Elevate Tech Logo

Privacy Policy

Elevate Tech Limited Registration Number: 2025/742289/10 VAT/Tax Number: 9860279190 Registered Address: 24 Price Drive, Constantia, Cape Town, Western Cape, 7806, South Africa Website: https://store.elevatetech.biz Support Email: support@elevatetech.biz Information Officer: Wade Wareing — wade@elevatetech.biz

Effective Date: 3 June 2026 Version: 1.0

1. Introduction

1.1 Elevate Tech Limited ("Elevate Tech", "we", "us" or "our") is committed to protecting the privacy and personal information of the persons whose information we process. This Privacy Policy explains how we collect, use, store, share, protect and otherwise process personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable laws.

1.2 This Privacy Policy applies to the website at https://store.elevatetech.biz and related environments (including the test environment at https://store-test.elevatetech.biz) (the "Website"), and to our dealings with customers, prospective customers, suppliers, business contacts and website visitors.

1.3 This Privacy Policy forms part of, and must be read together with, our Terms and Conditions of Sale and Website Use, our Cookie Policy, our POPIA Data Subject Rights Policy, our Electronic Communications and Consent Policy and our PAIA Manual.

1.4 By using the Website, registering an account, placing an order, or otherwise providing us with personal information, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

2.1 In this Privacy Policy:

"data subject" means the person to whom personal information relates;

"operator" means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;

"personal information" has the meaning given in POPIA and means information relating to an identifiable, living, natural person and, where applicable, an identifiable, existing juristic person, including the categories of information described in clause 4;

"process" / "processing" has the meaning given in POPIA and means any operation concerning personal information, including its collection, receipt, recording, organisation, storage, updating, modification, retrieval, use, dissemination, distribution, merging, linking, restriction, degradation, erasure or destruction;

"responsible party" means Elevate Tech, as the party that determines the purpose of and means for processing personal information;

"special personal information" has the meaning given in section 26 of POPIA.

3. Responsible Party and Information Officer

3.1 Elevate Tech is the responsible party for the processing of personal information described in this Privacy Policy.

3.2 Our designated Information Officer is:

  • Name: Wade Wareing
  • Email: wade@elevatetech.biz
  • Postal/physical address: 24 Price Drive, Constantia, Cape Town, Western Cape, 7806, South Africa

3.3 The Information Officer is responsible for ensuring our compliance with POPIA, dealing with requests made under POPIA and PAIA, and working with the Information Regulator in relation to investigations and compliance.

4. Personal Information We Collect

4.1 We collect and process the following categories of personal information:

(a) Account information:

  • name;
  • surname;
  • company name;
  • email address;
  • telephone number; and
  • physical address.

(b) Business information:

  • VAT number; and
  • company registration number.

(c) Transaction information:

  • orders;
  • invoices; and
  • payment references.

(d) Technical information:

  • IP addresses;
  • device information;
  • browser information;
  • login records; and
  • website activity.

(e) Marketing information:

  • newsletter subscriptions;
  • product interests; and
  • communication preferences.

4.2 We do not intentionally collect special personal information or the personal information of children. The Website is intended for use by business customers and persons who are at least 18 (eighteen) years of age. If you believe a child's information has been provided to us, please contact the Information Officer so that we may delete it.

5. How We Collect Personal Information

5.1 We collect personal information:

(a) directly from you when you register an account, place an order, request a credit account, subscribe to communications, contact our support team, or otherwise interact with us; (b) automatically when you use the Website, through cookies and similar technologies (see the Cookie Policy), including IP addresses, device, browser, login and website-activity information; (c) from third parties, such as our payment gateway provider (Paystack), credit reference and verification agencies (where you apply for a Credit Account), delivery partners, and publicly available sources; and (d) from the juristic person you represent, where you act on behalf of a business customer.

5.2 Where it is reasonably practicable, we collect personal information directly from the data subject, except where another lawful source is permitted under section 12 of POPIA.

6. Purposes for Which We Process Personal Information

6.1 We process personal information for the following lawful purposes:

(a) to register, verify, administer and secure your account; (b) to process, fulfil, deliver and invoice your orders, and to arrange returns, refunds and replacements; (c) to process payments through Paystack and to manage trade Credit Accounts (including through SAP Business One) where applicable; (d) to verify your identity, trade status, eligibility and creditworthiness, and to prevent, detect and investigate fraud and unlawful activity; (e) to communicate with you about your orders, account, queries and the operation of the Website; (f) to provide customer support and to handle complaints and disputes; (g) to send you direct marketing, newsletters and product information where you have consented or where otherwise permitted by law (see the Electronic Communications and Consent Policy); (h) to operate, maintain, secure, improve and analyse the Website and our products and services; (i) to comply with our legal, regulatory, tax and accounting obligations; and (j) to establish, exercise or defend legal claims and to protect our rights, property and safety and those of others.

7. Lawful Basis for Processing (Justification)

7.1 We process personal information only where we have a lawful basis to do so under POPIA, namely where:

(a) you have consented to the processing; (b) the processing is necessary to conclude or perform a contract to which you are a party (for example, fulfilling your order); (c) the processing is necessary to comply with a legal obligation imposed on us; (d) the processing protects a legitimate interest of the data subject; (e) the processing is necessary for pursuing our legitimate interests or those of a third party to whom the information is supplied, balanced against your rights; or (f) the processing is necessary for the proper performance of a public law duty.

7.2 Where we rely on your consent, you may withdraw that consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting the Information Officer. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

8. Compliance with the POPIA Conditions for Lawful Processing

8.1 We process personal information in accordance with the eight conditions for the lawful processing of personal information under POPIA:

(a) Accountability — we take responsibility for compliance with the conditions; (b) Processing limitation — we process personal information lawfully, in a reasonable manner that does not infringe your privacy, minimally, and with a lawful basis; (c) Purpose specification — we collect personal information for the specific, explicitly defined and lawful purposes set out in this Privacy Policy; (d) Further processing limitation — further processing is compatible with the original purpose of collection; (e) Information quality — we take reasonably practicable steps to ensure personal information is complete, accurate, not misleading and updated where necessary; (f) Openness — we maintain documentation of our processing operations and notify you as required by this Privacy Policy; (g) Security safeguards — we secure the integrity and confidentiality of personal information through appropriate technical and organisational measures (see clause 12); and (h) Data subject participation — we give effect to your rights as a data subject (see clause 13 and the POPIA Data Subject Rights Policy).

9. Direct Marketing

9.1 We send direct marketing communications by electronic means only where:

(a) you have consented to receive such communications; or (b) you are an existing customer, we obtained your contact details in the context of a sale, the marketing relates to our own similar products, and you were given a reasonable opportunity to object both at the time of collection and in each subsequent communication.

9.2 Every electronic marketing communication contains a simple mechanism to opt out or unsubscribe. You may also update your communication preferences or withdraw consent by contacting the Information Officer.

9.3 Further detail is set out in the Electronic Communications and Consent Policy.

10. Sharing and Disclosure of Personal Information

10.1 We do not sell personal information. We share personal information only as necessary for the purposes set out in this Privacy Policy, with the following categories of recipients:

(a) Payment service providers — Paystack, to process payments; (b) Delivery and logistics partners — including The Courier Guy, Fastway and other approved providers, to fulfil and deliver orders; (c) Credit and verification providers — credit bureaux and verification agencies where you apply for a Credit Account; (d) Technology and hosting providers — including providers of hosting, analytics, error monitoring, email, customer support and enterprise resource planning (including SAP Business One) services, acting as our operators; (e) Professional advisers — auditors, accountants, attorneys and consultants, under duties of confidentiality; (f) Authorities and regulators — where required by law, court order or to protect our rights; and (g) Successors — in the context of a merger, acquisition, restructuring or sale of business, subject to appropriate safeguards.

10.2 Where we engage operators to process personal information on our behalf, we conclude written agreements requiring them to process personal information only on our instructions, to maintain appropriate security safeguards, and to notify us of any compromise.

11. Trans-Border (Cross-Border) Transfers

11.1 Some of our service providers may process or store personal information outside the Republic of South Africa. Where we transfer personal information across South Africa's borders, we do so only in accordance with section 72 of POPIA, namely where:

(a) the recipient is subject to a law, binding corporate rules or binding agreement that provides an adequate level of protection substantially similar to POPIA; (b) you have consented to the transfer; (c) the transfer is necessary for the performance of a contract with you or for the implementation of pre-contractual measures taken in response to your request; or (d) the transfer is for your benefit and consent is not reasonably practicable but would likely be given.

11.2 We take reasonable steps to ensure that any cross-border recipient maintains appropriate safeguards for your personal information.

12. Security Safeguards

12.1 We implement appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of personal information and to prevent its loss, damage, unauthorised destruction, and unlawful access or processing. These measures include:

(a) access controls, authentication and the principle of least privilege; (b) encryption of data in transit (and, where appropriate, at rest); (c) firewalls, network security, monitoring and logging; (d) secure handling of payment data through Paystack, with full card data not stored on our systems; (e) regular backups, patching and vulnerability management; (f) staff confidentiality obligations and awareness measures; and (g) operator agreements imposing equivalent security obligations.

12.2 Further detail on our security and fraud-prevention measures is set out in the Website Security and Fraud Prevention Policy.

12.3 Security compromise notification. Where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and the affected data subjects as soon as reasonably possible after discovery and establishment of the scope of the compromise, in accordance with section 22 of POPIA, unless the identity of the data subjects cannot be established.

12.4 No method of transmission or storage is completely secure. While we take reasonable steps to protect personal information, we cannot guarantee absolute security.

13. Your Rights as a Data Subject

13.1 Subject to POPIA, you have the right to:

(a) be notified that personal information about you is being collected and whether it has been accessed or acquired by an unauthorised person; (b) request confirmation, free of charge, of whether we hold personal information about you, and to request access to that information; (c) request the correction, updating, or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; (d) object, on reasonable grounds, to the processing of your personal information; (e) object to the processing of your personal information for purposes of direct marketing; (f) withdraw consent where processing is based on consent; (g) not be subject to a decision based solely on automated processing intended to profile you, except as permitted by law; (h) submit a complaint to the Information Regulator; and (i) institute civil proceedings regarding an alleged interference with the protection of your personal information.

13.2 The procedures for exercising these rights, including the relevant forms and timeframes, are set out in the POPIA Data Subject Rights Policy and the PAIA Manual. To exercise any right, contact the Information Officer at wade@elevatetech.biz.

13.3 Information Regulator contact details:

14. Retention and Destruction of Records

14.1 We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or for longer where required or permitted by law (for example, tax, accounting, company-law and statutory record-keeping obligations), or where retention is required for the establishment, exercise or defence of legal claims.

14.2 Records of transactions are generally retained for at least 5 (five) years from the date of the transaction in accordance with applicable tax and financial-record-keeping legislation, and longer where another law or legitimate purpose requires.

14.3 When personal information no longer needs to be retained, we destroy, delete or de-identify it in a manner that prevents its reconstruction in an intelligible form.

15. Cookies and Similar Technologies

15.1 We use cookies and similar technologies on the Website to enable essential functionality, to analyse usage, and to support marketing. The categories of cookies, their purposes, and how you can manage your consent and preferences are explained in the Cookie Policy.

16. Links to Third-Party Websites

16.1 The Website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy notices.

17. Changes to this Privacy Policy

17.1 We may amend this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The updated version will be published on the Website with a revised "Effective Date" and "Version". Material changes will, where appropriate, be brought to your attention. Your continued use of the Website after publication constitutes acknowledgement of the updated Privacy Policy.

18. Governing Law and Dispute Resolution

18.1 This Privacy Policy is governed by the laws of the Republic of South Africa.

18.2 Any complaint regarding the processing of your personal information should first be addressed to the Information Officer. You also have the right to lodge a complaint with the Information Regulator. Any dispute arising from this Privacy Policy that is not resolved with the Information Officer or the Information Regulator is subject to the dispute resolution and jurisdiction provisions of our Terms and Conditions of Sale and Website Use (negotiation, then mediation, then arbitration in Cape Town under AFSA rules, with the non-exclusive jurisdiction of the Western Cape Division of the High Court).

19. Contact Details

For any questions, requests or complaints regarding this Privacy Policy or your personal information, please contact:

This Privacy Policy should be read together with the Cookie Policy, the POPIA Data Subject Rights Policy, the Electronic Communications and Consent Policy, the PAIA Manual and the Terms and Conditions of Sale and Website Use.