Privacy Policy

The responsible party (data controller) for the processing of your personal information is:

We may collect the following categories of personal information, depending on the services you use:

• Identity information: full name, email address, telephone number
• Device information: Apple device model, serial number, hardware diagnostics, macOS version, battery health, storage capacity
• Technical data: IP address, browser type, referring URL, pages visited
• Usage data: anonymised analytics collected via Google Analytics 4 (GA4), including page views, session duration, and user flow
• Financial information: payment card details (processed securely by our payment provider; we do not store card numbers)
• Communication records: emails, contact form submissions, and support correspondence

We collect and process personal information for the following purposes:

• Service delivery: diagnosing, repairing, and returning your Apple devices
• Device repair tracking: maintaining a record of repairs, diagnostics, and device history for warranty and quality purposes
• SLA management: administering managed IT service agreements, scheduling maintenance, and monitoring device health
• Invoicing and payments: generating quotes, invoices, and processing payments
• Communication: responding to enquiries, providing repair updates, and sending service-related notifications
• Marketing: sending promotional content only where you have opted in; you may withdraw consent at any time
• Website improvement: analysing anonymised usage data to improve our website and services

Under POPIA, we process your personal information on the following lawful grounds:

• Consent: when you voluntarily submit information via our contact form, book a repair, or opt in to marketing communications
• Contract: where processing is necessary to fulfil a service-level agreement (SLA), repair contract, or invoice
• Legitimate interest: for security monitoring of managed devices, fraud prevention, and improving our services, provided this does not override your rights
• Legal obligation: where we are required by law to retain records (e.g. tax legislation)

We share personal information only with trusted third-party service providers who assist us in operating our business. Each provider is bound by their own privacy policies and data protection obligations. We never sell your personal information.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected:

Once the retention period has expired, personal information is securely deleted or anonymised.

Under Chapter 3 of the Protection of Personal Information Act, you have the following rights as a data subject:

• Right of access: request confirmation of whether we hold personal information about you, and obtain a copy of that information
• Right to correction: request the correction or updating of personal information that is inaccurate, incomplete, or misleading
• Right to deletion: request the deletion or destruction of personal information that is no longer necessary for the purpose for which it was collected
• Right to object: object to the processing of your personal information on reasonable grounds
• Right to restriction: request that we restrict the processing of your personal information in certain circumstances
• Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing
• Right to lodge a complaint: submit a complaint to the Information Regulator if you believe your rights have been infringed

We will respond to all valid requests within 30 days, as required by POPIA. There is no fee for submitting a request, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

To exercise any of your rights under POPIA, please contact us using one of the following methods:

Please include your full name, contact details, and a clear description of the request. We may need to verify your identity before processing your request.

In accordance with POPIA Section 55, ZA Support has appointed the following Information Officer, responsible for ensuring compliance with the conditions of lawful processing:

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa):

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or damage. These measures include:

• Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS 1.3
• Encrypted storage: sensitive data at rest is encrypted using industry-standard encryption algorithms
• Access controls: strict role-based access controls ensure only authorised personnel can access personal information
• Regular audits: we conduct periodic security audits and vulnerability assessments of our systems
• Secure payments: payment processing is handled entirely by PCI DSS-compliant Peach Payments; we never store card details
• Device security: managed client devices are monitored for security compliance, including FileVault encryption, firewall status, and software updates

Our website uses cookies to improve your browsing experience and to collect anonymised analytics data.

• Analytics cookies: we use Google Analytics 4 (GA4) to understand how visitors interact with our website. GA4 collects anonymised data including page views, session duration, and approximate geographic location. IP addresses are truncated before storage.
• Essential cookies: these are strictly necessary for the website to function correctly (e.g. session management, security tokens).
• No advertising cookies: we do not use any advertising, tracking, or retargeting cookies.

By continuing to use our website, you consent to the use of analytics cookies as described above. You may disable cookies in your browser settings at any time, though this may affect website functionality.

In accordance with Section 22 of POPIA, in the event of a data breach that compromises the confidentiality or integrity of personal information, we will:

• Notify the Information Regulator as soon as reasonably possible, and no later than 72 hours after becoming aware of the breach
• Notify all affected data subjects in writing, providing details of the breach, the categories of information affected, and the measures taken to address it
• Take immediate steps to contain and remediate the breach, including forensic investigation where appropriate
• Maintain a breach register documenting all incidents, their impact, and corrective actions taken

ZA Support does not knowingly collect or process personal information from children under the age of 18 without the consent of a parent or legal guardian. Our services are directed at adults and businesses.

If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take immediate steps to delete that information. If you believe a child's data has been submitted to us, please contact our Information Officer at courtney@zasupport.com.

ZA Support provides managed IT services to medical practices in Johannesburg. Where we process data on behalf of healthcare practitioners, we do so in accordance with both POPIA and the guidelines issued by the Health Professions Council of South Africa (HPCSA).

This includes:

• Ensuring that patient data stored on managed devices is encrypted and access-controlled
• Maintaining strict confidentiality of all medical practice information
• Implementing security measures that align with HPCSA Booklet 5 (Confidentiality: Protecting and Providing Information) guidelines
• Ensuring that no patient data is accessed, copied, or retained by ZA Support during device repair or maintenance unless strictly necessary and authorised by the practice

Medical practice clients operate under their own POPIA and HPCSA obligations as data controllers. ZA Support acts as an operator (data processor) on their behalf and processes data only as instructed.

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this policy periodically to stay informed about how we protect your personal information. Continued use of our website and services after any changes constitutes acceptance of the updated policy.