1. Overview and Status
1.1 Document purpose
This SureTel Integrated Privacy Notice, POPIA and Communications Data Terms (Privacy Terms) explains how SureTel cc (SureTel, we, us, or our) processes Personal Information and related service data in connection with the quotation, onboarding, provisioning, operation, support, billing, security, collection, and management of SureTel’s telecommunications and technology services.
1.2 Contractual status
These Privacy Terms form part of the SureTel contract suite and are intended to be read together with:
-
the Master Services Agreement;
-
the applicable service schedule(s);
-
the Quotation / Order Form Terms;
-
the Electronic Acceptance and Onboarding Pack;
-
the Debit Order and Payment Authority; and
-
any signed special terms or service-specific order documents.
1.3 Primary legal framework
POPIA is the primary privacy framework for these Privacy Terms. Because SureTel operates in a regulated telecommunications environment, these Privacy Terms must also be read in the context of applicable telecommunications, interception, consumer protection, and electronic communications laws and requirements, including the operational realities of numbering, porting, operator coordination, carrier dependency, fraud prevention, and network security.
1.4 Scope
These Privacy Terms apply across SureTel’s service lines, including:
-
fibre and business connectivity;
-
wireless and LTE services;
-
VoIP, SIP, and telephony services;
-
Cloud PBX and unified communications services;
-
managed IT and support services;
-
CCTV and related monitoring solutions;
-
hardware supply, rental, support, and lifecycle services; and
-
onboarding, billing, payment processing, credit vetting, collections, and account management.
2. Defined Terms
For these Privacy Terms:
-
Applicable Law means POPIA and any other law or regulatory requirement applicable to the processing activity or service.
-
Communications Data means service-related technical, traffic, usage, routing, numbering, porting, signaling, authentication, support, or operator-exchange data processed in connection with the Services.
-
Customer means the contracting customer, applicant, prospect, account holder, or organisation engaging SureTel for Services.
-
Data Subject means the person to whom Personal Information relates.
-
Operator means a person or entity processing Personal Information for a Responsible Party in terms of a contract or mandate.
-
Personal Information has the meaning given in Applicable Law and includes, where applicable, information relating to identifiable natural persons and identifiable juristic persons.
-
Processing includes collection, receipt, recording, organisation, storage, updating, use, disclosure, transmission, restriction, deletion, destruction, and any similar handling of information.
-
Responsible Party means the person or entity that determines the purpose of and means for processing Personal Information.
-
Services means the products, systems, hardware, platforms, support, communications, connectivity, voice, numbering, porting, and associated services supplied by SureTel.
-
Upstream Provider means an FNO, carrier, network operator, number host, numbering administrator, cloud vendor, software provider, payment provider, subcontractor, or similar third party involved in the delivery or support of the Services.
3. Roles of the Parties
3.1 SureTel’s role depends on the processing activity
SureTel may act in different roles depending on the Service and the relevant processing activity. The parties acknowledge that role allocation is functional, not global.
| Processing context | Typical SureTel role | Typical Customer role |
|---|---|---|
| Quoting, account setup, onboarding, credit vetting, billing, collections, fraud prevention, support administration, legal compliance, and service improvement | Responsible Party | Separate Responsible Party for its own internal use |
| Managed processing undertaken to deliver a contracted service on the Customer’s instructions | Operator | Responsible Party |
| Numbering, porting, traffic handling, carrier coordination, operator exchanges, fraud controls, payment processing, or regulatory compliance where each party uses data for its own lawful purposes | Separate / independent Responsible Party | Separate / independent Responsible Party |
3.2 No blanket transfer of compliance responsibility
Nothing in these Privacy Terms makes SureTel responsible for:
-
the Customer’s internal POPIA governance;
-
the Customer’s employee, contractor, visitor, or end-user privacy notices;
-
the Customer’s lawful basis for supplying third-party data to SureTel;
-
the Customer’s compliance with workplace monitoring, call recording, interception, CCTV, employment, or sector-specific rules applicable to its environment; or
-
the Customer’s own downstream disclosures or use of data after receipt from SureTel.
3.3 Service-specific role examples
Without limiting clause 3.1:
-
for billing, collections, fraud prevention, support records, and account administration, SureTel generally acts as a Responsible Party;
-
for hosted or managed processing performed primarily on the Customer’s instructions, SureTel may act as an Operator;
-
for voice, numbering, porting, carrier coordination, and related communications records, SureTel and the Customer may each act as separate Responsible Parties for their own lawful operational or regulatory purposes.
4. Categories of Information We May Process
SureTel may process the following categories of Personal Information and Communications Data to the extent relevant to the relationship or Services.
4.1 Business and account information
-
customer legal and trading names;
-
registration, VAT, and account numbers;
-
billing, service, and physical addresses;
-
quotation and order references;
-
account status and account history.
4.2 Contact and authority information
-
names and surnames;
-
business phone numbers and mobile numbers;
-
email addresses;
-
job titles and departments;
-
signatures and approval records;
-
authority, mandate, or representative details;
-
identity details where reasonably required for verification.
4.3 Prospect and onboarding information
-
quote requests and enquiry details;
-
website and CRM submissions;
-
feasibility information;
-
onboarding forms;
-
implementation contacts;
-
procurement and commercial correspondence.
4.4 User and service information
-
usernames, extension allocations, and assigned numbers;
-
voicemail settings;
-
endpoint, handset, or device allocations;
-
administrator details;
-
routing, dial plan, or service configuration information.
4.5 Technical, traffic, and operator-related data
-
IP addresses;
-
MAC addresses;
-
router or device identifiers;
-
call detail records and call metadata;
-
support logs and ticket history;
-
monitoring alerts;
-
usage data;
-
network, authentication, and access logs;
-
numbering and porting records;
-
operator exchange data;
-
troubleshooting and incident history.
4.6 Voice, recording, and communications data
Where relevant Services or features are enabled, SureTel may process:
-
call recordings;
-
voicemail content;
-
archived retrieval requests;
-
communication routing records;
-
storage and retention settings for enabled communications features.
4.7 Billing, payment, and debt recovery information
-
invoices and statements;
-
payment references;
-
debit order or recurring payment details;
-
arrears status;
-
collection and payment performance history;
-
credit bureau or trade reference information where lawful;
-
attorney, tracing, or debt recovery information connected to collection efforts.
4.8 Security, abuse, and compliance information
-
fraud reports;
-
compromised credential reports;
-
abuse complaints;
-
security incident information;
-
audit and verification records;
-
information provided to support lawful investigations or regulatory response.
5. Sources of Information
SureTel may collect or receive information from:
-
the Customer directly;
-
authorised representatives, users, administrators, or contacts;
-
onboarding forms, support interactions, and account communications;
-
monitoring, service management, and authentication systems;
-
public records and company records;
-
FNOs, carriers, other network operators, and numbering or porting participants;
-
banks, payment processors, and authorised payment service providers;
-
credit bureaus and related financial review sources where lawful;
-
installation contractors, cloud vendors, software providers, support vendors, and other Upstream Providers involved in the Services.
6. Purposes of Processing
SureTel may process Personal Information and Communications Data for the following purposes.
6.1 Sales, quoting, and onboarding
-
preparing quotations and proposals;
-
feasibility, coverage, stock, and supplier checks;
-
verifying authority to contract;
-
onboarding customer accounts, users, and services;
-
coordinating installation and activation.
6.2 Service delivery and administration
-
provisioning and configuring Services;
-
installing, activating, and maintaining Services;
-
managing numbering allocations and number porting;
-
authenticating users and administrators;
-
managing changes, upgrades, renewals, and add-ons;
-
administering portals, reporting, and service controls.
6.3 Support, troubleshooting, and operational resilience
-
diagnosing faults and degraded performance;
-
handling tickets and support requests;
-
monitoring service quality and health;
-
maintaining backups, logs, and continuity measures;
-
coordinating with Upstream Providers.
6.4 Security, abuse, and fraud prevention
-
detecting and investigating hacking, spoofing, vishing, fraud traffic, spam, credential compromise, misuse, and suspicious usage;
-
applying restrictions, filtering, rerouting, blocks, or suspension where reasonably necessary;
-
protecting SureTel, the Customer, Upstream Providers, and other customers.
6.5 Billing, collections, and credit management
-
generating invoices and statements;
-
collecting recurring, usage-based, and once-off charges;
-
operating debit order, recurring card, or other approved payment arrangements;
-
conducting credit vetting or account-risk assessments where lawful;
-
recovering arrears and enforcing payment rights.
6.6 Compliance and legal protection
-
complying with legal and regulatory obligations;
-
responding to lawful law-enforcement, regulatory, or operator requests;
-
maintaining records for disputes, litigation, recovery, and audit;
-
evidencing account status, support history, usage, or indebtedness.
6.7 Operational improvement
-
service reporting;
-
service quality management;
-
vendor management;
-
performance analysis;
-
product and operational improvement.
7. POPIA Justifications and Lawful Grounds
To the extent required by Applicable Law, SureTel processes information on one or more of the following grounds:
-
to take steps at the request of a Data Subject before concluding a contract;
-
to conclude, perform, administer, and enforce a contract;
-
to comply with legal or regulatory obligations;
-
to protect a legitimate commercial, operational, security, anti-fraud, or network-integrity interest;
-
on the basis of consent where consent is required for a particular activity; and
-
where the Customer instructs SureTel, in its role as Operator, to process information necessary for the contracted Service.
If a particular Service, feature, workflow, or recording function requires a more specific notice, consent, permission, or internal approval, the Customer must ensure that the relevant lawful basis exists before requesting, enabling, or using that feature.
8. Disclosure and Sharing of Information
8.1 Categories of recipients
SureTel may disclose or make information available, where reasonably necessary, to:
-
FNOs;
-
carriers and other network operators;
-
numbering administrators, number hosts, donor operators, recipient operators, and porting participants;
-
banks and payment processors;
-
credit bureaus and trade-reference providers where lawful;
-
attorneys, tracing agents, and debt collectors;
-
cloud providers and software vendors;
-
installation contractors and support vendors;
-
managed service providers and subcontractors;
-
regulators and competent authorities; and
-
law enforcement where lawfully required or reasonably necessary.
8.2 Sharing principles
SureTel may share only the information reasonably required for the relevant purpose, including:
-
service provisioning and activation;
-
numbering and porting administration;
-
operator and carrier coordination;
-
installation, support, and troubleshooting;
-
payment processing and reconciliation;
-
credit review and collections;
-
legal, compliance, or security response;
-
hosting, storage, software operation, and vendor support.
8.3 Telecom environment acknowledgement
The Customer acknowledges that some disclosures are inherent in the operation of telecommunications services, including disclosures required for:
-
carrier routing and interconnect;
-
numbering and number portability processes;
-
fraud and abuse prevention;
-
lawful operator or regulatory coordination; and
-
service activation, migration, or recovery.
9. International and Cross-Border Processing
9.1 Cross-border processing may occur
Some SureTel systems, platforms, communications infrastructure, or vendors may store, host, support, transmit, or process information outside South Africa.
9.2 Basis for cross-border processing
Where cross-border processing occurs:
-
it will be connected to the delivery, support, storage, operation, or security of the Services;
-
SureTel may use offshore cloud, software, communications, security, payment, or support vendors;
-
the Customer acknowledges that some Services inherently depend on international platforms or infrastructure; and
-
SureTel will use reasonable safeguards appropriate to the context and required by Applicable Law.
9.3 Customer responsibility for service choices
The Customer must consider the cross-border nature of relevant platforms or Services before requesting or enabling features that depend on offshore infrastructure, vendors, or communications providers.
10. Security Measures and Cybersecurity Position
10.1 SureTel security measures
SureTel will apply commercially reasonable technical and organisational measures appropriate to the nature of the information and the relevant Service, which may include:
-
access controls;
-
password and authentication controls;
-
logging and audit trails;
-
backup processes;
-
encryption where practical and appropriate;
-
vendor management measures; and
-
incident response processes.
10.2 No absolute security warranty
No environment can be guaranteed completely secure. Accordingly:
-
SureTel does not warrant absolute prevention of unauthorised access, cyber incidents, fraud, service misuse, or data loss;
-
telecommunications, cloud, payment, and operator ecosystems inherently involve third-party and network dependencies; and
-
cybersecurity outcomes may be affected by Customer-side devices, credentials, policies, routing choices, integrations, or delayed incident reporting.
10.3 Customer cooperation
The Customer must promptly report any suspected compromise, hacking, credential misuse, fraud traffic, spam incident, unlawful access, or security event affecting the Services. Delay may increase risk and may reduce the effectiveness of remediation.
11. Retention and Deletion
11.1 General retention standard
SureTel may retain information for as long as reasonably necessary for:
-
contract administration;
-
service and support history;
-
billing and collections;
-
dispute resolution;
-
legal and regulatory obligations;
-
fraud investigation;
-
security and audit needs;
-
backup and archival cycles.
11.2 Variable retention periods
Retention periods may vary depending on:
-
the Service involved;
-
the platform or supplier chain;
-
number porting or numbering status;
-
operator dependencies;
-
dispute or collection status;
-
security requirements; and
-
legal or regulatory requirements.
11.3 Post-termination retention
After termination of the Services:
-
some records may remain in archived or backup systems for lawful periods;
-
SureTel is not obliged to provide bespoke exports, migrations, or restorations unless separately agreed; and
-
special retrieval, migration, or archived extraction requests may be chargeable.
12. Direct Marketing and Service Communications
12.1 Service and operational communications
SureTel may send communications necessary for the service relationship, including:
-
quotations and onboarding communications;
-
invoices, payment reminders, and renewal notices;
-
support updates and fault notices;
-
maintenance and operational notices;
-
security, abuse, numbering, and porting notifications;
-
contractual updates and service-related communications.
These communications form part of account and service administration and are not treated as optional promotional messaging merely because they are sent electronically.
12.2 Marketing communications
Separate promotional or marketing communications will be handled in accordance with Applicable Law and stated communication preferences where required.
12.3 Objections to marketing
If a recipient objects to marketing communications, SureTel may still send non-marketing billing, operational, contractual, support, fraud, security, and service-related notices.
13. Call Recording and Communications Monitoring
13.1 Recording and monitoring disclosures
Where voice, monitoring, call recording, voicemail retention, analytics, or similar communications features are enabled:
-
the Customer determines whether the feature is enabled;
-
SureTel may provide the technology, platform, hosting, or storage only, unless otherwise agreed in writing;
-
storage duration, retrieval rights, and archive availability may depend on the purchased package; and
-
SureTel does not warrant that every communication will be captured successfully where failure results from carrier, endpoint, network, power, platform, storage, or third-party issues outside SureTel’s direct control.
13.2 Customer responsibility for compliance
The Customer is solely responsible for:
-
issuing any required notices to users, staff, callers, recipients, visitors, or other participants;
-
obtaining any required consents or acknowledgements;
-
assessing the lawfulness of enabling or using recording, monitoring, retention, or interception-related features;
-
implementing internal governance, workplace, disciplinary, HR, or policy controls associated with those features; and
-
determining whether customer-specific, sector-specific, labour, or workplace rules apply.
13.3 SureTel’s role for recording functionality
Unless the parties expressly agree otherwise in writing, SureTel’s role is limited to providing the requested technical functionality and SureTel does not undertake the Customer’s broader legal compliance, governance, or policy obligations in relation to recording or monitoring.
14. Customer Obligations When Supplying Third-Party Data
The Customer warrants and undertakes that, before supplying any third-party information to SureTel, it has a lawful basis or lawful authority to do so.
This applies to information relating to:
-
employees;
-
directors;
-
users;
-
contractors;
-
agents;
-
end users;
-
visitors;
-
call participants; and
-
any other identifiable third party whose information is uploaded, disclosed, transmitted, or made available through the Services.
The Customer is responsible for:
-
issuing its own privacy notices where required;
-
ensuring its instructions to SureTel are lawful;
-
ensuring that call participants, employees, contractors, or end users are notified where required;
-
ensuring that consent or policy steps required for workplace monitoring, recording, CCTV, or communications oversight are implemented by the Customer; and
-
not instructing SureTel to perform unlawful processing.
15. Operator Terms Where SureTel Processes on Customer Instruction
Where SureTel acts as an Operator for the Customer:
-
SureTel will process relevant information on the Customer’s documented instructions, instructions reasonably implied by the contracted Service, or as otherwise necessary for operation, support, security, fraud prevention, or legal compliance of the Service;
-
the Customer remains responsible for determining whether the processing is lawful for its own environment, users, and end users;
-
the Customer must not instruct SureTel to perform unlawful processing; and
-
SureTel may refuse instructions that are unlawful, technically unsafe, abusive, inconsistent with the Service design, or outside scope.
16. Data Subject Rights
Subject to Applicable Law, verification requirements, and any lawful limitations, a Data Subject may request:
-
confirmation of whether SureTel holds Personal Information relating to that person;
-
access to Personal Information held by SureTel;
-
correction or updating of inaccurate or incomplete Personal Information;
-
deletion, restriction, or objection where legally justified;
-
withdrawal of consent where processing is consent-based, without affecting earlier lawful processing.
SureTel may require reasonable proof of identity, authority, and sufficient detail to locate the relevant records before acting on a request.
17. Complaints and Information Regulator Route
17.1 Requests and complaints to SureTel
Privacy-related requests, corrections, objections, and complaints may be submitted through SureTel’s official support, management, or privacy contact channels as published or otherwise notified by SureTel.
17.2 Escalation
If a matter is not resolved internally, the complainant may refer the matter to the South African Information Regulator, subject to its applicable procedures and requirements.
18. Telecom Regulatory Context
The parties acknowledge that SureTel provides Services in a regulated telecommunications environment. Accordingly:
-
Personal Information and Communications Data may be processed alongside traffic, numbering, porting, routing, authentication, fraud, and operator-management data;
-
some records may need to be exchanged with carriers, FNOs, number hosts, numbering administrators, or other operators;
-
service activation, migration, number porting, and operator coordination may depend on external process rules and regulated workflows; and
-
these Privacy Terms do not override technical, operational, or lawful process requirements inherent in the delivery of telecommunications Services.
19. Liability and Dependency Position
To the fullest extent permitted by law:
-
these Privacy Terms do not create a warranty of uninterrupted, error-free, or risk-free processing;
-
SureTel is not liable for failures caused by FNOs, carriers, network operators, numbering authorities, cloud vendors, software suppliers, payment processors, or other third-party dependencies outside SureTel’s direct control;
-
SureTel is not responsible for the Customer’s internal POPIA compliance, employment privacy compliance, end-user notices, or recording compliance framework; and
-
the Master Services Agreement’s limitations of liability, dependency provisions, suspension rights, indemnities, and recovery rights apply to these Privacy Terms.
Nothing in this clause excludes liability that cannot lawfully be excluded.
20. Changes to These Privacy Terms
SureTel may amend these Privacy Terms on notice in accordance with the governing contract framework, including to address:
-
service changes;
-
operational changes;
-
supplier-chain changes;
-
security developments;
-
legal or regulatory changes; or
-
updates to onboarding, payments, support, or platform structures.
Updated terms may apply to ongoing Services, renewals, add-ons, new features, substituted platforms, revised onboarding flows, or changed legal requirements, subject to the governing contract.
22. Priority and Interpretation
If there is any inconsistency between these Privacy Terms and another SureTel contract document:
-
the signed special terms or accepted order-specific commercial terms prevail for the specific transaction;
-
the Master Services Agreement prevails for general liability, suspension, collections, and contract mechanics;
-
these Privacy Terms prevail for privacy, data processing, and communications-data treatment to the extent of the inconsistency; and
[Review note — source appears to end mid-clause. Section 22 point 3 ends with “… and” with no further point in the source document. Confirm and complete this clause before publication.]
Service providers we use
[Draft addition — site-specific processors. Not part of the approved Privacy Notice text above; included at your request to name SureTel's actual service providers. Review and confirm before publication.]
In operating this website and SureTel's enquiry, quoting and coverage processes, SureTel uses the following service providers, consistent with the categories of recipients described in section 8 above:
- Lovable Cloud — website hosting and secure storage of website enquiry, quote and coverage-request records.
- Zoho CRM — customer-relationship management; website enquiry and lead records are synced for sales follow-up and account management.
- Resend — transactional email notifications to SureTel when an enquiry, quote or coverage request is submitted.
- Google Maps Platform — address lookup and autocomplete to assist address entry in the coverage checker. Address autocomplete assists entry only and does not itself confirm service availability.
- Google Analytics and Google Ads — website analytics and advertising conversion measurement, including the capture of campaign attribution parameters (such as UTM tags and GCLID). SureTel does not transmit personal information — such as your name, email address, phone number or street address — into analytics or advertising event parameters.
Where SureTel changes a service provider, the categories and purposes described in this Privacy Policy continue to apply.
Contact SureTel about privacy
- SureTel cc — 4 Leeu Street, Rant en Dal, Krugersdorp, Gauteng, South Africa, 1739
- Privacy contact email: [privacy contact email — confirm approved address]
- Business hours: Monday to Friday, 08:00–17:00
- Licensed ISP · ICASA licence: 0009/CECS/AUG/09
Related legal pages
Contact SureTel if you have questions about how we handle your personal information.
SureTel