This document outlines how Red G (Pty) Ltd, its various departments, and third-party providers process, store, manage, and share personal data in accordance with the Protection of Personal Information Act (PoPIA) of 2013 in South Africa.

 

What is the PoPI Act?
TL;DR
The PoPI Act is South Africa's GDPR, setting standards for protecting personal information held by individuals and organizations. It applies to various processing activities and existing records.

The Protection of Personal Information Act, also known as the PoPI Act, is South Africa's legislation equivalent to the EU's GDPR (General Data Protection Regulation).

The PoPI Act applies to individuals and organizations that maintain any form of records containing personal information, unless other legislation provides stronger protection for such information.

The act sets the minimum standards for safeguarding personal information and governs its processing. Processing includes activities such as collecting, receiving, recording, organizing, retrieving, using, disseminating, distributing, or making personal information available. The act also applies to records that are already in the possession of the entity or person responsible for processing.

Where we store your information
TL;DR
We securely store your information on our website servers, manage customer data through our CRM on secure servers, store physical forms securely at our branch, and record and save phone calls on our servers.

The storage of your information depends on the specific services you use. Let's break it down:

Our Website:
When you register an account on our website, you provide your information, which is securely stored on our servers. Access to this information is subject to the conditions mentioned below.

Our CRM:
We utilize a custom-built CRM to manage our customers, bookings, vouchers, sign-over sheets, training sign-ins, scheduled drives, and more. Our CRM operates on state-of-the-art servers that ensure the security of our main website.

Phone Calls:
All phone calls made to any of our contact numbers are recorded and saved on our VoIP servers.

Data Retention Periods
TL;DR
Website: Profile information deleted after 18 months of inactivity; CRM: Inactive accounts kept for up to 2 years, blacklisted accounts retained indefinitely; Phone Calls: Recordings stored for 3 months

Each section mentioned above follows specific storage policies:

Our Website:
On our website, the duration of information storage depends on activity. Our policy states that if you have not been active on our website for more than 18 months, your profile and all associated information will be deleted from our website and purged from our databases. We determine activity based on the last successful login to our website, as we do not have alternative means of tracking user activity.

Our CRM:
Once your information has been removed from our main website, your account on our CRM is marked as inactive. This inactive state persists for a period not exceeding 2 years. If you have been blacklisted by us due to non-payment or any other blacklisting policies, your information will be retained for a minimum of 10 years, and potentially indefinitely.

Phone Calls:
Each incoming and outgoing call is recorded and stored. The recording files are retained for 3 months before being deleted.

Access to Your Information
TL;DR
We prioritize information security, restrict access to specific parties, and limit data handling by staff, hosting providers, and accountants.

We are meticulous about sharing information and limit its access to specific parties. We do not share any information with advertising agencies or any other party that does not directly contribute to our services.

Our Staff:
To perform their required duties, our staff members are provided with access to your information through company-supplied laptops and/or mobile phones.

Diamatrix t/a Domains:
As part of their service offering, Domains hosts and stores data for clients. Clients have access to their own data, which is secure on a per-product basis. While Domains staff may have access to servers and client data as necessary, they do not handle or manipulate any client data without explicit permission. Domains has signed NDAs with staff members and third parties, including their external network management team.

Our Accountants:
Our accountants may occasionally access information related to accounts for purposes such as following up on outstanding payments, VAT calculations, and financial services.

Third Parties with Access to Your Information
TL;DR
We use trusted third-party providers like Zoho, Google, Apple, 3CX, and Brevo for specific services like accounting, remote access, email, analytics, telecommunications, and mass mailing, prioritising privacy and obtaining explicit consent.

To provide you with the best service possible, we engage with select third-party providers who receive limited access to your information. However, this access is more restricted compared to the information you provide and is only accessed by Red G staff.

Zoho Books:
We utilize Zoho Books for managing our accounting. Any customer information and purchases are stored on Zoho Books. Zoho staff members do not have access to or the ability to manipulate this information. In rare cases where technical assistance requires Zoho's access to our profile, their actions are supervised by an Red G staff member. Furthermore, the contractual agreement with Zoho Books ensures that no information is shared or accessed without explicit permission from Red G.

Zoho Assist:
We make use of Zoho Assist to remotely monitor and access our customer's computer(s) with their explicit consent. Zoho Employees never have access to the remote connection, and the remote connection is end-to-end encrypted

Google:
We rely on various Google services, including Google Workspace for emails, calendar, and contacts; Google Analytics for monitoring website usage and statistics; Google My Business for managing our business listing and responding to reviews; and Google Maps for navigation for consultations.

Apple:
For staff members using Apple devices, your contact information may be saved in their iCloud service (e.g., Apple Mail, Contacts, Calendar). Apple Maps may also be used for navigation to and from consultations.

3CX:
3CX is our telecommunications software provider, responsible for securely storing all phone calls, phone numbers, and call recordings on their servers.

Brevo (Previously: SendinBlue):
Brevo serves as our mass mailing provider. Any newsletters or notices sent are sent through Brevo. This service operates on an opt-in basis, ensuring that we do not send any information to you, our customer, without your approval.

Information We Store
TL;DR
We may store some or all of the information listed below. You can request a copy of the information we have on file for you at any time. Please note that the list provided is for indicative purposes and may not include all data elements.

We may store some or all of the information listed below. You can request a copy of the information we have on file for you at any time. Please note that the list provided is for indicative purposes and may not include all data elements.

Our Website:

  • Your name and surname
  • Your email address
  • Your contact number
     

Our CRM:

  • Your name and surname
  • Your email address
  • Your contact number
  • Additional contact names
  • Additional contact numbers
  • Your physical address
     

Zoho Books:

  • Your name and surname
  • Your email address
  • Your contact number
  • Additional contact names
  • Additional contact numbers
  • Your physical address
     

Zoho Assist:

  • Your name and surname
  • Your PC Model name
  • Your PC Model Number
  • Your Computer IP Address
  • Your computer's status
     

Google:

  • Your name and surname
  • Your email address
  • Your contact number
  • Your physical address
     

Apple:

  • Your name and surname
  • Your email address
  • Your contact number
  • Your physical address
     

3CX:

  • Your contact number
  • Call recordings
     

Brevo (Previously SendinBlue):

  • Your name and surname
  • Your email address
  • Your contact number
Requesting the Removal of All Information
TL;DR
You can request the removal of your information from our systems, but certain data may be retained for legal and tax purposes. Contact us for a breakdown of stored information.

At your discretion, you may request the removal of all your information from our systems. To initiate this process, please send an email to [email protected] with your removal request. However, please be aware of the following limitations:

  • If you have been blacklisted, we will retain your information for legal reasons.
  • All financial transactions and related information will be kept for tax purposes, but the information will be deleted once the financial year is closed.
  • Email correspondence will be retained for legal reasons.

You can also request a breakdown of all stored information, including what has been deleted and what is scheduled for deletion.

Our POPI Compliance Officer
TL;DR
Who to contact if you have questions regarding our PoPIA Compliance

The POPI Act mandates that businesses designate a compliance officer for addressing queries, complaints, and information requests.

Our Compliance Officer:

Dean Swart
[email protected]
+27 (11) 708-0160