POPIA Act 4 of 2013 Data Protection Your Rights

Privacy Policy

How Chaungeni Technologies collects, uses, and protects your personal information

Last Updated: March 2026  |  Version 2.0  |  Governed by POPIA Act 4 of 2013

Summary: We respect your privacy and are committed to protecting your personal information. This policy explains what we collect, why we collect it, how we use it, and what your rights are under South Africa's Protection of Personal Information Act (POPIA), Act 4 of 2013. By using our website or services, you acknowledge this policy.
Contents
1. Information Officer 2. Who We Are 3. Information We Collect 4. Lawful Basis for Processing 5. How We Use Your Information 6. Data Sharing & Third Parties 7. Cross-Border Transfers 8. Data Retention Periods 9. Security Measures 10. Breach Notification 11. Your POPIA Rights 12. Cookies & Tracking 13. Direct Marketing 14. Repair Tracking Codes 15. Children's Privacy 16. PAIA Manual 17. Information Regulator 18. Policy Changes Contact Us
01
Information Officer — POPIA Designation
Under POPIA Section 55, every responsible party (entity that processes personal information) must designate an Information Officer. This person is responsible for ensuring POPIA compliance and handling data subject requests.
Designated Information Officer

Name: Thabang Chaungeni

Role: Director & Information Officer

Email: tech@chaungeni.co.za

Phone: 082 233 8003

What the Information Officer Does
  • Handles all data subject access requests
  • Manages POPIA compliance within Chaungeni Technologies
  • Oversees data security and breach response
  • Liaises with the Information Regulator
02
Who We Are — Responsible Party

Chaungeni Technologies ("we", "us", "our") is the responsible party in terms of POPIA. We determine the purpose and means of processing your personal information. We operate as an IT services, repair, and hardware sales business based in Bloemfontein, Free State, South Africa.

  • Physical address: 09 John Chard, Brandwag, Bloemfontein, 9301
  • Email: tech@chaungeni.co.za
  • Phone: 082 233 8003
  • Website: chaungeni.co.za
03
Information We Collect & Why

We collect only the personal information necessary for the specific purposes described in this policy (the POPIA principle of purpose limitation). The following table sets out the categories of information we process:

Category Examples Purpose
Contact Information Full name, email, phone number, physical address Service delivery, invoicing, communication
Device & Repair Information Device make, model, serial number, IMEI, fault description, repair history Repair service management, warranty tracking, ownership verification
Financial Information Invoice history, payment records, transaction references Billing, accounting, SARS compliance
Online & Technical Data IP address, browser type, pages visited, session duration Website analytics, security monitoring, improving user experience
Business Information (MSP clients) Company name, IT infrastructure details, employee user counts Managed IT service delivery, remote support, contract management
Communication Records Emails, WhatsApp messages (business-related), service notes Service history, dispute resolution, quality assurance
We do not store card details. All payment card data is processed exclusively by PayFast's PCI-DSS Level 1 compliant infrastructure. We only receive transaction confirmation and reference numbers.
04
Lawful Basis for Processing POPIA s.11

Under POPIA Section 11, personal information may only be processed if at least one of the following lawful grounds applies. We process your information on the following bases:

Processing ActivityLawful Basis (POPIA s.11)
Providing repair services, fulfilling ordersPerformance of a contract (s.11(1)(b))
Invoicing, tax records, SARS complianceLegal obligation (s.11(1)(c))
Fraud prevention, IMEI verification, SAPS reportingLegal obligation & legitimate interest (s.11(1)(c)(f))
Website analytics, improving our servicesLegitimate interest (s.11(1)(f))
Direct marketing to existing customersLegitimate interest (s.11(1)(f)) — with opt-out right
Direct marketing to new contactsYour consent (s.11(1)(a))
Managed IT services data processingPerformance of a contract (s.11(1)(b))
05
How We Use Your Information
5.1 Service Delivery

Processing orders, scheduling repairs, tracking job progress, generating and sending invoices, and communicating with you about your service or order.

5.2 Business Operations

Internal record-keeping, financial reporting, tax compliance, quality control, and employee management where relevant to your interaction with us.

5.3 Legal Compliance

Complying with applicable South African legislation including SARS obligations, the Consumer Protection Act, POPIA, COIDA, and reporting obligations to SAPS where criminal conduct is suspected.

5.4 Security & Fraud Prevention

IMEI verification, detection and prevention of fraudulent transactions, protection of customer and company assets, and cybersecurity monitoring on managed services networks.

5.5 Service Improvement

Anonymised analytics data to understand how our website is used, which products are popular, and how we can improve our service offering. This data does not identify you individually.

5.6 What We Do NOT Do
  • We do not sell, rent, or trade your personal information to third parties
  • We do not share your information with advertisers
  • We do not use your personal data for automated decision-making that significantly affects your rights without your knowledge
06
Data Sharing & Third-Party Operators POPIA s.21

We may share your personal information with carefully selected third parties (operators) in limited circumstances. All operators are contractually bound to process data only for the purpose we specify and in compliance with POPIA.

Third PartyPurposeData Shared
PayFast (Pty) Ltd Payment processing Name, email, amount, order reference — no card data
Courier companies Product delivery Name, delivery address, phone number
Cloud storage providers
(Backblaze B2 or equivalent)		 Managed backup services Encrypted backup data for MSP clients only
Google Analytics Website analytics Anonymised usage data (IP anonymised)
Authorised subcontractors Specialist repair services Device details, repair notes only — no financial data
SAPS (South African Police Service) Legal reporting obligation Only when legally required (e.g. suspected stolen devices)
07
Cross-Border Data Transfers POPIA s.72

POPIA Section 72 restricts the transfer of personal information outside South Africa unless adequate protection is in place. The following cross-border transfers may occur as part of our service delivery:

  • PayFast: Payment transaction data may route through international servers as part of card processing. PayFast maintains PCI-DSS Level 1 certification internationally.
  • Google Analytics: Anonymised website usage data is processed on Google's international infrastructure. IP addresses are anonymised before transmission.
  • Cloud backup storage: For MSP clients using cloud backup, encrypted data may be stored on servers located outside South Africa. All data is encrypted in transit and at rest before leaving South African networks.
All cross-border transfers are subject to contractual protections or occur with service providers that maintain equivalent data protection standards to POPIA. We do not transfer personal information to countries or organisations that do not provide adequate protection.
08
Data Retention Periods POPIA s.14

We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by law. The following retention schedule applies:

Information CategoryRetention PeriodReason
Financial records, invoices, tax documents7 yearsSARS requirement (Tax Administration Act)
Repair job records and device history3 yearsWarranty, disputes, CPA claims
Customer contact details (active customers)Duration of relationship + 3 yearsService history, legitimate interest
MSP contract recordsDuration of contract + 5 yearsContractual and legal obligations
Website analytics data26 monthsGoogle Analytics standard retention
Technical diagnostic logs30 days post-repairQuality assurance
CCTV footage (if applicable on premises)30 daysSecurity — overwritten automatically
Marketing consent recordsUntil consent is withdrawnPOPIA compliance evidence

Upon expiry of the applicable retention period, personal information is securely deleted or anonymised so that it can no longer be attributed to any identifiable individual.

09
Security Measures POPIA s.19

We implement reasonable and appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

Technical Measures
  • SSL/TLS encryption on all web transactions
  • Encrypted databases for customer records
  • Password-protected admin systems with session management
  • PCI-DSS Level 1 compliant payment processing (via PayFast)
  • Encrypted backup data for managed service clients
Organisational Measures
  • Access controls — only authorised staff access customer data
  • Confidentiality obligations for all employees and subcontractors
  • Secure physical storage for devices and paper records
  • Regular review of security practices
  • No card details retained on our systems
No security system is infallible. While we take all reasonable steps, we cannot guarantee that your information will never be compromised. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised access to your account or data.
10
Security Breach Notification POPIA s.22

In the event of a security compromise (data breach) that involves your personal information, we will comply with POPIA Section 22 as follows:

  • Contain the breach: We will take immediate steps to limit the damage and prevent further unauthorised access.
  • Notify the Information Regulator: We will report the breach to the Information Regulator of South Africa as soon as reasonably possible.
  • Notify affected data subjects: Where the breach creates a real risk of harm to you, we will notify you as soon as reasonably possible via email, SMS, or phone — depending on the contact information we hold.
  • Notify in writing: The notification will include the nature of the breach, the information compromised, the steps we are taking, and recommendations for your own protective steps.
Reporting a suspected breach: If you believe your personal information held by us may have been compromised, contact our Information Officer immediately at tech@chaungeni.co.za or 082 233 8003.
11
Your Rights as a Data Subject POPIA ss.23–25

POPIA gives you the following rights regarding your personal information held by us:

Right of Access (s.23)

Request confirmation of whether we hold your personal information and obtain a copy of it.

Right to Correction (s.24)

Request correction of inaccurate, incomplete, or outdated personal information.

Right to Deletion (s.24)

Request deletion of your information where processing is no longer lawful or necessary.

Right to Object (s.11)

Object to processing based on legitimate interest, including direct marketing.

Right to Withdraw Consent

Where processing is based on your consent, withdraw it at any time — this does not affect prior lawful processing.

Right to Complain (s.74)

Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated.

How to Exercise Your Rights

Submit a written request to our Information Officer at tech@chaungeni.co.za. We will respond within 30 days. We may request proof of identity before processing your request. Exercising your rights is free of charge unless requests are excessive or manifestly unfounded, in which case a reasonable administrative fee may apply.

12
Cookies & Website Tracking ECT Act
12.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help websites function properly and provide information about user behaviour to website owners.

12.2 Cookies We Use
Cookie TypePurposeDuration
Session cookiesMaintain your cart and session while browsingBrowser session
Google Analytics (_ga, _gid)Anonymised website usage statisticsUp to 2 years
Preference cookiesRemember your display preferences1 year
12.3 Managing Cookies

You can disable or delete cookies through your browser settings. Note that disabling functional cookies may affect the performance of our website (e.g. shopping cart functionality). For Google Analytics opt-out, visit Google's opt-out tool.

13
Direct Marketing POPIA s.69
13.1 Marketing to Existing Customers

We may send marketing communications (promotions, new products, service updates) to existing customers via email, WhatsApp, or SMS. This is done on the basis of legitimate interest. You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Replying STOP to any marketing SMS or WhatsApp message
  • Emailing tech@chaungeni.co.za with "Unsubscribe" in the subject line
13.2 Marketing to New Contacts

We will only send unsolicited marketing to new contacts if we have obtained your prior consent in accordance with POPIA Section 69 and the ECT Act. Cold marketing without consent is not a practice we engage in.

13.3 Opt-Out Rights

Your right to opt out of direct marketing is absolute under POPIA. Once you opt out, we will process your request within 5 business days and will not contact you for marketing purposes thereafter.

14
Repair Tracking Codes & Your Responsibility

When you submit a device for repair, you are issued a unique tracking code that allows you to check the status of your repair on our website. Please be aware of the following:

  • Your tracking code is linked to your personal and device information. Treat it as confidential.
  • Do not share your tracking code with unauthorised persons. Anyone with your tracking code can view your repair status and personal details.
  • Chaungeni Technologies is not liable for any unauthorised access to your repair information resulting from the sharing of your tracking code by you or by someone acting on your behalf.
  • If you believe your tracking code has been compromised, contact us immediately at tech@chaungeni.co.za so we can invalidate and reissue it.
15
Children's Privacy POPIA s.34–35

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. POPIA provides specific and heightened protection for the personal information of children, and we comply fully with those provisions.

If you are under 18, please do not submit personal information to us without the knowledge and consent of your parent or legal guardian. If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete that information.

If you believe we may have collected personal information from a child without appropriate consent, please contact our Information Officer immediately.

16
PAIA Manual — Promotion of Access to Information Act PAIA s.51

The Promotion of Access to Information Act 2 of 2000 (PAIA) requires private bodies to prepare a manual that provides a description of the records held and the process for requesting access to those records.

Our PAIA Section 51 Manual is available on request from our Information Officer and includes:

  • A description of the subjects on which we hold records and the categories of records held per subject
  • The procedure for requesting access to records
  • The fees payable for record access requests
  • The grounds on which access may be refused

To request our PAIA manual or to submit a record access request, contact our Information Officer at tech@chaungeni.co.za. Requests will be processed in accordance with the prescribed PAIA timelines.

17
Information Regulator of South Africa

If you are dissatisfied with how we have handled your personal information or a complaint you raised with us, you have the right to lodge a complaint with the Information Regulator of South Africa, established under POPIA Section 39.

Information Regulator Contact Details

www.justice.gov.za/inforeg/

inforeg@justice.gov.za

POPIAComplaints@inforegulator.org.za

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

When to Contact the Regulator
  • If we fail to respond to your access or correction request within 30 days
  • If we refuse your request and you wish to appeal
  • If you believe we have violated your POPIA rights
  • To report a data breach that we have failed to notify you about
18
Policy Changes & Version History

We may update this Privacy Policy periodically to reflect changes in our services, legal obligations, or data processing practices. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a notice on our website for at least 30 days
  • Where the change is significant, notify existing customers via email

Your continued use of our services after the effective date of a revised policy constitutes your acceptance of the changes.

VersionDateSummary of Changes
1.0September 2025Initial POPIA-compliant policy published
2.0March 2026Added Information Officer designation, lawful basis table, retention schedule, breach notification procedure, cross-border transfer clause, PAIA section, children's privacy, cookie details, marketing opt-out procedure, and regulator contact details
Contact Us — Privacy Enquiries & Data Requests
Information Officer

Thabang Chaungeni — Director & Information Officer

tech@chaungeni.co.za

082 233 8003

09 John Chard, Brandwag, Bloemfontein, 9301

Response Times
  • General enquiries: within 2 business days
  • Access/correction/deletion requests: within 30 days
  • Marketing opt-out: within 5 business days
  • Breach reports: immediately
Related Pages

Terms & Conditions

Last Updated: March 2026  ·  Version 2.0  ·  Chaungeni Technologies — Bloemfontein, Free State, South Africa  ·  Terms & Conditions