Privacy Policy
Mpilo Technologies (Pty) Ltd ("MpiloTech", "we", "us", or "our") is committed to protecting your privacy and ensuring that your personal information is processed in a lawful, transparent, and secure manner. This Privacy Policy outlines how we collect, use, disclose, and protect personal information when you use our digital services, websites, platforms, or interact with us in any other way.
This policy is compliant with:
- The Protection of Personal Information Act (POPIA) of South Africa; and
- The General Data Protection Regulation (GDPR) of the European Union.[KS1]
1. Scope
This Privacy Policy applies to all individuals (“you” or “data subject”) whose personal information we process, including but not limited to:
- Visitors to our websites or digital platforms
- Clients and their representatives
- Partners and suppliers
- Prospective employees or subcontractors
- Users of our mobile and web applications
2. Personal Information We Collect
Depending on your interaction with us, we may collect the following categories of personal information:
- Identification Data (e.g. name, ID/passport number, company registration number)
- Contact Data (e.g. email address, phone number, physical address)
- Technical Data (e.g. IP address, device identifiers, browser type)
- Usage Data (e.g. browsing behaviour, app usage, service preferences)
- Financial Data (e.g. payment and billing information)
- Employment Data (e.g. CVs, qualifications, professional history for job applicants)
3. Legal Basis for Processing
We process personal information only when there is a lawful basis to do so, including:
- Consent (where you have provided your explicit permission)
- Contractual necessity (to perform our obligations to you)
- Legal obligation (to comply with legal and regulatory duties)
- Legitimate interest (to operate and improve our business or services, where such interest is not overridden by your rights)
4. How We Use Personal Information
We use your personal information for purposes that include:
- Providing and supporting our digital products and services
- Communicating with you about your account or services
- Processing payments and managing billing
- Improving our platforms and user experience
- Conducting internal audits, analysis, and research
- Recruiting and vetting employees or subcontractors
- Complying with applicable laws and regulations
5. Disclosure to Third Parties
We may share your personal information with:
- Authorised third-party service providers and contractors who support our services
- Regulatory bodies or law enforcement when legally required
- Affiliates or business partners under appropriate confidentiality agreements
- Third parties in the context of a merger, acquisition, or business reorganisation
6. Cross-Border Transfers
We may transfer your personal information to countries outside of South Africa or the European Economic Area (EEA). [KS2] Where such transfers occur, we will ensure adequate safeguards are in place, such as:
- The use of standard contractual clauses approved by relevant regulators
- Transfers to jurisdictions with adequate levels of protection as determined by the Information Regulator (POPIA) or the European Commission (GDPR)
7. Data Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Retention periods may differ based on the nature of the information and our legal obligations.
8. Security of Personal Information
MpiloTech implements appropriate technical and organisational measures to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:
- Data encryption
- Access controls and authentication
- Regular security audits and vulnerability testing
- Staff training and awareness
9. Your Rights
As a data subject, you have the following rights (subject to conditions and limitations under POPIA and GDPR):
- Access to the personal information we hold about you
- Correction of inaccurate or outdated information
- Erasure (“right to be forgotten”) under certain conditions
- Objection to processing based on legitimate interests
- Restriction of processing in certain circumstances
- Data portability (under GDPR)
- Withdrawal of consent, where processing is based on consent
- Lodging a complaint with the Information Regulator or relevant Data Protection Authority
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience and analyse usage. You can control cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.
11. Third-Party Links
Our websites and applications may contain links to third-party websites. We are not responsible for the privacy practices of such sites. Please review their privacy policies when visiting them.
12. Children’s Privacy
Our services are not directed to children under the age of 18, and we do not knowingly collect personal information from minors without proper consent.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website, and where appropriate, we will notify you via email or other means.
14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:
Mpilo Technologies (Pty) Ltd
Email: info@mpilo.africa
Website: https://mpilo.africa
Information Officer: info@mpilo.africa
Address: 173 Oxford Road, WeWork The Link, Johannesburg, 2196
If you believe your personal information has been unlawfully processed, you may contact:
Information Regulator (South Africa): https://www.justice.gov.za/inforeg/
Your local Data Protection Authority (for EU/EEA data subjects