Effective date: 01/08/2025  |  Last updated: 31/08/2025

POPIA (South Africa) · PAIA (Access Requests) · GDPR (if applicable) · CPA (Direct Marketing)

1) Who we are

Seventynine Digital (Pty) Ltd (“Seventynine Digital”, “we”, “us”, “our”) is an ICT solutions provider. We act as a Responsible Party under POPIA (and as a Controller under GDPR where applicable) for personal information we determine the purposes and means of processing for.

Registration: 2015/307493/07 | Registered address: 49 New Road, Grand Central Office Park, Midrand, 1685

2) Scope

This policy applies to personal information processed through our websites, platforms, and professional services (development, hosting, support, consulting). Client-specific processing under a services agreement may be governed by a separate data processing addendum (DPA).

If you are a client’s end-user, we may process your data as an Operator/Processor. In that case, your rights are primarily with our client (the Responsible Party/Controller).

3) Information we collect

  • Identity & contact: name, email, phone, company, job title, billing details.
  • Usage & technical: IP address, device/browser info, pages viewed, interactions, error logs.
  • Service data: account credentials you provide, content, configuration, support tickets, audit trails.
  • Communications: emails, chats, meeting notes, proposals, contracts, call recordings (where notified).
  • Marketing preferences: consent choices, unsubscribe status, engagement metrics.

4) How we use information POPIA s11 / GDPR Art. 6

  • Service delivery & support (contractual necessity): provision of services, fulfilment of statements of work, and support.
  • Security, fraud prevention & compliance (legal obligation & legitimate interests/GDPR; POPIA processing limitation).
  • Improvements & analytics (legitimate interests/GDPR; POPIA purpose specification).
  • Billing & administration (contract/legal obligation).
  • Direct marketing (consent or existing customer relationship; opt out any time).
  • With consent (POPIA/GDPR): e.g., certain cookies or optional beta programmes.

5) Sharing & disclosure

We do not sell personal information. We may share information with:

  • Operators/Processors & sub-processors: hosting, messaging, analytics, support tools—under written agreements and confidentiality.
  • Professional advisors & authorities: auditors, legal counsel, regulators or law enforcement where required by law.
  • Business transfers: in a merger, acquisition, or restructuring, with safeguards and notice where appropriate.

6) Security safeguards POPIA s19–22

  • Access controls, least-privilege, MFA for sensitive systems.
  • Encryption in transit/at rest where appropriate; monitoring and segmentation.
  • Secure SDLC, vulnerability management, and third-party risk reviews.
  • Backups, disaster recovery, and incident response procedures.

Breach notification: If a security compromise is likely to result in real risk of harm, we will notify affected data subjects and the Information Regulator as required by POPIA and applicable South African law.

7) Retention

We retain personal information only for as long as necessary to meet the purposes above, comply with legal, tax or accounting requirements, and resolve disputes. When no longer needed, data is securely deleted or anonymised in line with our retention schedules.

8) Your rights (POPIA/GDPR)

  • Access the personal information we hold about you (POPIA/PAIA).
  • Correct or update inaccurate or incomplete data.
  • Delete data where no longer required or processed unlawfully.
  • Object to processing, including direct marketing; or withdraw consent where processing relies on consent.
  • Restrict or, where GDPR applies, request portability of certain data.

To exercise your rights or to request our PAIA manual, contact our Information Officer (details below). We may require identity verification and may charge a prescribed fee for PAIA access requests.

9) International transfers POPIA s72

  • Binding agreements ensuring substantially similar protection to POPIA.
  • Standard Contractual Clauses or equivalent safeguards where foreign laws apply (e.g., GDPR), when relevant.
  • Explicit consent or necessity for contract performance at your request.

10) Cookies & analytics

We use essential cookies to operate our site and (with your consent, where required) analytics cookies to understand usage and improve our services. Manage non-essential cookies via the banner or your browser settings. See the Cookie Notice for details.

11) Children

Our services are not directed to children. We do not knowingly collect personal information from persons under 18 without appropriate authorisation. If you believe a child has provided us with personal information, please contact us so we can delete it.

12) Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page with a revised “Last updated” date.

13) Contact & complaints

Information Officer: Jo Nape
Email: info@seventyninedigital.co.za
Telephone: +27 (0)87 510 1414
Address: 49 New Road, Grand Central Office Park, Midrand, 1685

If unresolved, you may lodge a complaint with the Information Regulator (South Africa).