Privacy Policy

Last Updated: September 14, 2025 | Version 1.0

Your Digital Privacy Matters
S99 (Pty) Ltd ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our digital transformation services, or engage with our business.

We comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable data protection laws in South Africa. This policy outlines our practices concerning personal information and your rights regarding such information in our digital transformation ecosystem.

Table of Contents

1. Information We Collect

We may collect the following types of information as part of our digital transformation services:

1.1 Personal Information

Personal information is information that identifies you as an individual. We collect personal information as defined in POPIA, including but not limited to:

  • Identity information (name, ID number, company registration details)
  • Contact information (email address, telephone number, physical address)
  • Financial information (payment details, bank account information for transactions)
  • Project information (business requirements, technical specifications, transformation goals)
  • Employment information (for B2B relationships and IoT implementation projects)
  • Communications and correspondence with us regarding digital solutions

1.2 Technical Information

We also collect technical information that may not directly identify you, including:

  • Browser type and version
  • Device information (operating system, hardware model)
  • IP address and network information
  • Usage data (pages visited, time spent on our digital platforms)
  • IoT device data and edge computing metrics (where applicable)
  • System performance and analytics data

2. Collection Methods

We collect information through various methods, including:

  • Direct interactions (when you provide information through our website, email, phone, or in person)
  • Digital forms and applications (contact forms, project consultation requests, service applications)
  • Automated technologies (cookies, server logs, and similar digital tracking technologies)
  • IoT devices and edge computing systems (where you engage our services)
  • Third parties (such as technology partners, referral sources, or publicly available sources, where permitted by law)
  • System integration and automation platforms (as part of our digital transformation services)

3. Purpose of Collection

In accordance with POPIA, we only collect and process personal information for specific, explicitly defined, and legitimate purposes, including:

  • To provide our digital transformation, IoT, and edge computing services
  • To process and fulfil service requests and project implementations
  • To communicate with you about your projects, inquiries, or account
  • To provide technical support and respond to your queries
  • To maintain and improve our digital platforms and services
  • To send you information about our digital solutions, services, and innovations (with your consent)
  • To conduct market research and analysis for service improvement
  • To comply with legal obligations and regulatory requirements
  • To detect and prevent fraud, security breaches, and unauthorized access to systems
  • To establish, exercise, or defend legal claims
  • To optimize IoT implementations and edge computing performance
  • For other purposes with your explicit consent

4. Legal Basis for Processing

We process your personal information in accordance with POPIA on the following legal grounds:

Consent

Where you have given us consent to process your information for specific digital transformation purposes.

Contract Performance

Where processing is necessary for the performance of a service contract with you or to take steps at your request before entering into a digital transformation agreement.

Legal Obligation

Where processing is necessary for compliance with our legal obligations under South African law.

Legitimate Interests

Where processing is necessary for our legitimate business interests or those of a third party, provided your fundamental rights and freedoms do not override those interests.

Public Interest

Where processing is necessary for the performance of a task carried out in the public interest.

Protection of Interests

Where processing is necessary to protect your vital interests or those of another person.

5. Information Sharing and Disclosure

We may share your personal information with the following categories of recipients:

5.1 Service Providers

We may disclose your information to third-party service providers who perform services on our behalf, such as:

  • Payment processors and financial service providers
  • Cloud hosting and data storage providers
  • IT and system administration providers
  • IoT platform and edge computing service providers
  • Digital communication and marketing service providers
  • Professional advisers (lawyers, bankers, auditors, insurers, consultants)

These service providers are contractually bound to protect your information and only use it for the specific purposes for which we disclose it to them.

5.2 Technology Partners

We may share your information with our technology partners, such as IoT device manufacturers, software developers, or system integrators, when necessary to fulfil your service requirements or provide our digital transformation solutions.

5.3 Legal Requirements

We may disclose your information when required by law, subpoena, court order, or other legal process, or to establish, protect, or exercise our legal rights or defend against legal claims.

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.5 With Your Consent

We may share your information with any other third parties where you have provided your explicit consent for such disclosure.

6. Cross-Border Data Transfers

International Data Transfers
In accordance with Section 72 of POPIA, we may transfer your personal information to recipients outside South Africa for digital transformation services, cloud computing, or IoT implementations. When we do so, we will ensure that:

  • The recipient is subject to laws, binding corporate rules, or binding agreements that provide an adequate level of protection similar to POPIA;
  • You consent to the transfer;
  • The transfer is necessary for the performance of a contract between you and us;
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest; or
  • The transfer is for your benefit and it is not reasonably practicable to obtain your consent, but if it were, you would likely provide such consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, disclosure, or destruction, as required by Section 19 of POPIA. These measures include:

  • Advanced access controls and multi-factor authentication procedures
  • End-to-end encryption of sensitive data
  • Secure cloud infrastructure and edge computing security protocols
  • Regular security assessments, penetration testing, and vulnerability management
  • Comprehensive staff training on data protection and cybersecurity
  • Physical security measures at our premises and data centers
  • IoT device security and secure communication protocols
  • Real-time monitoring and incident response procedures
Security Disclaimer
While we implement industry-leading security measures and follow best practices in digital security, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information, but we are committed to maintaining the highest standards of data protection.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the information and whether we can achieve those purposes through other means
  • Applicable legal requirements and industry standards
  • The operational requirements of IoT systems and edge computing platforms

In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files that are stored on your device when you visit our website.

9.1 Types of Cookies We Use

Essential Cookies

Necessary for the website to function properly and provide core digital services.

Analytical/Performance

Allow us to recognize and count visitors and see how they navigate our digital platforms.

Functionality Cookies

Used to recognize you when you return to our website and personalize your experience.

Targeting Cookies

Record your visit to our website, the pages you visit, and the links you follow for digital marketing purposes.

9.2 Managing Cookies

You can control and manage cookies in various ways. Most web browsers allow you to block or delete cookies. Please note that if you choose to block all cookies, you may not be able to access all or parts of our website or some features may not function properly.

10. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights regarding your personal information:

Right to Access You have the right to request confirmation of whether we hold personal information about you and to access that information.
Right to Correction You have the right to request the correction of inaccurate personal information.
Right to Deletion You have the right, in certain circumstances, to request the deletion or destruction of your personal information.
Right to Object You have the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.
Right to Refuse Direct Marketing You have the right to refuse the processing of your personal information for direct marketing purposes.
Right to Submit a Complaint You have the right to submit a complaint to the Information Regulator regarding alleged interference with your protection of personal information.

Exercise Your Rights
To exercise any of these rights, please contact our Information Officer using the contact details provided in Section 14 of this Privacy Policy.

11. Children's Privacy

Our digital transformation services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our systems.

12. Third-Party Links

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes if and where required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the date at the top of this page. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Information

Information Officer

In accordance with POPIA, we have appointed an Information Officer who is responsible for ensuring our compliance with POPIA and addressing any requests or queries regarding your personal information:

Information Officer
S99 (Pty) Ltd
34 Okkerneut Street
Weltevredenpark
Gauteng, 1709
South Africa

Email: info@s99.co.za

Information Regulator

If you believe that we have not adequately addressed your concerns or complaints, you have the right to lodge a complaint with the Information Regulator of South Africa:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001

Email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/

15. POPIA Compliance Statement

S99 (Pty) Ltd is committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA). We have implemented the following measures to ensure compliance:

Digital Governance

  • Appointed an Information Officer
  • Developed comprehensive POPIA compliance framework
  • Regular compliance reviews and audits

Risk Assessment

  • Personal information impact assessment
  • Continuous risk monitoring and management
  • Regular vulnerability assessments

Security Safeguards

  • Industry-leading security safeguards
  • Advanced access controls and monitoring
  • Comprehensive data breach response procedures

Staff Training

  • Comprehensive POPIA training for all staff
  • Data handling procedures and protocols
  • Privacy awareness programs

© 2025 S99 (Pty) Ltd. All rights reserved.

Where Limitations End, Possibilities Begin

This document and its contents are proprietary and confidential.