Privacy Policy

This Privacy Policy explains how 1ICT (Pty) Ltd (Registration No. 2018/067519/07, VAT No. 4760308728) (“1ICT”, “we”, “us”, “our”) processes the personal information you provide through our website www.1ict.co.za and related services. It is issued in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and the Electronic Communications and Transactions Act, 25 of 2002 (“ECTA”).

By submitting a form on our website you confirm that you have read and understood this policy and consent to the processing of your personal information as described below.

Responsible Party: 1ICT (Pty) Ltd
Registered address: 108 Elizabeth Avenue, Parkmore, Sandton, 2196, South Africa
Information Officer: Thami Mhlongo
Email: services@thamitechs.co.za
Telephone: 087 821 3000

Our Information Officer is registered with the Information Regulator of South Africa in line with section 55 of POPIA.

We only collect information that is adequate, relevant and not excessive for the purpose for which it is processed. Depending on which form you submit, we may collect:

• Contact / Enquiry Form: full name, email address, telephone number, company name and the contents of your message.
• Request a Callback: name, telephone number and preferred call time.
• Coverage / Fibre Checker: physical address, suburb and contact details to confirm service availability.
• Quote / Estimate Builder: business name, contact details, number of users / sites and selected services.
• Security Assessment & Industry Lead Forms: company information, sector, role, contact details and the business problem you would like us to address.
• Careers / Job Applications: full name, email, telephone, South African ID number, current role, years of experience, notice period, salary expectation, cover note and your uploaded CV (PDF / DOC).
• Technical data: IP address, browser type, device, pages visited, and a Google reCAPTCHA v3 risk score used only to detect spam and abuse.

We do not deliberately collect special personal information (race, health, religion, biometrics, etc.) or information about children under 18. Do not submit such information through our forms unless we have specifically asked for it in writing.

We rely on the following POPIA justifications (section 11):

• Consent — you submit a form and tick the consent box (where shown) so that we may contact you and process your request.
• Performance of a contract — to prepare quotations, on-board you as a client, deliver services and support, and invoice you.
• Legal obligation — tax, RICA, ICASA, BCEA, EEA and other statutory record-keeping.
• Legitimate interest — protecting our website from fraud and abuse (reCAPTCHA), responding to enquiries and recruiting staff.

• Respond to your enquiry, callback or quote request.
• Verify coverage and prepare service proposals.
• Send transactional notifications (e.g. confirmation that we received your application or enquiry).
• Evaluate job applications and contact shortlisted candidates.
• Maintain customer records, provide support and improve our services.
• Send marketing communications about 1ICT products only where you have opted in. Every marketing email contains an unsubscribe link.

We never sell your personal information. We share it only with trusted “operators” (POPIA term for processors) who are bound by written agreements to process the data on our instructions and keep it confidential:

• Cloud hosting & database: Supabase (operated on AWS infrastructure) — stores form submissions and CV files in a private, access-controlled bucket.
• Email delivery: Resend / Lovable transactional email — used to notify our internal team at services@thamitechs.co.za when a form is submitted.
• Bot protection: Google reCAPTCHA v3 — receives a risk score request when you submit a form (governed by Google's own Privacy Policy).
• Upstream carriers & licensees (e.g. Openserve, Vumatel, MetroFibre, MTN, Vodacom) — only the data strictly required to provision or troubleshoot the service you ordered.
• Regulators & law enforcement — where we are legally compelled to disclose.

Some of our operators host data outside South Africa (e.g. the EU or USA). Where this happens we ensure, in accordance with section 72 of POPIA, that the recipient is subject to laws, binding corporate rules or contractual clauses that provide an adequate level of protection.

• General enquiries, callbacks, coverage checks: up to 24 months from last contact, then deleted.
• Quotes & estimates that do not convert: 36 months.
• Customer / contract records: 5 years after the end of the contract (as required by the Tax Administration Act and Companies Act).
• Unsuccessful job applications: 12 months, then deleted unless you ask us to keep your CV on file.
• Successful applicants: retained for the duration of employment plus statutory retention periods.

• TLS/HTTPS encryption in transit for every form submission.
• Encryption at rest for our database and for CV files stored in a private storage bucket.
• Row-Level Security so that submitted records are only readable by authorised 1ICT staff via the admin dashboard.
• Role-based access, MFA on admin accounts and audit logging.
• Regular backups and a documented incident-response plan.

In the event of a security compromise involving your personal information we will notify you and the Information Regulator as required by section 22 of POPIA.

As a data subject you have the right to:

• Be notified of what personal information we hold about you (section 23).
• Request a copy of that information.
• Request correction or deletion of inaccurate, irrelevant, excessive or outdated information (section 24).
• Object to the processing of your information (section 11(3)).
• Withdraw your consent at any time, without affecting the lawfulness of processing already carried out.
• Object to direct marketing — unsubscribe links are in every marketing email.
• Lodge a complaint with the Information Regulator (see section 12 below).

To exercise any of these rights email services@thamitechs.co.za. We will respond within 30 days. We may ask you to complete the prescribed PAIA / POPIA Form 2 to verify your identity.

Our site uses essential cookies needed for it to function and, with your consent, analytics cookies that help us understand how the site is used. You can refuse non-essential cookies via the cookie banner or by adjusting your browser settings. Google reCAPTCHA v3 is loaded on form pages and sets its own cookies in line with Google's Privacy Policy.

If you are not satisfied with how we have handled your personal information you may contact:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: POPIAComplaints@inforegulator.org.za
Web: inforegulator.org.za

We may update this policy from time to time. The latest version will always be available at /privacy-policy and will be dated above. Material changes will be communicated via our website or by email where appropriate.