Privacy Policy
Protecting your personal information in compliance with South African POPIA legislation
Table of Contents
- 1. Introduction
- 2. Definitions
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Legal Basis for Processing
- 6. Information Sharing and Disclosure
- 7. Data Security and Protection
- 8. Data Retention
- 9. Your Rights Under POPIA
- 10. Cookies and Tracking Technologies
- 11. Third-Party Services
- 12. International Data Transfers
- 13. Children's Privacy
- 14. Changes to This Policy
- 15. Contact Information
1. Introduction
QuietRise (Pty) Ltd ("QuietRise", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose your personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA") and other applicable South African data protection laws.
This Privacy Policy applies to all personal information processed by QuietRise through our website (quietrise.co.za), services, and business operations including website design and development, web hosting, e-commerce solutions, SEO and digital marketing, and website maintenance services.
Our Commitment to Privacy
As a responsible party under POPIA, we are committed to:
- Processing your personal information lawfully, fairly, and transparently
- Collecting information only for specific, explicitly defined, and legitimate purposes
- Ensuring the accuracy and quality of personal information
- Implementing appropriate security safeguards
- Respecting your rights as a data subject
2. Definitions
For the purposes of this Privacy Policy, the following definitions apply:
Personal Information
Information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, as defined in POPIA.
Responsible Party
QuietRise (Pty) Ltd, as the entity that determines the purpose and means of processing personal information.
Data Subject
The person to whom personal information relates, including our website visitors, clients, and business contacts.
Processing
Any operation or activity concerning personal information, including collection, receipt, recording, organization, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure, or destruction.
3. Information We Collect
We collect personal information in various ways to provide you with our web development and digital services. The types of information we collect include:
3.1 Information You Provide Directly
- Contact Information: Name, email address, phone number, company name, job title
- Business Information: Industry, business requirements, project specifications
- Communication Records: Messages, correspondence, support requests, feedback
- Service-Related Information: Project briefs, design preferences, content materials, login credentials for client portals
- Financial Information: Billing address, payment method details (processed through secure payment gateways)
3.2 Information Collected Automatically
- Technical Information: IP address, browser type and version, operating system, device information
- Usage Information: Pages visited, time spent on site, click patterns, referral sources
- Location Information: General geographic location based on IP address
- Cookies and Tracking Data: See our Cookie Policy for detailed information
3.3 IP Address Collection on Forms and Contact Submissions
Important: We collect your IP address when you submit any form on our website (such as contact forms, inquiry forms, or service requests). This collection occurs regardless of your cookie preferences and even if you have declined analytics or marketing cookies.
- IP Address Collection: Captured automatically on all form submissions
- Purpose: Fraud detection and prevention, abuse monitoring, security protection, rate limiting, and preventing spam submissions
- Legal Basis: Legitimate Interest under POPIA
- Retention Period: 30-90 days, after which it is automatically deleted
- Storage: Securely stored in our database with restricted access
- Not Optional: This collection cannot be disabled through cookie preferences, as it serves essential security functions
Why This Matters: Collecting IP addresses helps us protect our website and services from malicious activity, spam, and abuse. This is a legitimate security measure and is separate from cookie-based tracking or analytics.
3.4 Information from Third Parties
- Referral Information: Information from business partners, referrals, or networking contacts
- Public Information: Publicly available business information for B2B communications
- Service Provider Information: Analytics data from Google Analytics, hosting providers, email marketing platforms
4. How We Use Your Information
We process your personal information for the following purposes, in accordance with POPIA's conditions for lawful processing:
4.1 Service Delivery and Contract Performance
- Providing website design, development, and hosting services
- Managing client projects and delivering custom solutions
- Providing technical support and maintenance services
- Processing payments and managing billing
- Communicating about your projects and services
4.2 Business Operations and Administration
- Responding to inquiries and providing customer service
- Managing our business relationship with you
- Maintaining records for legal and regulatory compliance
- Conducting quality assurance and training
- Protecting our business interests and assets
4.3 Marketing and Communication (with consent)
- Sending newsletters, updates, and promotional materials
- Providing information about new services and offerings
- Inviting you to events, webinars, or workshops
- Conducting market research and surveys
4.4 Website Improvement and Analytics
- Analyzing website usage to improve user experience
- Conducting A/B testing and optimization
- Monitoring website performance and security
- Understanding user preferences and behavior
5. Legal Basis for Processing
Under POPIA, we process your personal information based on the following lawful conditions:
5.1 Consent
We obtain your explicit consent for marketing communications, newsletter subscriptions, and optional data collection activities. You may withdraw your consent at any time.
5.2 Contract Performance
Processing is necessary for the performance of a contract to which you are party, including service agreements, hosting contracts, and project deliverables.
5.3 Legitimate Interests
We may process information for legitimate business interests, including:
- Providing customer support and technical assistance
- Protecting our business and clients from fraud and security threats
- Improving our services and website functionality
- Maintaining business records and compliance
5.4 Legal Compliance
Processing is necessary for compliance with legal obligations under South African law, including tax legislation, company law, and regulatory requirements.
6. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:
7. Data Security and Protection
We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:
Technical Safeguards
- SSL/TLS encryption for data transmission
- Secure hosting infrastructure with regular updates
- Firewall protection and intrusion detection systems
- Regular security audits and vulnerability assessments
- Secure backup systems with encryption
Administrative Safeguards
- Access controls and role-based permissions
- Employee training on data protection and security
- Confidentiality agreements for all staff and contractors
- Incident response procedures and breach notification protocols
- Regular review and update of security policies
Physical Safeguards
- Secure office premises with controlled access
- Protection of computer equipment and storage devices
- Secure disposal of hardware containing personal information
- Environmental controls and monitoring
Data Breach Response
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Regulator within 72 hours (where required)
- Inform affected data subjects without undue delay
- Take immediate steps to contain and mitigate the breach
- Conduct a thorough investigation and implement preventive measures
- Provide support and assistance to affected individuals
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests:
Client Information
Retention Period: Duration of business relationship plus 5 years
Purpose: Contract performance, customer service, and legal compliance
Financial Records
Retention Period: 5 years from end of financial year
Purpose: Compliance with tax and financial regulations
Marketing Communications
Retention Period: Until consent is withdrawn or 3 years of inactivity
Purpose: Marketing and communication with consent
Website Analytics
Retention Period: 26 months (Google Analytics default)
Purpose: Website improvement and performance analysis
Security Logs
Retention Period: 12 months
Purpose: Security monitoring and incident investigation
At the end of the retention period, we will securely delete or anonymize your personal information unless longer retention is required by law or necessary for legitimate business purposes.
9. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights regarding your personal information:
Right of Access
Request confirmation of whether we process your personal information and access to such information.
Right to Correction
Request correction or deletion of inaccurate, irrelevant, excessive, or outdated personal information.
Right to Object
Object to the processing of your personal information, including for direct marketing purposes.
Right to Erasure
Request deletion of your personal information when processing is no longer necessary for the original purpose.
Right to Restrict Processing
Request restriction of processing under certain circumstances, such as while disputing accuracy.
Right to Data Portability
Request personal information in a structured, commonly used, and machine-readable format.
How to Exercise Your Rights
To exercise any of these rights, please contact our Information Officer using the details provided in Section 15. We will:
- Acknowledge receipt of your request within 1 business day
- Verify your identity to protect your personal information
- Respond to your request within 30 days (or explain any delays)
- Provide the requested information or take the requested action
- Inform you of any fees associated with the request (if applicable)
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator South Africa
Email: enquiries@inforegulator.org.za
Website: www.inforegulator.org.za
11. Third-Party Services
Our website and services integrate with various third-party platforms to provide enhanced functionality. These integrations may involve the sharing of personal information:
Google Services
Services Used: Google Analytics, Google Ads, Google Workspace
Purpose: Website analytics, advertising, email communication
Privacy Policy: Google Privacy Policy
Payment Processors
Services Used: PayFast, Stripe, PayPal
Purpose: Secure payment processing
Note: Payment information is processed directly by these providers and not stored on our servers
Hosting and Security
Services Used: AWS, Cloudflare, cPanel hosting providers
Purpose: Website hosting, content delivery, security protection
Location: Data centers in South Africa and international locations
Communication Platforms
Services Used: MailChimp, Constant Contact
Purpose: Email marketing and newsletters (with consent)
Opt-out: Unsubscribe links included in all marketing communications
We carefully select third-party service providers and ensure they have appropriate data protection measures in place. However, we are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies.
12. International Data Transfers
Some of our service providers and business partners are located outside South Africa. When we transfer personal information internationally, we ensure appropriate safeguards are in place:
Transfer Safeguards
- Adequacy Decisions: Transfers to countries recognized by the Information Regulator as providing adequate protection
- Standard Contractual Clauses: Binding agreements that ensure appropriate data protection standards
- Certification Schemes: Service providers certified under recognized international data protection frameworks
- Binding Corporate Rules: Internal policies of multinational organizations approved by data protection authorities
Common Transfer Destinations
- United States: Google services, payment processors (Privacy Shield successors and SCCs)
- European Union: Hosting providers, analytics services (GDPR compliance and adequacy)
- United Kingdom: Cloud services and communication platforms (adequacy decision)
We continuously monitor international data protection developments and update our transfer mechanisms as needed to maintain compliance with South African law.
13. Children's Privacy
Our services are intended for businesses and individuals over the age of 18. We do not knowingly collect personal information from children under 18 years of age.
Protection Measures
- Age verification processes for account creation
- Clear terms prohibiting use by minors without parental consent
- Prompt deletion of any inadvertently collected children's information
- Additional safeguards for services that may be used by educational institutions
If you believe we have inadvertently collected information from a child under 18, please contact us immediately at hello@quietrise.co.za so we can take appropriate action.
Parental Rights
Where we process children's personal information with parental consent (such as for educational website projects), parents have the right to:
- Review their child's personal information
- Request correction or deletion of information
- Refuse further collection or use of information
- Withdraw consent at any time
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or other factors. We will notify you of significant changes through appropriate channels:
Notification Methods
- Website Notice: Prominent notification on our homepage
- Email Notification: Direct communication to registered users
- Service Notifications: In-app or account dashboard alerts
- Last Updated Date: Always displayed at the top of this policy
Types of Changes
Material Changes: Significant modifications to data use, sharing practices, or your rights will require 30 days advance notice and may require renewed consent.
Minor Changes: Administrative updates, clarifications, or contact information changes will be updated immediately with notice.
Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy. If you do not agree to the changes, please contact us to discuss your options, including account closure if applicable.
15. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Information Officer
General Inquiries
Our Response Commitment
- Initial Response: Within 1 business day
- Full Response: Within 30 days for POPIA requests
- Complex Requests: We may extend timeframes with explanation
- Emergency Issues: Immediate attention for security or breach concerns