Privacy Policy

Effective Date: February 2025

1. Introduction

Codehelix (Pty) Ltd ("Codehelix", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website, use our services, or interact with us.

This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and other applicable data protection laws.

Contact Details:
Codehelix (Pty) Ltd
9A Milton Road, Westville
KwaZulu-Natal, 3630
South Africa
Email: hello@codehelix.io
Phone: +27 82 332 6804

2. Information We Collect

2.1 Information You Provide

When you contact us or engage our services, we may collect:

  • Contact Information: Name, email address, phone number, physical address
  • Business Information: Company name, job title, VAT number
  • Project Information: Requirements, content, and materials you provide for projects
  • Communication Records: Emails, messages, and notes from our interactions
  • Payment Information: Banking details for invoicing purposes (we do not store credit card numbers)

2.2 Information Collected Automatically

When you visit our website, we may collect:

  • Usage Data: Pages visited, time spent on pages, navigation paths
  • Technical Data: IP address, browser type and version, device type, operating system
  • Referral Data: How you arrived at our website

2.3 Information from Third Parties

We may receive information about you from:

  • Referrals from existing clients or partners
  • Publicly available business information

3. How We Use Your Information

3.1 Service Delivery

  • To provide web development, hosting, and related services
  • To communicate with you about your projects
  • To deliver and deploy websites and applications
  • To provide technical support and maintenance

3.2 Business Operations

  • To send invoices and process payments
  • To maintain records of our business relationship
  • To respond to your enquiries and requests

3.3 Communication

  • To send project updates and deliverables
  • To notify you of service changes or issues
  • To respond to support requests

3.4 Legal and Compliance

  • To comply with legal obligations
  • To establish, exercise, or defend legal claims
  • To protect our rights and the rights of others

3.5 Website Improvement

  • To analyse website usage and improve user experience
  • To monitor website performance and security

4. Legal Basis for Processing

We process your personal information based on the following legal grounds under POPIA:

  • Contract: Processing necessary to fulfil our contractual obligations to you
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our services and communicating with clients
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Consent: Where you have given explicit consent for specific processing activities

5. Cookies and Tracking Technologies

5.1 Essential Cookies

Our website uses essential cookies that are necessary for the website to function properly. These cannot be disabled.

5.2 Analytics

We use Google Analytics to understand how visitors interact with our website. This helps us improve our website and services. Google Analytics collects information such as:

  • Pages visited and time spent
  • Geographic location (country/city level)
  • Device and browser information
  • Referral sources

Google Analytics data is anonymised and aggregated. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.3 No Marketing Cookies

We do not currently use marketing or advertising cookies on our website.

5.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

6.2 Service Providers

We may share your information with trusted third-party service providers who assist us in delivering our services:

  • Hosting Providers: Xneelo, Linode (for server infrastructure)
  • Domain Registrars: For domain registration services
  • Email Services: For business communication
  • Accounting Software: For invoicing and financial records
  • Analytics: Google Analytics (for website analytics)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of others
  • Investigate potential violations of our terms

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

7. Data Retention

7.1 Active Clients

We retain your personal information for the duration of our business relationship and for a reasonable period thereafter to fulfil our contractual obligations and comply with legal requirements.

7.2 Enquiries

Contact form submissions and enquiries are retained for up to 2 years unless they result in a business relationship.

7.3 Financial Records

Invoices and payment records are retained for 5 years in accordance with South African tax and business record-keeping requirements.

7.4 Project Files

Project files and deliverables are retained for 2 years after project completion unless otherwise agreed with the client.

7.5 Website Analytics

Analytics data is retained according to Google Analytics' standard retention policies (currently 26 months for user-level data).

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Secure servers with firewall protection
  • SSL/TLS encryption for data transmission
  • Regular security updates and monitoring
  • Access controls limiting who can access personal data
  • Secure backup procedures
  • Password protection and authentication measures

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights Under POPIA

You have the following rights regarding your personal information:

9.1 Right to Access

You may request confirmation of whether we hold personal information about you and request a copy of that information.

9.2 Right to Correction

You may request that we correct or update inaccurate or incomplete personal information.

9.3 Right to Deletion

You may request that we delete your personal information, subject to our legal obligations to retain certain records.

9.4 Right to Object

You may object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.

9.5 Right to Restrict Processing

You may request that we restrict the processing of your personal information in certain circumstances.

9.6 Right to Data Portability

Where technically feasible, you may request that we provide your personal information in a structured, commonly used format.

9.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at hello@codehelix.io. We will respond to your request within a reasonable timeframe, and no later than required by applicable law.

10. Client Websites and Data Processing

10.1 Websites We Build and Host

When we build and host websites for clients, those websites may collect personal information from end users (such as contact form submissions). In these cases:

  • The client is the "responsible party" under POPIA for that data
  • Codehelix acts as an "operator" (processor) on behalf of the client
  • We process such data only as instructed by the client and as necessary to provide our services

10.2 Client Responsibilities

Clients are responsible for:

  • Ensuring their websites have appropriate privacy policies
  • Obtaining necessary consents from their users
  • Complying with POPIA and other applicable laws
  • Instructing us on how to handle user data

10.3 Data Breach Notification

If we become aware of a data breach affecting personal information we process on behalf of a client, we will notify the client within 72 hours.

11. International Data Transfers

Your information may be processed on servers located outside South Africa, including through our hosting infrastructure providers. Where this occurs, we ensure appropriate safeguards are in place to protect your information in accordance with POPIA requirements.

12. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any website you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on our website with a new "Last Updated" date.

For material changes, we will make reasonable efforts to notify existing clients directly.

15. Complaints

If you have concerns about how we handle your personal information, please contact us first at hello@codehelix.io. We will investigate and respond to your concerns.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa:

Information Regulator (South Africa)
Website: https://inforegulator.org.za
Email: enquiries@inforegulator.org.za

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Codehelix (Pty) Ltd
Nick Laubscher
9A Milton Road, Westville
KwaZulu-Natal, 3630
South Africa

Email: hello@codehelix.io
Phone: +27 82 332 6804

This Privacy Policy was last updated in February 2025.