Privacy Policy & Data Protection

Last Updated: January 2026
Company: Webworx Web Services (Pty) Ltd
Website: https://webworxdesign.co.za/

1. Introduction

Webworx Web Services (Pty) Ltd (“Webworx”, “we”, “us”, or “our”) is committed to protecting personal information and respecting the privacy rights of individuals in accordance with applicable data protection laws.

This Privacy Policy explains how personal information is processed when you interact with our website, communicate with us, or engage our services, in compliance with:

South Africa’s Protection of Personal Information Act, 4 of 2013 (POPIA)
The EU General Data Protection Regulation (GDPR)
The UK GDPR

Important role clarification:
In most client engagements, Webworx acts as an Information Operator (POPIA) and Data Processor (GDPR), processing personal information strictly on the documented instructions of our clients, who remain the Responsible Parties / Data Controllers.

Where Webworx independently determines the purpose and means of processing (e.g. our own website enquiries, supplier records, and internal operations), we act as a Responsible Party / Data Controller.

2. Scope of This Policy

This policy applies to:

Visitors to our website
Prospective and existing clients
Business contacts, suppliers, and partners
Personal information processed during service delivery where Webworx acts as a processor

Client-specific processing activities are governed by applicable service agreements and Data Processing Agreements (DPAs).

3. Personal Information We Process

3.1 Categories of Personal Information

Depending on the context, we may process the following categories of personal information:

Identification & Contact Information

Full name, company name, job title or role
Email address, telephone number, and business contact details

Financial & Contractual Information

Billing details and transaction records (where applicable)

Technical & Usage Information

IP address, browser type, device information, operating system
Website usage data and logs

Client Project & Communication Data

Emails, messages, and meeting records (e.g. Microsoft Teams, Slack, Gmail)
Project documentation, briefs, source files, and assets stored in collaboration tools such as Google Drive

Webworx does not intentionally process special personal information (as defined by POPIA or GDPR), unless required by law or explicitly instructed by a client with appropriate safeguards in place.

4. Purpose of Processing

Personal information is processed for the following purposes:

Delivering digital, web development, hosting, and related professional services
Managing client relationships, projects, and communications
Contract administration, invoicing, and record keeping
Operating, securing, and improving our website and services
Complying with legal, regulatory, and tax obligations

When acting as a processor, Webworx processes personal information only on documented instructions from the relevant controller / responsible party.

5. Legal Basis for Processing (GDPR)

Where GDPR applies, processing is conducted on one or more of the following lawful bases:

Contractual necessity: to perform obligations under a contract
Legal obligation: compliance with applicable laws
Legitimate interests: operating and improving our services, provided such interests are not overridden by data subject rights
Consent: where required, such as for marketing communications

Where legitimate interests are relied upon, Webworx has assessed and balanced those interests against the rights and freedoms of data subjects.

Consent may be withdrawn at any time by contacting: [email protected]

6. Lawful Processing Conditions (POPIA)

In accordance with POPIA, Webworx ensures that personal information is:

Processed lawfully and in a reasonable manner
Collected for specific, explicitly defined, and lawful purposes
Adequate, relevant, and not excessive
Accurate and kept up to date where necessary
Retained only for as long as necessary
Secured using appropriate technical and organisational measures

7. Data Sharing & Operators

Webworx does not sell or trade personal information.

Personal information may be shared with trusted third-party service providers who act as sub-processors / operators, strictly for service delivery purposes, including:

Tool	Purpose	Provider	Jurisdiction
Microsoft Teams (M365)	Communication & collaboration	Microsoft	EU / US
Google Drive & Gmail	File storage & email	Google Workspace	EU / US
Slack	Project collaboration	Slack Technologies	US

All sub-processors are subject to contractual confidentiality obligations and appropriate data protection safeguards.

8. International Data Transfers

Personal information may be transferred to, stored, or accessed from jurisdictions outside South Africa or the EEA.

Where cross-border transfers occur, Webworx ensures appropriate safeguards are implemented, which may include:

Standard Contractual Clauses (SCCs)
Equivalent lawful transfer mechanisms
Contractual and technical safeguards to ensure adequate protection

9. Data Retention

Personal information is retained only for as long as necessary, based on the following criteria:

Client and project records: retained for the duration of the contract and up to 5 years thereafter
Financial and tax records: retained for 7 years in accordance with applicable law
Website logs and analytics data: retained for up to 12 months
Marketing communications: retained until consent is withdrawn

Thereafter, information is securely deleted, anonymised, or archived.

10. Information Security Measures

Webworx implements appropriate technical and organisational measures in line with POPIA Section 19 and GDPR Article 32, including:

Encrypted cloud-based storage
Secure communication platforms
Multi-factor authentication (MFA)
Role-based access controls
Regular access reviews and audits
Staff training on data protection obligations

11. Data Subject Rights

Data subjects have the following rights under GDPR and POPIA:

Access to personal information
Correction or rectification of inaccurate data
Erasure or deletion (subject to legal limitations)
Restriction or objection to processing
Data portability (where applicable)
Withdrawal of consent
Lodging a complaint with a supervisory authority

Where Webworx acts as a processor, requests will be forwarded to the relevant controller.

Requests may require identity verification and will be handled within statutory timeframes.

12. Cookies & Website Tracking

Our website uses cookies and similar technologies.

Essential cookies are used to ensure website functionality
Non-essential cookies (including analytics) are used only where consent has been obtained

Users may manage cookie preferences via our cookie banner or browser settings. Additional information is available in our Cookie Policy.

13. Personal Information Breach Notification

In the event of a personal information breach, Webworx will:

Investigate and contain the incident
Notify the relevant Responsible Party / Controller without undue delay
Where applicable, notify regulators within required timeframes (e.g. 72 hours under GDPR)
Notify affected individuals where there is a real risk of harm

14. Children’s Personal Information

Webworx services and website are not directed at children, and we do not knowingly process personal information relating to children.

15. Automated Decision-Making

Webworx does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

16. Information Officer & Contact Details

Information Officer (POPIA) / Data Protection Contact:
Name: Rudi Roux
Email: [email protected]

Company Contact Details:
Webworx Web Services (Pty) Ltd
House Vincent, Wynberg Mews
10 Brodie Road, Wynberg 7800, Cape Town
Email: [email protected]

If you are not satisfied with our response, you may lodge a complaint with:

The Information Regulator (South Africa)
The relevant EU or UK supervisory authority

17. Updates to This Policy

We may update this Privacy Policy periodically. Any changes will be published on our website with a revised “Last Updated” date.