Privacy Notice

PrivCom (Proprietary) Limited (“PrivCom”) will maintain the confidentiality of your personal information and will comply with the provisions of applicable laws including South Africa’s Protection of Personal Information Act, 4 of 2013 (“POPIA)” when processing your personal information. In this notice, all applicable laws will together referred to as “the Laws”.


This notice applies to all PrivCom customers as well as all suppliers, service providers and partners (“Suppliers”) that are contracted by PrivCom and that process personal information on our behalf.

The purpose of this notice

The purpose of this Privacy Notice is to inform all PrivCom customers and Suppliers about the types of personal information that is collected and processed, why this information is processed, how it is processed, with whom and how it is shared, and what security controls have been implemented to protect it.

The types of personal information collected

  • Contact information for individuals employed by you including subcontractors, agents and/or representatives. Such contact information may include names, email addresses, designations or titles and telephone numbers;
  • Personal information relating to your organisation such as its name, company registration information (including its registration number and registered address), BBBEE status, directors’ personal information (such as their names, identity numbers, photographs and contact information as described above);
  • Information relating to the goods and services offered by Suppliers which may include a description of the products and services provided, quantities and quality of products or services offered including reviews by other customers of your products and services, methodologies, other commercial terms on which you or your organisation have engaged with PrivCom such as pricing and discounts. We may also process information relating to your partners, distributors and resellers;
  • Information relating to the internal functions of your organisation including company structure and reporting lines as well as your compliance posture;
  • Information may include the products and/or services provided by PrivCom to you, as a customer and the project terms and conditions including but not limited to project milestones, project specifications and custom requirements. As a service provider, we may also process personal and other information relating to your clients and users. It is, however, your responsibility to notify your clients and users that PrivCom is processing their personal information.
  • Financial, accounting and payment information for invoicing and tax purposes such as banking details, VAT registration number, terms of payment, accounting correspondence; and
  • Device information, including the unique device identifier, hardware model, operating system and version, network information such as network architecture diagrams and configuration settings, software (including software-as-a-service) used by your organisation, IT security information;
  • Electronic and other communications sent to PrivCom;
  • Written contracts concluded with you including Non-Disclosure Agreements, Services Agreements and Data Privacy Agreements;
  • Technical Information, such as your internet protocol (IP) address, administrator or user credentials and other technical information; 
  • Special Personal Information refers to information about religious or philosophical beliefs, ethnic origin, race, trade union membership, political beliefs, information about an individual’s health or sex life, biometric information and/ or information about criminal offences or convictions. In certain circumstances, PrivCom may process Special Personal Information e.g. when processing race for BBBEE reporting purposes.
  • Where the provision of personal information is voluntary, you will be notified accordingly. In most cases the provision of personal information is mandatory for the purposes outlined below. 

How does PrivCom collect your personal information

We collect personal information directly from customers or Suppliers. However, in certain instances, we or a third party appointed by us, may appoint third parties to collect and process personal information from other sources. In this event the source from which personal information was obtained, will, where possible, be disclosed.

Why are we authorised to process your personal information

The Laws provide for certain legal grounds that authorise us to process your personal information.  

The main reason we process your personal information is to conclude an agreement with you and to perform in terms thereof. Your personal information may be used to source the required goods or services, issue statements of work, execute proofs of execution, effect payments, perform accounting activities, manage performance in terms of the contract, review any services or products provided and/or do anything else required for performance in terms of the contract or otherwise related to our the relationship between us.

Over and above this, PrivCom may retain your personal information to meet our legal record-keeping obligations in terms of laws such as the Companies Act, 71 or 2008, for lawful purposes related to our functions or activities or as proof should we be party to any legal action relating to the goods and/or services provided. The personal information collected and held by us may be used, stored, transferred, or disclosed or shared for the following purposes and their processing is based on the following legal grounds:

Type of personal information: Contact information

Legal basis: Consent

Purpose: To invite customers to any PrivCom events, webinars or discussions; To keep customers and suppliers updated about new product and service offerings only if you have consented to receive such communications (even if you have consented, you are free to opt out of all marketing at any time);  To source products and/or services for ourselves and our customers; To obtain information regarding the supplier’s products and/or services for our own benefit and/or that of our customers.

Type of personal information: Contact information; operational data; communications with customers, and suppliers; written contracts with customers and suppliers.

Legal basis: For the purpose of conclusion of or performance in terms of a contract

Purpose: To deliver services to customers and to communicate with customers regarding any changes to those services; To transact with suppliers for the delivery of a product and/or service and to communicate with suppliers regarding any changes to those products and/or services that may be required; To confirm and verify your identity, authority, creditworthiness and/or other background or contextual information including but not limited to B-BBEE certification; To communicate with you and to keep a record of those communications; For payment of invoices and completing of transactions; For contract administration and management; Assessment of supplier performance and product or service delivery; Unless we are legally required or permitted to retain personal information for longer periods, this information will be retained for a period of 3 years following termination of the relationship with you in order that it may be available in the event of litigation relating to the goods or services provided.

Type of personal information: Records of financial or transactional activities

Legal basis: Obligation imposed by law

Purpose: To comply with legal requirements such as the retention requirements imposed by the Companies Act, 71 of 2008 and other such laws. To detect, prevent or manage alleged or actual fraud, bribery, corruption, security breaches or unauthorised use of systems or information. In this instance we may employ an agent or service provider to process your personal information for the purposes of investigating and/or preventing any fraud, corruption or unauthorised access to systems or files and/or other such information security breaches.

Type of personal information: Communications with customers, suppliers; Customer satisfaction surveys / supplier and service provider surveys.

Legal basis: To pursue our legitimate interests

Purpose: To manage customer relationships. To improve our goods and services and the experience of our customers. This may include requesting feedback from our customers with regards to service offerings.

Failing to provide PrivCom with the required personal information will result in us not being able to provide the required goods and/or services or otherwise to perform in terms of our agreement.

Sharing your personal information and cross-border transfers

PrivCom will only share your personal information with third parties where:

  • You have consented to such information being shared;
  • Sharing is required by law;
  • Sharing of the information is necessary for us to deliver a product or service which requires the involvement of one of our Suppliers; or
  • It is necessary to protect your legitimate interest or that of PrivCom or a third party. 

PrivCom will conclude agreements with all third-party subcontractors to ensure that they only act on our express written instructions regarding the processing of personal information and that they implement the necessary safeguards to keep that personal information confidential and secure. 

PrivCom and third-party contractors may process personal information outside South Africa. However, we have implemented appropriate organisational and technical safeguards to ensure that personal information will remain protected in accordance with this notice. PrivCom has implemented the required binding data privacy agreements with our third-party suppliers, consultants and contractors outside South Africa and to whom we transfer your personal information in order to ensure that they uphold the principles required by law for reasonable processing of information. Where information is transferred within PrivCom, the transfer is subject to our internal information security policies and procedures. 

Sharing by specific departments:

PrivCom suppliers: we may share our customers’ information to suppliers when providing a product or service on their behalf. Likewise, we may share our supplier’s personal information with our customers in similar circumstances.

Accounts: customer and supplier personal information is shared with our auditors for the purpose of compiling our financial statements. 


Legal: customer and supplier personal information may be shared with our legal representatives for the purposes of drafting and/or reviewing agreements and/or for legal advice and/or litigation purposes.


Project management: customer, supplier personal information may be shared with a third-party provider of project management services for purposes of managing the provision of goods and/or services to you.


Sales: where customers purchase products or services from our third-party Suppliers where we act as agents or where we purchase goods and/or services from a Supplier, the Supplier’s personal information may be shared with customers as part of that sales process in order to facilitate the transaction and deal registration.


Marketing: No personal information is shared with any third parties as part of our marketing efforts. However, we may, from time to time, use a third-party customer relationship management (CRM) platform to manage your contact information where you are a customer or have signed up to receive our marketing communications and where you have opted out of receiving them (to ensure that you don’t receive them going forward). We have concluded a data privacy addendum with all Suppliers to ensure that your data is protected.

Securing your personal information

PrivCom will take all reasonable measures, both technical and through its people and processes, to protect your personal information in our possession or control from loss, misuse and unauthorised access, disclosure, alteration, and destruction. 

Some of the technical measures implemented to protect your information include the following: 

  1. Personal information is mostly stored in Microsoft Office 365 – for further information on how Microsoft protects data within Office 365 see Microsoft’s independent audit reports in the Microsoft Service Trust Portal (https://servicetrust.microsoft.com/).  
  2. Access to all data is role-based and granted to PrivCom personnel on a least privilege basis – this means that access is only given to personnel that require such access to perform their duties. 
  3. All personnel are required to authenticate using Microsoft’s Multi-factor Authentication which means that they must log in with their usernames and passwords as well as another authentication factor such as a one-time-pin or a temporary code generated by the Microsoft Authenticator App. 
  4. PrivCom uses Microsoft Defender which incorporates Advanced Threat Protection for protection against malware, phishing and other malicious activity. Also included is a URL scanning capability to ensure that links clicked by employees are safe before the user is directed to the destination site. 
  5. Employee behaviour is governed by a variety of policies such as the PrivCom’s Information Security Policy and all employees are required to sign Confidentiality and Non-Disclosure Agreements as a condition of their employment. 
  6. PrivCom has adopted a classification taxonomy to classify and protect high risk and sensitive information. 

Please note that the transmission of personal information to PrivCom via transmission media over which PrivCom has no control including (but not limited to) public networks may not be completely secure and is done at your own risk.  

If we no longer have a legal basis for processing your personal information or you have not consented to processing, you may request that we delete information held by us. On receipt of such a request we will either delete the personal information or remove any information linking it to you (de-identification). 

Your rights and requests

The law has granted individuals and organisations certain rights regarding their personal information: 

Right of access

PrivCom aims to be transparent to data subjects about the personal information we have and how we use it. You have the right, subject to certain exceptions, to be notified that your information is being collected, and how it will be processed. You can  submit a request via email at privacy@privcom.co.za  if you’d like to access your personal information. You may, after providing PrivCom with adequate proof of identity, request that PrivCom confirm, free of charge, whether your personal information is being processed by us. Should you require us to share a copy of the information with you, PrivCom will provide you with a written quote detailing the access fee and reproduction costs associated with the information access request. Note that we may require a deposit prior to providing this information but this will be outlined in the quote provided.

Right to notification

Except in certain circumstances, you have the right to be notified that your personal information is being collected. You also have the right to be notified of any actual security breaches involving your information unless we are unable to identify you as the owner of that information.

Right to object

At any time during the collection and processing of your personal information, you have the right to object, on reasonable grounds, to the processing of your personal information, should we be processing it on the grounds of our own or your legitimate interest or with your consent. You also have the right to object to the processing of your personal information for direct electronic marketing, including unsolicited electronic correspondence. This request must be made in writing by emailing us privacy@privcom.co.za .

Right to rectification and/or deletion

Whilst PrivCom will make all efforts to ensure the integrity and accuracy of your personal information, this may not be possible at all times. Accordingly, kindly inform PrivCom of any changes to your personal information. You have the right to request that any of your personal information that is inaccurate, incomplete or outdated be amended at any time. Alternatively, where this information is processed on the basis of your consent, you can request that we delete this or any of your personal information. You may also request that we delete your personal information where the purpose for which it was processed no longer exists. However, PrivCom reserves the right to decline such a request for deletion where there is a legal or regulatory requirement to retain it.  

Any and all requests made in terms of these sections must be submitted in writing by emailing us at privacy@privcom.co.za.

Right to complain to the Regulator

Should you feel that our use of your personal information is in contravention of your right to privacy or that the processing of your personal information is not consistent with the purpose(s) for which it was collected or subsequently processed, you have the right to lodge a complaint with the Information Regulator (South Africa).

  

The Information Regulator or Supervisory Authority can be contacted at: 

Contact Number: 010-023-5200


Should you feel that your personal information has been violated, you may lodge a complaint with the Information Regulator via email at POPIAComplaints@inforegulator.org.za.


Should your PAIA request be denied or if there is no response from us to your request for access to your records you may odge a complaint with the Information Regulator via email at PAIAComplaints@inforegulator.org.za.


For further information, please refer to the Information Regulator’s website at https://www.justice.gov.za/inforeg/index.html.

Right to institute civil proceedings

in addition to the right to complain to the Information Regulator (POPIA), you have the right to institute civil proceedings for loss or damages sustained as a result of our non-compliance with the Laws. 

Right not to be subject to automated decision making

You have the right not to be subject to a decision based solely on the automated processing of your personal information to create a profile of you where that decision produces legal effects concerning you or significantly affects you. PrivCom does not make any decisions based purely on automated processing of your personal information. Should such decision making be incorporated into our processes, you will be notified accordingly.

Should you have any questions about our privacy policy or the processing of your personal information, please contact the Information Officer at privacy@privcom.co.za. 

PrivCom contact information

Should you have any questions about this policy, believe PrivCom has not adhered to it, need further information about our privacy safeguards, need to give or withdraw consent or otherwise exercise your rights detailed above, please contact our Information Officer, Kelly Chalom at:


Privcom (Pty) Ltd 

Tel: + 27 (82) 882-8225

Email: privacy@privcom.co.za

Updating this privacy notice

PrivCom may update this notice periodically.  You are urged to check the privacy notice on our website at www.privcom.co.za for the latest notice. 

Updated: June 2022