Privacy Policy

Terms and Conditions

Effective Date: 15 June 2025

Non-Payment Protocol

"If an account remains unpaid for >60 days:

Services are suspended after 3 email/SMS warnings

Data enters read-only mode for preservation

If unpaid for >6 months:

Account is automatically terminated

All associated data permanently deleted using NIST 800-88 cryptographic erasure

Backups purged after 30 days (POPIA Section 14 compliance)

Post-termination data recovery is technically and contractually impossible. Account holders must ensure timely payments to prevent irreversible data loss."

1. Goods/Services Description

Synergetix provides:

Web hosting solutions
Network infrastructure
IT hardware/software procurement

2. Delivery Policy

Orders processed within 24hrs of payment verification
Delivery method/cost confirmed via email + SMS
Tracking provided for physical goods

3. Export Restrictions

Services exclusively available to:

South African residents
Businesses registered in South Africa

4. Returns & Refunds

Scenario	Policy	Timeline
Product unavailability	Full refund	30 days
Client cancellation	Full Month Notice	30 days
Service dissatisfaction	Case-by-case resolution	7-day investigation

5. Customer Privacy Policy

"Synergetix complies with POPIA (Act 4 of 2013). Personal data is:

Processed lawfully (Section 11)
Protected with AES-256 encryption
Never sold to third parties

6. Payment Options

Accepted methods:

Visa/Mastercard (via PayGate)
EFT (South African banks only)
PayPal (ZAR conversions apply)

7. Card Security

PCI-DSS compliant processing through PayGate
Zero card data stored on our systems
3D Secure authentication required

8. Data Separation

Client profiles stored in isolated databases
Payment processing fully outsourced to PayGate

9. Transaction Details

All transactions in ZAR
VAT included where applicable
Cross-border fees borne by client

10. Responsibility

Synergetix handles:

Order fulfillment
Technical support (24/7 ticketing)
Dispute resolution via managment@synergetix.co.za

11. Governing Law

Jurisdiction: South African courts
Domicilium: 1104 Oulap St, Wilgeheuwel, Roodepoort, 1724

12. Amendments

Changes effective immediately upon posting
Material modifications notified via email

13. Company Information

Synergetix (Pty) Ltd
Reg. No: 2004/087165/23
VAT No: 4130271895
Information Officer: Marcel Vermeulen

14. Contact Details

Data Protection Queries:

Email: dpo@synergetix.co.za
WhatsApp/SMS: +27 71 711 1700
Business Hours: Mon-Fri 8AM-5PM SAST

PRIVACY POLICY

Effective Date: 15 June 2025

1. Information Collection

We collect:

Data Category	Purpose	Legal Basis
Contact details	Account setup	Contract performance
Payment info	Transaction processing	Legal obligation
Technical logs	Security monitoring	Legitimate interest

2. Data Sharing

Operators we use:

Processor	Service	Location	Safeguards
PayGate	Payment processing	SA	POPIA Compliant

3. Data Subject Rights

Exercise via:

Email: dpo@synergetix.co.za
SMS/WhatsApp: +27 71 711 1700
Portal: https://hosting.synergetix.co.za/index.php/login

Response within 21 days (POPIA Section 23)

4. Security Measures

Encryption: TLS 1.3 (in transit), AES-256 (at rest)
Access Controls: Role-based permissions + MFA
Audits: Quarterly penetration testing

5. Data Retention

Data Type	Retention Period
Billing records	5 years (Tax Act)
Server logs	6 months
Inactive accounts	30 days post-termination

6. International Transfers

Data transferred to AWS Ireland protected by EU SCCs
No transfers to non-adequate countries without explicit consent

7. Cookies

Essential cookies: No consent required
Analytics cookies: Opt-in via cookie banner
Manage preferences: https://www.synergetix.co.za

8. Children's Privacy

No services offered to under-18s
Immediate deletion of underage accounts upon detection

9. Policy Updates

Changes posted 30 days before effect
Material modifications notified via email + SMS

10. Contact Information

Information Officer:

Marcel Vermeulen
dpo@synergetix.co.za
+27 10 500 0824

CANCELLATION OF SERVICES POLICY

Effective Date: 15 June 2025 | POPIA Compliance Update: July 1, 2025

1. Overview

We understand circumstances may require cancellation of our digital hosting services. This policy outlines the process, conditions, and data handling protocols aligned with POPIA (Act 4 of 2013) and GDPR standards. By subscribing to Synergetix services, you agree to these terms.

2. Eligibility for Cancellation

You may cancel services if:

All outstanding payments are settled
30-day written notice is provided via approved channels (Section 3)

3. Initiating Cancellation

Submit requests through:

Email: info@synergetix.co.za
WhatsApp/SMS: +27 71 711 1700
Client Portal: https://hosting.synergetix.co.za

Include:

Account details
Reason for cancellation
Desired termination date

4. 30-Day Notice Period

Begins when we confirm receipt of your request.
Services remain active during this period.

5. Refund for Unused Period

Refunds issued for prepaid services beyond the cancellation date.
Processed within 14 business days via original payment method.

6. Fees and Costs

Zero cancellation fees if notice requirements are met.
Outstanding balances must be settled before refund processing.

7. Data Management Requirements

Before Cancellation:

Migrate websites/data to new provider.
Download backups via client portal (available until termination date).

After Cancellation:

➤ POPIA/GDPR-Aligned Data Retention:

Data Type	Retention Period	Post-Retention Action
Active Client Data	30 days	Available for reactivation
Backups	30 days	Permanently deleted (AES-256 wipe)
Billing Records	5 years (Tax Act)	Securely archived

⚠️ Irreversible Data Loss Warning: After 30 days, all data (files, DBs, emails) is technically and legally irrecoverable.

8. Termination for Non-Payment

➤ Enhanced POPIA Protocol:

Unpaid accounts > 7 days: Services suspended; 3 email/SMS warnings sent.
Unpaid accounts > 6 months:
- Automatic termination initiated.
- All data permanently deleted (POPIA Section 14 compliance).
- Certificate of Deletion available upon request.

ACCEPTABLE USE POLICY (AUP)

Effective Date: 15 June 2025 | POPIA Compliance Update: July 1, 2025

1. Introduction

This AUP governs all services provided by Synergetix (Pty) Ltd (Reg. No. 2004/087165/23). By using our services, you agree to comply with:

POPIA (Act 4 of 2013)
ECTA (Act 25 of 2002)
GDPR standards for international data

2. Enhanced Non-Payment Protocol

"Termination for Non-Payment:

After 60 days unpaid: Service suspension + 3 warnings (email/SMS)

After 6 months unpaid:

Automatic termination

Permanent data deletion via NIST 800-88 cryptographic erasure

Backups purged after 30 days (POPIA Section 14)

No data recovery possible post-termination. Maintain timely payments to prevent irreversible loss."

3. Prohibited Activities

3.1 Illegal Content

Prohibited: Child pornography, hate speech, discriminatory material, or content violating:

Films and Publications Act 65 of 1996
Cybercrimes Act 19 of 2020

3.2 Privacy Violations

Strictly forbidden:

Processing personal data without lawful basis (POPIA Section 11)
Failing to implement AES-256 encryption for sensitive data
Unauthorized data collection (e.g., web scraping without consent)

3.3 Security Threats

Includes:

Hacking/cracking attempts
DDoS attacks
Distribution of malware/viruses
Unpatched vulnerabilities (e.g., outdated WordPress installations)

3.4 Spam & Email Abuse

Zero tolerance for:

Unsolicited bulk email (≥ 100 recipients/hour)
"Opt-out" marketing campaigns
Unsecured mail relays (must implement SPF/DKIM/DMARC)

4. Data Protection Requirements

4.1 Client Obligations

You must:

Sign our Data Processing Addendum
Conduct quarterly vulnerability scans
Report breaches to dpo@synergetix.co.za within 24 hours

4.2 Encryption Standards

Mandatory for:

Customer databases (AES-256)
Email communications (TLS 1.3)
Backups (at-rest encryption)

5. Enforcement Procedures

5.1 Breach Determination

Violations assessed based on:

Technical evidence (server logs, packet captures)
Third-party audits (e.g., ISPA reports)

5.2 Penalties

Violation Type	Action	Fines
Spam	Immediate suspension	ZAR 50,000 + cleanup costs
Data Breach	Termination + regulator notification	Up to ZAR 10 million (POPIA)
Illegal Content	Service termination + law enforcement referral	Criminal prosecution

5.3 Complaint Handling

Submit via:

Portal: https://synergetix-online.com
Email: abuse@synergetix.co.za
Full headers
Timestamps
Evidence files (PCAP/logs)

6. Legal Compliance

6.1 Notice & Takedown

Designated agent: ISPA (+27-10-500-1200 | takedown@ispa.org.za)
Illegal content removed within 48 hours of notification

6.2 Communications Interception

Conducted per:

RICA (Act 70 of 2002)
POPIA Section 6(1)(c)

7. Policy Amendments

Changes notified 30 days in advance via email + SMS
Major revisions require client acknowledgment via portal

8. Contact Information

Data Protection Officer:

Marcel Vermeulen
Email: dpo@synergetix.co.za
24/7 Abuse Line: +27 71 711 1700
Address: 1104 Oulap St, Wilgeheuwel, Roodepoort, 1724

DATA PROCESSING ADDENDUM (DPA)

1. Definitions

Term	Definition
POPIA	Protection of Personal Information Act 4 of 2013
Operator	Synergetix (processes data on the Responsible Party’s instructions)
Responsible Party	Client who determines the purpose of processing
Personal Information	As defined in POPIA Section 1
Data Subject	Natural person to whom Personal Information relates

2. Scope & Purpose

This DPA governs Synergetix’s processing of Personal Information for the Responsible Party’s use of:

Web hosting services
Email hosting
Server infrastructure
Backup solutions
Purpose: Provision of contracted services under the Terms of Service.

3. Processing Details

Category	Description
Data Subjects	Responsible Party’s customers, employees, website users
Types of Data	Names, email addresses, IPs, payment details, ID numbers
Processing Activities	Storage, backup, transmission, security monitoring
Retention Period	Duration of service + 30 days post-termination

4. Operator Obligations

Synergetix will:
a) Process Data Only on Instructions

Act solely on the Responsible Party’s documented directives.
b) Ensure Confidentiality
Bind all personnel to confidentiality agreements (POPIA Section 20).
c) Implement Security Measures
Technical: Encryption (TLS 1.3/AES-256), firewalls, MFA
Organisational: Access controls, quarterly penetration tests
d) Assist with Data Subject Rights
Facilitate requests (access, deletion, objections) within 21 days via:
- Email: dpo@synergetix.co.za
- WhatsApp/SMS: +27 10 500 0824
  e) Report Data Breaches
Notify Responsible Party within 24 hours of becoming aware of a breach.
Submit to the Information Regulator’s eServices Portal within 72 hours.

5. Subprocessing

a) Authorized Subprocessors

Subprocessor	Service	Location	Safeguards
Hetzner SA	Server Hosting	South Africa	POPIA-Compliant Contract
AWS	Cloud Backups	Ireland	EU SCCs
PayGate	Payment Processing	South Africa	POPIA-Compliant Contract

b) Consent Requirement

Synergetix will notify the Responsible Party of new subprocessors via email.
Objections must be raised within 14 days.

6. Cross-Border Transfers

Data transferred to AWS Ireland is protected by EU Standard Contractual Clauses (view AWS Compliance).
No data transferred to non-adequate countries without prior written consent.

7. Audit Rights

The Responsible Party may:
a) Request annual ISO 27001 or POPIA audit reports.
b) Commission an independent audit (at its own cost) if a breach is suspected.

8. Data Return & Destruction

Upon termination:
a) Return Data: Provide encrypted data exports within 30 days (format: SQL/CSV).
b) Destruction:

All data permanently deleted from live servers.
Backups purged after 30 days (POPIA Section 14).
c) Certificate of Deletion: Provided upon request.

9. Governing Law & Disputes

a) Governing Law: South Africa (POPIA and ECTA).
b) Dispute Resolution: Mediation via ISPA before litigation.