Last updated: 24 March 2026 | Version 1.0
Privacy Policy
Protection of Personal Information Act (POPIA) Compliant
Preamble
This Privacy Policy sets out how Right Click Media (Pty) Ltd collects, uses, stores, shares, and protects the personal information of our clients, employees, suppliers, visitors, and other data subjects. This Policy has been developed in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA), the Electronic Communications and Transactions Act 25 of 2002 (ECTA), the Consumer Protection Act 68 of 2008 (CPA), and the Promotion of Access to Information Act 2 of 2000 (PAIA). By interacting with us you acknowledge that you have read and understood this Policy.
1. Definitions and Interpretation
| Term | Definition |
|---|---|
| Competent Person | Any person legally competent to consent to decisions in respect of a child. |
| Consent | Any voluntary, specific, and informed expression of will giving permission for processing of personal information. |
| Data Subject | The natural or juristic person to whom personal information relates. |
| De-identification | Deleting information that identifies or makes it reasonably possible to identify a data subject. |
| Information Officer | The head of a private body responsible for POPIA compliance, registered with the Information Regulator. |
| Information Regulator | The independent body established under section 39 of POPIA to monitor POPIA compliance. |
| Operator | A person who processes personal information for a responsible party in terms of a contract or mandate. |
| Personal Information | Information relating to an identifiable, living, natural person or juristic person including name, contact details, location, identity number, financial information, and employment history. |
| POPIA | The Protection of Personal Information Act 4 of 2013, as amended. |
| Processing | Any operation concerning personal information including collection, receipt, recording, storage, updating, distribution, or destruction. |
| Responsible Party | Right Click Media (Pty) Ltd, which determines the purpose and means of processing personal information. |
| Special Personal Information | Religious beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour. |
2. Who We Are
Right Click Media (Pty) Ltd is the Responsible Party for all personal information processed in connection with our business activities.
- Physical Address: 1st Floor Liberty Life Building, 21 Aurora Drive, Durban, South Africa, 4301
- Website: https://rightclicktechandmedia.co.za
- Email: info@rightclicktechandmedia.co.za
- Phone: +27 63 324 7771
Our Information Officer is responsible for overseeing POPIA compliance. Their details are available on written request to info@rightclicktechandmedia.co.za.
3. Scope and Application
This Policy applies to all personal information processed by us (digital or physical); all employees, contractors, directors, and representatives; all clients, suppliers, and business partners; all website visitors; and all operators processing information on our behalf.
4. The Eight Conditions for Lawful Processing
- Accountability: We are responsible for all personal information in our possession and ensure POPIA conditions are met at all times.
- Processing Limitation: We collect personal information only for a specific, explicitly defined, and lawful purpose.
- Purpose Specification: Purposes are documented and communicated to data subjects at the time of collection.
- Further Processing Limitation: We do not process information for a secondary purpose unless compatible or consented to.
- Information Quality: We ensure personal information is complete, accurate, and up to date.
- Openness: We maintain documentation of all processing operations and are transparent with data subjects.
- Security Safeguards: We implement appropriate technical and organisational security measures.
- Data Subject Participation: We respect and facilitate your rights to access, correct, and object to processing.
5. What Personal Information We Collect
5.1 Identification and Contact Information
Full name and surname, identity or passport number, date of birth, physical and postal address, email address, and telephone and mobile number.
5.2 Financial Information
Bank account details, payment card information (processed via secure third-party gateways), tax reference and VAT numbers, credit history, and invoice and transactional history.
5.3 Employment-Related Information
CV and qualifications, employment history, salary and benefits, leave and disciplinary records, emergency contact details, and performance appraisals.
5.4 Technical and Digital Information
IP address and device identifiers, browser type and settings, cookies and tracking data, website usage behaviour, and log files and session data.
5.5 Special Personal Information
We only process special personal information where you have explicitly consented, where required by law, where it is necessary to exercise or defend a legal right, or where you have deliberately made the information public.
6. Why We Process Your Personal Information
- Service Delivery: To provide, manage, and improve our services; process transactions; and fulfil contractual obligations.
- Legal Compliance: To comply with SARS, CIPC, Department of Labour, FICA, and other applicable legislation.
- Human Resources: To process job applications, administer payroll and benefits, and manage performance.
- Marketing: To send communications about our services where you have consented or where we have an existing client relationship. You may opt out at any time.
- Security and Fraud Prevention: To detect and prevent fraud, cybercrime, and illegal activities, and to protect the safety of our employees and clients.
7. Legal Basis for Processing
We process your personal information on one or more of the following legal bases: Consent, Contractual Necessity, Legal Obligation, Legitimate Interest, Protection of Vital Interests, or Public Interest, as provided for in POPIA.
8. How We Collect Personal Information
We collect personal information directly from you (via forms, contacts, registrations, job applications, and subscriptions); automatically through technology (cookies, web beacons, and server logs); and from third parties (credit bureaus, employers, educational institutions, and publicly available sources).
9. Sharing and Disclosure of Personal Information
We do not sell your personal information. We may share it only with third-party operators bound by written agreements (IT providers, payment processors, payroll administrators, legal firms, and marketing agencies); with regulatory or law enforcement authorities as required by law; with parties in a corporate transaction subject to confidentiality undertakings; or with your explicit consent.
10. International Transfers
We may transfer personal information to a foreign country only where that country offers adequate data protection, or where one of the prescribed exceptions under section 72 of POPIA applies. Appropriate contractual safeguards are implemented for all international transfers.
11. Retention and Destruction
| Category | Retention Period | Legal Basis |
|---|---|---|
| Client contracts and transactional records | 5 years after contract end | Prescription Act; SARS |
| Tax and financial records | 5 years after financial year end | Income Tax Act; VAT Act |
| Employee records | 5 years after employment ends | Basic Conditions of Employment Act |
| Payroll records | 5 years | Skills Development Act; SARS |
| Recruitment records (unsuccessful) | 12 months | Employment Equity Act |
| Marketing consent records | Duration of consent + 3 years | POPIA; Consumer Protection Act |
| CCTV footage | 30-90 days (unless evidence required) | Security purposes |
| Website analytics data | 24 months (anonymised thereafter) | Legitimate interest |
Upon expiry of the retention period, personal information is securely destroyed, deleted, or de-identified.
12. Security Safeguards
Technical measures include TLS/SSL encryption, access controls, multi-factor authentication, regular vulnerability assessments, firewall protection, and secure backups. Organisational measures include POPIA training, confidentiality agreements, physical access controls, an Information Security Policy, and regular audits.
In the event of a security compromise, we will notify the Information Regulator and affected data subjects as required by section 22 of POPIA.
13. Your Rights as a Data Subject
- Right of Access (s.23): Request a copy of the personal information we hold about you.
- Right to Correction or Deletion (s.24): Request correction or deletion of inaccurate, irrelevant, or excessive information.
- Right to Object (s.11(3)): Object to the processing of your information. For direct marketing, this right is unconditional.
- Right to Withdraw Consent (s.11(4)): Withdraw consent at any time; this does not affect prior lawful processing.
- Right to Non-Automated Decision-Making: Not to be subject to decisions taken solely on the basis of automated processing.
- Right to Lodge a Complaint (s.56): Submit a complaint to the Information Regulator.
To exercise any of these rights, contact our Information Officer with the subject line “POPIA Data Subject Request” at info@rightclicktechandmedia.co.za or at our physical address. We will respond within 30 days and may require proof of identity.
14. Cookies and Online Tracking
We use Strictly Necessary Cookies (essential for site function), Performance/Analytics Cookies (anonymous usage data), Functional Cookies (preferences and personalisation), and Targeting/Advertising Cookies (only with your consent). You may manage cookies via our consent banner or your browser settings.
15. Direct Marketing
We only send direct marketing communications where you have consented, or where we have an existing client relationship for similar services. All communications include an unsubscribe option in accordance with section 69 of POPIA. We will never sell or share your information for third-party marketing purposes.
16. Children
We do not knowingly collect personal information from persons under 18 without parental or guardian consent. If we discover we have done so inadvertently, we will immediately delete that information.
17. The Information Regulator
You may lodge a complaint with the Information Regulator at www.inforegulator.org.za, email POPIAComplaints@inforegulator.org.za, or at JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.
18. Updates to This Policy
We review and update this Policy at least annually. The most current version is always available on our website. Material changes will be communicated via a notice on our website or by email. Your continued use of our services after an update constitutes acceptance of the revised Policy.
19. Governing Law and General Provisions
This Policy is governed by the laws of the Republic of South Africa. If any provision is found to be unlawful or unenforceable, the remaining provisions remain in full force and effect. We encourage you to contact our Information Officer before lodging a complaint with the Information Regulator.
Approved by: Chanelle Evita Kamal, Director / CEO / Information Officer | Date: 24 March 2026 | Version: 1.0