Legal

Privacy Policy

How IT Trust collects, uses, and protects your personal information in accordance with POPIA.

Last updated: April 2025

1. Introduction

ITT Technology (Pty) Ltd trading as IT Trust ("IT Trust", "we", "us") recognises its accountability in terms of the Protection of Personal Information Act (POPIA) and other applicable privacy legislation. We are committed to complying with these requirements and to maintaining the trust of our clients, suppliers, and website visitors through the responsible handling of personal data.

2. What is Personal Information

Personal information refers to any information relating to an identifiable, living natural person or existing juristic person. This includes, but is not limited to:

  • Demographic characteristics (race, gender, age, national origin, religion, culture, language, birth)
  • Educational, medical, financial, criminal, and employment history
  • Identifying markers — ID numbers, email addresses, phone numbers, location data, online identifiers
  • Biometric information
  • Personal opinions, views, and correspondence
  • Names when combined with other personal information

For VPS clients specifically, this also includes server credentials, IP addresses assigned to your services, billing information, and payment records processed via PayFast.

3. Where and When We Collect Personal Information

From Clients

  • Direct submissions via our website or client portal
  • Online quote request and contact forms
  • Purchase orders and service sign-up
  • Contracts and service agreements

From Suppliers

  • Invoices and purchase orders
  • Contact information provided during onboarding

4. When Will We Process Your Personal Information

We will only process your personal information lawfully when:

  • You have consented to the processing
  • Processing is necessary to conclude or perform a contract with you
  • A law requires or permits such processing
  • Processing is necessary to protect your legitimate interests or those of a third party
  • A competent person has consented on behalf of a child

5. Special Personal Information

Special categories of personal information — including religious beliefs, race, ethnic origin, trade union membership, political beliefs, health and biometric data, and criminal behaviour — require explicit consent or legal justification before processing. IT Trust does not ordinarily collect special personal information in the course of providing VPS hosting services.

6. What We Collect and How We Use It

For Clients

Data collected: Business registration number, VAT number, business name, trade name, banking details, title, name, surname, ID number, physical and postal addresses, province, contact numbers, email addresses, business sector, and — for VPS services — assigned IP addresses and server access credentials.

Used for: Invoicing and debit orders, service delivery and provisioning, account management, audit and record-keeping, BEE compliance, and support communications.

For Suppliers and Service Providers

Data collected: Name, banking details, contact numbers, and address.

Used for: Purchase orders, contact maintenance, audit and record-keeping, BEE compliance.

7. How We Share Your Information

We disclose personal information to service providers involved in delivering our products and services. All such providers are bound by agreements that require POPIA-compliant handling of your data.

We may also share information:

  • Where required by law or industry codes
  • Where necessary to protect the rights or safety of IT Trust, our clients, or the public
  • To payment processors (PayFast) for billing purposes, under their own privacy policies

We do not sell your personal information to third parties. We will attempt to notify you of any legal demand for your data unless prohibited by law or court order.

8. Your Rights

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request rectification of inaccurate or incomplete information.
  • Deletion: Request deletion of your information under certain circumstances.
  • Object: Object to processing based on legitimate interest, or withdraw consent for direct marketing.
  • Restriction: Request that we suspend processing while accuracy or necessity is established.

To exercise any of these rights, contact us at karl@ittrust.co.za.

9. Data Retention

We retain your personal information for as long as it serves a business purpose, while we are providing services to you, or as required by law. Information may be retained after a service relationship ends to comply with legal obligations, resolve disputes, prevent fraud, or fulfil contractual requirements.

10. Security

We implement appropriate technical and organisational measures to protect your personal information from accidental loss, unauthorised access, alteration, or disclosure. Access is restricted on a need-to-know basis and subject to confidentiality obligations. Our VPS infrastructure is hosted within South Africa and does not involve cross-border data transfers under normal operations.

11. Changes to This Policy

We may update this policy from time to time, particularly in response to legislative changes. Material updates will be communicated via our website or client portal. Continued use of our services after updates constitutes acceptance of the revised policy.

12. Contact Information

Information Officer: Karl Germishuysen

Email: karl@ittrust.co.za

Complaints may also be directed to the South African Information Regulator:
Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg
PAIAcomplaints@inforegulator.org.za