Legal

Privacy notice (POPIA)

This notice explains how CyberSec Consultants processes personal information for website operations, service delivery, and platform workflows under South African privacy requirements.

Canonical artefact metadata

Owner
CyberSec Legal and Trust Office
Approver
CyberSec Executive Governance
Version
1.0.0
Last reviewed
2026-04-20
Next review due
2026-10-20

Scope and roles

CyberSec Consultants may act as responsible party for website and account data, and as operator where customer contracts define data-processing instructions for tenant data inside the platform.

Personal information we process

  • Contact and account details provided through enquiries, onboarding, and support workflows.
  • Operational metadata such as login events, tenant-scoped activity logs, and audit evidence.
  • Technical telemetry required for service reliability, security monitoring, and abuse prevention.

Why we process information

  • Service delivery, customer support, and contract administration.
  • Security operations, fraud/abuse prevention, and incident response.
  • Compliance with legal obligations and exercise/defense of legal rights.

Authorized security assessment data handling

Where CyberSec performs authorized penetration testing, vulnerability assessments, ethical hacking, or validation services, we may access, collect, or temporarily store logs, screenshots, credentials, packet captures, and other data reasonably required to deliver the scoped service and evidence the work performed.

That access is limited to the agreed scope, handled as confidential, and retained only for the period reasonably required for service delivery, work-paper support, legal obligations, or defence of legal rights. Where practicable, installed tooling is removed at the end of the engagement and retained data is minimized, sanitized, or securely deleted when no longer required.

Retention and security

Retention is aligned to legal, contractual, and operational evidence requirements. Access is role-based, tenant-scoped, and audited. Historical governance records are retained where required for integrity and accountability.

Data subject rights

Individuals may request access, correction, or deletion where applicable, and may object to processing in specific cases. Requests are handled through defined identity-verification and authorization checks.

Cross-border transfers

Where data is transferred outside South Africa, CyberSec applies contractual and security safeguards consistent with POPIA transfer requirements and customer commitments.

How to contact us

  • Information Officer, CyberSec Consultants
  • Privacy and rights requests: info@cybersec.co.za
  • Complaint escalation: South African Information Regulator channels, where applicable under POPIA.

Was this page helpful?

Trust and legal

Trust and legal baselinePrivacy notice (POPIA)PAIA manualCookie and tracking noticeWebsite termsSecurity testing authorizationPlatform termsResponsible disclosure