Data Protection Notice

Last Updated: 2026-02-25

1. Introduction

MyProtektor (Pty) Ltd (referred to herein as "the Company," "we," or "our") recognises the fundamental importance of safeguarding the personal information entrusted to us by every individual who interacts with our security management platform. This notice sets out the manner in which we gather, process, retain, and secure your personal data as required by the Protection of Personal Information Act, 2013 (POPIA) and any other legislation that may apply.

2. Responsible Party Information

3. Personal Information We Collect

3.1 Identity Information

• Core Particulars: Full legal name, national ID number, birth date, gender, and citizenship
• Reach Details: Email address, telephone number, residential or business address
• Occupational Data: Position held, employing entity, relevant qualifications and certifications
• Verification Documents: Scanned copies of national ID, passport, or driving licence

3.2 Security and Operational Data

• Geolocation Records: GPS positioning data, patrol route history, and incident site coordinates
• Incident Documentation: Detailed event descriptions, photographic evidence, video footage, and time stamps
• Patrol Verification: QR code scan results, checkpoint confirmation records, and route adherence logs
• Emergency Information: Panic alert triggers, response duration metrics, and designated emergency contacts

3.3 Technical and Usage Data

• Device Particulars: Hardware identifier, platform and OS version, browser type, and IP address
• Behavioural Analytics: In-app navigation patterns, feature engagement, and session length
• System Diagnostics: Application error logs, crash diagnostics, and infrastructure performance data
• Correspondence Logs: Support ticket content, messaging history, and email exchanges

3.4 Financial Information

• Subscription Records: Invoice data, payment transaction history, and plan tier details
• Payment Instruments: Card information (handled exclusively by Stripe), banking particulars
• Transactional History: Payment confirmations, credit notes, and billing modifications

4. Lawful Basis for Processing

Every instance in which we handle your personal information rests upon one or more of the following lawful grounds recognised by POPIA:

4.1 Consent

• Promotional Outreach: Subscribing to newsletters and receiving marketing correspondence
• Elective Features: Enabling analytics, sharing location data, and connecting social accounts
• Cookie Preferences: Acceptance of non-essential cookies used for tracking and advertising

4.2 Contract Performance

• Platform Provision: Operating our security management platform and related services
• Account Administration: Establishing, configuring, and sustaining user accounts
• Payment Processing: Executing financial transactions and administering subscription plans

4.3 Legal Obligation

• Regulatory Adherence: Fulfilling obligations imposed by statute and regulatory bodies
• Statutory Record-Keeping: Preserving records for fiscal, audit, and legal purposes
• Lawful Disclosure: Responding to legitimate demands from law enforcement authorities

4.4 Legitimate Interest

• Fraud Prevention: Identifying and mitigating fraudulent activity and security threats
• Service Enhancement: Refining platform capabilities and streamlining operations
• User Assistance: Delivering technical support and resolving reported issues

5. How We Use Your Personal Information

5.1 Core Security Services

• Event Handling: Logging, monitoring, and bringing security incidents to resolution
• Guard Operations: Coordinating patrol schedules and validating route completion
• Crisis Coordination: Dispatching emergency responses and distributing critical alerts
• Live Oversight: Enabling real-time surveillance and situational awareness dashboards

5.2 User Management

• Identity Verification: Confirming user credentials and governing platform access
• Permission Assignment: Enforcing role-based access across five hierarchical tiers
• Organisational Configuration: Structuring team rosters and managing membership hierarchies

5.3 Communication and Support

• Help Desk: Addressing support queries and troubleshooting technical difficulties
• Platform Alerts: Issuing system notifications and service update messages
• Onboarding: Guiding new users through platform familiarisation and training resources

6. Data Sharing and Disclosure

6.1 Within South Africa

• Operational Vendors: Technology and infrastructure service providers under contract
• Channel Partners: Approved distribution partners and integration collaborators
• Expert Advisors: Legal counsel, auditors, and specialist consulting firms

6.2 International Transfers

In certain circumstances, your personal information may be transmitted to jurisdictions outside South Africa, such as:

• Infrastructure Providers: Google Cloud (headquartered in the United States), Amazon Web Services
• Technical Partners: External maintenance and technical support teams operating abroad
• Measurement Services: Web and application analytics platforms based internationally

Every cross-border transfer is governed by suitable protective mechanisms, including:

• Standard contractual clauses endorsed by recognised data protection authorities
• Adequacy determinations issued by the Information Regulator
• Binding corporate rules and recognised privacy certification frameworks

7. Data Security Measures

7.1 Technical Safeguards

• Cryptographic Protection: AES-256 cipher for stored data, TLS 1.3 protocols for data in motion
• Permission Enforcement: Hierarchical role-based access paired with multi-factor authentication
• Perimeter Defence: Network firewalls, intrusion detection engines, and continuous surveillance systems
• Patch Management: Timely application of security updates and vulnerability remediation

7.2 Organizational Measures

• Personnel Education: Periodic data protection and cybersecurity training for all team members
• Access Governance: Rigorous access provisioning controls and scheduled entitlement reviews
• Breach Readiness: Established data breach detection and escalation protocols
• Compliance Oversight: Recurring security audits and regulatory conformity assessments

8. Data Retention

8.1 Retention Periods

• Active Accounts: Personal data is maintained for the duration of account activity
• Dormant Accounts: Information is purged following 24 months of non-use
• Incident Archives: Preserved for a period of 7 years to satisfy legal and insurance obligations
• Financial Documentation: Kept for 5 years in accordance with tax and regulatory mandates
• Support Records: Held for 3 years to facilitate ongoing customer service needs

8.2 Deletion Procedures

• Irreversible erasure of personal data once the applicable retention window closes
• Periodic audits to identify and remove data that is no longer required
• Prompt destruction upon receipt of a valid erasure request (where no legal retention obligation exists)
• Backup repositories are subject to the same deletion processes

9. Your Rights Under POPIA

POPIA grants you, as a data subject, a series of enforceable rights regarding your personal information:

9.1 Right to Access

• Obtain confirmation as to whether we hold and process your personal data
• Receive a copy of the personal information we maintain about you
• Be informed of the specific purposes for which your data is being processed

9.2 Right to Correction

• Have inaccurate personal records amended without undue delay
• Supplement any personal information that is incomplete
• Make corrections directly via the profile settings within your account

9.3 Right to Deletion

• Demand the erasure of personal information we hold about you
• Require the destruction of any records that contain your personal data
• Note that this right is subject to overriding legal obligations and legitimate business needs

9.4 Right to Object

• Raise an objection to any processing of your personal information
• Revoke previously granted consent at any time
• Opt out of receiving direct marketing communications

9.5 Right to Data Portability

• Obtain your personal data in a structured, machine-readable format
• Have your records transmitted directly to an alternative service provider
• Initiate a data export through the self-service tools in your account dashboard

10. How to Exercise Your Rights

You may invoke any of the rights afforded to you under POPIA through the following channels:

• Email: Direct your request to info@myprotektor.co.za
• Phone: Reach us by telephone at +43 676 441 2714
• Account Settings: Utilise the built-in privacy management controls within your dashboard

10.1 Request Requirements

Each request should contain the following particulars to enable prompt processing:

• Your complete name and up-to-date contact details
• A verified form of identification (such as a copy of your national ID)
• A clear description of the action you wish us to take
• Your preferred channel for receiving our response

10.2 Response Time

• An acknowledgement of receipt will be sent within 5 business days
• A substantive response will follow within 30 calendar days
• Should a request prove unusually involved, we will advise you of any expected delay

11. Complaints and Remedies

11.1 Internal Complaints

Should you be dissatisfied with any aspect of how we manage your personal information, the following avenues are available:

• Write to our Privacy Officer at info@myprotektor.co.za
• Submit a formal grievance using our documented complaints procedure
• Seek an internal review of any decision affecting your data

11.2 Information Regulator

You are entitled to escalate your concern to the Information Regulator of South Africa:

12. Updates to This Notice

From time to time, we may revise this Data Protection Notice to reflect operational changes or evolving legal requirements. Any material amendments will be communicated through:

• A direct email to the address registered on your account
• A conspicuous announcement on our website
• Push notifications or in-app alerts
• Updates published on our official social media profiles

13. Contact Information

Should you have any enquiries regarding this Data Protection Notice or the way we handle personal information, please get in touch: