Decode Development

Privacy Policy

Privacy Policy

  1. 1. Introduction

    1. 1.1.Decode Development (Pty) Ltdwith registration number2020/108155/07(herein "Decode") is committed to data protection and the right to privacy.

    2. 1.2. This privacy policy applies to personal information collected by Decode in connection to our website, services, and products provided by us. When you engage with us as a customer, supplier or prospective employee, we may collect and process certain personal information. This privacy policy together with any contractual agreements entered into between you and Decode, sets out the basis on which any personal information that we collect from you, or that you provide to us, will be processed by us.

  2. 2. Our contact details

    1. 2.1. Company Name

      Decode Development (Pty) Ltd

    2. 2.2. Street Address

      31 Viridian Square, Viridian Street, Burgundy Estate, 7441, South Africa

    3. 2.3. Email address

      domicilium@decodedev.co.za

  3. 3. The type of personal information we process and how we get it

    1. 3.1. We currently collect and process the following personal information:

      1. 3.1.1. Personal information collected from users of our website:
        Type of personal informationSourceIs collection voluntary / mandatory?Consequences of failure to provide the information
        IP addresses of users who browse the websiteDirectly from data subjectVoluntaryThe website may have reduced functionality if it is blocked from processing this information.
        Name, email, contact number entered into “contact us” form on websiteDirectly from data subjectVoluntaryYou will be able to browse the website but will not be able to contact us via the website without providing this information.
      2. 3.1.2. Personal information collected from or relating to customers and prospective customers of our services:
        Type of personal informationSourceIs collection voluntary / mandatory?Consequences of failure to provide the information
        Customer name, registration numberDirectly from data subjectVoluntaryWe will not be able to provide our services without being able to identify the customer.
        Customer VAT numberDirectly from data subjectVoluntaryCustomer may have increased difficulty claiming VAT if we are not provided with this information.
        Customer email address, physical address and telephone numberDirectly from data subjectVoluntaryWe will not be able to provide services without being able to communicate with customers.
        Names and contact details of employees of customersDirectly from data subject when they interact with us, and/or indirectly from their employer when providing contact details for the customerVoluntaryWe will not be able to respond to communication from individual employees of customers without processing this information.
        Email correspondence of a confidential nature with customers and employees of customersDirectly from data subject when they interact with usVoluntaryWe will not be able to respond to communication from customers without processing this information
      3. 3.1.3. Personal information collected from or relating to our suppliers:
        Type of personal informationSourceIs collection voluntary / mandatory?Consequences of failure to provide the information
        Supplier name, registration numberDirectly from data subjectVoluntaryWe will not be able to procure goods or services from a supplier without this information.
        Supplier email address, telephone numbersDirectly from data subject and/or indirectly from publicly available informationVoluntaryWe will not be able to contact a supplier without at least one of these items being provided.
        Work email address and/or telephone numbers of employees of suppliersDirectly from data subject and/or indirectly from their employerVoluntaryWe will not be able to contact particular individuals within a supplier without this information.
        Supplier VAT numberDirectly from data subjectMandatory if supplier charges VATSupplier will not be able to charge VAT without providing a VAT number.
        Supplier banking detailsDirectly from data subjectVoluntaryWe will not be able to pay our suppliers without this information.
      4. 3.1.4. Personal information collected in relation to prospective employees during the hiring process:
        Type of personal informationSourceIs collection voluntary / mandatory?Consequences of failure to provide the information
        Applicant nameDirectly from data subject or indirectly from third party recruitment service providerVoluntaryWe will not be able to process a job application unless this information is provided.
        Applicant identity numberDirectly from data subject or indirectly from third party recruitment service providerVoluntaryWe will not be able to process a job application unless this information is provided.
        Applicant email address, physical address and telephone numberDirectly from data subject or indirectly from third party recruitment service providerVoluntaryWe will not be able to process a job application without at least one of these items being provided.
        Employment history;Directly from data subject or indirectly from third party recruitment service providerVoluntaryWe will not be able to assess the suitability of the applicant for the role unless this information is supplied
        Views or opinions of our relevant staff members about the data subjectIndirectly from our relevant staff membersVoluntaryWe will not be able to assess the suitability of the applicant for the role unless this information is supplied
        Views or opinions of former employers and other references about the data subjectDirectly from data subject, indirectly from third party recruitment service providers or indirectly from references named by the data subject and subsequently contacted by usVoluntaryOur ability to assess the suitability of the applicant for the role will be hindered if no references are supplied.
    2. 3.2. In order to update, correct or delete your personal information, you may contact us using the contact details provided in paragraph 12.

  4. 4. How we use personal information:

    1. 4.1. We use personal information of our customers:

      1. 4.1.1. to identify our customers in order to provide them with services;

      2. 4.1.2. to fulfil our contractual obligations;

      3. 4.1.3. to provide support; and

      4. 4.1.4. for billing purposes.

    2. 4.2. We use personal information of our suppliers:

      1. 4.2.1. for general procurement functions including making orders and arranging deliveries;

      2. 4.2.2. to generally fulfil our contractual obligations with the suppliers; and

      3. 4.2.3. to pay them for products/services.

    3. 4.3. We use personal information of prospective employees:

      1. 4.3.1. for recruitment purposes.

    4. 4.4. More generally, we use personal information collected and processed as follows:

      1. 4.4.1. to fulfil our contractual obligations;

      2. 4.4.2. to communicate with customers, suppliers and their respective employees who interact with us;

      3. 4.4.3. to comply with any applicable laws.

  5. 5. Storage and security of your personal information

    1. 5.1. We store your personal information on third-party servers, with our primary cloud providers being located in the United States and the European Union. Some of our third-party service providers are also located outside of South Africa, and accordingly your personal information will be transferred to one or more of the following countries in order for us to receive services from the relevant service providers:

      1. 5.1.1. Google Drive (stores information): European Union.Google's privacy policy

      2. 5.1.2. Google Mail (processes correspondence): European Union.Google's privacy policy

      3. 5.1.3. Xero (processes accounting-related personal information): United States, New-Zealand, Australia, United Kingdom.Xero's privacy policy

      4. 5.1.4. Zoho Desk (processes information pertaining to support functions): United States, European Union.Zoho's Privacy Policy

      5. 5.1.5. Reclaim (processes calendaring and task management): European Union.Reclaim's Privacy Policy

      6. 5.1.6. Copper (processes prospect and client information): United States, European Union.Copper's Privacy Policy

      7. 5.1.7. Github (processes source code and project management information): United States, European Union.Github's Privacy Policy

      8. 5.1.8. Github Copilot (processes source code and project management information): United States, European Union.Github Copilot's Privacy Policy

      9. 5.1.9. Vercel (processes source code and project management information): United States, European Union.Vercel's Privacy Policy

      10. 5.1.10. Sentry (application metrics and errors): United States, European Union.Sentry's Privacy Policy

    2. 5.2. We have organisational and technical measures in place to protect your personal information. Our efforts in this regard will comply with the requirements of applicable law. You acknowledge and agree however that there are inherent risks to the security of data in the use of applications and services, such as vulnerabilities in the underlying technology. We accordingly do not guarantee that your data cannot ever be compromised and you accept this risk by using the website, our services and/or products.

    3. 5.3. When you have chosen or been given a password which enables you to access certain parts of our services and/or products, you are responsible for keeping that password confidential. Please do not share your password with anyone.

  6. 6. Cookies

    1. 6.1. Cookies are small text files transferred by a server to your device and may contain various types of information useful in persisting data, such as login status, preferences and settings. We use cookies on the website as described in our cookie policy.

  7. 7. Third party websites

    1. 7.1. Our website may occasionally contain links to third-party websites. If you click on the links to third-party websites, you leave our website.

    2. 7.2. We are not responsible for the content of third-party websites or for the security of your personal information when you use them.

  8. 8. Social networking services

    1. 8.1. We use social networking services such as Twitter and LinkedIn to communicate with the public about our business. When you communicate with us through these services, that social networking service may collect your personal information for its own purposes.

    2. 8.2. These services have their own privacy policies which are independent of the privacy policy and practices of Decode.

  9. 9. How we share your personal information

    1. 9.1. We may share your personal information with third parties service providers engaged by Decode. Where your personal information is shared with service providers, Decode shall enter into written agreements to ensure your personal information is processed in accordance with POPIA and this privacy policy.

    2. 9.2. We share your personal information with the following categories of recipients:

      1. 9.2.1. Storage providers

      2. 9.2.2. Service providers

    3. 9.3. On rare occasions, we may be required to disclose your personal information because of legal or regulatory requirements. In such instances, we reserve the right to disclose your personal information as required in order to comply with our legal obligations, including complying with court orders, warrants, subpoenas, service-of-process requirements or discovery requests.

    4. 9.4. We may also disclose information about our data subjects to law enforcement officers or others, in the good faith belief that such disclosure is reasonably necessary to enforce our Terms or this privacy policy or respond to legal claims that any content violates the rights of third parties, or to protect our intellectual property rights or our personal safety or the personal safety of our users or the general public.

    5. 9.5. Changes of business ownership or control: We may share your personal information with third parties in connection with a sale of assets, restructuring or merger, in which case we will notify you and will, if required by applicable law, also notify and obtain approval from any relevant regulators.

  10. 10. Your data protection rights

    1. 10.1. Your rights as a data subject in terms of POPIA include the following

      1. 10.1.1. Notification

        You have the right to be notified that your personal information is being collected in terms of section 18 of POPIA. You have the right to be notified that your personal information has been accessed or acquired by an unauthorised person in terms of section 22 of POPIA.

      2. 10.1.2. Access

        You have the right to establish whether we hold personal information about you and to request access to your personal information as provided for in section 23 of POPIA.

      3. 10.1.3. Correction or deletion

        You have the right to request, where necessary, the correction, destruction or deletion of your personal information as provided for in section 24 of POPIA.

      4. 10.1.4. Objection

        You have the right to object, on reasonable grounds relating to your particular situation, to the processing of your personal information as provided for in terms of section 11(3)(a) of POPIA. You have the right to object to the processing of your personal information at any time for purposes of direct marketing in terms of section 11(3)(b) of POPIA, or in terms of section 69(3)(c) of POPIA.

      5. 10.1.5. Direct marketing

        You have the right not to have your personal information processed for purposes of direct marketing by means of unsolicited electronic communications except as referred to in section 69(1) of POPIA.

      6. 10.1.6. Automated processing

        You have the right not to be subject to a decision which results in legal consequences for you, or which affects you to a substantial degree, which is based solely on the basis of the automated processing of your personal information intended to provide a profile of you as provided for in terms of section 71 of POPIA.

      7. 10.1.7. Complaints

        You have the right to lodge a complaint to the Information Regulator in terms of section 74 of POPIA as detailed in paragraph 13.

      8. 10.1.8. Civil proceedings

        You have the right to institute civil proceedings regarding the alleged interference with the protection of your personal information as provided for in section 99 of POPIA.

      9. 10.1.9. Charges

        You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

  11. 11. Notification of changes

    1. 11.1. We reserve the right to change this privacy policy from time to time and in our sole discretion.

    2. 11.2. We will notify you of material changes to this privacy policy by the email address we have on record for you or by using any other reasonable methods.

  12. 12. How to complain

    1. 12.1. If you have any concerns about our use of your personal information, you can make a complaint to us by emailing:domicilium@decodedev.co.za

    2. 12.2. You can also submit a complaint to the Information Regulator by emailing:complaints.ir@justice.gov.za