Privacy Policy, Data Security Statement, Data Processing Agreement (DPA) & Cookie Policy
privacy
ECO EFX SOLUTIONS SOUTH AFRICA Ltd.

With this privacy policy, we inform you about the nature, scope and purpose of processing personal data on our website with South African law. Personal data is all data that has a personal connection to you, such as name, address, email address or user behavior.


Privacy Policy, Data Security Statement, Data Processing Agreement (DPA) & Cookie Policy


Jurisdiction: South Africa (CPA, POPIA, ECTA)

Company: ECO EFX SOLUTIONS SOUTH AFRICA Ltd.

Contact: khethi.n@ecoefxsol.com


1. Privacy Policy (Strict / Legal Style)

1.1 Introduction

This Privacy Policy is issued in compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA), the Consumer Protection Act (CPA), and the Electronic Communications and Transactions Act (ECTA). ECO EFX SOLUTIONS SOUTH AFRICA Ltd. ("the Company", "we", "us", "our") is committed to lawful, transparent, and secure processing of all personal information.

By accessing or using our websites, services, platforms, or communication channels, the data subject ("you") acknowledges that you have read, understood, and accepted the terms set out herein.


1.2 Responsible Party

ECO EFX SOLUTIONS SOUTH AFRICA Ltd. acts as the Responsible Party under POPIA.

Contact for data matters: khethi.n@ecoefxsol.com


1.3 Categories of Personal Information Processed

We process the following categories of personal information:

  • Identification data (name, surname)
  • Contact data (email address, phone number, postal address)
  • Technical data (IP address, browser information, operating system)
  • Account data (registration information, login history)
  • Communication data (contact forms, email correspondence, fax, postal inquiries)
  • Marketing data (newsletter subscriptions and preferences)
  • Usage data (interaction with website features, cookies)

1.4 Purposes of Processing

We process personal information strictly for the following purposes:

  1. Registration and account creation.
  2. Communication via contact form, email, fax, or postal service.
  3. Order processing, including transmission to shipping service providers.
  4. Operation of YouTube video integrations and embedded content.
  5. Use of Google reCAPTCHA for fraud and bot protection.
  6. Use of Google Maps for location and navigation services.
  7. Presence and communication on social media platforms.
  8. Use of social media plugins.
  9. Web analytics (Google Analytics).
  10. Security and performance protection (Cloudflare).

1.5 Legal Basis for Processing

Processing is conducted on the following lawful grounds:

  • Consent (Section 11(1)(a) POPIA) – for newsletters, cookies requiring opt‑in.
  • Contractual necessity – for order fulfilment and communication.
  • Legitimate interests – for fraud prevention, security, analytics, and platform optimisation.
  • Legal obligations – compliance with statutory retention and documentation requirements.

1.6 Data Sharing with Third Parties

Personal information is shared only where strictly necessary:

  • Shipping service providers
  • Google Services (YouTube, reCAPTCHA, Google Maps, Google Analytics)
  • Cloudflare (security and performance protection)
  • Social media platforms (Facebook, Twitter/X, LinkedIn)
  • Authorised service providers under written data processing agreements

1.7 International Data Transfers

Where data is transferred outside South Africa, the Company ensures adequate protection under POPIA Chapter 9, including:

  • Standard contractual clauses
  • Binding corporate rules
  • Adequate jurisdiction safeguards

1.8 Retention Periods

Personal information is retained strictly as long as necessary to fulfil lawful purposes or regulatory obligations.


1.9 Your Rights

Under POPIA, you have the following rights:

  • Right to access
  • Right to correction
  • Right to deletion (where legally possible)
  • Right to restriction
  • Right to object to processing

1.10 Security Measures

We implement appropriate technical and organisational security measures, including (but not limited to):

  • Encrypted connections (TLS)
  • Access control and role‑based permissions
  • Firewalls and DDoS protection (Cloudflare)
  • Logging and monitoring
  • Secure data backups

2. Data Processing Agreement (DPA)

2.1 Parties

This Data Processing Agreement ("Agreement") is between:

  • Responsible Party: ECO EFX SOLUTIONS SOUTH AFRICA Ltd.
  • Operator: Any third‑party service provider processing personal information on behalf of the Responsible Party.

2.2 Subject Matter

The Operator shall process personal information strictly for the purposes defined by the Responsible Party and in accordance with Section 20 of POPIA.


2.3 Obligations of the Operator

The Operator shall:

  • Process data solely on documented instruction.
  • Maintain confidentiality.
  • Implement adequate technical and organisational security measures.
  • Notify the Responsible Party of any data breach immediately.
  • Assist in fulfilling data subject rights.
  • Delete or return all data upon termination.
  • Allow audits and inspections.

2.4 Sub‑Processing

Sub‑processing requires prior written authorisation from the Responsible Party.


2.5 International Transfers

Transfers must comply with POPIA Chapter 9 safeguards.



3. Cookie Policy

3.1 Use of Cookies

Our website uses cookies and similar technologies to ensure functionality, enhance performance, and enable analysis.


3.2 Categories of Cookies

  • Essential cookies: Required for website operation.
  • Analytics cookies: Google Analytics.
  • Security cookies: Cloudflare.
  • Embedded content cookies: YouTube, Google Maps.
  • Marketing cookies: Social media plugins.

3.3 Consent

Non‑essential cookies require prior user consent in accordance with POPIA and ECTA.


3.4 Browser Support

Instructions for cookie control:

  • Internet Explorer: Tools → Internet Options → Privacy
  • Firefox: Options → Privacy & Security
  • Google Chrome: Settings → Privacy & Security → Cookies

4. Specific Processing Activities

4.1 Registration

Personal data is collected for account creation and authentication.


4.2 Contact Form / Email / Fax / Postal

Data is processed exclusively to respond to inquiries.


4.3 Newsletter

Requires explicit opt‑in consent.


4.4 Shipping Service Providers

Data is transmitted solely for order fulfilment.


4.5 YouTube Videos

YouTube may collect user data when videos are played.


4.6 Google reCAPTCHA

Used to prevent malicious automated actions.


4.7 Google Maps

Used to display geographic information.


4.8 Social Media Presence

Data collected through interactions on Facebook, Twitter/X, and LinkedIn is subject to their respective privacy policies.


4.9 Social Media Plugins

Plugins may collect data before interaction; we use protective implementations where possible.


4.10 Google Analytics

Used for traffic analysis with IP anonymisation enabled where available.


4.11 Cloudflare

Used for security, DDoS protection, and performance optimisation.



5. Changes to This Policy

We reserve the right to update these terms at any time in accordance with legal requirements.

For amendments, expansions, or additional jurisdiction versions, please advise.



Made on
Tilda