Privacy Policy

Iteb Co Privacy Policy

Last Updated: October 2025

1. Introduction & Who We Are

Iteb Co (Pty) Ltd (“Iteb Co,” “we,” “us,” or “our”) is an Information Technology and Cybersecurity services company operating in South Africa and Zimbabwe. Our services include IT consulting, cybersecurity, digital transformation, and compliance support.

Our company details are:

Legal Name (South Africa): Iteb Co (Pty) Ltd
Registration Number: 2022/321440/07
Registered Address: 10A Rabe Street, Polokwane, Limpopo, 0700, South Africa
Zimbabwe Entity: Iteb Matrix (Private) Limited
Zimbabwe Registration Number: 46837A0962025

Iteb Co is committed to protecting your personal information and processing it lawfully in compliance with:

The General Data Protection Regulation (GDPR) (EU)
Protection of Personal Information Act (POPIA) (South Africa)
Data Protection Act (DPA) (Zimbabwe)

This policy applies to data we process as both a Data Controller (for our own operations) and a Data Processor (for client projects).

2. Definitions

Personal Data / Personal Information: Information that identifies you (name, email, ID number, etc.).
Processing: Any operation performed on data (collection, storage, use, sharing, etc.).
Data Subject: You, the individual or entity to whom the data relates.
Controller / Responsible Party: The entity that determines how data is processed (Iteb Co for its own data).
Processor / Operator: A third party processing data on behalf of another (Iteb Co when serving clients).
Regulatory Authorities:
- Information Regulator (South Africa)
- POTRAZ (Zimbabwe)
- National DPAs (EU Member States)

3. Personal Information We Collect

We may collect:

Identity Data: Name, title, ID/passport number
Contact Data: Email, phone number, postal or business address
Financial Data: Bank or payment information
Transaction Data: Service history and payments
Technical Data: IP address, browser type, device identifiers
Usage Data: Website navigation and interaction
Marketing Data: Preferences and communication history

We do not collect sensitive data (biometric, racial, or health data) for our own purposes.

4. How We Collect Information

Directly from you — via contact forms, sign-ups, and communication
Automatically — via cookies and analytics tools (see our Cookie Policy)
Third Parties — via analytics and payment providers

5. Lawful Basis for Processing

Purpose / Activity	Data Types	Legal Basis
Customer registration	Identity, Contact	Contract performance
Service delivery	Identity, Contact, Financial, Technical	Contract & Legitimate Interest
Payment processing	Identity, Financial	Contract & Legal Obligation
Client support	Contact, Usage	Legitimate Interest
Marketing communications	Contact, Marketing	Consent
Website analytics	Technical, Usage	Legitimate Interest
Legal compliance	Identity, Financial	Legal Obligation

6. Iteb Co as a Data Processor

When acting as a Data Processor (for clients), Iteb Co:

Processes data only per the client’s lawful instructions
Implements strict technical and organizational controls
Ensures confidentiality of personnel handling client data
Reports any data breaches immediately (within 24 hours to POTRAZ where applicable)
Returns or deletes data after contract termination

7. Data Sharing and Disclosures

We do not sell your information. We may share limited data with:

Hosting providers: Microsoft Azure, Hostinger
Email & productivity tools: Zoho Mail, Microsoft 365
Payment gateways: PayFast, Yoco
Marketing tools: Zoho Campaigns, Mailchimp
Analytics tools: Google Analytics
Regulatory bodies or law enforcement: Where required by law

8. International Data Transfers

We may transfer data to the EU or USA where our vendors operate.
Such transfers are protected through:

Standard Contractual Clauses (SCCs)
Adequacy decisions or your explicit consent
Notifications to POTRAZ (for Zimbabwean data, per DPA requirements)

9. Data Security

We maintain administrative, technical, and physical safeguards including:

Data encryption
Multi-factor authentication
Firewalls and intrusion prevention systems
Staff confidentiality and awareness training

In the event of a breach, we will notify affected parties and regulators promptly.

10. Data Retention

Data Type	Retention Period
Sales leads	12 months
Client data	Contract term + 3 years
Financial records	5 years
Former client records	5 years
Job applications (unsuccessful)	12 months
Email correspondence	24 months

After expiry, data is deleted or anonymized.

11. Your Rights

Under GDPR, POPIA, and DPA, you may:

Access your personal data
Request correction or deletion
Object to processing
Withdraw consent
Request data portability
File a complaint with the appropriate authority

To exercise your rights, email privacy@iteb.co.za.

12. Children’s Privacy

Our services are not directed at minors (under 18). We do not knowingly collect data from children.

13. Contact Details

Information Officer / Data Protection Officer
Tawanda Emmanuel Bvumbamera
📧 privacy@iteb.co.za
🏢 10A Rabe Street, Polokwane, Limpopo, 0700, South Africa

Regulatory Contacts

South Africa (POPIA)
Information Regulator of South Africa
JD House, 27 Stiemens Street, Braamfontein, Johannesburg
📧 enquiries@inforegulator.org.za
🌐 www.inforegulator.org.za

Zimbabwe (DPA)
Postal and Telecommunications Regulatory Authority (POTRAZ)
1008 Performance Close, Mt Pleasant Business Park, Harare
📧 the.regulator@potraz.gov.zw
🌐 www.potraz.gov.zw

EU (GDPR)
Refer to your local Data Protection Authority via the EDPB directory.

14. Changes to This Policy

We may update this policy periodically. Updates will appear on this page with a revised “Last Updated” date. Continued use of our website or services implies acceptance of these terms.