which is substantially similar to POPI and other privacy legislation in South Africa.
- How it is kept safe
- Password protected access is mandatory across all platforms and is granular in nature.
- Access to any service or portion of our systems is similarly granular and only provided up to the level of access required.
- Access to our systems is encrypted whenever possible and required for access to anything more than basic services.
- SSL is available wherever feasible, and typically enabled by default.
- Two Factor Authentication (2FA) is also available for various access types and mandated on accounting system access.
- Clients have the option to enable 2FA for access to their own services via Google Authenticator, a POPI compliant Third-Party Operator.
- Ongoing monitoring, updates, and security checks are standard practice, and are logged.
- Third party operators where used (Data Centre facilities, Banks, etc.) all fall under POPI and/or GDPR compliance.
- Contact information (and any other information listed under 1) is not shared or made available to third parties without consent of the first party.
- Logging (and storage of these logs) is maintained to assist in audit requests as per the backup policy outlined in 1.
- How data is collected and how it can be managed
- Data is collected when submitted by the client, by means of a request with that information to us, or by our request to the client to create or modify services offered to them.
- We keep that information up to date based on correspondence with clients (e.g., a phone call or email requesting an update).
- Clients are provided with access to their own user profile and services profile via separate logins and can manage their information and services there.
- Clients may opt out of storing private information outside of South Africa on request.
