Privacy Statement (ZA)

This privacy statement was last updated on July 12, 2021 and applies to citizens and legal permanent residents of South Africa.

In this privacy statement, we explain what we do with the data we obtain about you via We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand) 

2. What if you don't provide us with your personal information?

If you don’t provide us with your personal information, we may not be able to provide you with the information, products or assistance that you are seeking.

3. Sharing with other parties

We only share or disclose this data to operators for the following purposes:


Name: Creators Digital Agency
Country: South Africa
Purpose: Website Maintenance

4. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.  We have concluded a data processing agreement with Google. Google may not use the data for any other Google services. The inclusion of full IP addresses is blocked by us. 

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed. 

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites. 

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible. 

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.


9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Regulator South Africa: 
P.O Box 31533,

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Environmental Drilling & Remediation Services
Plot 59 Elandsdrift, Krugersdorp 1739
South Africa
Phone number: +27 10 596 1000

We have appointed a contact person for the organization’s policies and practices and to whom complaints or inquiries can be forwarded:
Derek Whitfield
Plot 59 Elandsdrift, Krugersdorp 1739


iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days.

When running Security Check, will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to as part of this process. Requests to include the site’s URL. For privacy policy details, please see the iThemes Privacy Policy.

Suggested text: This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

In order to ensure file integrity, iThemes Security pulls data from,, and No personal data is sent to these sites. Requests to include the WordPress version, the site’s locale, a list of installed plugins, and a list of each plugin’s version. Requests to and include the installed iThemes products and their versions. For privacy policy details, please see the WordPress Privacy Policy. For privacy policy details, please see the iThemes Privacy Policy. Requests to are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by For privacy policy details, please see the iThemes Privacy Policy.

WP Smush

Plugin: Smush

Note: Smush does not interact with end users on your website. The only input option Smush has is to a newsletter subscription for site admins only. If you would like to notify your users of this in your privacy policy, you can use the information below. Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers. Smush uses the Stackpath Content Delivery Network (CDN). Stackpath may store web log information of site visitors, including IPs, UA, referrer, Location and ISP info of site visitors for 7 days. Files and images served by the CDN may be stored and served from countries other than your own. Stackpath’s privacy policy can be found here. Smush uses a third-party email service (Drip) to send informational emails to the site administrator. The administrator’s email address is sent to Drip and a cookie is set by the service. Only administrator information is collected by Drip. 


  1. Scope and objective of the policy

1.1 The Protection of Personal Information (POPI) policy is intended to ensure the legitimate concerns of individuals/companies about the ways in which their data may be used. 

1.2 The Personal information Act, 4 of 2013 (signed into law in November 2013) has the following aims:

1.2.1 to promote the protection of personal information processed by organisations in the public and private sectors.

1.2.2 to establish minimum requirements for the processing of personal information.

1.2.3 to establish an Information Regulator with powers.

1.2.4 to provide for the issuing of codes of conduct.

1.2.5 to protect the rights of people regarding unsolicited electronic communications and automated decision making.

1.2.6 to regulate the transborder flow of information.

1.2.7 to provide for connected matters.

1.3  This policy has been developed in line with the Personal Information (POPI) Act, 4 of 2013 and aims to ensure that the processing of personal information & special/sensitive personal information adhere to the conditions for lawful processing as set out in Chapter 3 of the POPI Act.  

1.4 The POPI Act and this policy does not apply to the processing of personal information of a deceased person. 

1.5. The POPI act includes identifiable, existing jurisdic person (where applicable) in its definition of personal information.  The processing of personal information of the directors of companies or partners in business partnerships, for example, falls within the parameters of the POPI Act and this policy.

  1. Definitions

2.1 ‘’competent person’’ – means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

2.2 ‘‘Consent’’ – means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;

2.3 “Company” – a legal registered entity. 

2.4 “Privacy” – is about ensuring that both individuals and juristic entities are aware of                                     what is being done with their personal information.

2.5 “Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person, including, but not limited to:

  1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
  2. Information relating to the education or the medical, financial, criminal or employment history of the person.
  3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
  4. The biometric information of the person.
  5. The personal opinions, views or preferences of the person.
  6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  7. The views or opinions of another individual about the person, and
  8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. 

The definition of personal information includes special or sensitive personal information.  These categories refer to sensitive areas which a person would not like published.

2.6 “Special personal information” relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or the biometric information of a data subject.  It also relates to the criminal behaviour of a data subject regarding the alleged commission of an offence or any proceedings in respect of any offence allegedly committed by the data subject or the disposal of such proceedings; a history of a person’s education, medical, financial, criminal or employment history; and/or the processing of biometric information of a person.

  1. Legal Principles

The following legislation is applicable to this policy:

  1. the Constitution of South Africa act 108 of 1996.
  2. The Personal Information Act, Act 4 of 2013.
  3. Regulation of Interception of Communications & Provision of Communication-related Information Act, 70 of 2002.
  4. Electronic Communications & Transactions Act, 25 of 2002.
  5. National Credit Act, 34 of 2005.
  6. The Cybercrimes and Cybersecurity Bill and relevant proposed Bills.
  7. The Spatial Data Infrastructure Act 54 of 2003.
  8. Codes of Conduct published by industries/bodies (e.g. Advertising Standards Authority of South Africa). 
  9. Policy
    1. The policy applies to any information regarding clients, suppliers and employees including contact details and correspondence. Human Resources and payroll data, curricula vitae, applications for employment, CCTV records, performance reviews and internal e-mail records of the employee, customers, and Environmental Drilling & Remediation Services.
    2. The policy applies to any form of recorded information, regardless of the form of medium and include, but is not limited to information on:
      1. Tape recorder
      2. Computer
      3. Labels
      4. Markings
      5. Books
      6. Maps
      7. Photographs
      8. Films
      9. Negative type/other devices. 

4.2 The policy conditions impact technology, processes, and the way Environmental Drilling & Remediation Services process personal information.

4.3 Personal information may only be used for the purpose agreed with your customers, clients, and employees.

4.4 Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply – Environmental Drilling & Remediation Services to implement opt-in and opt-out strategies.

4.5 Personal information may only be retained for as long as necessary – Environmental Drilling & Remediation Services to specify retention periods.

4.6 Environmental Drilling & Remediation Services shall not process more personal information than is necessary.

4.7 Processing of special personal information is prohibited unless provisions stipulated in this policy apply.

4.8 Personal information of employees, clients, customers and Environmental Drilling & Remediation Services will be sufficiently protected and used in a manner that facilitates transparency around the following:

4.8.1 what is done with the personal information;

4.8.2 why and how it is processed (i.e. this covers all phases of a typical information management life cycle – from collection, to usage, sharing, disposal, archiving, etc);

4.8.3 who the personal information is shared with (i.e. third parties – both locally and internationally, other legal entities – sometimes within the same group or company, etc);

4.8.4 what types of personal information is processed and for what purpose.

4.9 Personal Information of the employees, clients, and customers includes:

4.9.1 contact details;

4.9.2 demographic information;

4.9.3 personal history, criminal record;

4.9.4 email addresses, date of birth and age;

4.9.5 education information physical address; and

4.9.6 financial information as well as communication records. 

4.10 Personal information (PI) of Environmental Drilling & Remediation Services includes:

4.10.1 financial information;

4.10.2 intellectual property (processes, methods);

4.10.3 ICT systems/ programmes; and

4.10.4 CCTV surveillance and guard monitoring systems

  1. Procedure

5.1 Environmental Drilling & Remediation Services is expected to identify what they classify as Personal Information and take reasonable measures to protect the data. This will likely reduce the risk of data breaches and avoid legal ramifications for Environmental Drilling & Remediation Services

5.2 Environmental Drilling & Remediation Services, therefore, must receive consent from individuals before they can obtain and retain personal information for communication or any other purpose.

5.3 The employee, clients, customers, and Environmental Drilling & Remediation Services will be kept updated of what is being done with their information and the associated reasoning.

5.4 In accordance with the Protection of Personal Information Act, as soon as a privacy breach is detected and established, it must be reported to the regulator and to the party whose information was accessed.

5.5 All responsible parties need to know and be able to explain how the breach occurred, what has been done to contain any harm and how will any such breach be prevented in the future.

5.6 Should employees for any given reason no longer service the organisation; information prescribed as personal (financial information, intellectual property) as according to Environmental Drilling & Remediation Services policy should not be disclosed to the public (i.e. companies operating in the same industry). The same principal applies to Environmental Drilling & Remediation Services.

5.7 Those concerned (Environmental Drilling & Remediation Services the employee, and clients) have the right to complain and escalate any issues related to privacy, especially if they believe that their right to information privacy has been violated.

5.8 Employees are expected to protect the private information of Environmental Drilling & Remediation Services e.g.:

5.8.1 confidential files are expected to be put in a secure area (locked draws); and 

5.8.2 personal login details to Environmental Drilling & Remediation Services’s ITC systems are expected to be kept confidential to avoid unauthorized access to private systems. 

5.9 Failure to comply with the requirements of the policy will result in immediate dismissal, fine or severe legal consequences.

Get a Quote
close slider