Tutahami

Legal

Privacy Policy

We are committed to protecting your privacy and ensuring the security of your personal information.

Last updated: December 2024

1. Our Commitment to Your Privacy

At Tutahami IT Solutions, we have always taken privacy seriously — long before it became mandatory under POPIA and other regulations. We only request the information essential to serve you effectively. We are committed to being transparent, ethical, and trustworthy in how we treat your personal data, collecting only what is necessary and avoiding unnecessary tracking or advertising motivations.

As a South African IT consulting firm serving small and medium enterprises, we understand the importance of data protection in building trust with our clients and ensuring compliance with local and international privacy laws.

2. Scope of This Privacy Policy

This policy applies to all our services, including our website, IT consulting, AI-powered chatbots, networking setup, systems consulting, email and web hosting, domain management, VoIP telephony, and support channels. It governs how we collect, use, and protect your personal information, and how we respond to requests regarding your data.

Anything not covered here may fall under a separate agreement or document relevant to that specific service or tool we provide to your business.

3. What Information We Collect & Why

Directly Provided by You

We collect information you provide directly to us for business purposes:

  • Contact Information: Name, email address, phone number, job role, and business details — used to effectively communicate, deliver services, and meet contractual obligations
  • Business Requirements: Information about your IT needs, current systems, and business objectives to provide tailored consulting solutions
  • Account Information: Login credentials and preferences for accessing our services and support portals
  • Payment Information: Billing details and payment information for processing invoices and service agreements

Automatically Collected Information

We automatically collect certain technical information to improve our services:

  • Website Analytics: IP address, browser type, device information, and usage patterns to help us improve user experience and maintain platform integrity
  • Service Performance: Technical logs and performance metrics to ensure optimal service delivery and troubleshoot issues

We adhere to data minimisation best practices — only gathering what is truly needed to serve your business effectively and comply with our legal obligations.

4. How We Use & Share Your Data

Internal Use

We use your information internally for:

  • Service delivery, project management, and technical support
  • Billing, invoicing, and account management
  • Improving client experience and developing new solutions
  • Communicating about services, updates, and relevant business information

Third-Party Processors

We may share data with trusted service providers who act only on our instructions and adhere to strict confidentiality and security standards. These include:

  • Cloud hosting providers for secure data storage and processing
  • Payment processors for handling invoices and transactions
  • Analytics tools to improve our website and service performance
  • Communication platforms for customer support and project collaboration

We do not sell your personal data to any third parties. All data sharing is strictly for service delivery and business operations.

5. Your Rights (POPIA & GDPR-aligned)

As a South African company, we comply with the Protection of Personal Information Act (POPIA) and extend similar rights found in international regulations like GDPR. You have the right to:

  • Access: Request access to your personal data and understand how it is being processed
  • Correction: Request correction of any inaccuracies in your personal information
  • Deletion: Request deletion of your personal data where applicable and legally permissible
  • Objection: Object to certain types of processing of your personal information
  • Portability: Request transfer of your data in a structured, commonly used format
  • Withdraw Consent: Withdraw consent for processing where applicable

6. Security Measures & Data Retention

Security Safeguards

We implement comprehensive technical and organisational safeguards to protect your data:

  • Access Controls: Strict authentication and authorisation procedures for all systems
  • Encryption: Data encryption both in transit and at rest using industry-standard protocols
  • Staff Training: Regular privacy and security training for all team members
  • Regular Audits: Ongoing security assessments and compliance monitoring
  • Incident Response: Established procedures for detecting and responding to security incidents

Data Retention

Data is retained only as long as necessary for our services, legal compliance, or as required by South African law, then securely deleted or anonymised. Typical retention periods include active client data during service provision and up to 7 years for financial records as required by tax legislation.

7. Privacy by Design

We embed privacy principles into our systems and processes by default:

  • Purpose Limitation: Data is collected and used only for specified, legitimate business purposes
  • Transparency: Clear communication about data practices and processing activities
  • Lifecycle Security: Protection throughout the entire data lifecycle
  • User Respect: Prioritising user privacy and data subject rights in all business decisions

8. International Data Transfers

When data is processed across borders for service delivery or technical requirements, we ensure it remains secure and compliant with applicable South African and international laws. Where relevant, we implement appropriate safeguards such as:

  • Standard contractual clauses approved by relevant data protection authorities
  • Adequacy decisions recognising equivalent protection levels
  • Additional technical and organisational measures to ensure data security

9. Updates to This Policy

We may update this policy from time to time to reflect changes in our services, legal requirements, or industry best practices. We will inform you of significant changes by email or via a prominent notice on our website. Continued use of our services after such updates means you agree to the revised terms.

10. Contact Us

For questions about this privacy policy or to exercise your rights, please reach out via our contact page. We are committed to addressing your privacy concerns promptly and will respond to all inquiries within the timeframes required by applicable data protection laws.