/Policies
Privacy policy
Introduction
Cyberdeck (Pty)Ltd is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store and protect your information when you use our website and services, in accordance with the Protection of Personal Information Act (POPIA) of South Africa.
2. Information We Collect
Through Our Website
When you contact us through our website, we collect your full name, email address, company name and your message.
During Service Engagements
When you engage our services, we may collect and process information related to your organisation and systems, including but not limited to:
Business Information: Company name and registration details, business addresses, contact person names and titles, phone numbers and email addresses, and billing and invoicing information.
Technical Information: System and network details, domain and subdomain information, IP addresses and hosting details, email configurations and records, cloud environment details, web application details, security vulnerabilities identified, credentials (where provided or discovered during testing), API keys and tokens, configuration files, and software and version information.
Open Source Intelligence (OSINT): Publicly available information, social media information, data from public records, and information from data breach databases (for exposure checks).
The specific information collected will depend on the scope of the engagement and will be outlined in your service agreement.
3. How We Use Your Information
We use your information to respond to your enquiries, deliver the services you have engaged us for, provide reports and remediation guidance, communicate with you about your engagement and improve our services.
We do not use your information for marketing purposes without your explicit consent.
4. Who We Share Your Information With
We do not share your personal information with third parties, except where required by law or with your explicit consent.
All information collected remains confidential and is only accessible by Cyberdeck personnel directly involved in your engagement.
5. Subprocessors and Third-Party Tools
In the course of delivering our services, we may use third-party tools and service providers (Subprocessors) that process data on our behalf. These may include cloud storage providers, communication platforms, and security assessment tools.
We ensure that any Subprocessors we engage are bound by appropriate data protection agreements and maintain security standards consistent with this policy.
6. How We Protect Your Information
We take the security of your information seriously. Given the sensitive nature of our work, we implement appropriate technical and organisational measures to protect your data, including:
Secure storage of all data with access controls
Access restricted to authorised personnel only
Encryption of data in transit and at rest where appropriate
Secure communication channels for sensitive information
Regular review of security practices
Secure deletion and destruction of data when no longer required
Physical security measures for any hardware storing client data
We do not store client data on shared or public systems. All engagement data is handled with the same level of care we would expect for our own sensitive information.
Despite our best efforts, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Data Breach Notification
In the event of a personal data breach where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator as soon as reasonably possible after becoming aware of the breach, as required by POPIA.
Where the breach is likely to result in a risk to you, we will also notify you directly, providing information about the nature of the breach and the measures we are taking to address it.
8. How Long We Keep Your Information
Website Enquiries: We retain contact form submissions for up to 12 months, or as long as necessary to respond to your enquiry and for reasonable follow up purposes.
Service Engagements: Information collected during engagements is retained for the duration of the engagement and for a period of 3 years thereafter, unless a different retention period is specified in your service agreement. This allows for reference, potential follow up work and compliance with legal obligations.
Legal and Regulatory Requirements: We may retain certain information for longer periods where required by law or to establish, exercise or defend legal claims.
You may request deletion of your information at any time, subject to any legal obligations we may have to retain it. Upon deletion, Cyberdeck will confirm in writing that the data has been securely destroyed.
9. Legal Basis for Processing
We process your personal information based on one or more of the following legal grounds:
Consent: You have given us permission to process your information for a specific purpose.
Contract: Processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract to provide our services.
Legitimate Interest: Processing is necessary for our legitimate business interests, provided these do not override your rights.
Legal Obligation: Processing is necessary to comply with the law.
10. Your Rights
Under POPIA, you have the right to:
Access: Request a copy of the personal information we hold about you.
Correction: Request that we correct any inaccurate or incomplete information.
Deletion: Request that we delete your personal information.
Object: Object to the processing of your personal information.
Withdraw Consent: Withdraw any consent you have previously given.
To exercise any of these rights, please contact us using the details provided below. You also have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed.
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.
12. Cookies and Analytics
Our website uses cookies and analytics tools to understand how visitors use our site, including:
If our website is hosted by a third-party platform, that platform may set its own cookies and collect data in accordance with its own privacy and cookie policies. We recommend reviewing the hosting platform's privacy policy for full details.
Essential Cookies: Required for the website to function properly.
Analytics Cookies: Help us understand how visitors interact with our site, such as pages visited and time spent.
These tools may collect information such as your IP address, browser type, device information and browsing behaviour. This information is used solely to improve our website and is not used to personally identify you.
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect your experience on our website.
13. Limitation of Liability
While we take all reasonable steps to protect your personal information, Cyberdeck's liability for any loss or damage arising from the processing of your personal data shall be limited to the extent permitted by applicable law.
Nothing in this policy excludes or limits our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation or any other liability that cannot be excluded or limited by applicable law.
We recommend that you maintain appropriate security measures for any account credentials and promptly notify us of any suspected unauthorised access to your information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective" date. Where changes are significant, we will take reasonable steps to notify you.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Information Officer at info@cyberdeck.co.za.
16. Governing Law
This Privacy Policy is governed by the laws of the Republic of South Africa. Any disputes arising from this policy shall be subject to the jurisdiction of the South African courts.
This Privacy Policy is compliant with the Protection of Personal Information Act (POPIA) of South Africa.