1. Who We Are (Responsible Party)
Under POPIA, the organisation responsible for how your personal information is processed is called the Responsible Party. That is:
Responsible Party
2. Information Officer
POPIA and PAIA require every organisation to designate an Information Officer who is responsible for handling data access requests, complaints, and compliance. Our Information Officer is registered with the Information Regulator of South Africa.
Information Officer Details
All data access requests, objections, deletion requests, and complaints should be directed to the Information Officer at the contact details above.
3. What Data We Collect
We only collect personal information that is necessary for our legitimate business purposes. The table below summarises what we collect:
| Category | Data Collected | How Collected |
|---|---|---|
| Contact Information | Name, email address, phone number (WhatsApp) | Contact form, WhatsApp, email, phone calls |
| Business Information | Business name, industry, project requirements, budget range | Quote requests, consultation calls, contact forms |
| Technical Data | IP address, browser type, device type, pages visited, session duration | Website analytics (only if cookies accepted) |
| Communication Records | Content of emails, WhatsApp messages, and form submissions | Direct communication with us |
| Project Data | Credentials, access keys, or content shared for project delivery | Shared directly by clients during active projects |
4. Why We Collect It (Purpose)
We process personal information only for the purposes listed below. Under POPIA, this is called the purpose specification requirement:
Primary Purposes
- Service delivery: To build, deliver, and support websites, applications, and digital systems for clients.
- Communication: To respond to enquiries, quotes, and project-related communications.
- Invoicing and contracts: To issue invoices, service agreements, and maintain business records as required by law.
- Project management: To manage active projects, revisions, and maintenance agreements.
Secondary Purposes (with consent)
- Website analytics: To understand how visitors use our website and improve the user experience (only with your cookie consent).
- Marketing communications: To send updates about our services — only if you have explicitly opted in.
We will not use your personal information for any purpose other than those listed above without first obtaining your consent or unless required by law.
5. How We Store and Protect Your Data
We take reasonable technical and organisational measures to protect your personal information from unauthorised access, loss, alteration, or destruction:
- Email and communication: Stored in secured email accounts with two-factor authentication enabled.
- Project credentials and files: Stored securely for the duration of the project and deleted once the project is complete, unless retention is required for support.
- Website data: This website is hosted on Netlify/Vercel. Analytics data is handled under the terms of those platforms' own privacy policies.
- Retention: We retain personal information only as long as necessary for the purpose it was collected, or as required by South African law. Client business records are typically retained for a period of 5 years for tax and legal compliance purposes.
In the event of a data breach that is likely to affect your rights, we will notify you and the Information Regulator as required by POPIA.
6. Who We Share Your Data With
We do not sell your personal information. We share data only where necessary:
- Service providers and operators: Third-party platforms used to deliver our services (e.g. Netlify, Vercel, Google Workspace, GitHub). These are used as operators under our instruction and are bound by their own data protection policies.
- Legal requirements: If required by South African law, a court order, or a lawful request from a competent authority.
- Business transfers: In the event of a merger, acquisition, or sale of the business, your data may be transferred as part of that transaction, with prior notice to you.
No personal information is transferred outside of South Africa without appropriate safeguards as required by POPIA Section 72.
7. Your Rights Under POPIA
POPIA grants you the following rights regarding your personal information:
- Right of access (Section 23): You may request confirmation of whether we hold your personal information and request a copy of it.
- Right to correction (Section 24): You may request that we correct, update, or delete information that is inaccurate, irrelevant, excessive, out of date, incomplete, or misleading.
- Right to deletion: You may request that we destroy or delete your personal information, subject to our legal obligations.
- Right to object (Section 11(3)): You may object to the processing of your personal information on reasonable grounds.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.
- Right to complain: You have the right to lodge a complaint with the Information Regulator if you believe your rights have been violated.
8. How to Request Deletion or Access
To exercise any of your POPIA rights — including requesting access to, correction of, or deletion of your personal information — please contact our Information Officer:
Email: buildsbybuchanan@gmail.com
WhatsApp: +27 79 268 6620
Please include: your full name, the type of request (access / correction / deletion / objection), and a description of the personal information concerned.
Process and Timelines
- We will acknowledge your request within 3 business days.
- We will respond substantively within 30 days of receiving a complete request, as required by POPIA.
- If we need additional information to verify your identity or clarify the request, we will contact you within the 30-day window.
- In exceptional cases we may extend this by an additional 30 days, with written notice to you.
- There is no charge for standard requests. We reserve the right to charge a reasonable fee for manifestly unfounded or excessive requests.
Verification
To protect your information from unauthorised disclosure, we may require you to verify your identity before we process your request. This may include confirming your email address or providing additional identifying details.
9. Cookies and Tracking
Our website uses cookies. Under POPIA, we are required to obtain your consent before placing non-essential cookies on your device.
- Essential cookies: Required for the website to function (e.g. security, session management). No consent required.
- Analytics cookies: Used to understand how visitors use the website. These are only placed with your explicit consent via our cookie consent banner.
- Marketing cookies: If we use any marketing or retargeting tools (e.g. Meta Pixel, Google Ads), these are only placed with your consent.
You can manage your cookie preferences at any time by clicking .
10. Complaints and the Information Regulator
If you are not satisfied with how we have handled your personal information or a data request, you have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator (South Africa)
We encourage you to contact our Information Officer first so we can attempt to resolve your concern before escalating to the Regulator.
Related Documents
- Privacy Policy — General data practices and user rights
- PAIA Manual — Promotion of Access to Information Act manual
- Terms & Conditions — Service terms