Privacy Policy

    How SureTel CC collects, uses, stores and protects your personal information — compliant with the Protection of Personal Information Act (POPIA), the Regulation of Interception of Communications Act (RICA), and the Electronic Communications Act (ECA).

    SureTel CC

    Registration Number: 2010/092683/23

    4 Leeu Street, Rant en Dal, Krugersdorp, Gauteng, South Africa

    Effective date: 19 March 2026  |  Last updated: 19 March 2026

    1. Responsible Party & Information Officer

    1.1The responsible party, as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA"), is:

    SureTel CC

    4 Leeu Street, Rant en Dal, Krugersdorp, Gauteng, South Africa
    info@suretel.co.za
    +27 (0)10 593 2413

    1.2The designated Information Officer for purposes of POPIA is the Managing Director of SureTel CC. All requests related to personal information must be directed to info@suretel.co.za.

    1.3The Information Officer is responsible for encouraging compliance with the conditions for lawful processing, dealing with requests from data subjects, and working with the Information Regulator.

    2. Definitions

    2.1In this Privacy Policy, unless the context indicates otherwise, the following terms bear the meanings assigned to them:

    Personal Information
    Information relating to an identifiable, living, natural person and, where applicable, an identifiable, existing juristic person — including but not limited to name, identity number, contact details, financial information, correspondence, and biometric information (as defined in POPIA section 1).
    Special Personal Information
    Personal information concerning religious or philosophical beliefs, race, ethnic origin, trade union membership, political persuasion, health, sexual life, biometric information, or criminal behaviour (POPIA section 26).
    Data Subject
    The person to whom personal information relates — this includes you, our customer, prospective customer, website visitor, or employee.
    Processing
    Any operation or activity — automated or not — concerning personal information, including collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, merging, linking, restriction, degradation, erasure, or destruction (POPIA section 1).
    Operator
    A person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party (POPIA section 1).
    Consent
    Any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information (POPIA section 1).
    POPIA
    The Protection of Personal Information Act 4 of 2013.
    RICA
    The Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002.
    ECA
    The Electronic Communications Act 36 of 2005.
    Information Regulator
    The independent body established under POPIA to monitor and enforce compliance with data protection legislation in South Africa.

    3. Information We Collect

    3.1We collect and process the following categories of personal information, depending on the nature of our engagement with you:

    3.1 Identity Information

    Full name and surname
    Identity number or passport number
    Company name and registration number
    VAT registration number (where applicable)

    3.2 Contact Information

    Physical and postal address
    Email address
    Telephone and mobile numbers

    3.3 Financial Information

    Banking details for billing and payment processing
    Credit application information
    Invoice and payment history

    3.4 Technical & Usage Information

    IP address, browser type, device information
    Website usage data (pages visited, time on site, referral source)
    Cookie identifiers and analytics data

    3.5 Communication Records

    3.5.1In accordance with RICA, as a licensed electronic communications service provider, we are required to collect and retain certain subscriber information, including:

    Subscriber identity and contact details (RICA section 40)
    Communication-related information as prescribed by regulations
    Service activation and connection records

    3.6 Service-Specific Information

    Site survey data and installation requirements
    Network configuration details
    Support ticket records and fault reports
    Call detail records (CDRs) for VoIP and PBX services

    4. How We Collect Information

    4.1We collect personal information through the following means:

    4.1 Directly from You

    When you complete an enquiry or quote request form on our website
    When you enter into a service agreement with us
    When you communicate with us via email, telephone, or in person
    When you submit a support or fault report

    4.2 Automatically

    Through cookies and similar tracking technologies on our website
    Through server logs and analytics tools (e.g. Google Analytics)
    Through network monitoring and service delivery systems

    4.3 From Third Parties

    Credit bureaus (for credit applications)
    Upstream service providers and network operators
    Public records and government databases

    4.4 RICA Verification

    4.4.1Where we provide electronic communications services, we are required by RICA to verify subscriber identity before activating services. This may involve collecting copies of identity documents and proof of address.

    5. Purpose of Processing

    5.1We process your personal information for the following purposes, in accordance with POPIA sections 13 to 15:

    5.1 Service Delivery

    To provide, manage and maintain the services you have contracted for
    To process orders, installations and service requests
    To provide technical support and resolve faults
    To communicate with you about your services

    5.2 Billing & Financial Administration

    To invoice for services rendered
    To process payments and manage credit facilities
    To collect overdue amounts

    5.3 Legal Compliance

    To comply with RICA subscriber registration and data retention obligations
    To comply with ECA record-keeping requirements
    To respond to lawful requests from regulatory bodies and law enforcement (including ICASA)
    To comply with tax and financial reporting obligations

    5.4 Business Operations

    To improve our services and website
    To conduct internal research and analytics
    To send you service-related communications and updates
    To send marketing communications (only with your consent)

    5.5 Security

    To protect our network and infrastructure
    To detect and prevent fraud
    To enforce our terms of service

    7. Sharing & Disclosure of Information

    7.1We may share your personal information with the following categories of recipients:

    7.1 Service Providers & Operators

    7.1.1Third-party operators who process personal information on our behalf under written agreements that comply with POPIA section 21. These include upstream connectivity providers, payment processors, and cloud hosting providers.

    7.2 Regulatory Bodies & Law Enforcement

    7.2.1We may be required to disclose personal information to regulatory authorities, including ICASA, in compliance with RICA, the ECA, and other applicable legislation.

    7.2.2We will comply with lawful interception directions issued in terms of RICA Chapter 2, and with requests from authorised law enforcement agencies.

    7.3 Cross-Border Transfers

    7.3.1Where personal information is transferred to a party outside the Republic of South Africa, we will ensure that the recipient is subject to a law, binding corporate rules, or binding agreement that provides an adequate level of protection substantially similar to POPIA (in compliance with POPIA section 72).

    7.3.2Alternatively, cross-border transfers may occur where the data subject has consented, where the transfer is necessary for the performance of a contract, or where it is for the benefit of the data subject.

    7.4 Other Disclosures

    7.4.1We will not sell, rent or trade your personal information to third parties for marketing purposes without your explicit consent.

    7.4.2We may disclose personal information where it is necessary to protect or enforce our legal rights, or to protect the safety of our employees, customers, or the public.

    8. Data Security

    8.1We are committed to protecting the integrity and confidentiality of personal information in our possession. We have implemented appropriate, reasonable technical and organisational measures to secure personal information against:

    Loss of, damage to, or unauthorised destruction of personal information
    Unlawful access to or processing of personal information

    8.1 Technical Measures

    Encryption of data in transit (TLS/SSL) and at rest where appropriate
    Firewalls, intrusion detection and prevention systems
    Access controls and authentication mechanisms
    Regular security assessments and vulnerability testing

    8.2 Organisational Measures

    Access to personal information is restricted to authorised personnel on a need-to-know basis
    Staff training on data protection and information security
    Contractual obligations on operators and third-party service providers
    Incident response procedures and business continuity planning

    8.3 Breach Notification

    8.3.1In the event of a security compromise involving personal information, SureTel will notify the Information Regulator and affected data subjects as soon as reasonably possible, in accordance with POPIA section 22.

    8.3.2The notification will include the nature of the compromise, the categories of information affected, measures taken to address the compromise, and recommendations for data subjects to mitigate potential adverse effects.

    9. Data Retention

    9.1We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by law. Specific retention periods include:

    9.1 General Business Records

    9.1.1Contractual records, invoices and financial records are retained for a minimum of 5 years after the end of the business relationship, in accordance with the Companies Act and tax legislation.

    9.2 RICA Records

    9.2.1In accordance with RICA sections 30 and 40, communication-related information and subscriber records are retained for a period of at least 3 years (or such longer period as may be prescribed by regulation) from the date on which the communication occurred or the service was terminated.

    9.2.2This includes call data records, subscriber identity information, and activation records.

    9.3 ECA Records

    9.3.1As an electronic communications service provider, we retain records as required by the ECA and associated regulations, including records necessary for billing, dispute resolution, and regulatory compliance.

    9.4 Disposal

    9.4.1When personal information is no longer required, it will be destroyed, deleted or de-identified in a manner that prevents reconstruction, in accordance with POPIA section 14.

    10. Your Rights as a Data Subject

    10.1Under POPIA, you have the following rights in relation to your personal information:

    10.2Right of Access — You may request confirmation that we hold personal information about you, and request access to that information (POPIA section 23).

    10.3Right to Correction — You may request the correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully (POPIA section 24).

    10.4Right to Deletion — You may request the destruction or deletion of personal information that we are no longer authorised to retain (POPIA section 24).

    10.5Right to Object — You may object, on reasonable grounds, to the processing of your personal information (POPIA section 11(3)(a)). You may also object to the processing of your personal information for purposes of direct marketing by means of unsolicited electronic communications (POPIA section 69).

    10.6Right to Withdraw Consent — Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.

    10.7Right to Complain — You have the right to lodge a complaint with the Information Regulator if you believe that we have interfered with the protection of your personal information (POPIA section 74).

    How to Exercise Your Rights

    To exercise any of the above rights, please submit a written request to our Information Officer at info@suretel.co.za. We will respond to your request within 30 days of receipt. We may require proof of identity before processing your request. A prescribed fee may apply in certain circumstances as permitted by POPIA.

    11. Cookies & Tracking Technologies

    11.1Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and assist with our marketing efforts.

    11.1 Types of Cookies

    11.2Strictly Necessary Cookies — Required for the website to function correctly. These cannot be disabled.

    11.3Analytics Cookies — Used to understand how visitors interact with our website (e.g. Google Analytics). These cookies collect information anonymously.

    11.4Marketing Cookies — Used to deliver relevant advertisements and track campaign performance (e.g. Google Ads, Facebook Pixel).

    11.5Functional Cookies — Used to remember your preferences and provide enhanced functionality.

    11.2 Managing Cookies

    11.6You can manage your cookie preferences through our cookie consent banner on your first visit. You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

    11.7For more information about how Google uses data collected through our site, please visit policies.google.com/privacy.

    12. Children's Privacy

    12.1Our services are directed at businesses and are not intended for children under the age of 18.

    12.2We do not knowingly collect personal information from children under 18. If we become aware that personal information of a child has been collected without the consent of a competent person (as required by POPIA section 35), we will take steps to delete that information.

    12.3If you believe that we have inadvertently collected personal information from a child, please contact our Information Officer immediately at info@suretel.co.za.

    13. Changes to This Policy

    13.1SureTel reserves the right to amend this Privacy Policy from time to time to reflect changes in legislation, our business practices, or the way we process personal information.

    13.2Material changes will be communicated by publishing the updated policy on our website with a revised effective date. Where appropriate, we will notify affected data subjects directly.

    13.3Your continued use of our services or website after the publication of an updated policy constitutes your acceptance of the changes.

    14. Contact Us

    14.1If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a complaint about how your personal information has been handled, please contact us:

    SureTel CC — Information Officer

    info@suretel.co.za
    +27 (0)10 593 2413
    4 Leeu Street, Rant en Dal, Krugersdorp, Gauteng, South Africa

    14.2If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator:

    Information Regulator (South Africa)

    inforeg@justice.gov.za
    +27 (0)10 023 5207
    JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

    15. Google API Services User Data Policy

    Limited Use Disclosure

    SureTel's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

    15.1SureTel integrates with the following Google APIs for internal business purposes only:

    15.1 Google Ads API

    15.1.1SureTel accesses Google Ads campaign performance data solely for the purpose of monitoring and optimising advertising campaigns within SureTel's internal SEO & Content Dashboard.

    15.2 Google Business Profile API

    15.2.1SureTel accesses Google Business Profile data solely for the purpose of managing its own business listing, publishing updates, and monitoring review activity within SureTel's internal SEO & Content Dashboard.

    15.3 Data Handling Commitments

    15.3.1All data retrieved from Google APIs is used exclusively by authorised SureTel personnel for internal business operations.

    15.3.2SureTel does not share, sell, lease, or transfer Google API data to any third party.

    15.3.3Google API data is not used to build user profiles, for advertising targeting, or for any purpose unrelated to SureTel's own business operations.

    15.3.4All Google API data is stored securely within SureTel's infrastructure, protected by the same security measures described in Section 8 of this Privacy Policy.