Legal

POPIA
Notice

This POPIA Notice is issued in terms of Section 18 of the Protection of Personal Information Act 4 of 2013 (POPIA). It describes how Webvyn processes your personal information and your rights as a data subject.

Last updated: March 2026 · Webvyn

1. Responsible Party

The responsible party for processing your personal information is:

Webvyn
Company NameWebvyn
CountryRepublic of South Africa
Privacy Officer Email[email protected]
General Enquiries[email protected]

2. Purpose of Processing

Webvyn collects and processes your personal information for the following specific purposes:

  • To provide digital services including website design, e-commerce development, SaaS platform development, and business system development
  • To manage your client account, contracts, and project progress via the client portal
  • To generate and send invoices and process payments
  • To respond to support tickets and service requests
  • To send project updates, deadline reminders, and account notifications
  • To comply with South African legal and regulatory requirements
  • To send marketing communications about Webvyn services (with your consent, which may be withdrawn)

3. Lawful Basis for Processing

We process your personal information on the following lawful grounds as set out in POPIA Section 11:

01
Contractual Performance
Processing is necessary to deliver the services described in your contract with Webvyn, including platform development, project management, and client portal access.
02
Legal Obligation
Processing is required to comply with POPIA, FICA, the Income Tax Act, and other applicable South African legislation.
03
Legitimate Interest
Processing is necessary for Webvyn's legitimate business interests, including fraud prevention, security monitoring, and service improvement.
04
Consent
Where we send marketing communications, we do so with your consent. You may withdraw consent at any time by emailing [email protected].

4. Categories of Personal Information

We collect and process the following categories of personal information:

  • Full name and contact details (email, phone number)
  • Business name and company information
  • Invoice and payment records
  • Project briefs and service requirements
  • Support ticket history and communications
  • Login credentials (passwords are hashed — never stored in plain text)
  • Technical data including IP address, browser type, and login timestamps

Webvyn does not process special personal information as defined in POPIA Section 26 (health data, race, religion, sexual orientation, etc.).

5. Recipients of Personal Information

Your personal information may be shared with the following categories of recipients where necessary to deliver our services:

  • Cloud Infrastructure Provider — Microsoft Azure
  • Email Service Providers — For transactional and notification emails
  • Payment Service Providers — For invoice payment processing
  • Regulatory Authorities — SARS, CIPC, and law enforcement where legally required
  • The Information Regulator — In the event of a data breach notification

Webvyn does not sell personal information to third parties under any circumstances.

6. Cross-Border Transfers

Your information may be transferred to servers located outside South Africa as part of our use of Microsoft Azure infrastructure. Both providers maintain data protection frameworks that meet the requirements of POPIA Section 72. All transfers are governed by appropriate data processing agreements.

7. Retention of Personal Information

We retain personal information only for as long as necessary for the purpose for which it was collected, or as required by law. Contract and invoice records are retained for a minimum of 5 years as required by South African tax legislation. Account information is retained for the duration of the account plus 3 years.

8. Your Rights as a Data Subject

Under POPIA, you have the right to:

  • Be notified that your personal information is being collected and processed
  • Access the personal information we hold about you
  • Request correction of inaccurate personal information
  • Request deletion of your personal information where there is no lawful basis for retention
  • Object to the processing of your personal information
  • Submit a complaint to the Information Regulator of South Africa
To exercise any of these rights, contact our Privacy Officer at [email protected]. Please include your full name, email address, and the specific right you wish to exercise. We will respond within 30 days as required by POPIA.

9. Complaints to the Information Regulator

If you believe Webvyn has violated your rights under POPIA, you may lodge a complaint with the Information Regulator of South Africa:

Information Regulator (South Africa)
Websiteinforegulator.org.za
Email[email protected]
Complaints[email protected]

10. Security Measures

Webvyn implements the following technical and organisational measures to protect your personal information:

  • SSL/TLS encryption for all data in transit
  • Bcrypt password hashing — passwords are never stored in plain text
  • Two-factor authentication for all admin accounts
  • Role-based access controls limiting data access to authorised personnel only
  • Automated daily backups stored in separate cloud regions
  • Rate limiting and brute force protection on all API endpoints
  • Data breach response plan with 72-hour notification obligations

11. Updates to This Notice

This POPIA Notice may be updated from time to time. Material changes will be communicated to registered clients via email. The date of the most recent update is displayed at the top of this page. Continued use of Webvyn services after any update constitutes acceptance of the revised notice.