Privacy Policy
Last updated: 10 October 2025
Photon Data (“Photon Data”, “we”, “us”, or “our”) is committed to protecting personal information in accordance with the Protection of PersonalInformation Act, 4 of 2013 (POPIA) and globally recognised privacy, security, and data-governance standards. This Privacy Policy explains how we process personal information when you interact with our website, products, services, and business.Photon Data provides enterprise software, machine-learning, analytics, marketplace compliance and data-management solutions primarily to business customers (enterprises, retailers, platforms, and partners). As such, our services do not involve the collection of consumer-level data for our own purposes.
1. Scope
This Privacy Policy applies to:
- Visitors to our website and digital channels
- Representatives and users of our enterprise clients
- Prospective customers, partners, vendors, and job applicants.
All operations, services, platforms, and systems controlled by Photon Data that involve the processing of personal informationIt does not apply to personal information that our enterprise clients process within their own systems. Where Photon Data provides software, infrastructure, or data-processing capabilities to clients, we act asa “Operator” (POPIA) or “Processor” (GDPR), processing personal information solely on behalf of the client and in accordance with their instructions.
This Privacy Policy applies to:
- Visitors to our website and digital channels
- Representatives and users of our enterprise clients
- Prospective customers, partners, vendors, and job applicants.
All operations, services, platforms, and systems controlled by Photon Data that involve the processing of personal informationIt does not apply to personal information that our enterprise clients process within their own systems. Where Photon Data provides software, infrastructure, or data-processing capabilities to clients, we act asa “Operator” (POPIA) or “Processor” (GDPR), processing personal information solely on behalf of the client and in accordance with their instructions.
2. Categories of Personal Information We Collect
Photon Data does not collect consumer or end-customer data (e.g., retail shopper data, behavioural data, or transaction-level PII) for our own use. We may process the following limited categories of personal information:
2.1 Website Visitors
- Contact details submitted via forms (name, business email, phone number)
- Company details (organisation name, job title, industry)
- Basic technical information (IP address, browser type, device data, cookies – to improve website functionality and security)
2.2 Enterprise Clients & Partners
- Business contact details for authorised users
- Authentication and access-control information
- Billing and contractual information
- Audit, logging, and security-related metadata (high-level, non-content logs)
2.3 Job Applicants
- CV/resume details and professional background
- Interview information
- References (if provided)
Photon Data does not collect consumer or end-customer data (e.g., retail shopper data, behavioural data, or transaction-level PII) for our own use. We may process the following limited categories of personal information:
2.1 Website Visitors
- Contact details submitted via forms (name, business email, phone number)
- Company details (organisation name, job title, industry)
- Basic technical information (IP address, browser type, device data, cookies – to improve website functionality and security)
2.2 Enterprise Clients & Partners
- Business contact details for authorised users
- Authentication and access-control information
- Billing and contractual information
- Audit, logging, and security-related metadata (high-level, non-content logs)
2.3 Job Applicants
- CV/resume details and professional background
- Interview information
- References (if provided)
3. How We Use Personal Information
We use personal information for the following purposes:
- To provide, maintain, and support our enterprise products and services
- To manage contractual and commercial relationships
- To communicate with clients, partners, and prospective customers
- To respond to enquiries or support requests
- To improve the security, stability, performance, and usability of our systems
- To comply with legal, regulatory, and auditing obligations
- To conduct recruitment and talent-evaluation activities
Photon Data does not sell personal information, share it with third parties for marketing, or use it for profiling or automated decision-making that produces legal effects.
We use personal information for the following purposes:
- To provide, maintain, and support our enterprise products and services
- To manage contractual and commercial relationships
- To communicate with clients, partners, and prospective customers
- To respond to enquiries or support requests
- To improve the security, stability, performance, and usability of our systems
- To comply with legal, regulatory, and auditing obligations
- To conduct recruitment and talent-evaluation activities
Photon Data does not sell personal information, share it with third parties for marketing, or use it for profiling or automated decision-making that produces legal effects.
4. Lawful Basis for Processing (POPIA & Global BestPractice)
Photon Data processes personal information only where alawful basis exists, including:
- Performance of a contract with an organisation we serve.
- Compliance with legal obligations
- Legitimate interests (e.g., website security, fraud prevention, service improvement)
- Consent, where required for optional communications
When acting as an Operator for enterprise clients, we process data strictly as instructed by the responsible party (client).
Photon Data processes personal information only where alawful basis exists, including:
- Performance of a contract with an organisation we serve.
- Compliance with legal obligations
- Legitimate interests (e.g., website security, fraud prevention, service improvement)
- Consent, where required for optional communications
When acting as an Operator for enterprise clients, we process data strictly as instructed by the responsible party (client).
5. How We Protect Personal Information
Photon Data maintains a comprehensive Data PrivacyManagement Programme and Information Security Management System (ISMS) that apply across all systems, services, and operations. The programmes include:
- Documented privacy and security policies aligned with POPIA, GDPR and ISO-aligned good practice.
- Governance structures that define roles and responsibilities for privacy and security.
- Privacy Risk Impact Assessments (PRIAs) and other risk assessments conducted as part of our product and operational lifecycle.
- Access control, authentication, authorisation and least-privilege controls
- Encryption of data in transit and at rest (where applicable)
- Network, infrastructure and application-level security safeguards
- Security monitoring, audit logging and incident response procedures
- Vendor and third-party risk management
- Staff training, awareness and confidentiality obligations
Photon Data maintains a comprehensive Data PrivacyManagement Programme and Information Security Management System (ISMS) that apply across all systems, services, and operations. The programmes include:
- Documented privacy and security policies aligned with POPIA, GDPR and ISO-aligned good practice.
- Governance structures that define roles and responsibilities for privacy and security.
- Privacy Risk Impact Assessments (PRIAs) and other risk assessments conducted as part of our product and operational lifecycle.
- Access control, authentication, authorisation and least-privilege controls
- Encryption of data in transit and at rest (where applicable)
- Network, infrastructure and application-level security safeguards
- Security monitoring, audit logging and incident response procedures
- Vendor and third-party risk management
- Staff training, awareness and confidentiality obligations
6. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or to comply with legal,regulatory, and contractual obligations.
Retention periods may vary depending on:
- Contractual requirements
- Legal or auditing obligations
- Purpose of processing
- Security and operational needs
- Once no longer required, personal information is securely deleted or de-identified.
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or to comply with legal,regulatory, and contractual obligations.
Retention periods may vary depending on:
- Contractual requirements
- Legal or auditing obligations
- Purpose of processing
- Security and operational needs
- Once no longer required, personal information is securely deleted or de-identified.
7. Data Sharing & Transfers
Photon Data may share personal information only in the following limited circumstances:
- Service providers assisting with secure hosting, communications, analytics or operational support
- Enterprise clients (where individuals are part of that client’s authorised user base)
- Legal or regulatory authorities when required by law
We do not sell personal data, and we do not share information for advertising or unrelated third-party purposes. Where cross-border transfers occur (e.g., for hosting or support), we ensure appropriate safeguards such as:
- POPIA-compliant agreements with operators
- Standard Contractual Clauses (where applicable)
- Equivalent contractual protections for jurisdictions without adequate laws
Photon Data may share personal information only in the following limited circumstances:
- Service providers assisting with secure hosting, communications, analytics or operational support
- Enterprise clients (where individuals are part of that client’s authorised user base)
- Legal or regulatory authorities when required by law
We do not sell personal data, and we do not share information for advertising or unrelated third-party purposes. Where cross-border transfers occur (e.g., for hosting or support), we ensure appropriate safeguards such as:
- POPIA-compliant agreements with operators
- Standard Contractual Clauses (where applicable)
- Equivalent contractual protections for jurisdictions without adequate laws
8. Cookies and Tracking Technologies
Our website may use cookies or similar technologies to:
- Enable website functionality
- Improve performance and user experience
- Conduct basic analytics
You can manage cookie preferences via your browser settings. We do not use cookies for targeting or advertising.
Our website may use cookies or similar technologies to:
- Enable website functionality
- Improve performance and user experience
- Conduct basic analytics
You can manage cookie preferences via your browser settings. We do not use cookies for targeting or advertising.
9. Your Rights
Under POPIA and other privacy regulations (where applicable), you may have rights to:
- Access your personal information
- Correct or update inaccurate information
- Request deletion (where legally permissible)
- Object to processing in certain circumstances
- Withdraw consent (if processing is based on consent)
- Request information on how your data is used
Requests can be submitted using the contact information below.
Under POPIA and other privacy regulations (where applicable), you may have rights to:
- Access your personal information
- Correct or update inaccurate information
- Request deletion (where legally permissible)
- Object to processing in certain circumstances
- Withdraw consent (if processing is based on consent)
- Request information on how your data is used
Requests can be submitted using the contact information below.
10. Information Processed on Behalf of Clients
Photon Data’s enterprise products often run in the cloud or environment under a Bring-Your-Own-Cloud (BYC) model. In such cases:
- The client remains the Responsible Party.
- Photon Data acts as an Operator
- Personal information remains in the client’s environment
- Photon Data does not access or extract personal information except where explicitly authorised
All processing is governed by signed Data Processing/Operator Agreements. Photon Data does not use client data for any independent purpose.
Photon Data’s enterprise products often run in the cloud or environment under a Bring-Your-Own-Cloud (BYC) model. In such cases:
- The client remains the Responsible Party.
- Photon Data acts as an Operator
- Personal information remains in the client’s environment
- Photon Data does not access or extract personal information except where explicitly authorised
All processing is governed by signed Data Processing/Operator Agreements. Photon Data does not use client data for any independent purpose.
11. Updates to This Policy
We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. The “Last Updated” date at the top indicates when the policy was most recently revised.
We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. The “Last Updated” date at the top indicates when the policy was most recently revised.
12. Contact Us
For questions, requests, or concerns related to privacy or data protection, please contact:
Photon Data – Privacy Office
Email: info@photondata.io
Address: 24 Cradock Avenue, Rosebank, 2196
Attention: Information Officer / Deputy Information Officer
For questions, requests, or concerns related to privacy or data protection, please contact:
Photon Data – Privacy Office
Email: info@photondata.io
Address: 24 Cradock Avenue, Rosebank, 2196
Attention: Information Officer / Deputy Information Officer