POPAI Privacy Policy

1. INTRODUCTION

Respecting and protecting your privacy and Personal Information (refer to the definition of Personal Information at the end of this policy statement) is very important to WhyX Limited. It is also a constitutional right and a requirement for good business practice, which we take very seriously.

 

This policy applies to and is followed by WhyX Limited and its related entities. This policy governs the relationship between you and WhyX Limited, with which you have signed an engagement letter or otherwise provided personal information.

 

In the paragraphs which follow, any reference made to "us", "we" or "our" is a reference to WhyX Limited.

In line with the 8 Conditions for Lawful Procession of Personal Information as set out in the Protection of Personal Information Act no 4 of 2013 (the Act), we (the specific legal entity with which you have signed an engagement letter):

Accept joint responsibility and accountability with you to responsibly manage and protect your Personal Information when providing our services and solutions to you;

  • Undertake to collect and process only such Personal Information which is necessary, given the purpose for which it is processed and to assist you with your required solutions, conclude the necessary related agreements and consider the legitimate legal interests of everyone concerned, as required by the Act. We will at all times respect your right to withdraw your consent for the processing of your Personal Information;
  • Undertake to only use your Personal Information for the purpose for which the information is essential to enable us to assist you or provide solutions to you;
  • Undertake not to share or further process your Personal Information with anyone or for any reason if not required for assisting you with your solutions or as required in terms of legislation or regulations;
  • Undertake to take reasonably practicable steps to ensure that information is complete, accurate, not misleading and, where necessary, is updated;
  • Undertake to be open and transparent on the nature, extent and reasons for processing Personal Information;
  • Undertake to safeguard and protect your Personal Information in our possession;
  • Undertake to freely confirm what Personal Information we hold of you, to update and rectify the Personal Information upon request and to keep it for no longer than required.

 

By providing us with your Personal Information, you agree to this Policy and authorise us to process such information as set out herein. You authorise WhyX Limited and any associated entities or third parties (where applicable) for the purposes set out herein.

 

We will not use your Personal Information for any purpose other than that set out in this Policy. We will take the necessary steps to secure the integrity and confidentiality of Personal Information in our possession and under our control by taking appropriate and reasonable measures to prevent loss of, damage to or unauthorised destruction of your Personal Information and to prevent the unlawful access to, or processing of Personal Information.

 

2. REASONS FOR PROCESSING PERSONAL INFORMATION

We, or the entities who provide or assist with the solutions you require (if any), need to collect, use and keep your Personal Information as prescribed by relevant legislation and regulations and for reasons such as:

  • To provide software development and related services as per your mandate to us, as set out in the engagement letter, and to maintain our relationship.
  • To respond to your queries;
  • To confirm and verify your identity or to verify that you are an authorised user for security purposes.
  • To comply with all legislative or regulatory requirements related to services provided to you by us;
  • To fulfil our contractual obligations to you, for example, to ensure that invoices are issued correctly, to communicate with you and to carry out instructions and requests;
  • For any other operational purposes required to assist you with the solutions you require.
  • To comply with our legal obligations to you, for example, health and safety obligations while you are on any of our premises, or to a third party;
  • In connection with possible requirements by the Information Regulator or other Government agencies allowed by law, legal proceedings, or court rulings.

 

3. BUSINESS ACTIVITIES FOR WHICH PERSONAL INFORMATION IS PROCESSED

  • Recruitment and Employment purposes
  • Providing Software Development and Professional Services as per client mandate;
  • Administering, managing and developing our businesses and services;
  • Security, quality and risk management activities;
  • Complying with any requirement of law, regulation or a professional body of which we are a member.

 

4. SHARING OR TRANSFER OF PERSONAL INFORMATION

Our employees will have access to your Personal Information to administer and manage our software development services and internal business processes. In general, we do not share your Personal Information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.

 

CROSS BORDER

We may need to share Personal Information outside of South Africa for purposes of providing our software development services, cloud hosting, and technical support. This will be done in strict adherence to POPIA requirements and only when at least one of these conditions is met:

  • The recipient country has adequate data protection laws
  • The transfer is necessary for the performance of a contract
  • You have provided consent for the transfer
  • The transfer is necessary for the implementation of a pre-contractual measure

 

THIRD-PARTY PROVIDERS/OPERATORS

We may need to share your Personal Information with:

  • Cloud service providers
  • Development tool providers
  • Hosting services
  • Technical support services
  • Professional service providers

 

This will only be done in strict adherence to POPIA requirements, with appropriate agreements in place to ensure they comply with privacy requirements as required by the Act.

We may also disclose your information:

  • Where we have a duty or a right to disclose in terms of legislation, regulations or industry codes;
  • Where we believe it is necessary to protect our rights;
  • When explicitly requested by you;
  • When required by law enforcement, regulatory and other government agencies and professional bodies, as required by and/or by applicable law or regulation.

 

5. INFORMATION SECURITY

We are legally obliged to provide adequate protection for the Personal Information we hold and to stop unauthorised access and use thereof. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your Personal Information remains secure.

We implement robust security measures to protect your Personal Information, including:

  • Encryption of data in transit and at rest
  • Secure development practices
  • Regular security audits
  • Access control systems
  • Employee training programs
  • Incident response procedures
  • Network security controls
  • Physical security measures
  • Secure backup systems
  • Regular security assessments
  • Vulnerability management
  • Security monitoring and logging
  • Data loss prevention measures

 

Generally accepted standards of technology and operational security have been implemented to protect information from loss, misuse, alteration, or destruction. All our employees are trained on information security and are required to keep Personal Information confidential, and only authorised persons have access to such information.

 

6. RETENTION OF PERSONAL INFORMATION

We retain Personal Information only for:

  • The period necessary to fulfil the purposes outlined in this policy
  • The period required by law
  • The period specified in our contracts
  • The period necessary for legitimate business purposes

 

We shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.

 

All Personal Information will be securely destroyed or anonymised when no longer needed.

 

7. YOUR RIGHTS: ACCESS TO INFORMATION

You have the right to:

  • Request access to your Personal Information
  • Know whether we hold your Personal Information
  • Request correction or deletion of your Personal Information
  • Object to the processing of your Personal Information
  • Lodge a complaint with the Information Regulator

 

To exercise these rights, simply contact us via the numbers/addresses provided in the "How to Contact Us" section. We will need proof of authorisation or a copy of your ID document to confirm your identity before providing details of your personal information.

 

Please note that any such access request may be subject to a payment of a legally allowable fee.

 

8. AMENDMENTS TO YOUR INFORMATION

You have the right to ask us to update, correct or delete your personal information. We require proof of identity and/or authority before making changes to the personal information we may hold of you. We would appreciate it if you would keep your personal information accurate and up to date.

 

You may request updates, corrections, or deletion of your Personal Information by:

    Emailing our Information Officer at mellisa.sicasha@pkf.com

    Submitting a request through our website at https://www.whyx.biz

    Calling our support team at +27 (0) 10 595 9610

 

9. COOKIE POLICY

Our website uses cookies for the following purposes:

Essential cookies:

  • Authentication and security
  • Basic website functionality
  • Session management

 

Analytics cookies:

  • Website usage analysis
  • Performance monitoring
  • User experience improvement

 

Preference cookies:

  • Language settings
  • Regional preferences
  • User customisation options

 

You can control cookie settings through your browser preferences. You may choose to disable cookies, but this may affect the functionality of our website.

 

10. HOW TO CONTACT US

If you have any queries about this policy, or need further information about our privacy practices, wish to withdraw consent, exercise preferences or access or correct your personal information, please get in touch with us at:

    Name: Mellisa Sicasha

    Email: mellisa.sicasha@pkf.com

    Phone: +27 (0) 10 595 9610

    Physical Address: 89 Nelson Mandela Ave, Randhart, Alberton, South Africa

    

Information Regulator Contact Details:

    Website: https://www.justice.gov.za/inforeg/

    Tel: 012 406 4818

    Email: inforeg@justice.gov.za

 

Definition of Personal Information

Personal Information is defined by the Protection of Personal Information Act (the Act) as:

  • "information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
  • information relating to race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature, or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person".

 

This Privacy Policy was last updated on December 12, 2024.