Privacy Policy

AD Infratech (Pty) Ltd ("AD Infratech", "we", "us", or "our") is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, store, and share your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and any applicable regulations.

By engaging our services, visiting our website, or submitting information to us, you acknowledge that you have read and understood this Privacy Policy.

AD Infratech (Pty) Ltd is the responsible party as defined under POPIA.

Business name: AD Infratech (Pty) Ltd Address: Johannesburg, Gauteng, South Africa Email: info@adinfratech.co.za Phone: +27 83 546 1220

Our Information Officer is responsible for ensuring compliance with POPIA and can be contacted at the details above.

We may collect the following categories of personal information:

Contact and identity information: Full name, email address, phone number, company name, and job title — collected when you submit an enquiry, sign a service agreement, or communicate with us.

Technical and usage information: IP address, browser type, pages visited, and time spent on our website — collected automatically via cookies and server logs.

Service-related information: IT infrastructure details, network configurations, software inventories, and related technical data necessary to deliver managed IT services.

Billing information: Company registration details, VAT numbers, and payment references — collected for invoicing purposes. We do not store card numbers or banking credentials.

We only collect personal information that is adequate, relevant, and not excessive in relation to the purpose for which it is collected.

We process your personal information for the following lawful purposes:

• To respond to enquiries and provide quotations for our services
• To deliver, manage, and support contracted IT services
• To communicate service updates, maintenance windows, and security advisories
• To generate invoices and manage accounts
• To comply with legal and regulatory obligations
• To improve our website and services through anonymised analytics
• To send marketing communications where you have given consent (you may opt out at any time)

We will not process your personal information for any purpose incompatible with those listed above without your prior consent.

Under POPIA, we process your personal information on the following grounds:

• Contractual necessity: Processing is required to perform a contract with you or to take steps at your request prior to entering a contract.
• Legal obligation: Processing is necessary to comply with a legal obligation applicable to us.
• Legitimate interests: Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and interests.
• Consent: Where none of the above apply, we will request your explicit consent before processing.

We do not sell, rent, or trade your personal information. We may share your information with:

Service providers and operators: Third-party vendors who assist us in delivering services (e.g. cloud hosting providers, email delivery services, accounting software). These parties are contractually bound to process your information only on our instructions and in compliance with POPIA.

Microsoft and cloud partners: Where we provide Microsoft 365 or Azure services, relevant account information is processed by Microsoft in accordance with their data processing terms.

Legal authorities: Where required by law, court order, or to protect the rights, property, or safety of AD Infratech, our clients, or the public.

We require all third parties to maintain appropriate security measures and to treat your personal information in accordance with applicable law.

Some of our service providers and cloud infrastructure may be located outside South Africa. Where personal information is transferred to a foreign country, we ensure that:

• The recipient country has an adequate level of protection for personal information, or
• The recipient is bound by binding corporate rules, contractual clauses, or other legally recognised transfer mechanisms that afford an equivalent level of protection as required by POPIA.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods are:

• Client records: 5 years after termination of the business relationship, in line with general contractual and tax requirements
• Website enquiry data: 2 years from the date of submission
• Server and access logs: 12 months

Once personal information is no longer required, it is securely deleted or anonymised.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, loss, destruction, or disclosure. These measures include:

• Encrypted data transmission (TLS/HTTPS)
• Role-based access controls limiting who can access personal information
• Regular security assessments and vulnerability monitoring
• Secure disposal of physical and electronic records

While we take reasonable steps to protect your information, no method of transmission over the internet is completely secure. We encourage you to contact us immediately if you suspect any unauthorised use of your information.

As a data subject under POPIA, you have the following rights:

• Right to access: Request confirmation of whether we hold your personal information and obtain a copy of it.
• Right to correction: Request that we correct inaccurate, incomplete, or outdated personal information.
• Right to deletion: Request that we delete your personal information, subject to any legal retention obligations.
• Right to object: Object to the processing of your personal information on grounds relating to your particular situation.
• Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: Lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been infringed.

To exercise any of these rights, contact our Information Officer at info@adinfratech.co.za. We will respond within a reasonable time, and no later than 30 days.

You have the right to lodge a complaint with the Information Regulator of South Africa if you are dissatisfied with how we have handled your personal information.

Information Regulator (South Africa) Website: www.inforegulator.org.za Email: inforeg@justice.gov.za Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Our website uses cookies and similar technologies to improve your browsing experience and analyse site traffic. Cookies are small text files stored on your device.

We use the following types of cookies: - Strictly necessary cookies: Required for the website to function and cannot be disabled. - Analytics cookies: Help us understand how visitors interact with our website (anonymised data only).

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a revised effective date. We encourage you to review this policy periodically.

Material changes will be communicated to active clients via email.