Privacy Policy
Your privacy matters to us. This policy is written in plain language as required by POPIA. We do not sell your personal information. We never have. We never will.
Who We Are
Perpetuity Solutions (Pty) Ltd is a South African private company and the responsible party under the Protection of Personal Information Act, 2013 (POPIA), and the data controller under the EU General Data Protection Regulation (GDPR) where applicable.
Our Information Officer can be contacted at privacy@perpetuity.solutions.
Scope & Application
This policy applies to:
- All visitors to perpetuity.solutions and our subdomains
- All subscribers to the Perpetuity Solutions Growth Platform
- Individuals who contact us by any channel
- Individuals whose personal data our business clients submit through the platform
GDPR additionally applies to data subjects located in the European Economic Area (EEA) at the time of data collection, regardless of the data subject's nationality.
Personal Information We Collect
| Category | Examples | How collected |
|---|---|---|
| Identity | Name, business name | You provide |
| Contact | Email, phone, address | You provide |
| Account | Subscription tier, billing history | Generated by use |
| Financial | Card type and last 4 digits only — never full card numbers | Payment processor |
| Technical | IP address, browser, session | Automatic |
| Usage | Platform activity | Automatic |
| Communications | Support tickets, emails | You provide |
| Marketing | Consent status, campaign interactions | You provide / automatic |
| Client-uploaded | Contact lists from business clients | Our clients upload |
Lawful Basis for Processing
We process personal information only where one or more lawful bases apply:
- Contract — to deliver the platform and services you have purchased
- Consent — for marketing communications and optional cookies
- Legitimate Interest — for security, fraud prevention, and service improvement
- Legal Obligation — for tax, accounting, and statutory compliance
How We Use Your Data
5.1 Service delivery — to provision, operate, and support the platform.
5.2 Account administration — billing, account management, and subscription management.
5.3 Product improvement — analysing aggregated usage to improve features.
5.4 Security and fraud prevention — protecting your account and ours.
5.5 Marketing — opt-in only, with simple unsubscribe in every email.
5.6 Legal compliance — meeting our statutory obligations.
International Transfers
Some of our service providers process data outside South Africa. Where this occurs, we apply safeguards including: Standard Contractual Clauses, adequacy decisions where applicable, and binding Data Processing Agreements.
Retention Periods
| Data category | Retention period | Basis |
|---|---|---|
| Account data | Subscription + 5 years | Legal limitation period |
| Financial records | 7 years | SARS requirement |
| Usage logs | 12 months | Operational |
| Support communications | 3 years | Service improvement |
| Marketing consent | Until withdrawal + 3 years | Audit trail |
| Client-uploaded data | Subscription + 30 days | Recovery window |
| Cookie data | 24 months | Browser limit |
| Security incident records | 5 years | POPIA Reg. 4 |
Security Measures
We protect personal information through:
- TLS encryption in transit and encryption at rest
- Role-based access controls and least-privilege principles
- PCI-DSS compliant payment processing (we never store full card numbers)
- Periodic security reviews and vulnerability scanning
- Documented breach response procedures
In the event of a security compromise, we notify the Information Regulator within 72 hours and affected data subjects without undue delay.
Rights Under POPIA
Request a copy of your personal information
Have inaccurate data corrected
Have your data deleted where lawfully permitted
Object to processing on legitimate-interest grounds
Withdraw consent for processing
Lodge a complaint with the Information Regulator
Additional Rights Under GDPR (EEA)
If you are located in the EEA, GDPR provides additional rights:
- Restriction (Art. 18) — restrict processing in specified circumstances
- Portability (Art. 20) — receive your data in a portable format
- No automated decision-making (Art. 22) — not be subject to solely automated decisions
- Supervisory authority complaint (Art. 77) — lodge a complaint with your local DPA
EU representative: where required under GDPR Article 27, our representative for EEA data subjects can be contacted at privacy@perpetuity.solutions.
How to Exercise Rights
To exercise any right, email privacy@perpetuity.solutions with the subject line: "Data Subject Rights Request — [Your Name]".
- We respond within 30 calendar days
- Complex requests may extend by 60 days, with notice
- No fee, unless requests are manifestly unfounded or excessive
Children's Privacy
The platform is intended for businesses and persons over the age of 18. We do not knowingly collect personal information from anyone under 18. POPIA s.34 applies to any child personal information that comes to our attention.
Client Data (B2B Processing)
Where our business clients use the platform to manage their own customers, the client is the responsible party (POPIA) or controller (GDPR) for that customer data. Perpetuity Solutions acts as the operator (POPIA) or processor (GDPR).
A standard Data Processing Agreement is available on request, and is mandatory where EEA data is processed.
Professional Practices — Regulated Industries
For clients in regulated sectors:
- Healthcare practitioners — HPCSA confidentiality requirements apply
- Legal practitioners — LPC client confidentiality applies
- Financial advisors — FSCA conduct standards apply
Special categories of personal information (POPIA s.26–s.35) require enhanced safeguards. An enhanced Data Processing Agreement is required.
Direct Marketing
We send marketing communications on an opt-in basis only, in compliance with POPIA s.69 and ECTA. Every marketing email contains an unsubscribe mechanism. Unsubscribe requests are processed within 5 Business Days. We do not use purchased contact lists.
Complaints & Regulatory Contact
South Africa — Information Regulator
- www.inforegulator.org.za
- complaints.IR@justice.gov.za
- JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
EEA — European Data Protection Board
- edpb.europa.eu
Changes to This Policy
Material changes will be communicated by email at least 14 calendar days before they take effect. Continued use of the platform after the effective date constitutes acceptance.
Contact Us
Questions about this policy or about your data? Reach the Information Officer at privacy@perpetuity.solutions — or via perpetuity.solutions. We respond within 2 Business Days.
Questions about your data?
Email privacy@perpetuity.solutions for any data subject request, or read our Terms & Conditions for related contractual terms.