Sadler Logo

SECURITY PROCEDURES AND PRIVACY POLICY

Company: THN Sadler Inc

Information Officer / Contact for privacy matters: THN Sadler, director, 021 202 8460, talbot@sadler.co.za

1. Introduction

This Security Procedures and Privacy Policy (Policy) describes how THN SADLER INC (“we”, “us”, “our”) collects, processes, stores, protects and shares personal information through our website and related services (Services). This Policy applies to all visitors, users, customers, contractors, employees and other data subjects whose personal information we hold.

2. Scope

This Policy applies to all processing of personal information performed by or on behalf of THN SADLER INC, whether electronic or physical, and regardless of the location where processing occurs. It applies to employees, contractors, suppliers and any third parties that process personal information on our behalf.

3. Definitions

* “Personal information” means any information that identifies or can be used to identify an individual.

* “Processing” means any operation performed on personal information, including collection, storage, use, disclosure, dissemination, retention and destruction.

* “Information Officer” means the person designated by THN SADLER to oversee POPIA compliance and to manage data subject requests: THN Sadler, 021 202 840, talbot@sadler.co.za

4. Legal and Contractual Basis for Processing

We process personal information only where we have a lawful basis, including to:

* perform a contract with you;

* comply with legal obligations;

* protect our legitimate interests that are not overridden by your rights; or

* the data subject has given consent where required.

5. Personal Information We Collect

We may collect the following categories of personal information:

* Identity and contact details: name, email address, telephone number, postal address;

* Account details: username, password hash, profile information;

* Transactional information: purchase history, billing and payment information (payment details are processed by payment providers);

* Technical and usage data: IP address, device identifiers, browser type/version, operating system, pages visited, referral sources, cookies and analytics data;

* Communications: messages you send to us via contact forms, email, chat or other channels;

* Any other information you voluntarily provide.

6. Purpose of Processing

We collect and use personal information for purposes including:

* providing, maintaining and improving our Services;

* customer support and communication;

* processing transactions and billing;

* sending administrative and marketing communications where permitted;

* fraud detection, security, and legal compliance;

* fulfilling contractual and legal obligations.

7. Security Procedures and Organizational Measures

We implement technical, physical and organizational measures proportionate to the risks to protect personal information, including:

* Access control: role-based access control (RBAC) and least-privilege principles for staff and systems;

* Authentication: strong password requirements and multi-factor authentication (MFA) for privileged accounts and administrative access;

* Encryption: TLS/HTTPS for all data in transit and industry-standard encryption for sensitive data at rest where applicable;

* Network and endpoint security: firewalls, intrusion detection/prevention systems, anti-malware and regular patch management;

* Secure development: secure development lifecycle (SDLC) practices, code reviews and vulnerability assessments for applications;

* Testing: regular vulnerability scanning and periodic penetration testing of internet-facing systems;

* Monitoring and logging: security event logging, monitoring, and retention for incident detection and investigation;

* Backup and resilience: regular encrypted backups and tested business continuity and disaster recovery procedures;

* Physical security: controlled access to facilities and secure disposal of physical records;

* Supplier due diligence: security and privacy assessments of third-party processors and contractual security obligations;

* Security awareness and training: periodic staff training on information security, privacy and incident reporting;

* Data minimization and retention: collection limited to what is necessary and retention only for lawful, specified purposes.

8. Incident Response and Breach Notification

We maintain an incident response plan that includes:

* identification, containment, eradication and recovery steps;

* forensic investigation and root cause analysis where required;

* notification procedures to affected data subjects and regulators in accordance with legal timeframes and requirements;

* remediation and lessons-learned actions to prevent recurrence.

9. Data Subject Rights and How to Exercise Them

You have rights regarding your personal information, including where applicable:

* right of access to personal information we hold about you;

* right to request correction, deletion or restriction of processing;

* right to object to processing and to withdraw consent where processing is based on consent;

* right to data portability where applicable.

To exercise any right, contact our Information Officer at talbot@sadler.co.za or 021 202 8460. We will verify requests and respond within the applicable statutory timeframes.

10. Cookies, Tracking and Analytics

We use cookies, web beacons, and similar technologies to provide functionality, analytics and marketing. On first visit users are presented with a cookie consent mechanism where required. Users may manage cookie preferences or disable cookies through their browser settings, acknowledging that some features may be impaired.

11. Third-Party Processors, Subcontracting and Transfers

We may share personal information with third-party service providers (processors) for hosting, payment processing, analytics, email marketing, customer support and other services. Such processors are contractually required to implement appropriate security measures and to process data only on our instructions.

“No part of the services may be subcontracted without the prior written consent of the Client. The contractor remains fully liable for all acts and omissions of any approved subcontractors.”

When personal information is transferred across borders, we will ensure appropriate safeguards are in place to protect the information in accordance with applicable law.

12. Confidentiality

“Each party shall maintain the confidentiality of all Confidential Information received from the other party and shall not disclose such Confidential Information to any third party without prior written consent, except as required by law or court order.”

13. Data Retention and Deletion

We retain personal information only as long as necessary to achieve the purposes set out in this Policy, to comply with legal obligations, to resolve disputes, or to enforce agreements. When no longer required, personal information will be securely deleted or anonymized.

14. Children

Our Services are not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information of a child without parental consent, we will take steps to delete such information.

15. Links to Other Websites

Our Services may contain links to external sites. We are not responsible for the privacy or security practices of third-party sites. We encourage you to review their privacy policies.

16. Changes to This Policy

We may revise this Policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the Services constitutes acceptance of the updated Policy.

17. Complaints, Queries and Contact Information

If you have questions, requests or complaints about our handling of personal information, contact:

Information Officer: THN Sadler

Email: talbot@sadler.co.za

Phone: 021 202 8460

We will acknowledge and handle complaints in accordance with applicable statutory timelines.

18. Mandatory POPIA Clause

“Both parties shall comply with their obligations under the Protection of Personal Information Act 4 of 2013 regarding the processing, storage, and transmission of personal information.”

19. Confidentiality of Security Measures

Specific technical and procedural security measures are treated as confidential to avoid undermining protections. High-level descriptions are provided in this Policy; detailed operational controls are retained internally.

20. Dispute Resolution

“Any dispute arising from this agreement shall first be addressed through mediation. If mediation fails, the dispute shall be resolved through arbitration in accordance with the rules of the Arbitration Foundation of Southern Africa.”

21. Liability and Limitations

To the extent permitted by law, THN SADLER INC limits liability for damages arising from use of the Services or from breaches to the fullest extent permissible. Nothing in this Policy restricts mandatory statutory rights of data subjects.

22. Miscellaneous

* This Policy forms part of contracts and agreements where personal information processing is involved.

* If any provision is invalid, it does not affect the remainder of the Policy.

* Governing law of South Africa.

We use cookies to improve your experience on our website. By continuing to browse, you agree to our use of cookies
X
We use cookies to improve your experience on our website. By continuing to browse, you agree to our use of cookies
X