PRIVACY POLICY

Introduction

Welcome to our privacy policy. This is our plan of action when it comes to protecting your privacy. We respect your privacy and take the protection of personal data/information very seriously. The purpose of this policy is to describe the way that we collect, store, use, and protect data that can be associated with you or another specific natural or juristic person and can be used to identify you or that person (personal data | information).

Audience

This policy applies to you if you are:

a visitor to our website;
a prospect who contacts us by phone or email; or
a customer who has ordered the goods or services that we provide.

Personal data | information

3.1. Personal data | information includes:

certain information that we collect automatically when you visit our website;
certain information collected on registration (see below);
certain information collected on submission; and
optional information that you provide to us voluntarily (see below);

3.2. Personal data | information excludes:

information that has been made anonymous so that it does not identify a specific person;
permanently de-identified information that does not relate or cannot be traced back to you specifically;
non-personal statistical information collected and compiled by us; and information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal data | information subject to protection under this policy).

3.2.1. Common examples

Common examples of the types of personal data | information which we may collect and process include your:

identifying information – such as your name, date of birth, or identification number of any kind;
contact information – such as your phone number or email address;
address information – such as your physical or postal address;

3.2.2. Sensitive personal data | information

Depending on the goods or services that you require, we may also collect sensitive personal data | information like your bank account details.

Acceptance

4.1. Acceptance required

You accept all the terms of this policy when you contact us through:

phone;
email;
our website;
all other communication channels; or by
placing an order or using any of our goods or services.

You may not order or use any of our goods or services, or our website if you do not accept this policy.

4.2. Legal capacity

You may not access our website to order our goods or services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.

4.3. Deemed acceptance

By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.

4.4 Your obligations

You may only send us your own personal data | information or the personal data | information of another data subject where you have their permission to do so.

Changes

We may change the terms of this policy at any time by updating this web page. We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated. If you do not agree with the changes, then you must stop using the website, and our goods or services. If you continue to use the website or our goods or services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.

Collection

6.1. On registration

Once you register on our website, you will no longer be anonymous to us. You will provide us with certain personal data | information.

This personal data | information may include:

your name and surname;
your email address;
your telephone number;
your company name, company registration number, and VAT number;
your postal address or street address; and
your username and password

We will use this personal data | information to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.

6.2. When you contact us

When you contact us, you may be asked to provide certain personal data | information on a voluntary basis. This may include:

your name and surname;
your email address; and
your telephone number.

This information is automatically stored and we will use this personal data | information to provide additional services and information to you, as we reasonably think appropriate, and for any other purposes set out in this policy.

6.3. On order

When you order any goods or services from us, you will be asked to provide us with additional information on a voluntary basis (goods information or services information).

6.4. Reseller

When you become one of our resellers, you will be asked to provide us with additional information on a voluntary basis (services information).

6.5. From browser

We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).

Please note that other websites visited before entering our website might place personal data | information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal data | information.

6.6. Cookies

For information on how we deal with cookies, please refer to our Cookie Policy.

6.7. Third party cookies

Some of our business partners use their own cookies or widgets on our website. We have no access to or control over them. Information collected by any of those cookies or widgets is governed by the privacy policy of the company that created it, and not by us.

6.8. Web beacons

Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal data | information. We merely use them to compile anonymous information about our website.

6.9. Optional details

You may also provide additional information to us on a voluntary basis (optional information). This includes content or products that you decide to upload or download from our website or when you enter competitions, take advantage of promotions, respond to surveys, order certain additional goods or services, or otherwise use the optional features and functionality of our website.

6.10. Recording calls

We may monitor and record any telephone calls that you make to us. We will delete the recording at your request.

6.11. Purpose for collection

We may use or process any goods information, services information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us.

Processing includes gathering your personal data | information, disclosing it, and combining it with other personal data | information. We generally collect and process your personal data | information for various purposes, including:

goods purposes – such as collecting orders for, supplying, and supporting our goods;
services purposes – such as providing our services;
marketing purposes – such as pursuing lawful related marketing activities;
business purposes – such as internal audit, accounting, business planning, and joint ventures, disposals of business, or other proposed and actual transactions; and
legal purposes – such as handling claims, complying with regulations, or pursuing good governance.

We may use your usage information for the purposes described above and to:

remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
monitor website usage metrics such as total number of visitors and pages accessed; and
track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.

6.12. Consent to collection

We will obtain your consent to collect personal data | information:

in accordance with applicable law;
when you provide us with any registration information or optional information.

Privacy by design

When we decide to develop a new product or start a new activity that involves the processing of personal data | information, we take the privacy and data protection laws and principles into account and try to build them into the product or activity.

8.1. Our obligations

We may use your personal data | information to fulfil our obligations to you.

8.2. Messages and updates

We may send administrative messages and email updates to you about our service. In some cases, we may also send you primarily promotional messages. You can choose to opt-out of promotional messages.

8.3. Targeted content

While you are logged into the website, we may display targeted adverts and other relevant information based on your personal data | information. In a completely automated process, computers process the personal data | information and match it to adverts or related information. We never share personal data | information with any advertiser, unless you specifically provide us with your consent to do so. Advertisers receive a record of the total number of impressions and clicks for each advert. They do not receive any personal data | information. If you click on an advert, we may send a referring URL to the advertiser’s website identifying that a customer is visiting from the website. We do not send personal data | information to advertisers with the referring URL. Once you are on the advertiser’s website however, the advertiser is able to collect your personal data | information.

Disclosure

9.1. Sharing

We may share your personal data | information with:

other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services);
an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
our goods suppliers or service providers under contract who help supply certain goods or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods suppliers or service providers only use your information in connection with the goods they supply or services they perform for us and not for their own benefit);
credit bureaus to report account information, as permitted by law;
banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you utilise the services to receive payments and you meet their criteria); and
other third parties who provide us with relevant services where appropriate.

9.2. Regulators

We may disclose your personal data | information as required by law or governmental audit.

9.3. Law enforcement

We may disclose personal data | information if required:

by a subpoena or court order;
to comply with any law;
to protect the safety of any individual or the general public; and
to prevent violation of our terms of service.

9.4. No selling

We will not sell personal information. No personal data | information will be disclosed to anyone except as provided in this privacy policy.

9.5. Marketing purposes

We may disclose aggregate statistics (information about the customer population in general terms) about the personal data | information to advertisers or business partners.

9.6. Employees

We may need to disclose personal data | information to our employees that require the personal data | information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel. Any of our employees or personnel that handle your personal data | information will have signed non-disclosure and confidentiality agreements.

9.7. Change of ownership

If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to another entity, we may assign our rights to the personal data | information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal data | information migrating to a new owner, you may request us to delete your personal data | information.

9.8. Unauthorised disclosure

We cannot accept any liability whatsoever for unauthorised or unlawful disclosure of your personal data | information by third parties who are not subject to our control.

Security

We take the security of personal data | information very seriously and always do our best to comply with applicable data protection laws. We will implement and maintain appropriate technical and organisational measures to protect the security and confidentiality of the personal data | information. We host a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. All personal data | information is securely stored in our customer database. We authorize access to personal data | information only for those employees who require it to fulfil their job responsibilities. We implement disaster recovery procedures where appropriate.

Accurate and up to date

We will try to keep the personal data we collect as accurate, complete and up to date as is necessary for the purposes defined in this policy. From time to time we may request you to update your personal data on the website. You are able to review or update any personal data that we hold on you by accessing your account online or emailing us. Please note that in order to better protect you and safeguard your personal data, we take steps to verify your identity before granting you access to your account or making any corrections to your personal data. Throughout your interaction with us you retain the right to rectify personal data that is incorrect or inaccurate. This does not apply if we process your personal data in our capacity as a Processor | Operator on behalf of you or the Administrator when you or the Administrator act as the Data Controller | Responsible Party.

Retention

We will only retain your personal data for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:

retention of the record is required or authorised by law; or
you have consented to the retention of the record.
During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal data.

We may retain your personal data in physical or electronic records at our discretion.

Transfer to another country

We may transmit or transfer personal data outside of the country in which it was collected to a foreign country and process it in that country. Personal data may be stored on servers located outside the country in which it was collected. You consent to us processing your personal data in a foreign country whose laws regarding processing of personal data may be less stringent.

Updating or removing

You may choose to correct or update the personal data you have submitted to us by contacting us via email or via the website.

You are entitled to a right to be forgotten. We will delete any personal data that you don’t want us to have. If you are a data subject of the Administrator or one of our customers (who is the Data Controller | Responsible Party), then you must submit your request to the relevant Data Controller | Responsible Party who will then delete your personal data | information.

Restriction of processing

You may request that we restrict the use of your personal data. When we restrict your personal data, we still have the right to store it but not use it.

Data portability

If you should wish to transfer your data from us to another Data Controller | Responsible Party we will facilitate this transfer. We will pass on all of our personal data to the Data Controller | Responsible Party.

If you are a data subject of the Administrator or one of our customers (who is the Data Controller | Responsible Party), then you must submit your request for your personal data | information to the relevant Data Controller | Responsible Party, who will then export your personal data | information.

Data breaches

We will notify our customers of any confirmed data breaches that have occurred. It is our customers’ responsibility to notify relevant supervisory authority and any affected data subjects of the data breach.

Limitation

We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.

Enquiries

If you have any questions or concerns arising from this Privacy Policy, please contact us on legal@didrixhosting.com.

REPORT ABUSE

Below are the details we will need from you when investigating Internet abuse. Reports will not be investigated until these details are received. If any of the information listed below is missing from your report, please re-send the information.

Reporting email / newsgroup misuse (including spam)

We require the full header and content of the Email/Newsgroup post. The header enables us to trace the journey that an Email/Newsgroup post has made from the computer it originated from to the computer it was downloaded to. Please see below for instructions on retrieving full mail headers within Microsoft Outlook. If you use another mail client, Please check your providers support documentation for this information. Alternatively, you can forward Didrix Hosting the entire message as an attachment so that we can retrieve the email headers.

To retrieve headers in Outlook (with the email not opened in your inbox):

Right click on a message and choose “Options”

From pop-up box, copy all from “Internet Headers” window

Close pop-up box

Right click on the message again and choose “Forward”

Paste headers into the top of the pop-up email forward window

Send to abuse@didrixhosting.com

To retrieve email headers from Outlook Express for Windows:

With the mail unopened in your inbox

Right click on the mail

Choose properties

Click on the ‘details’ tab at the top of the ‘pop-up’ box

Press “message source”

Copy the contents of the new window and paste it into your email to abuse@didrixhosting.com

To retrieve email headers from Outlook Express for Macintosh:

With the mail unopened in your inbox

Click View

Click Source

To select all use: command + a

To copy use: command + c

To paste the header use: command + v

Paste the contents into a new email addressed to abuse@didrixhosting.com

Reporting virus activity

Didrix Hosting has virus monitoring systems in place equipped to pick up virus activity that could infect your email. If you have been infected locally i.e. on your PC or local area network, please note that Didrix Hosting is unable to offer any support in their removal. We recommend that you install Anti-Virus software and ensure that it is updated regularly on your PC/ local area network.

If you would like to report an email virus that has not been detected by our virus monitoring systems, please include the following information in your complaint:

Header of the email (if one is available) and content of the email.

The email attachment that was sent to you (if any). The attachment may need to be placed in an archived file (.zip etc) for our email software to receive it. If you cannot attach the virus, then please send the email and header only.

Important note: Do NOT open the attachment or click on any links in the email message as you could infect your system with the virus.

Reporting web space abuse

If you become aware of any web space hosted by Didrix Hosting that is unlawful, then please follow the ‘Take-Down Notification’ request outlined below.

How to submit a take-down request:

According to section 75 of the Electronic Communications and Transactions Act (“the Act”) Didrix Hosting has designated the Internet Service Providers’ Association (ISPA) as its agent, who are authorised to receive notifications of infringement as defined in Section 77 of the Act.

Didrix Hosting kindly requests that you submit the complaint to ISPA where it will be dealt with accordingly.

ISPA’s contact details are as follows:

Postal address: PO Box 518, Noordwyk, 1687

Phone: +27 10 500 1200

Fax: 086 606 4066

Email: complaints@ispa.org.za

Your take-down request must include the following information:

Full name

Physical address

Telephone number

Email address

The name of the service provider

A clear and unambiguous identification of the unlawful material or activity i.e. the web page link where the material appears

A description of the right that you believe has been infringed by the material or activity concerned e.g. “my right to privacy is being infringed by the publication of my credit card number”

The remedial action you wish the service provider to take i.e. “the credit card number should be removed”

A statement that the information in your complaint is, to your knowledge, true and correct and that you are acting in good faith

Your signature, either written or electronic

The ISPA will acknowledge receipt of your email, once you have submitted your take-down request to complaints@ispa.org.za. Please refer to the ISPA for further information on how the Take down request will be handled.

In terms of section 77(2) of the Electronic Communications and Transactions Act, any person who lodges a notification of unlawful activity with a service provider knowing that it materially misrepresents the facts is liable for damages for wrongful take-down.

In accordance with our privacy policy, we are unable to disclose any personal customer information without a court order and the involvement of the proper authorities.

Should your request relate to a domain name dispute, please refer to the ZACR Domain Name Dispute Resolution Policy. For .co.za domain disputes, please refer to ZACR South Africa.

If you’re aware of any web content hosted by Didrix Hosting that you feel is in contravention of our Terms and Conditions or Acceptable Use Policy, please email us at abuse@didrixhosting.com

Reporting on compromised Didrix Hosting My Zone password

If you discover that your Didrix Hosting My Zone password has been compromised, it is crucial that you notify Didrix Hosting immediately when first becoming aware of the incident.

In order to comply with our security policy, it is important that you email Didrix Hosting an incident report on your company letterhead together with a copy of your Identity Document, alternatively you can email us a copy of your Company Registration document.

Once we receive your email, Didrix Hosting will notify you telephonically of your new Management password details.

Please note that if you believe your FTP and email passwords have been compromised, there is no need to contact Didrix Hosting. Simply log into the CWP with your Client login ID and password and update your FTP and email passwords. To find out how, simply contact support:

Reporting port scanning, attempted hacking and firewall activity

Where your report is based upon information obtained from a firewall, please ensure that you send the relevant unedited firewall log (or excerpt). Please ensure that the log includes the time, date and time zone.

If you see any other misuse on your own servers originating from a Didrix Hosting IP Address, then please send us the following information:

Your URL, your web server log, shows the IP Address, Time, Date and Time zone of the IP Address logging into your server and any details of the misuse that has taken place.

The URL, the time and date that you noticed the infringement, any details regarding how you came to view the material and a precise description of why you believe the domain to be in breach.

SECURITY STATEMENT

Platform security

Servers

All servers used to provide our managed hosting service, both for shared web hosting and dedicated managed servers are physical servers exclusively provisioned and managed by Didrix Hosting.

Our Self-managed servers are provisioned by Didrix Hosting, while the software is maintained by the customer.

Servers are designed to provide redundancy and reliability, including multi-core, multi-CPU systems, ECC (Error-Correcting Code) memory modules to detect and correct data corruption in real time and enterprise grade storage that includes hard disk and solid state drives.

All data is stored on dedicated, robust RAID storage arrays providing data redundancy and integrity.

Additionally, our TruServ Commerce range of Self-Managed servers include a Battery Backup Unit (BBU) which protects and maintains the data on RAID cards.

Security response policy

All relevant security advisories are evaluated weekly. We make use of Debian Linux and trust their security response (https://www.debian.org/security/) to all CVEs (https://cve.mitre.org).

Note: Debian is a slow moving distribution, which means that versioning misinterpretation regarding security vulnerabilities may occur when looking at the output of a typical automated security scan. Debian don’t upgrade major versions for any releases once they move into the stable release phase, but they do apply security patches. Therefore it may appear that the old stable release of Debian is running an insecure version of certain software packages e.g. OpenSSL (1.0.1t-1). However, once the Debian patch version is applied (1.0.1t-1+deb7u3), the vulnerability is addressed. This indicates the Debian maintainer’s ongoing commitment to patching security related issues on all supported versions of Debian.

We are committed to updating all software to the latest stable versions within 7 days of their release, and within 24 hours for critical software updates.

Remote access

Access to managed servers is limited by means of Linux firewall software. All managed servers make use of the same incoming firewall rules and we do not allow any deviation from the standard rulesets

Backups

All Didrix Hosting Managed Servers (i.e. Web hosting and Managed Servers) are automatically backed up in the early hours of the morning. The backup includes all critical data required for disaster recovery.

Backups are made of the user’s home directory as well as databases. The user’s home directory will include site content, web logs and any mail that was on the server at the time that backup was completed.

Customers can restore up to the previous 2 weeks of backup data via the Didrix Hosting Control Panel. Please note that Didrix Hosting does not guarantee backups. If you have critical data which you cannot afford to lose in the event of a disaster, keep a copy of your data locally (or at an alternate location) as well.

Logs (such as FTP, web server and mail logs) are normally kept for 60 days.

Due to the large scale of our Web hosting and Managed server hosting environment, our backup and restore process is effectively tested on a daily basis.

Software development

Stack: We have a strong focus on open source technologies and mainly use PHP and Ruby as our backend languages. Our frontend stack consists of HTML/HTML5, CSS/CSS3 and various JavaScript frameworks. We use varying database technologies including MySQL, MariaDB and Postgres.

Coding Practices: We follow an Agile development methodology and use best practices and industry-standard secure coding guidelines to ensure security is always top of mind. External penetration testing providers are used to validate that we are secure.

Anti virus

All servers (which are Linux based) run Clam anti-virus which is updated as new virus definitions are released. Servers are scanned daily.

User passwords

All customer passwords are stored in a one-way encrypted format. Didrix Hosting is not able to retrieve any passwords. Due to the broad technology implementation across our hosting software and platform, we employ a number of different password hashing algorithms e.g. bcrypt, sha-512. We implement industry standard practices for mitigating various password cracking methods e.g:

Password salts to mitigate rainbow attacks

Multiple password hashing rounds (key stretching) to massively draw out brute force attacks

Mail security

SSL is used for POP, IMAP and SMTP protocols for email, resulting in data encryption between our server and customers’ mail programmes.

The use of strong passwords is enforced when creating or editing mailboxes via the mail admin tool.

The following measures are used to mitigate spam and malware:

Anti-virus and anti-spam scanning occurs on all inbound and outbound email.

Common malicious file extensions are blocked for both inbound and outbound email.

Known malicious IP addresses are blocked by our firewall for incoming email.

Data protection

Data protection includes security and is a related topic.

Payment Data Security

Credit / debit card purchases for Didrix Hosting services are processed by the third-party vendor, VCS. No credit / debit card information is submitted via our website or stored on any of our systems.

Banking details used for debit order instructions are secured by various authentication measures and system firewalls.

Other

Incident response

We have good incident response plans, procedures and practices in place that mean we respond to incidents or data breaches quickly and effectively.

Trust and Safety team

Our dedicated team of Trust and Safety consultants monitor the hosting platform for any form of abuse such as compromised websites and mailboxes, network abuse and phishing attacks and take swift remedial steps. They also contribute towards adapting our systems to current trends in spam to ensure that our spam filtering service is effective.

Accreditation

Didrix Hosting has not undertaken the SOC 2 or ISO 27001 accreditation, though we fully support the Trust Service Principles (TSP) of security, availability, processing integrity, confidentiality and privacy. We commit to security best business practises and continuous improvement.

Customer responsibilities

While we care for the hosting infrastructure including the network and servers, it is our customers responsibility to keep their data and hosting account secure.

Use secure passwords and store them safely

Ensure sufficient security for your web applications

Ensure that CMS’ and plugins are always kept up-to-date

Self-Managed customers need to administer and security patch their own OS and applications, firewalls, etc as Didrix Hosting is responsible for the hardware and they are responsible for their software.

We remain committed to providing a reliable hosting service to businesses that are serious about uptime, 24/7 technical support, and are looking to benefit from evolving technologies.

DATA PROCESSING AGREEMENT

This Data Processing Agreement (the “DPA”) forms part of Didrix Hosting’s Terms of Service (the “Principal Agreement”), and is incorporated into the Principal Agreement by reference. Didrix Hosting reserves the right to make changes to the respective Agreements at any time without notice. Any updated versions of the aforesaid Agreements will be posted on our website.

Introduction

This DPA applies when you sign up for our services, and Didrix Hosting acts as the Processor of your Personal Data I Information. When we provide these services to you, you are the Controller I Responsible Party of the Personal Data I Information that we Process because you decide why and how we Process that Personal Data I Information.

Definitions and Interpretations

2.1. The defined terms in this DPA supplement the terms of the Principal Agreement. Terms not defined herein will have the meaning as set forth in the Principal Agreement. If there is a conflict between any of the Principal Agreement’s provisions and this DPA’s provisions, the provisions of the DPA will prevail.

“Controller I Responsible Party” means the person who decides why and how Personal Data I Information will be processed. This would be you, our Customer.

“Data Protection Law” means any and all data protection laws and regulations that apply to Didrix Hosting’s Processing of Personal Data I Information under the DPA including, the GDPR, the Protection of Personal Information Act 4 of 2013, ePrivacy laws and, to the extent applicable, the data protection or privacy laws of any other country;

“Data Subject” means the person whose data is processed, which are your customers or site visitors.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data I Information and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data/Information” means any data or information that relates to an individual who can be directly or indirectly identified. For example, names and email addresses are Personal Data I Information. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be Personal Data I Information.

“Personal Data Breach” any unauthorized or otherwise unlawful Personal Data I Information processing.

“Process/Processing” means any action performed on data, whether automated or manual. This would include collecting, recording, organizing, structuring, storing, using, or erasing. Thus, basically doing anything with data.

“Processor/Operator” means Didrix Hosting, a third party that processes personal Data I Information on behalf of a data controller I Responsible Party.

“Standard Contractual Clauses” means the standard contractual clauses annexed to the EU Clauses/SCCs” Commission Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data I Information to processors I operator established in third countries.

“Subprocessor/Subopreator” means any person appointed by or on behalf of the Processor I Operator to process Personal Data I Information on behalf of Didrix Hosting in connection with the Agreement.

Agreement Subject Matter

3.1. Application. The DPA applies when Didrix Hosting Processes your Personal Data I Information subject to the applicable Data Protection Law.

3.2. Acceptance. By using our products and services you are deemed to have read, understood, accepted, anD agreed to be bound by all of the terms of the respective Agreements.

3.3. Duration. Didrix Hosting will Process Personal Data I Information until the Principal Agreement expires or terminates, unless otherwise agreed in writing, subject to clause 4.1.5 below.

3.4. Limitations. DPA does not apply where Didrix Hosting Processes data on either Controller I Responsible Party or Data Subject’s behalf in terms of any activity not set out in the Principal Agreement.

3.5. Details of Processing. The following details related to the Processing is described in the Principal Agreement and our Privacy Policy, which are incorporated into this DPA by reference:

3.5.1. the Processing’s subject-matter;

3.5.2. the Processing’s nature;

3.5.3. the Processing’s purpose;

3.5.4. the Personal Data I Information type;

3.5.5. the Data Subject categories; and

3.5.6. the Controller’s rights.

Data Processing and Protection

4.1. Processor’s Obligations

4.1.1. Processing of Data

Didrix Hosting will comply with the applicable Data Protection Law when Processing Personal Data/Information and will only Process Personal Data I Information on Controller I Responsible Party’s documented instructions.

Controller I Responsible Party instructs Didrix Hosting to Process Personal Data I Information to provide the Services and related technical support in terms of the Principal Agreement.

4.1.2. Data Transfer

Didrix Hosting may only transfer Personal Data I Information to a third country or international organisation on Controller I Responsible Party’s documented instructions, unless required to do so by applicable law.

Didrix Hosting must advise Controller I Responsible Party about the legal requirement before Processing the Personal Data I Information, unless the law prohibits them from doing so in the public interest. The Parties agree that the DPA and Principal Agreement constitute Controller I Responsible Party’s documented instructions for Processing Personal Data I Information.

4.1.3. Processors I Operator Personnel

Didrix Hosting will take reasonable steps to ensure that persons authorised by Didrix Hosting to Process any Personal Data I Information are subject to appropriate confidentiality obligations.

Didrix Hosting imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. For more information, please see our Privacy Policy.

4.1.4. Security Measures

Data Security

Didrix Hosting will implement appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, including, the measures referred to in Data Protection Law, and the measures referred to in Didrix Hosting’s Security Statement.

In assessing the appropriate level of security, Didrix Hosting will pay special attention to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data I Information transmitted, stored or otherwise processed.

Audits

Didrix Hosting will cooperate and provide reasonable assistance for audits (including inspections) by the Controller I Responsible Party or another auditor that they mandate. Controller I Responsible Party must provide Didrix Hosting with at least 30 (thirty) business days prior written notice of Controller I Responsible Party’s intention to audit.

Access to information

Personal Data I Information Breach

Didrix Hosting will notify the Controller I Responsible Party without undue delay after becoming aware of a Personal Data I Information Breach.

Assistance to Controller

Any Personal Data I Information Breach notification Didrix Hosting makes to assist Controller I Responsible Party will include information Didrix Hosting is reasonably able to disclose, taking into account:

the technical and organisational measures controller I Responsible Party requires to fulfil its obligation to respond to requests by Data Subjects, and

the nature of Processing, the information available to Didrix Hosting, and any restrictions on disclosing the information, such as confidentiality.

4.1.5. Return or Deletion of Personal Data I Information

Any time upon notification by Controller I Responsible Party, Didrix Hosting will, and will cause its Subprocessors I Suboperator to securely delete all Personal Data I Information (including all copies) to the extent permitted by applicable law.

Didrix Hosting agrees to preserve the confidentiality of any Personal Data I Information retained by us in accordance with applicable law. Any active Processing of such Personal Data I Information after the Data Processing services are terminated will be limited to the extent necessary to comply with applicable law. Didrix Hosting will ensure that the post-termination obligations in this section are also required of Subprocessors I Suboperator.

4.1.6. Subprocessing

Restriction

Didrix Hosting will not appoint or assign any of its obligations to any Subprocessor I Suboperator without Controller I Responsible Party’s prior specific authorisation or general written authorisation (provided that Didrix Hosting informs Controller I Responsible Party of any intended changes to Subprocessors I Suboperator and gives Controller I Responsible Party an opportunity to object to such changes).

4.1.7. Authorised Subprocessors I Suboperator

Controller I Responsible Party authorises Didrix Hosting to engage the following categories of Subprocessors I Suboperators that are mostly located in the European Union, for the Data Processing activities related to the services described in the Principal Agreement and our Privacy Policy:

Registrars for domain names,

CRM for emails and calls,

Hosting services, or

any other services necessary to provide services to you.

4.1.8. Specific obligations

Didrix Hosting will ensure that its Subprocessors I Suboperator are bound by data protection obligations compatible with our obligations as a Processor I Operator under this DPA.

4.2. Controller I Responsible Party’s Obligations

4.2.1. Warranties. Controller I Responsible Party warrants that it has all necessary rights to provide the Personal Data I Information to Didrix Hosting.

4.2.2. Responsibilities. Controller I Responsible Party must make sure that certain designated personnel within their organisation:

provide all necessary privacy notices to Data Subjects;

obtain any necessary Data Subject consent to the Processing;

maintain a record of such consent; and

Communicate to Processor I Operator that a Data Subject has revoked consent, where a Data Subject does so;

to the extent that applicable Data Protection Law requires.

Processing of Personal Data I Information outside of the European Economic Area (the “EEA”)

5.1. Standard Contractual Clauses

5.1.1. When does it apply?

The Standard Contract Clauses apply to any Processing where the parties:

directly (or via onward transfer) transfer Personal DataI Information outside of the EEA or otherwise to an undesignated territory; or

Processes Personal Data I Information originating in the EEA outside of it or in an undesignated territory (a territory that has not been designated by the European Commission to ensure adequate levels of protection for Personal Data I Information).

5.1.2. When does it not apply?

Personal Data I Information that the Parties otherwise transfer or Process; or

Where Parties have adopted binding corporate rules or a similar mechanism or alternate recognised compliance standard for the lawful transfer of Personal Data I Information outside the EEA.

5.1.3. Adequate protection

The Parties will assess whether the following requirements are met:

the level of protection of the third country meets the level required by the applicable Data Protection Law, and

the laws of the third country enable the Processor I Operator to comply with the SCCs.

Supplementary measures may be taken to ensure a level of protection equivalent to the protection provided under the applicable data protection law, if the requirements in this clause are not met. The Parties will implement the guidance from the relevant supervisory authority to determine the supplementary measures they must put in place.

General Terms

6.1. Confidentiality

Didrix Hosting will keep all Personal Data I Information confidential, and will not disclose it to any third party except as is required by law.

6.2. Notices

All notices and communications given under this Agreement must be in writing and will be sent via email. Controller I Responsible Party will be notified via email sent to the address related to its use of the Services under the Principal Agreement. Didrix Hosting will be notified via email, sent to the address: legal@Didrix Hosting.com.

6.3. Liability and indemnity

Each Party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses that the other party incurs arising out of a breach of this DPA or Applicable Data Protection law by the indemnifying party, provided that:

6.3.1. each Party provides the other with a notice of the claim promptly after receiving it;

6.3.2. the indemnified Party gives the indemnifying Party the right to control the defence;

6.3.3. the indemnified Party will provide the indemnifying Party with reasonable assistance as necessary; and

6.3.4. the indemnified Party will avoid admission of liability.

EMAIL DISCLAIMER

This email communication and any attachments, is intended solely for the use of the individual or entity to whom we have addressed the communication to and others authorised by us to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.

If you are not the intended recipient of this email (or such person’s authorised representative), then:

(a) please notify the sender of this email immediately by return email, or telephone Didrix Hosting on 0861-0861-08 / +27 21 970 2000 and delete this message from your system;

(b) you may not print, store, forward or copy this message or any part thereof or disclose or cause information in this message to be disclosed to any other person.

When addressed to clients of Didrix Hosting (“the sending company”) any opinion or advice contained in this email is subject to the applicable terms and conditions of business and acceptable use policies.

While Didrix Hosting endeavours to prevent loss or damage to third party systems, the sending company does not accept liability for any damage, loss or expense arising from this e-mail and/or from the accessing of any files attached to this email.

Please also view our Privacy Policy.

HARDWARE POLICY

It is understood that the customer retains the hardware selected at the time of ordering for the duration of his stay at Didrix Hosting.

Should the customer decide to upgrade to a new hosting package with different hardware specifications to his current server, he will be required to pay the setup fee for the new package.

In the event of hardware failure, Didrix Hosting guarantees repair or replacement of the said hardware.

In the case of our Self-Managed Servers, Didrix Hosting guarantees the repair or replacement of hardware within 90 minutes or the customer is refunded with a month’s free hosting. In practice, this is usually achieved within a much shorter time frame.

COOKIE POLICY

This website uses cookies – small text files that are placed on your device to help us provide a better user experience. In general, cookies are used to help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website won’t function properly without these cookies.

Cookies are also used to retain user preferences and provide anonymous tracking data to third party applications like Google Analytics. For more information on how to opt out of being tracked across all websites by Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

As a rule, cookies are used to optimise your browsing experience.

How do I change my cookie settings?

We allow you to manage your cookie preferences within our website. You can adjust your cookie settings at any time by clicking manage my cookies.

Alternatively you can disable cookies on this website, by disabling cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Your consent applies to the following domains: Didrix Hosting.co.za

This list details the cookies used on our website.

Cookie Description

Essential

viewed_cookie_policy This cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It doesn’t store any personal data.

JSESSIONID Used by sites written in JSP. General purpose platform session cookies that are used to maintain users’ state across page requests.

Functional

lidc LinkedIn sets the lidc cookie to facilitate data center selection.

bcookie LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.

lang This cookie is used to store the language preference of a user to serve up content in that stored language the next time the user visits the website.

_hjAbsoluteSessionInProgress This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.

_hjIncludedInSessionSample This cookie is set to let Hotjar know whether a user is included in the data sampling defined by the website’s daily session limit.

_hjIncludedInPageviewSample This cookie is set to let Hotjar know whether a user is included in the data sampling defined by the website’s pageview limit.

_gat_UA-17245741-1 This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to.

_gat_UA-17245741-17 This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to.

_hjFirstSeen This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by recording filters to identify new user sessions.

_gid Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that is collected includes the number of visitors, their source, and the pages they visit anonymously.

_hjid This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script. You can read more about Hotjar here.

_ga The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

_ga_4PPXGNGQMV This cookie is installed by Google Analytics. The cookie stores information anonymously.

_fw_crm_v This cookie holds the tracker id Freshworks uses to identify the user who is coming back to the chat widget for the embedded Freshworks form on the contact page. It is required to enable the site to function.

li_gc This cookie is used to store consent of guests regarding the use of cookies for non-essential purposes

Marketing

bscookie This cookie is a browser ID cookie set by LinkedIn share buttons and ad tags.

fr Facebook sets this cookie to show relevant ads to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugins.

_fbp This cookie is set by Facebook to display ads when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

AnalyticsSyncHistory Used to store information about the time a sync with the lms_analytics cookie took place for users in the designated countries.

UserMatchHistory A cookie that Linkedin uses to track visitors on multiple websites in order to present relevant ads based on the visitor’s preferences.

Third party cookies

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.