This policy was last reviewed in March 2026. We recommend reading it in full to understand your rights under POPIA.
Who We Are
Oxironix is a web design and digital marketing business operating in South Africa, with a primary focus on the Pretoria and Gauteng regions. We provide services including website design and development, search engine optimisation (SEO), digital marketing, branding, and related creative services to small and medium enterprises (SMEs) across South Africa.
For the purposes of the Protection of Personal Information Act 4 of 2013 (POPIA), Oxironix is the Responsible Party — meaning we determine the purpose and means of processing your personal information.
Responsible Party Details
Business Name: Oxironix
Website: www.oxironix.co.za
Email: service@oxironix.co.za
Location: Pretoria, Gauteng, South Africa
Information Officer: Ellouise (Oxironix)
Information We Collect
We collect personal information only where it is necessary to provide our services, respond to your enquiries, or comply with legal obligations. Below is a summary of what we collect and why.
| Category | What We Collect | How It's Collected |
|---|---|---|
| Identity | First name, last name, business name | Contact forms, quote requests, direct communication |
| Contact | Email address, phone number, WhatsApp number | Contact forms, quote requests, direct communication |
| Business | Business type, industry, website URL, project details | Quote request forms, project briefs |
| Financial | Invoice details, payment confirmation references | Project agreements, accounting processes |
| Technical | IP address, browser type, device type, pages visited | Automatically via cookies and analytics tools |
| Communications | Emails, WhatsApp messages, notes from calls | Ongoing client communication |
We do not collect: sensitive personal information such as ID numbers, race, health data, biometric data, religious or political beliefs, unless you voluntarily provide them and they are strictly necessary for a specific service.
How We Use Your Information
We use your personal information only for the purposes for which it was collected. These include:
- To respond to enquiries — when you contact us via our website forms, email, or WhatsApp, we use your details to get back to you.
- To deliver services — to complete your project, communicate progress, send files and deliverables, and manage your account.
- To process payments — to issue invoices and confirm receipt of payment.
- To improve our website — using anonymised analytics data to understand how visitors use our site and improve their experience.
- To send service-related communications — updates, invoices, project milestones, or follow-ups relating to your project.
- To comply with legal obligations — maintaining records as required by South African law.
- To send marketing communications — only if you have explicitly consented, and you can withdraw this consent at any time.
We will never sell, rent, or trade your personal information to third parties for their own marketing purposes.
Legal Basis for Processing
Under POPIA, we must have a lawful ground (called a "processing condition") to process your personal information. We rely on the following grounds:
Contractual Necessity
When you engage us for a project, processing your personal information is necessary to fulfil that contract — for example, contacting you about your project, sending invoices, or delivering completed work.
Legitimate Interest
We may process data where it is in our legitimate business interest — for example, to improve our services, analyse website usage, or respond to business enquiries — provided your rights are not overridden.
Consent
Where we send marketing emails or newsletters, we do so only with your explicit consent. You may withdraw consent at any time by contacting us at service@oxironix.co.za or clicking unsubscribe in any marketing email.
Legal Obligation
We may process your data where required to comply with a legal obligation under South African law, such as tax record-keeping obligations.
Who We Share Data With
We do not share your personal information with third parties except in the following circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Hosting providers (e.g. SiteGround, Xneelo) |
Website hosting and email infrastructure | Contracts in place; POPIA-aware providers |
| Payment processors (e.g. PayFast, PayGate) |
Processing invoices and client payments | PCI DSS compliant; regulated in SA |
| Analytics tools (e.g. Google Analytics) |
Understanding website usage (anonymised) | IP anonymisation enabled; no personal data shared |
| Email / CRM tools (e.g. Mailchimp) |
Sending project updates or newsletters (consent only) | GDPR / POPIA compliant providers |
| Legal authorities | If required by law or court order | Only to the extent required by law |
All third-party service providers are required to keep your information confidential and may only use it for the specific purposes for which we engaged them.
Cookies & Tracking
Our website uses cookies — small text files placed on your device — to enhance your experience and analyse traffic. Here is what we use:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Required for the website to function (e.g. security, form tokens) | Session / up to 1 year |
| Analytics cookies | Understand how visitors use our site (Google Analytics — anonymised) | Up to 2 years |
| Functional cookies | Remember your preferences (e.g. cookie consent choice) | Up to 1 year |
| Marketing cookies | Only set if you consent; used for Google Ads remarketing | Up to 90 days |
You can control or delete cookies at any time via your browser settings. Disabling certain cookies may affect your experience on our website. For more information about cookies, visit www.allaboutcookies.org.
Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:
- SSL/TLS encryption on all web pages (HTTPS)
- Secure, password-protected access to client files and records
- Two-factor authentication on key accounts and platforms
- Regular software and security updates on all systems we manage
- Restricted access — only authorised personnel may access client data
- Secure cloud storage for client documents and deliverables
While we take every reasonable precaution, no method of transmission over the internet is 100% secure. If you believe your information has been compromised, please contact us immediately at service@oxironix.co.za.
Data Breach Notification: In the unlikely event of a security breach involving your personal information, we will notify the Information Regulator and affected data subjects as required by POPIA within the prescribed timeframes.
Data Retention
We retain your personal information only for as long as is necessary for the purposes described in this policy, or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Client project records | 5 years after project completion | Business and legal records |
| Financial records / invoices | 5 years | SARS / tax compliance |
| Enquiry / contact form submissions | 12 months if no project commenced | Business follow-up purposes |
| Marketing consent records | Until consent is withdrawn | Proof of consent |
| Website analytics data | 26 months (Google Analytics default) | Site performance analysis |
When your data is no longer needed, we will securely delete or anonymise it in a manner that prevents reconstruction.
Your Rights Under POPIA
The Protection of Personal Information Act (POPIA) grants you the following rights regarding your personal information. We are committed to honouring these rights promptly and without charge.
Right to Access
You can request a copy of the personal information we hold about you at any time.
Right to Correction
You may request that we correct or update any inaccurate or incomplete information we hold.
Right to Object
You can object to the processing of your personal information for marketing or certain other purposes.
Right to Deletion
You may request deletion of your data where we no longer have a legal basis to retain it.
Right to Restriction
You can ask us to restrict processing of your data in certain circumstances.
Right to Complain
You have the right to lodge a complaint with the Information Regulator if you believe your rights have been violated.
To exercise any of these rights, please contact us at service@oxironix.co.za. We will respond within 30 business days as required by POPIA. We may need to verify your identity before processing your request.
Information Regulator (South Africa)
If you are not satisfied with how we handle your personal information or your rights request, you may contact the South African Information Regulator:
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Children's Privacy
Our website and services are directed at businesses and adults. We do not knowingly collect personal information from anyone under the age of 18. Our services are intended for business owners, entrepreneurs, and marketing professionals.
If you believe a child under 18 has provided us with personal information without appropriate parental consent, please contact us immediately at service@oxironix.co.za and we will delete the relevant information promptly.
International Data Transfers
Some of the third-party service providers we use (such as Google Analytics, email platforms, or cloud storage tools) may process or store data outside of South Africa.
Where your personal information is transferred outside South Africa, we ensure that appropriate safeguards are in place in accordance with POPIA, including:
- Using service providers who are bound by data protection agreements offering equivalent protection to POPIA
- Selecting providers that are GDPR-compliant (the EU's equivalent data protection regulation), which is generally accepted as equivalent or higher standard
- Ensuring standard contractual clauses are in place where required
We only transfer data internationally where it is necessary to deliver the services you have requested, and we take all reasonable steps to ensure the safety of that data.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, the services we offer, or changes in applicable law. When we do:
- We will update the "Last Updated" date at the top of this page.
- For significant changes, we will notify active clients by email.
- Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.
We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your personal information, please reach out to us:
Oxironix — Information Officer
Email: service@oxironix.co.za
Website: www.oxironix.co.za
WhatsApp: Message us via the green button on this page
Location: Pretoria, Gauteng, South Africa
We aim to respond to all privacy-related requests within 30 business days in accordance with POPIA requirements.
