CHECK MY COVERAGE
084 555 8858
Menu
close

SADV (Pty) Ltd — Privacy Policy

Company number: 2019/588585/07

1. Definitions

In this Policy (as defined below), unless the context requires otherwise, the following words and expressions bear the meanings assigned to them and cognate expressions bear corresponding meanings –

“Child” means any natural person under the age of 18 (eighteen) years.

“Customer” means a natural or juristic person who or which receives services and/or products from SADV, including business customers, Prospective Customers or consumers.

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of SADV.

“Data Subject” has the meaning ascribed thereto under POPIA which may include a Third Party, Customers, Employees, suppliers, service providers, partners, contractors and other natural or juristic persons, whose Personal Information we may be required to Process from time to time.

“Employees” means any employee of SADV.

“Personal Information” has the meaning ascribed thereto under POPIA and specifically includes any form of information that can be used to identify a Data Subject.

“Policy” means this Privacy Policy.

“POPIA” means the Protection of Personal Information Act No. 4 of 2013.

“Processing” has the meaning ascribed thereto under POPIA and “Process” has a corresponding meaning.

“Prospective Customer” means natural or juristic persons who have enquired about and/or are interested in the services, but have not contracted with SADV for the use of the services and includes natural or juristic persons to whom SADV may offer or promote their services.

“Regulator” means the Information Regulator established in terms of POPIA.

“Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.

“SADV” means SADV Proprietary Limited, a private company incorporated in terms of the Companies Act 71 of 2008, as amended, with registration number 2019/588585/07 and registered address at 31 Georgian Crescent East, Bryanston, Gauteng, South Africa, and/or any of its brand or trade names (whether registered as trademarks or not) and all its subsidiaries from time to time. “Us”, “we” and “our” has the corresponding meaning.

“Special Personal Information” means Personal Information relating to: (i) religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information; or (ii) criminal behaviour to the extent that such information relates to: (a) the alleged commission of any offence; or (b) any proceedings in respect of any offence allegedly committed or the disposal of such proceedings.

“Third Party” means any independent contractor, agent, consultant, sub-contractor or other representative of SADV (including fibre network operators).

“Website” means any internet site, web-based platform, mobile site, or application (including any mobile or smart device application) maintained and operated by SADV.

2. Purpose of this Policy

The purpose of this Policy is to inform Data Subjects about how SADV Processes their Personal Information.

SADV, in its capacity as Responsible Party, shall strive to observe, and comply with its obligations under POPIA as well as accepted information protection principles, practices and guidelines when it Processes Personal Information from or in respect of a Data Subject.

This Policy applies to Personal Information collected by SADV in connection with the fibre optic communication solutions and related goods and services which SADV provides and offers. This includes Personal Information collected in any of the following ways –

  • when you provide your Personal Information to SADV;
  • when you use any services and provide SADV with any of your Personal Information in connection therewith;
  • when you access the Website; and/or
  • when you engage with SADV.

Personal Information may also be collected under one of SADV’s affiliated brands or trade names. Regardless of the brand under which it is collected, all Personal Information is subject to the same safeguards and protections outlined in this Policy.

In addition to collecting Personal Information from Data Subjects directly, SADV may also collect Personal Information about Data Subjects from Third Parties and public sources where such information is available. We may also appoint certain Third Parties to Process Personal information on our behalf, in which case we conclude appropriate agreements with such Third Parties to manage such processing activities in line with applicable law.

This Privacy Policy does not apply to the information practices of (i) Third Parties whom we may engage with in relation to our purpose (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or (ii) individuals that SADV does not manage or employ; and (iii) Third Parties who are required to Process Personal Information in their own right and not necessarily only for and in relation to SADV, where they will each be responsible for complying with their legal obligations relating to such Processing activities as Responsible Parties. Each of these Third Parties and Third-Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.

3. Process of Collecting Personal Information

SADV will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.

SADV generally collects Personal Information directly from Data Subjects or it may obtain Personal Information from Third Parties.

Examples of such Third Parties include: (i) our Customers when SADV handles Personal Information on their behalf; (ii) recruitment agencies; (iii) other companies providing services to SADV; and (iv) where SADV makes use of publicly available sources of information.

4. Lawful Processing of Personal Information

Where SADV is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –

  • consent of the Data Subject (or a competent person, where the Data Subject is a Child) is obtained. A Data Subject may withdraw their consent by contacting SADV on the details in this Policy, however, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under POPIA;
  • Processing is necessary to carry out the actions for the conclusion of a contract to which a Data Subject is a party;
  • Processing complies with an obligation imposed by law on SADV;
  • Processing protects a legitimate interest of the Data Subject; and/or
  • Processing is necessary for pursuing the legitimate interests of SADV or of a Third Party to whom the information is supplied.

SADV will only Process Personal Information where one of the legal bases referred to above is present.

Where required (i.e., where we are not relying on a legal ground listed above), SADV will obtain the Data Subject’s consent prior to collecting, and in any case, prior to using or disclosing the Personal Information for any purpose.

Where SADV is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to SADV’s Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under POPIA.

If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, SADV will no longer Process the Personal Information.

5. Special Personal Information and Personal Information of Children

SADV acknowledges that it will only Process Special Personal Information (such as biometric information for access control and/or security reasons or employee health data), based on a general or specific lawful basis under POPIA, including that –

  • Processing is carried out in accordance with the Data Subject’s consent;
  • Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
  • Processing is for historical, statistical or research purposes, subject to stipulated safeguards;
  • The Personal Information has deliberately been made public by the Data Subject; or
  • specific authorisation applies in terms of POPIA.

SADV acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of a legally competent person (i.e. the parent or guardian of that Child) or where it is permitted to do so in accordance with applicable laws.

6. Purpose for Processing Personal Information

SADV understands its obligation to make Data Subjects aware of the fact that it is Processing their Personal Information and inform them of the purpose for which SADV Processes such Personal Information.

SADV will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or for specific, lawful and clear purposes).

It will ensure that there is a legal basis for the Processing of any Personal Information. Further, SADV will ensure that Processing will relate only to the purpose for and of which the Data Subject has been made aware (and where relevant, consented to) and will not Process any Personal Information for any other purpose(s).

SADV will generally use Personal Information for purposes required to operate and manage its business as a provider of fibre optic communication solutions and these purposes include one or more of the following non-exhaustive purposes –

  • to establish and manage business and Customer relationships and provide Customer service and support, including responding to inquiries, processing orders and transactions and delivering products and services;
  • to manage its relationships with Third Parties, including fibre network providers/operators, suppliers and distributors;
  • for providing the services and products as per Customer requests including to manage or fulfil contracts and orders, and to provide product/service-related information;
  • for purposes of doing appropriate Customer onboarding and credit vetting;
  • to improve our knowledge and better meet the expectations and needs of our Customers;
  • for purposes of onboarding suppliers as approved suppliers of SADV;
  • in connection with the execution of payment processing functions, including payment of suppliers’/service providers’ invoices;
  • for purposes of monitoring the use of SADV’s electronic systems and online platforms by consumers;
  • for purposes of preventing, discovering and investigating non-compliance with any internal SADV policies or procedures which may be updated or implemented from time to time;
  • for the purposes of investigating fraud, or other related matters;
  • for employment-related purposes such as recruitment, administering payroll and carrying out background checks;
  • in connection with internal audit purposes;
  • in connection with external audit purposes;
  • to respond to any correspondence that a SADV Customer may send to SADV, including via email or by telephone;
  • to facilitate and process an application by a Data Subject to become a Customer;
  • in order to address Customer or end-consumer complaints in respect of SADV’s products and services;
  • to contact the Data Subject from time to time, including where specific consent has been given to follow-up contacts by SADV or to be put on SADV mailing list;
  • in order to receive and address inquiries or complaints in respect of SADV’s products and services;
  • to analyse and better understand SADV Customers’ business needs and to improve the delivery and provision of products and services, including Customer services;
  • for such other purposes to which the Data Subject may consent from time to time;
  • in connection with project management related activities;
  • for purposes of civil contractor management;
  • for purposes of fibre optic network infrastructure installation;
  • for purposes of communicating with the dedicated installation liaison officers on site;
  • for purposes of personal development of staff through training in line with job specification;
  • to comply with applicable legal obligations imposed on SADV; and
  • for such other purposes as authorised and in compliance with the applicable law.

7. Types of Personal Information and Special Personal Information Processed

SADV collects and Processes Personal Information required to effectively carry out its business. The Personal Information that is Processed includes the following:

Data Subjects
Personal Information
Employees
Name and surname; Identity/passport numbers; Contact details; Physical and postal address; Date of birth; Age; Disability information; Employment history; Criminal/background checks; Education history; Banking details; Income tax reference; Remuneration and benefits (incl. medical aid, pension/provident); Disciplinary procedures; Employee disability information; Performance records; Physical access records; CCTV records; Health and safety records; Time and attendance records.
Suppliers / Service Providers / Third Parties
Entity name; Registration number; VAT number; Contact details for representatives/directors; KYC documentation; BBB-EE certificates; Invoices and proof of payments; Bank account and payment details; Financial history; Contractual documentation.
Directors
Name, Surname, ID numbers, financial information as required for statutory reporting.
New Job Applicants
Name; Surname; Address; Contact details; Email; Telephone; Qualifications; Skills; Experience & employment history; Background checks (incl. credit/criminal if required for the role); Current remuneration and benefits; Disability (for reasonable adjustments); Right to work in South Africa.
Website Visitors
Name; Email; IP address; Contact details; Geographic location.
Visitors
Physical access records; Electronic access scans; CCTV records.
Customers
Name and Surname (if individuals); Email; Physical address; Address photographs; Date of birth or age range; Identity/passport numbers (if individuals); Contact details; FICA documentation; Company name and registration number; Directors/authorised representatives; Contact details for representatives; Physical and postal address; VAT reference number.

8. Keeping Personal Information Accurate

SADV will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.

SADV may not always expressly request the Data Subject to verify and update their Personal Information unless this process is specifically necessary.

SADV, however, expects that the Data Subject will notify SADV from time to time in writing of any updates required in respect of their Personal Information.

9. Storage and Processing of Personal Information by SADV and Third Parties

SADV may store Personal Information in hard-copy and/or electronic format using SADV’s own secure on-site servers or other internally hosted technology. Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom SADV has contracted to support its operations.

SADV’s Third Parties, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.

SADV will ensure that such Third Parties will Process the Personal Information in accordance with this Policy, relevant internal policies and procedures and POPIA. These Third Parties do not use or have access to Personal Information other than for purposes specified by SADV, and SADV requires such parties to employ at least the same level of security that SADV uses to protect Personal Information.

10. How We Use Cookies

Our Website uses cookies — small text files sent by a web server to a web browser. These cookies are used to ensure that the Website functions properly, to store user preferences when needed and to collect anonymous statistics on Website usage.

Our Website may use the following types of cookies for the following purposes:

  • Strictly Necessary Cookies – required for the Website to function and cannot be switched off in SADV systems. They’re usually set in response to actions such as setting privacy preferences, logging in, or filling forms. Blocking these may prevent the Website from working. These typically do not store Personal Information.
  • Functional Cookies – enable enhanced functionality and personalisation, set by SADV or authorised Third Parties. If rejected, some services may not function properly.
  • Performance Cookies – allow SADV to count visits and traffic sources to measure and improve Website performance. Information is aggregated and not linked to individuals. In some cases, data may be sent to Third Parties to help manage analytics.
  • Targeting/Advertising Cookies – may be set by SADV or advertising partners to deliver relevant adverts and measure campaign effectiveness, including showing relevant ads on other sites.

Users may refuse cookies via browser settings; however, this may limit access to certain parts or features of the Website.

11. Use of Personal Information on Our Website and for Marketing Purposes

Website users may share Personal Information with SADV via the Website. This Policy applies to Personal Information shared on the Website.

SADV will comply with POPIA and applicable laws when carrying out any personalised marketing activities, including providing reasonable opportunities to object or unsubscribe on collection and in each marketing communication.

12. Retention of Personal Information

SADV may keep records of Personal Information (and related correspondence or comments) in electronic or hard-copy formats.

Under POPIA, SADV may not retain Personal Information longer than necessary for the purpose collected, and must delete, destroy (so it cannot be reconstructed) or de-identify it as soon as reasonably practicable after the purpose is achieved. This prohibition does not apply where:

  • retention is required or authorised by law;
  • SADV requires the record to fulfil its lawful functions or activities;
  • retention is required by contract;
  • the Data Subject (or competent person for a Child) has consented; or
  • the record is retained for historical, research or statistical purposes with safeguards.

Once the purpose no longer applies or becomes obsolete, SADV will ensure the Personal Information is deleted, destroyed or de-identified sufficiently.

13. Failure to Provide Personal Information

If SADV needs to Process Personal Information to fulfil a legal obligation or perform an obligation under a contract (existing or prospective) and the relevant party fails to provide it when requested, SADV may be unable to comply with applicable laws, perform the contract, and/or provide the services. In such a case, SADV may have to decline to provide the relevant services and will notify the affected Data Subject where this is the case.

14. Safe-Keeping of Personal Information

SADV shall preserve the security of Personal Information and take steps to prevent alteration, loss, damage, or unauthorised access by third parties.

SADV implements appropriate, reasonable technical and organisational measures aligned to generally accepted information security practices (and industry/professional requirements) and maintains, verifies and updates these measures in response to new risks.

15. Data Breaches

A Data Breach can arise from (a) loss or theft of data or equipment; (b) inappropriate access controls; (c) equipment failure; (d) human error; (e) unforeseen circumstances (e.g., fire or flood); (f) deliberate attacks (e.g., hacking, malware, phishing); and/or (g) unauthorised alteration or loss of availability of Personal Information.

SADV will address any Data Breach in accordance with POPIA, and will notify the Regulator and affected Data Subjects (unless law requires delayed notification) as soon as reasonably possible after becoming aware.

16. Provision of Personal Information to Third Parties

SADV may disclose Personal Information to Third Parties and, where they act as operators under POPIA, will enter into appropriate written agreements to ensure Processing in accordance with this Policy and POPIA.

Third Parties may assist SADV with purposes listed in section 6, for example:

  • data storage;
  • notifying Data Subjects of pertinent information concerning SADV;
  • processing information required to provide fibre services (e.g., name, contact, address, package selection, installation preferences);
  • processing property details (geo-coordinates, address photos, stand/ERF numbers), access information, and contact details for coordination with installers, municipal authorities, or contractors;
  • sharing information with civil contractors or subcontractors for trenching, civils, and last-mile fibre deployment, where necessary;
  • enabling equipment delivery, provisioning, support activation, or scheduling of site visits;
  • conducting identity verification and credit checks (where applicable);
  • analysing fibre network performance and service usage to improve coverage, reliability, and support;
  • fulfilling obligations under RICA and other applicable laws;
  • enabling integrations with third-party platforms (e.g., billing systems, self-service apps, partner portals, SMS/email providers);
  • improving service quality and training staff/partners (e.g., using call recordings or support ticket history);
  • facilitating transfer of a customer’s services to or from another ISP.

SADV will disclose Personal Information with the Data Subject’s consent or where permitted by law. SADV may transfer Personal Information to jurisdictions outside South Africa (including cloud/data centres) with necessary consent or as permitted under POPIA’s cross-border provisions.

SADV forms part of the Maziv group of companies and may share certain Personal Information with other entities within the group where necessary (e.g., provision of services, internal administration, accounting, reporting) in compliance with applicable laws.

17. Access to Personal Information

POPIA, read with the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”), confers certain access rights on Data Subjects, including:

  • Right of access: request confirmation whether SADV holds Personal Information about the Data Subject and a description of that information including Third Parties who have or had access.
  • Right to request correction or deletion: request SADV to correct/delete Personal Information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, or destroy/delete information SADV is no longer authorised to retain.
  • Right to withdraw consent and object to Processing: withdraw prior consent at any time and/or object on reasonable grounds to Processing.

Requests should follow the process set out in SADV’s PAIA Manual. Identification may be required solely to facilitate access, and will be treated in accordance with this Policy. SADV will respond in accordance with POPIA and PAIA, generally within 30 days (extendable once by up to 30 days). Prescribed fees are referenced in the PAIA Manual.

18. Changes to this Policy

SADV reserves the right to amend this Policy from time to time and will use reasonable efforts to notify Data Subjects. The current version will govern the respective rights and obligations each time the Website is accessed and used.

19. Contacting Us

Information Officer: Heydon Hall

Address: 31 Georgian Crescent East, Bryanston, 2191, Johannesburg, Gauteng

Postal: 31 Georgian Crescent East, Bryanston, 2191, Johannesburg, Gauteng

Email: information-officer@sadv.co.za

Information Regulator (South Africa)

Website: https://inforegulator.org.za
Physical: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal: P.O Box 31533, Braamfontein, Johannesburg, 2017
General enquiries: enquiries@inforegulator.org.za
Tel: 010 023 5200  |  Fax: 086 500 3351

Complaints

If a PAIA request is denied or a response is not received, lodge a complaint by completing PAIA Form 5 and sending it to: PAIAComplaints@inforegulator.org.za.

If you believe Personal Information has been unlawfully Processed or rights under POPIA have been violated, submit a complaint to: POPIAComplaints@inforegulator.org.za.

Sign up
crosschevron-upchevron-down