1. Introduction

This statement is made in terms of the Protection of Personal Information Act, 2013 (“POPIA”) and is intended to govern and explain your interactions, dealings and business relationship with VEQTOR Africa in relation to personal information.

In this statement, “Third Parties” may include operators, suppliers, registrars, payment gateways, infrastructure providers, datacentres, software providers, affiliates, contractors, advisers, service partners, and other parties involved in the lawful delivery, support, administration, security or compliance of VEQTOR Africa services.

“Personal Information” has the meaning given to it under POPIA and generally refers to information relating to an identifiable, living natural person and, where applicable, an identifiable existing juristic person.

2. POPIA Framework

VEQTOR Africa acknowledges that POPIA is intended to promote the protection of personal information processed by public and private bodies, establish minimum conditions for lawful processing, protect data subjects, and regulate the flow of personal information across the borders of South Africa.

VEQTOR Africa aims to process personal information lawfully, reasonably, responsibly, and in a manner that respects the rights of data subjects while still enabling the practical operation of hosting, domain, infrastructure, support, billing and related technical services.

3. Processing of Customer Personal Information

VEQTOR Africa may process customer personal information only where there is a lawful basis to do so. Depending on the circumstances, this may include processing that:

• takes place with the customer’s consent;
• is necessary to take steps at the customer’s request before entering into a contract;
• is necessary for the conclusion, performance, administration or enforcement of a contract;
• is required to comply with a legal obligation imposed on VEQTOR Africa;
• protects the legitimate interests of the customer or another data subject;
• is necessary for pursuing the legitimate interests of VEQTOR Africa or a third party to whom the information is supplied, where lawful.

Such processing may include account creation, service provisioning, billing, fraud prevention, abuse handling, identity verification, customer support, domain administration, service security, backup operations, communications, recordkeeping, legal compliance, and dispute management.

4. Categories of Personal Information Processed

Depending on the service or interaction, VEQTOR Africa may process personal information including, but not limited to:

• names, company names and registration details;
• email addresses, phone numbers and contact details;
• physical, postal and billing addresses;
• account credentials and service identifiers;
• domain registrant information and technical contact information;
• payment references and transaction-related metadata;
• support correspondence and ticket history;
• logs, IP addresses and security-related event information;
• information required for compliance, anti-fraud or lawful verification processes.

5. Purpose of Processing

VEQTOR Africa processes personal information for purposes that may include:

• providing, maintaining and supporting contracted services;
• registering, transferring, renewing and managing domain names;
• processing orders, invoices, renewals, refunds and related billing matters;
• authenticating customers and protecting account access;
• maintaining service security, network integrity and abuse prevention;
• communicating service notices, billing notices, renewal reminders and legal notices;
• meeting recordkeeping, tax, compliance and regulatory requirements;
• handling complaints, disputes, security incidents and lawful requests.

6. Distribution of Personal Information to Third Parties

VEQTOR Africa may provide access to, disclose, or transfer personal information to Third Parties where necessary for the lawful operation of its business, for the delivery of products or services selected by the customer, for contractual performance, for technical or administrative support, or where required by law.

This may include disclosures to:

• payment processors and payment gateways;
• domain registries, registrars and registry operators;
• cloud, datacentre, networking, security and backup providers;
• software vendors, infrastructure operators and technical suppliers;
• fraud-prevention, identity-verification or compliance providers;
• professional advisers, auditors, insurers or collection agents where appropriate;
• regulators, courts, law enforcement or competent authorities where lawfully required.

VEQTOR Africa will take reasonably practicable steps to ensure that Third Parties who process personal information on its behalf are subject to confidentiality, privacy, security and data-protection obligations appropriate to the nature of the processing.

7. Cross-Border Transfers

Because VEQTOR Africa may provide services that rely on international registries, software vendors, payment systems, cloud services, support platforms and technical infrastructure, personal information may in some cases be transferred to or processed in other jurisdictions.

VEQTOR Africa aims to ensure that cross-border transfers take place only where there is a lawful basis for doing so and where the receiving party is subject to laws, binding agreements, contractual safeguards or operational controls that provide an adequate level of confidentiality and data protection, to the extent required by law.

8. Receiving and Hosting Personal Information as an Operator

In the course of providing hosting, infrastructure, domain, mail, cloud, VPS, dedicated, backup, support and related services, VEQTOR Africa may receive, store, transmit or otherwise process personal information on behalf of customers. In such cases, VEQTOR Africa may act as an operator processing information on the instructions of the customer or in accordance with the applicable service arrangement and legal requirements.

Where VEQTOR Africa acts as an operator, it will endeavour to process and protect that personal information in accordance with its obligations under POPIA and the applicable service terms, while the customer remains responsible for the lawfulness of the customer’s own collection, use and disclosure of that information where the customer is the responsible party.

9. Confidentiality and Security

VEQTOR Africa takes reasonable technical and organisational steps to protect personal information against loss, misuse, unlawful access, unauthorised disclosure, alteration, destruction or compromise. These measures may include access controls, encryption in transit, firewalling, abuse monitoring, malware protection, authentication controls, logging, infrastructure restrictions and supplier security controls.

No environment can be guaranteed perfectly secure. VEQTOR Africa therefore cannot warrant that personal information will never be compromised, but it does undertake to act reasonably and responsibly in protecting it.

10. Security Compromises and Breach Response

If VEQTOR Africa has reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, VEQTOR Africa will assess the incident and take such steps as are required by law. This may include containment, investigation, remediation, preserving evidence, and notification where applicable.

Where VEQTOR Africa acts as an operator for a responsible party and a compromise occurs, VEQTOR Africa may be required to notify the responsible party without delay. Where VEQTOR Africa is the responsible party, it may be required to notify the Information Regulator and affected data subjects in accordance with POPIA.

11. Retention of Personal Information

VEQTOR Africa retains personal information only for as long as it is reasonably necessary for the purpose for which it was collected, as long as required by law, as long as contractually necessary, or as long as justified by legitimate security, dispute, tax, compliance, fraud-prevention or recordkeeping interests.

Once retention is no longer justified, VEQTOR Africa will take reasonable steps to delete, destroy, anonymise or de-identify the information in a secure and responsible manner, subject to legal, technical and backup limitations.

12. Customer Responsibilities

Customers must ensure that the personal information they provide to VEQTOR Africa is accurate, complete and kept up to date. Customers who use VEQTOR Africa services to process personal information relating to their own users, clients, staff or other data subjects remain responsible for ensuring that they have a lawful basis to do so and that they comply with their own obligations under POPIA and other applicable laws.

13. Information Officer

VEQTOR Africa should designate an Information Officer and, where applicable, any Deputy Information Officers required by law or internal operations. Requests, complaints or enquiries relating to POPIA, personal information, access requests, correction requests, objections, or privacy concerns may be directed to VEQTOR Africa’s Information Officer.

Replace the placeholder details below with VEQTOR Africa’s actual Information Officer details before final publication.

Information Officer: David Johnson
Email: info@veqtor.africa
UK Address: De Havillan Road, Honiton, EX52GE, UK
SA Address: Isabel Road, Pietermaritzburg, 3201, South Africa

14. Further Information

For more information about VEQTOR Africa’s processing of personal information, customers should also read VEQTOR Africa’s Privacy Policy, Terms and Conditions, and any applicable service-specific agreements or data-protection notices.

For an accessible public version of the Protection of Personal Information Act, you may also refer to the POPIA website: https://popia.co.za/

15. Changes to this Statement

VEQTOR Africa may amend or update this POPIA Statement from time to time. Any revised version may be published on the VEQTOR Africa website, client portal or another official channel. Continued use of VEQTOR Africa services after the updated version takes effect may constitute acceptance of the revised statement where permitted by law.