This Privacy Policy describes how eCcenTrix (“we”, “us”) collects, uses, stores, and protects personal information when you use eccentrix.co.za and related communications with us. It is written to reflect the data protection expectations we meet in our own operations and when engaging with customers and partners, including security and privacy assurance processes such as those covered in vendor and client assessments.
1. Applicable law
We comply with applicable South African privacy and access-to-information law, including the Protection of Personal Information Act (POPIA), 2013 and the Promotion of Access to Information Act (PAIA), 2000. Where we process personal information across borders, we use appropriate safeguards where required (for example contractual or other lawful transfer mechanisms).
2. Information we may collect
Depending on how you interact with us, we may process:
- Contact and enquiry data — such as name, email address, telephone number, and the content of messages you send via our website forms or email.
- Technical and usage data — such as IP address, browser type, device information, pages viewed, and approximate location derived from network data, collected through cookies and similar technologies.
- Relationship and project data — when you are or become a client, supplier, or partner, we may process business contact details and information needed to deliver services, support, invoicing, and contractual obligations.
We apply data minimisation and purpose limitation: we collect only what is reasonable for the purpose and retain it only as long as needed (see Retention below).
3. How we use personal information
We use personal information to:
- Respond to enquiries and provide information about our services;
- Operate, secure, and improve our website and infrastructure;
- Meet legal, regulatory, and professional obligations;
- Manage contracts, billing, and client or supplier relationships where applicable.
We do not use personal information collected through this website for unrelated marketing or research unless we have a lawful basis and, where required, your consent.
4. Cookies and analytics
Our site may use cookies and similar technologies. We use Google Analytics (or comparable analytics) to understand aggregate site traffic. You can control cookies through your browser settings. For more on how Google uses data, see Google’s privacy documentation.
5. Sharing, subprocessors, and processors
We may share personal information with trusted service providers (for example hosting, email, or analytics providers) who process data on our instructions and under appropriate confidentiality and security obligations. Where we add material subprocessors for services that affect your data, we address customer notification and objection as agreed in the relevant contract.
We may disclose information if required by law or to protect our rights, users, or the security of our systems.
6. Security
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, or misuse, consistent with good industry practice and the kind of processing we perform (including access controls, secure communication where applicable, and staff awareness).
7. Data retention and disposal
We retain personal information only for as long as necessary for the purposes above, including legal, contractual, or audit requirements, after which we securely delete or anonymise it in line with our retention practices.
8. International transfers
Some service providers may process data outside South Africa. Where that occurs, we take steps to ensure an adequate level of protection as required by POPIA, such as appropriate agreements or other lawful mechanisms.
9. Your rights
Subject to POPIA and other applicable law, you may have the right to request access to, correction of, or in appropriate circumstances deletion of your personal information; to object to certain processing; and to lodge a complaint with the Information Regulator (South Africa). We also maintain processes to respond to privacy incidents and enquiries in a timely manner.
10. Privacy by design and assessments
For relevant products and services we consider privacy early in the lifecycle (for example minimising data collected and defining clear purposes). Where clients require it, we support privacy impact assessments, due diligence questionnaires, and contractual data protection terms, including responsibilities for incidents and cooperation with lawful audits.
11. Changes
We may update this policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be highlighted on the website.
12. Contact
For privacy questions or to exercise your rights, contact us using the details on our Contact Us page, marking your message for the attention of Information Security / Data Privacy.
