Privacy Policy

1. Introduction & Responsible Party

Afrilink Telecoms (Pty) Ltd (Registration No. 2018/238217/07) ("Afrilink Telecoms," "we," "us," or "our") is the responsible party as defined under the Protection of Personal Information Act 4 of 2013 ("POPIA").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you:

• Visit our website at afrilinktelecon.co.za
• Use our web hosting, domain registration, or fiber internet services
• Contact us via phone, email, or other communication channels
• Access our client portal or billing system

We are committed to protecting your personal information and processing it lawfully, fairly, and transparently in accordance with POPIA and other applicable South African legislation.

2. Information Officer

In compliance with Section 55 of POPIA, we have appointed an Information Officer responsible for:

• Ensuring compliance with POPIA and related legislation
• Handling requests from data subjects regarding their personal information
• Working with the Information Regulator on investigations
• Promoting awareness of data protection within the organization

3. Information We Collect

3.1 Personal Information You Provide

When you register for our services or contact us, we may collect:

• Identity Information: Full name, ID number or passport number (for FICA compliance where applicable)
• Contact Information: Email address, phone number, physical address
• Business Information: Company name, registration number, VAT number
• Financial Information: Bank account details, credit card information (processed securely via payment gateways)
• Domain Information: Domain registrant details as required by registries (ZACR for .co.za domains)
• Support Communications: Correspondence, support tickets, and call recordings (if applicable)

3.2 Information Collected Automatically

When you use our services, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Server Logs: Access logs, error logs, bandwidth usage, resource utilization
• Location Data: General geographic location based on IP address

3.3 Special Personal Information

We do not intentionally collect special personal information (such as religious beliefs, health information, political affiliation, or biometric data) unless required by law or with your explicit consent.

4. Lawful Basis for Processing

Under POPIA, we process your personal information based on one or more of the following lawful grounds:

5. How We Use Your Information

We use your personal information for the following purposes:

5.1 Service Delivery

• Provision and management of web hosting services
• Domain registration and DNS management
• Fiber internet installation and connectivity services
• Email hosting and communication services
• Technical support and customer service

5.2 Billing and Administration

• Processing payments and managing invoices
• Account management and authentication
• Sending transactional communications (invoices, service updates)
• Fraud prevention and security monitoring

5.3 Communication

• Responding to inquiries and support requests
• Sending service announcements and maintenance notifications
• Marketing communications (with your consent)

5.4 Legal and Security

• Compliance with legal obligations and regulatory requirements
• Protection against abuse, fraud, and security threats
• Enforcement of our Terms and Conditions and Acceptable Use Policy

6. Information Sharing & Third Parties

We may share your personal information with the following categories of recipients:

6.1 Service Providers (Operators)

We engage third-party service providers who process personal information on our behalf:

• Hosting Infrastructure: Data center providers for server hosting
• Payment Processors: PayFast, credit card processors for payment handling
• Domain Registries: ZACR and international registries for domain registration
• Communication Tools: Email service providers for transactional emails
• Analytics: Website analytics providers (anonymized data)

All service providers are contractually bound to protect your information and process it only as instructed by us.

6.2 Legal Requirements

We may disclose your information when required by law, including:

• Court orders or legal process
• Requests from law enforcement agencies
• Regulatory investigations
• Protection of our legal rights

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change.

7. Data Security Measures

We implement comprehensive security measures to protect your personal information:

7.1 Technical Safeguards

• Encryption: SSL/TLS encryption for data in transit; AES-256 encryption for data at rest
• Firewalls: Enterprise-grade firewalls and intrusion detection systems
• Access Controls: Role-based access control and multi-factor authentication
• Monitoring: 24/7 security monitoring and logging
• Backups: Regular encrypted backups with secure offsite storage

7.2 Organizational Measures

• Staff training on data protection and security
• Confidentiality agreements with all personnel
• Regular security assessments and audits
• Incident response procedures
• Vendor security assessments

7.3 Physical Security

• Secure data centers with access controls
• Environmental controls and redundancy
• 24/7 physical security monitoring

8. Data Retention Periods

We retain personal information only for as long as necessary for the purposes outlined in this policy or as required by law. Specific retention periods include:

Upon expiration of retention periods, personal information is securely deleted or anonymized.

9. Your Rights Under POPIA

As a data subject, you have the following rights under POPIA (Sections 23-25):

To exercise your rights: Contact our Information Officer at privacy@afrilinktelecon.co.za. We will respond within 30 days. We may request verification of your identity before processing your request.

10. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

10.1 Cookie Categories

• Essential Cookies: Required for website functionality (no consent needed)
• Analytics Cookies: Help us understand how visitors use our site (consent required)
• Marketing Cookies: Used for targeted advertising (consent required)
• Preference Cookies: Remember your settings and preferences (consent required)

10.2 Your Cookie Choices

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality.

11. International Data Transfers

Your personal information is primarily stored and processed in South Africa. However, some of our service providers may process data in other countries. When transferring data internationally, we ensure:

• The recipient country has adequate data protection laws, OR
• Appropriate safeguards are in place (binding corporate rules, standard contractual clauses), OR
• You have provided explicit consent for the transfer, OR
• The transfer is necessary for performance of our contract with you

In all cases, we ensure that your personal information receives a level of protection consistent with POPIA.

12. Data Breach Notification

In accordance with Section 22 of POPIA, if we become aware of a security breach that may result in risk to you, we will:

• Notify the Information Regulator as soon as reasonably possible
• Notify affected data subjects as soon as reasonably possible
• Provide details of the breach and steps being taken to address it
• Provide recommendations for protecting yourself from potential harm

Notification may be delayed if law enforcement or the Information Regulator determines that notification would impede a criminal investigation.

13. Children's Privacy

Our services are not directed at children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@afrilinktelecon.co.za.

14. Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will update this policy and provide you with information about the logic involved and the significance of such processing.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• The "Last Updated" date at the top will be revised
• Significant changes will be communicated via email or website notice
• Continued use of our services after changes constitutes acceptance

We encourage you to review this policy periodically to stay informed about how we protect your information.

16. Complaints & Information Regulator

If you are not satisfied with how we have handled your personal information or a request, you may:

1. Contact our Information Officer to resolve the issue
2. Lodge a complaint with the Information Regulator