Decode Development (Pty) Ltd privacy policy

This policy was last updated on 4 October 2021.

  1. 1. Introduction
    1. 1.1. Decode Development (Pty) Ltd with registration number 2020/108155/07 (herein "Decode") is committed to data protection and the right to privacy.
    2. 1.2. This privacy policy applies to personal information collected by Decode in connection to our website, services, and products provided by us. When you engage with us as a customer, supplier or prospective employee, we may collect and process certain personal information. This privacy policy together with any contractual agreements entered into between you and Decode, sets out the basis on which any personal information that we collect from you, or that you provide to us, will be processed by us.
  2. 2. Our contact details
    1. 2.1. Name: Decode Development (Pty) Ltd
    2. 2.2. Address: 31 Viridian Square, Viridian Street, Burgundy Estate, 7441, South Africa
    3. 2.3. Email: domicilium@decodedev.co.za
  3. 3. The type of personal information we process and how we get it
    1. 3.1. We currently collect and process the following personal information:
      1. 3.1.1. Personal information collected from users of our website:

        Type of personal information Source Is collection voluntary / mandatory? Consequences of failure to provide the information
        IP addresses of users who browse the website Directly from data subject Voluntary The website may have reduced functionality if it is blocked from processing this information.
        Name, email, contact number entered into “contact us” form on website Directly from data subject Voluntary You will be able to browse the website but will not be able to contact us via the website without providing this information.
      2. 3.1.2. Personal information collected from or relating to customers and prospective customers of our services:

        Type of personal information Source Is collection voluntary / mandatory? Consequences of failure to provide the information
        Customer name, registration number Directly from data subject Voluntary We will not be able to provide our services without being able to identify the customer.
        Customer VAT number Directly from data subject Voluntary Customer may have increased difficulty claiming VAT if we are not provided with this information.
        Customer email address, physical address and telephone number Directly from data subject Voluntary We will not be able to provide services without being able to communicate with customers.
        Names and contact details of employees of customers Directly from data subject when they interact with us, and/or indirectly from their employer when providing contact details for the customer Voluntary We will not be able to respond to communication from individual employees of customers without processing this information.
        Email correspondence of a confidential nature with customers and employees of customers Directly from data subject when they interact with us Voluntary We will not be able to respond to communication from customers without processing this information
      3. 3.1.3. Personal information collected from or relating to our suppliers:

        Type of personal information Source Is collection voluntary / mandatory? Consequences of failure to provide the information
        Supplier name, registration number Directly from data subject Voluntary We will not be able to procure goods or services from a supplier without this information.
        Supplier email address, telephone numbers Directly from data subject and/or indirectly from publicly available information Voluntary We will not be able to contact a supplier without at least one of these items being provided.
        Work email address and/or telephone numbers of employees of suppliers Directly from data subject and/or indirectly from their employer Voluntary We will not be able to contact particular individuals within a supplier without this information.
        Supplier VAT number Directly from data subject Mandatory if supplier charges VAT Supplier will not be able to charge VAT without providing a VAT number.
        Supplier banking details Directly from data subject Voluntary We will not be able to pay our suppliers without this information.
      4. 3.1.4. Personal information collected in relation to prospective employees during the hiring process:

        Type of personal information Source Is collection voluntary / mandatory? Consequences of failure to provide the information
        Applicant name Directly from data subject or indirectly from third party recruitment service provider Voluntary We will not be able to process a job application unless this information is provided.
        Applicant identity number Directly from data subject or indirectly from third party recruitment service provider Voluntary We will not be able to process a job application unless this information is provided.
        Applicant email address, physical address and telephone number Directly from data subject or indirectly from third party recruitment service provider Voluntary We will not be able to process a job application without at least one of these items being provided.
        Employment history; Directly from data subject or indirectly from third party recruitment service provider Voluntary We will not be able to assess the suitability of the applicant for the role unless this information is supplied
        Views or opinions of our relevant staff members about the data subject Indirectly from our relevant staff members Voluntary We will not be able to assess the suitability of the applicant for the role unless this information is supplied
        Views or opinions of former employers and other references about the data subject Directly from data subject, indirectly from third party recruitment service providers or indirectly from references named by the data subject and subsequently contacted by us Voluntary Our ability to assess the suitability of the applicant for the role will be hindered if no references are supplied.
    2. 3.2. In order to update, correct or delete your personal information, you may contact us using the contact details provided in paragraph 12.
  4. 4. How we use personal information:
    1. 4.1. We use personal information of our customers:
      1. 4.1.1. to identify our customers in order to provide them with services;
      2. 4.1.2. to fulfil our contractual obligations;
      3. 4.1.3. to provide support; and
      4. 4.1.4. for billing purposes.
    2. 4.2. We use personal information of our suppliers:
      1. 4.2.1. for general procurement functions including making orders and arranging deliveries;
      2. 4.2.2. to generally fulfil our contractual obligations with the suppliers; and
      3. 4.2.3. to pay them for products/services.
    3. 4.3. We use personal information of prospective employees:
      1. 4.3.1. for recruitment purposes.
    4. 4.4. More generally, we use personal information collected and processed as follows:
      1. 4.4.1. to fulfil our contractual obligations;
      2. 4.4.2. to communicate with customers, suppliers and their respective employees who interact with us;
      3. 4.4.3. to comply with any applicable laws.
  5. 5. Storage and security of your personal information
    1. 5.1. We store your personal information on third-party servers, with our primary cloud providers being located in the United States. Some of our third-party service providers are also located outside of South Africa, and accordingly your personal information will be transferred to one or more of the following countries in order for us to receive services from the relevant service providers:
      1. 5.1.1. Google Drive (stores information): United States. Google's privacy policy is available here: https://policies.google.com/privacy?hl=en-US
      2. 5.1.2. Google Mail (processes correspondence): United States. Google's privacy policy is available here: https://policies.google.com/privacy?hl=en-US
      3. 5.1.3. Xero (processes accounting-related personal information): United States, New-Zealand, Australia, United Kingdom. Xero’s privacy policy is available here: https://www.xero.com/za/about/legal/privacy/
      4. 5.1.4. Zoho Desk (processes information pertaining to support functions): United States, European Union. Zoho Desk's privacy policy is available here: https://www.zoho.com/en-za/privacy.html
    2. 5.2. We have organisational and technical measures in place to protect your personal information. Our efforts in this regard will comply with the requirements of applicable law. You acknowledge and agree however that there are inherent risks to the security of data in the use of applications and services, such as vulnerabilities in the underlying technology. We accordingly do not guarantee that your data cannot ever be compromised and you accept this risk by using the website, our services and/or products.
    3. 5.3. When you have chosen or been given a password which enables you to access certain parts of our services and/or products, you are responsible for keeping that password confidential. Please do not share your password with anyone.
  6. 6. Cookies
    1. 6.1. Cookies are small text files transferred by a server to your device and may contain various types of information useful in persisting data, such as login status, preferences and settings. We use cookies on the website as described in our cookie policy.
  7. 7. Third party websites
    1. 7.1. Our website may occasionally contain links to third-party websites. If you click on the links to third-party websites, you leave our website.
    2. 7.2. We are not responsible for the content of third-party websites or for the security of your personal information when you use them.
  8. 8. Social networking services
    1. 8.1. We use social networking services such as Twitter and LinkedIn to communicate with the public about our business. When you communicate with us through these services, that social networking service may collect your personal information for its own purposes.
    2. 8.2. These services have their own privacy policies which are independent of the privacy policy and practices of Decode.
  9. 9. How we share your personal information
    1. 9.1. We may share your personal information with third parties service providers engaged by Decode. Where your personal information is shared with service providers, Decode shall enter into written agreements to ensure your personal information is processed in accordance with POPIA and this privacy policy.
    2. 9.2. We share your personal information with the following categories of recipients:
      1. 9.2.1. Storage providers;
      2. 9.2.1. Service providers
    3. 9.3. On rare occasions, we may be required to disclose your personal information because of legal or regulatory requirements. In such instances, we reserve the right to disclose your personal information as required in order to comply with our legal obligations, including complying with court orders, warrants, subpoenas, service-of-process requirements or discovery requests.
    4. 9.4. We may also disclose information about our data subjects to law enforcement officers or others, in the good faith belief that such disclosure is reasonably necessary to enforce our Terms or this privacy policy or respond to legal claims that any content violates the rights of third parties, or to protect our intellectual property rights or our personal safety or the personal safety of our users or the general public.
    5. 9.5. Changes of business ownership or control: We may share your personal information with third parties in connection with a sale of assets, restructuring or merger, in which case we will notify you and will, if required by applicable law, also notify and obtain approval from any relevant regulators.
  10. 10. Your data protection rights
    1. 10.1. Your rights as a data subject in terms of POPIA include the following:
      1. 10.1.1. Notification: You have the right to be notified that your personal information is being collected in terms of section 18 of POPIA. You have the right to be notified that your personal information has been accessed or acquired by an unauthorised person in terms of section 22 of POPIA.
      2. 10.1.2. Access: You have the right to establish whether we hold personal information about you and to request access to your personal information as provided for in section 23 of POPIA.
      3. 10.1.3. Correction or deletion: You have the right to request, where necessary, the correction, destruction or deletion of your personal information as provided for in section 24 of POPIA.
      4. 10.1.4. Objection: You have the right to object, on reasonable grounds relating to your particular situation, to the processing of your personal information as provided for in terms of section 11(3)(a) of POPIA. You have the right to object to the processing of your personal information at any time for purposes of direct marketing in terms of section 11(3)(b) of POPIA, or in terms of section 69(3)(c) of POPIA.
      5. 10.1.5. Direct marketing: You have the right not to have your personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1) of POPIA.
      6. 10.1.6. Automated processing: You have the right not to be subject to a decision which results in legal consequences for you, or which affects you to a substantial degree, which is based solely on the basis of the automated processing of your personal information intended to provide a profile of you as provided for in terms of section 71 of POPIA.
      7. 10.1.7. Complaints: You have the right to lodge a complaint to the Information Regulator in terms of section 74 of POPIA as detailed in paragraph 13.
      8. 10.1.8. Civil proceedings: You have the right to institute civil proceedings regarding the alleged interference with the protection of your personal information as provided for in section 99 of POPIA.
      9. 10.1.9. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at domicilium@decodedev.co.za if you wish to make a request.
  11. 11. Notification of changes
    1. 11.1. We reserve the right to change this privacy policy from time to time and in our sole discretion.
    2. 11.2. We will notify you of material changes to this privacy policy by the email address we have on record for you or by using any other reasonable methods.
  12. 12. How to contact us
    1. 12.1. If you have questions about this privacy policy, please contact us at domicilium@decodedev.co.za.
  13. 13. How to complain
    1. 13.1. If you have any concerns about our use of your personal information, you can make a complaint to us by emailing domicilium@decodedev.co.za. You can also submit a complaint to the Information Regulator by emailing complaints.IR@justice.gov.za.