Privacy Policy

1. Introduction

Welcome to Elijah IT's Privacy Policy. This policy explains how Elijah IT (Pty) Ltd ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you visit our website www.elijahit.co.za or use our services.

We are committed to protecting your privacy and complying with the Protection of Personal Information Act (POPIA) and other applicable data protection laws in South Africa.

By using our website or services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Fill out contact forms or inquiry forms
• Request quotes or proposals for our services
• Subscribe to our newsletter or marketing communications
• Create an account or register for services
• Make a purchase from our online shop
• Contact us via phone, email, or WhatsApp
• Apply for employment with us

The personal information we may collect includes:

• Contact Information: Name, email address, phone number, company name, physical address
• Professional Information: Job title, business details, industry sector
• Project Information: Project requirements, budget, timeline, technical specifications
• Payment Information: Billing address, payment card details (processed securely through payment providers)
• Communication Data: Your messages, feedback, and correspondence with us

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing behavior:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, referring website, links clicked, search terms
• Location Data: Approximate geographic location based on IP address
• Cookies & Tracking Data: Information collected through cookies and similar technologies (see Section 5)

3. How We Use Your Information

We use your personal information for the following legitimate business purposes:

3.1 Service Delivery

• To provide, maintain, and improve our IT services
• To process and fulfill service requests and orders
• To provide customer support and respond to inquiries
• To manage your account and service subscriptions
• To send service-related notifications and updates

3.2 Business Operations

• To process payments and prevent fraud
• To prepare quotes, proposals, and contracts
• To conduct project planning and management
• To maintain records for accounting and legal purposes
• To comply with legal obligations and regulatory requirements

3.3 Marketing & Communications

• To send newsletters, promotional materials, and special offers (with your consent)
• To inform you about new services, features, or updates
• To conduct surveys and gather feedback
• To personalize your experience on our website

3.4 Analytics & Improvement

• To analyze website usage and improve user experience
• To identify trends and measure marketing effectiveness
• To develop new products and services
• To troubleshoot technical issues and enhance security

4. Data Protection & Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

4.1 Security Measures

• Encryption: SSL/TLS encryption for data transmission
• Access Controls: Restricted access to personal information on a need-to-know basis
• Secure Hosting: Data stored on secure servers with regular security updates
• Firewalls & Monitoring: Network security and intrusion detection systems
• Regular Audits: Periodic security assessments and vulnerability testing
• Employee Training: Staff trained on data protection and confidentiality
• Data Backup: Regular backups with secure storage and recovery procedures

4.2 Data Breach Protocol

In the event of a data breach that poses a risk to your rights and freedoms, we will:

1. Notify the Information Regulator of South Africa within 72 hours
2. Inform affected individuals without undue delay
3. Take immediate action to mitigate harm and prevent further breaches
4. Conduct a thorough investigation and implement corrective measures

Note: While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content.

5.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Collect anonymous usage data to improve website performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your activity for advertising purposes (with your consent)

5.2 Third-Party Cookies

We may allow trusted third parties to place cookies on our website for:

• Google Analytics (website analytics)
• Facebook Pixel (advertising and analytics)
• WhatsApp Integration (communication)

5.3 Managing Cookies

You can control and manage cookies through:

• Our cookie consent banner (on first visit)
• Your browser settings (disable or delete cookies)
• Our Cookie Preferences tool

Note: Disabling essential cookies may affect website functionality.

6. Third-Party Services

We may share your personal information with trusted third-party service providers who assist us in operating our business:

6.1 Service Providers

• Web Hosting: Hosting providers for website and data storage
• Payment Processors: Secure payment gateways for transaction processing
• Email Services: Email marketing and communication platforms
• Cloud Services: Microsoft 365, Google Workspace, and other cloud providers
• Analytics Providers: Google Analytics, website analytics tools
• Customer Support: CRM systems and helpdesk platforms

6.2 Legal Disclosures

We may disclose your personal information if required by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Legal proceedings or investigations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Active Customers: Duration of service relationship plus 7 years (tax/legal requirements)
• Marketing Data: Until you withdraw consent or request deletion
• Website Analytics: 26 months (Google Analytics default)
• Inquiry Forms: 2 years from last contact
• Job Applications: 1 year from application date
• Financial Records: 5-7 years (legal requirements)

7.2 Data Deletion

After the retention period expires, we securely delete or anonymize your personal information using industry-standard methods.

8. Your Rights (POPIA Compliance)

Under the Protection of Personal Information Act (POPIA), you have the following rights regarding your personal information:

8.1 Right to Access

You have the right to request access to your personal information we hold and obtain a copy of it.

8.2 Right to Correction

You can request that we correct any inaccurate or incomplete personal information about you.

8.3 Right to Deletion

You can request deletion of your personal information, subject to legal retention requirements.

8.4 Right to Object

You can object to the processing of your personal information for direct marketing purposes.

8.5 Right to Data Portability

You can request your personal information in a structured, commonly used, machine-readable format.

8.6 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw that consent at any time.

8.7 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your privacy rights have been violated.

9. International Data Transfers

Your personal information is primarily stored and processed in South Africa. However, some of our third-party service providers may be located in other countries.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by data protection authorities
• Adequacy decisions recognizing equivalent data protection levels
• Privacy Shield certifications (where applicable)
• Binding corporate rules for intra-group transfers

10. Children's Privacy

Our website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or website notice for significant changes
• Request your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: