Privacy Policy | Oltan Online

Privacy Policy for Oltan Online

Table of Contents
Introduction and Scope
Definitions and Interpretation
Information Officer and Contact Details
Personal Information We Collect
How We Collect Personal Information
Lawful Basis for Processing
How We Use Your Personal Information
Sharing Your Personal Information
Cross-Border Data Transfers
Data Security and Protection
Data Retention
Your Rights as a Data Subject
Cookies and Tracking Technologies
Marketing Communications
Data Breach Notification
Third-Party Services and Links
Children’s Privacy
Changes to This Privacy Policy
Complaints and Disputes
Contact Information

Introduction and Scope
1.1 About This Privacy Policy
Oltan Online (Pty) Ltd (“Oltan Online,” “we,” “us,” or “our”) is committed to protecting
and respecting your privacy in accordance with the Protection of Personal Information
Act, 2013 (Act No. 4 of 2013) (“POPIA”) and other applicable South African privacy laws.
This Privacy Policy explains how we collect, use, store, share, and protect your personal
information when you interact with our services.
1.2 Our Services
Oltan Online is a comprehensive digital marketing agency based in South Africa,
providing the following services:
Web Design and Development – Creating stunning online experiences and
responsive websites
E-commerce Solutions – Developing powerful online stores and e-commerce
platforms
Social Media Marketing – Managing social media presence and driving
engagement
Search Engine Optimization (SEO) – Improving online visibility and search
rankings
Web Hosting Services – Providing reliable, fast web hosting solutions
Brand Identity Development – Creating compelling brand presence and visual
identity
Digital Marketing Consulting – Strategic guidance for online marketing initiatives
1.3 Scope of Application
This Privacy Policy applies to all personal information processed by Oltan Online in
connection with our services, including:
Our website (oltan.co.za) and any subdomains
Client portals and management systems
Marketing communications and campaigns
Customer support interactions
Business development activities
Service delivery and project management
1.4 Acceptance and Consent
By using our services, accessing our website, or providing personal information to us,
you acknowledge that you have read, understood, and agree to be bound by this Privacy
Policy. If you do not agree with any part of this Privacy Policy, please do not use our
services or provide us with your personal information.
Definitions and Interpretation
2.1 POPIA Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings
assigned to them in POPIA, unless the context requires otherwise:
“Consent” means any voluntary, specific, and informed expression of will in terms of
which permission is given for the processing of personal information.
“Data Subject” means the person to whom personal information relates.
“Information Officer” means the person designated by Oltan Online to ensure
compliance with POPIA and to serve as the primary contact for data protection matters.
“Information Regulator” means the Information Regulator established in terms of
section 39 of POPIA.
“Operator” means a person who processes personal information for a responsible party
in terms of a contract or mandate, without coming under the direct authority of that
party.
“Personal Information” means information relating to an identifiable, living, natural
person, and where applicable, an identifiable, existing juristic person, including but not
limited to information relating to race, gender, sex, pregnancy, marital status, national,
ethnic or social origin, color, sexual orientation, age, physical or mental health, wellbeing, disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or medical, financial, criminal or employment
history of the person; any identifying number, symbol, email address, physical address,
telephone number, location information, online identifier or other particular assignment
to the person; biometric information; personal opinions, views or preferences;
correspondence sent by the person that is implicitly or explicitly of a private or
confidential nature; views or opinions of another individual about the person; and the
name of the person if it appears with other personal information relating to the person
or if the disclosure of the name itself would reveal information about the person.
“Processing” means any operation or activity or any set of operations, whether or not
by automatic means, concerning personal information, including the collection, receipt,
recording, organization, collation, storage, updating or modification, retrieval,
alteration, consultation or use; dissemination by means of transmission, distribution or
making available in any other form; or merging, linking, as well as restriction,
degradation, erasure or destruction of information.
“Responsible Party” means a public or private body or any other person which, alone
or in conjunction with others, determines the purpose of and means for processing
personal information.
“Special Personal Information” means personal information as referred to in section
26 of POPIA, including information concerning religious or philosophical beliefs, race or
ethnic origin, trade union membership, political persuasion, health or sex life, biometric
information, or criminal behavior.
2.2 Additional Definitions
“Client” means any individual or entity that engages Oltan Online for digital marketing,
web design, hosting, or related services.
“Services” means all digital marketing, web design, development, hosting, and related
services provided by Oltan Online.
“Third Party” means any person or entity other than Oltan Online and the data subject.
“Website” means the Oltan Online website located at oltan.co.za and any associated
subdomains or platforms.
Information Officer and Contact Details
3.1 Information Officer Designation
In accordance with section 55 of POPIA, Oltan Online has designated an Information
Officer who is responsible for ensuring compliance with POPIA and serving as the
primary contact for all data protection matters.
3.2 Information Officer Details
Information Officer: Oliver
Position: Director
Email: oliver@oltan.co.za
Phone: (+27) 71 868 9307
3.3 Information Officer Responsibilities
Our Information Officer is responsible for:
Ensuring compliance with POPIA and other applicable data protection laws
Handling data subject requests and complaints
Conducting privacy impact assessments
Maintaining records of processing activities
Liaising with the Information Regulator when required
Providing guidance on data protection matters within the organization
Monitoring and reviewing this Privacy Policy and related procedures
Personal Information We Collect
4.1 Categories of Personal Information
Oltan Online collects and processes various categories of personal information
depending on the nature of our relationship with you and the services you use. The
following sections detail the specific types of personal information we may collect:
4.2 Client and Business Contact Information
When you engage our services or express interest in our offerings, we collect:
Identity Information:

Full name and preferred name
Job title and position
Company or organization name
Business registration details (where applicable)
Contact Information:
Email addresses (business and personal)
Telephone numbers (mobile and landline)
Physical business address
Postal address
Website URLs and social media profiles
Communication Records:
Email correspondence
Meeting notes and call records
Project briefs and requirements
Feedback and testimonials
4.3 Financial and Billing Information
For service delivery and billing purposes, we collect:
Payment Information:
Bank account details for electronic transfers
Credit card information (processed through secure payment gateways)
Billing addresses
Tax identification numbers (where applicable)
Purchase order numbers
Transaction Records:
Invoice details and payment history
Service agreements and contracts
Pricing negotiations and quotes
Refund and dispute records
4.4 Technical and Website Data
When you visit our website or use our digital services, we automatically collect:
Device Information:
IP address and geolocation data
Browser type and version
Operating system information
Device identifiers and characteristics
Screen resolution and display settings
Usage Information:
Pages visited and time spent on each page
Click-through rates and navigation patterns
Search queries and form submissions
Download and upload activities
Session duration and frequency of visits
Performance Data:
Website loading times and errors
Server response times
Bandwidth usage and data transfer
System performance metrics
4.5 Marketing and Analytics Data
For marketing and business development purposes, we collect:
Engagement Information:
Email open rates and click-through rates
Social media interactions and engagement
Campaign response rates and conversions
Event attendance and participation
Newsletter subscriptions and preferences
Behavioral Data:
Content preferences and interests
Service usage patterns
Customer journey mapping data
Lead scoring and qualification information
Market research responses
4.6 Project and Service Delivery Data
In the course of providing our services, we may collect:
Project Information:
Business requirements and objectives
Brand guidelines and assets
Content and creative materials
Technical specifications and preferences
Timeline and milestone information
Performance Metrics:
Website analytics and traffic data
Social media performance metrics
SEO rankings and keyword data
Conversion rates and ROI measurements
Customer satisfaction scores
4.7 Special Personal Information
Oltan Online generally does not collect special personal information as defined in
section 26 of POPIA. However, in limited circumstances, we may process such
information with explicit consent, including:
Photographs or videos for marketing materials (with written consent)
Dietary requirements for business events
Accessibility needs for service delivery
Religious or cultural considerations for marketing campaigns
When we do collect special personal information, we implement additional safeguards
and obtain explicit consent as required by POPIA.

How We Collect Personal Information
5.1 Direct Collection
The majority of personal information we process is collected directly from you through
various channels:
Website Interactions:

Contact forms and inquiry submissions
Newsletter subscriptions and downloads
Account registration and profile creation
Online chat and support requests
Quote requests and service inquiries
Business Communications:
Email correspondence and attachments
Telephone conversations and voicemails
Video conferences and virtual meetings
In-person meetings and consultations
Business cards and networking events
Service Delivery:
Client onboarding processes
Project briefings and requirements gathering
Regular progress meetings and updates
Training sessions and workshops
Feedback surveys and evaluations
5.2 Automatic Collection
We automatically collect certain information through technological means:
Website Analytics:
Google Analytics and similar tracking tools
Heat mapping and user behavior analysis
A/B testing and conversion tracking
Search engine optimization monitoring
Social media integration and tracking
Technical Monitoring:
Server logs and access records
Error logs and performance monitoring
Security scanning and threat detection
Backup and recovery processes
System maintenance and updates
5.3 Third-Party Sources
In limited circumstances, we may collect personal information from third-party sources:
Business Partners:
Referral partners and affiliates
Joint venture collaborators
Subcontractors and service providers
Industry associations and networks
Conference and event organizers
Public Sources:
Company websites and directories
Social media profiles (publicly available)
Industry publications and news articles
Government databases and registries
Professional networking platforms
Data Enrichment Services:
Contact verification and validation
Company information and updates
Industry classification and segmentation
Lead qualification and scoring
Market research and intelligence
5.4 Consent and Notification
When collecting personal information, we ensure that:
You are informed about the collection and its purposes
Appropriate consent is obtained where required by law
Collection is limited to what is necessary for our stated purposes
You have the opportunity to opt-out of non-essential collection
Clear privacy notices are provided at the point of collection

Lawful Basis for Processing
6.1 POPIA Compliance
In accordance with section 11 of POPIA, we only process personal information where we
have a lawful basis. The following sections outline the specific lawful bases we rely on
for different types of processing:
6.2 Consent
We rely on your consent for processing personal information in the following
circumstances:
Marketing Communications:

Email newsletters and promotional materials
Social media marketing and advertising
Event invitations and announcements
Market research and surveys
Personalized content and recommendations
Optional Services:
Advanced analytics and reporting
Third-party integrations and tools
Beta testing and new feature access
Community forums and user groups
Testimonials and case studies
Special Personal Information:
Photographs and videos for marketing
Dietary and accessibility requirements
Cultural and religious considerations
Health and safety information
Biometric data (if applicable)
6.3 Contractual Necessity
We process personal information where it is necessary for the performance of a contract
with you:
Service Delivery:
Project management and execution
Technical support and maintenance
Billing and payment processing
Quality assurance and testing
Training and documentation
Account Management:
User account creation and maintenance
Access control and security
Service customization and configuration
Performance monitoring and optimization
Dispute resolution and support
6.4 Legal Obligations
We process personal information to comply with legal obligations:
Regulatory Compliance:
Tax reporting and record-keeping
Financial auditing and accounting
Employment law compliance
Industry-specific regulations
Data protection law requirements
Legal Proceedings:
Court orders and subpoenas
Law enforcement requests
Regulatory investigations
Dispute resolution processes
Evidence preservation and disclosure
6.5 Legitimate Interests
We process personal information where it is necessary for our legitimate business
interests:
Business Operations:
Customer relationship management
Business development and growth
Operational efficiency and optimization
Risk management and security
Strategic planning and analysis
Security and Fraud Prevention:
System security monitoring
Fraud detection and prevention
Access control and authentication
Incident response and investigation
Threat intelligence and analysis
Research and Development:
Service improvement and innovation
Market research and analysis
Competitive intelligence
Technology development and testing
Industry trend analysis
6.6 Vital Interests
In rare circumstances, we may process personal information to protect vital interests:
Emergency situations requiring immediate action
Health and safety threats
Security incidents and breaches
Natural disasters and force majeure events
Critical system failures affecting service delivery

How We Use Your Personal Information
7.1 Service Delivery and Management
The primary purpose for processing your personal information is to deliver our digital
marketing and web development services effectively:
Project Execution:
We use your personal information to understand your business requirements, develop
customized solutions, and deliver projects according to agreed specifications. This
includes analyzing your brand identity, target audience, and business objectives to
create effective digital marketing strategies and web solutions.
Client Communication:
Regular communication is essential for successful project delivery. We use your contact
information to provide project updates, seek approvals, schedule meetings, and ensure
that deliverables meet your expectations. This includes email correspondence, phone
calls, video conferences, and in-person meetings.
Technical Implementation:
For web hosting and development services, we use technical information to configure
servers, implement security measures, optimize performance, and ensure reliable
service delivery. This includes monitoring system performance, managing backups, and
providing technical support.
7.2 Business Development and Marketing
We use personal information to grow our business and maintain relationships with
clients and prospects:
Lead Generation and Qualification:
We analyze engagement data and business information to identify potential clients,
qualify leads, and develop targeted marketing campaigns. This helps us focus our efforts
on prospects who are most likely to benefit from our services.
Relationship Management:
We maintain detailed records of our interactions with clients and prospects to provide
personalized service and build long-term relationships. This includes tracking
communication history, project outcomes, and client satisfaction levels.
Marketing Communications:
With appropriate consent, we use your contact information to send newsletters,
promotional materials, event invitations, and other marketing communications. We
analyze engagement data to improve the relevance and effectiveness of our marketing
efforts.
7.3 Analytics and Performance Monitoring
We use personal information to analyze and improve our services:
Website Analytics:
We analyze website usage data to understand how visitors interact with our site, identify
popular content, and optimize user experience. This includes tracking page views,
session duration, bounce rates, and conversion paths.
Service Performance:
We monitor the performance of our services using various metrics and feedback
mechanisms. This helps us identify areas for improvement, optimize our processes, and
ensure high-quality service delivery.
Market Research:
We analyze industry trends, competitor activities, and client feedback to inform our
strategic decisions and service development. This includes conducting surveys,
analyzing market data, and gathering competitive intelligence.
7.4 Administrative and Legal Purposes
We use personal information for various administrative and legal purposes:
Financial Management:
We process billing and payment information to manage our financial operations,
including invoicing, payment processing, tax reporting, and financial auditing.
Legal Compliance:
We use personal information to comply with applicable laws and regulations, including
data protection laws, tax obligations, employment regulations, and industry-specific
requirements.
Risk Management:
We analyze various data points to identify and mitigate business risks, including credit
risks, security threats, and operational challenges.
7.5 Security and Fraud Prevention
We use personal information to protect our business and clients:
System Security:
We monitor access logs, user behavior, and system performance to detect and prevent
security threats. This includes implementing access controls, monitoring for suspicious
activities, and responding to security incidents.
Fraud Prevention:
We analyze transaction patterns and user behavior to identify and prevent fraudulent
activities. This includes verifying identities, monitoring payment transactions, and
implementing anti-fraud measures.
Incident Response:
In the event of security incidents or data breaches, we use personal information to
assess the impact, notify affected parties, and implement remedial measures.
Sharing Your Personal Information
8.1 General Principles
Oltan Online does not sell, rent, or trade personal information to third parties for their
commercial purposes. We only share personal information in the limited circumstances
outlined below, and always in accordance with POPIA and other applicable laws.
8.2 Service Providers and Contractors
We may share personal information with trusted third-party service providers who assist
us in delivering our services:
Technology Partners:

Cloud hosting and infrastructure providers
Software-as-a-Service (SaaS) platforms
Content delivery networks (CDNs)
Database and analytics services
Security and monitoring tools
Professional Services:
Legal advisors and attorneys
Accounting and auditing firms
Business consultants and advisors
Insurance providers
Banking and financial institutions
Marketing and Communications:
Email marketing platforms
Social media management tools
Customer relationship management (CRM) systems
Survey and feedback platforms
Event management services
All service providers are required to:
Process personal information only for specified purposes
Implement appropriate security measures
Comply with applicable data protection laws
Return or delete personal information upon termination of services
Provide evidence of compliance when requested
8.3 Business Partners and Collaborators
In certain circumstances, we may share personal information with business partners:
Joint Ventures:
When collaborating on client projects, we may share relevant personal information with
partner agencies or consultants, subject to appropriate confidentiality agreements and
data protection measures.
Referral Partners:
We may share basic contact information with referral partners to facilitate introductions
and business development activities, always with appropriate consent and safeguards.
Subcontractors:
For specialized services or capacity management, we may engage subcontractors who
require access to personal information to deliver services on our behalf.
8.4 Legal and Regulatory Requirements
We may disclose personal information when required by law or to protect our legitimate
interests:
Legal Obligations:
Court orders and judicial proceedings
Regulatory investigations and audits
Tax reporting and compliance
Employment law requirements
Industry-specific regulations
Law Enforcement:
Criminal investigations and prosecutions
National security matters
Public safety concerns
Fraud prevention and detection
Asset recovery proceedings
Dispute Resolution:
Civil litigation and arbitration
Insurance claims and investigations
Debt collection and recovery
Intellectual property disputes
Contract enforcement
8.5 Business Transactions
In the event of corporate transactions, personal information may be transferred:
Mergers and Acquisitions:
If Oltan Online is involved in a merger, acquisition, or sale of assets, personal
information may be transferred to the acquiring entity, subject to appropriate
safeguards and notification requirements.
Corporate Restructuring:
During corporate restructuring, reorganization, or insolvency proceedings, personal
information may be transferred to successor entities or administrators.
Due Diligence:
During due diligence processes, limited personal information may be shared with
potential investors, acquirers, or partners, subject to strict confidentiality agreements.
8.6 Consent-Based Sharing
With your explicit consent, we may share personal information for additional purposes:
Marketing Collaborations:
Joint marketing campaigns with partners or clients, where mutual benefit exists and
appropriate consent is obtained.
Testimonials and Case Studies:
Sharing success stories and testimonials with your permission, including company
names, project details, and results achieved.
Industry Events:
Sharing contact information with event organizers, conference speakers, or networking
partners for legitimate business purposes.
8.7 Data Protection Safeguards
When sharing personal information with third parties, we implement appropriate
safeguards:
Contractual Protections:
Data processing agreements
Confidentiality and non-disclosure agreements
Security and compliance requirements
Audit rights and monitoring provisions
Breach notification obligations
Technical Safeguards:
Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Monitoring and logging of access
Secure data transfer protocols
Organizational Measures:
Staff training and awareness programs
Regular compliance reviews and audits
Incident response procedures
Data minimization principles
Purpose limitation and retention controls

Cross-Border Data Transfers
9.1 POPIA Requirements
In accordance with Chapter 9 of POPIA, Oltan Online ensures that any transfer of
personal information outside the Republic of South Africa complies with applicable legal
requirements and provides adequate protection for your personal information.
9.2 Circumstances for Cross-Border Transfers
We may transfer personal information outside South Africa in the following
circumstances:
Service Delivery:

Cloud hosting and infrastructure services
Software platforms and applications
Content delivery and optimization
Backup and disaster recovery
Technical support and maintenance
Business Operations:
International client projects
Global marketing campaigns
Cross-border partnerships
Supplier and vendor management
Professional services and consulting
9.3 Adequacy Determinations
We prioritize transfers to countries that have been deemed to provide adequate
protection:
Adequate Countries:
We regularly monitor determinations by the Information Regulator regarding countries
that provide adequate protection for personal information, and prioritize transfers to
such jurisdictions.
European Union:
Given the adequacy decision for the EU under various data protection frameworks, we
may transfer personal information to EU member states where appropriate safeguards
exist.
9.4 Safeguards for Transfers
When transferring personal information to countries without adequacy determinations,
we implement appropriate safeguards:
Contractual Safeguards:
Standard contractual clauses approved by the Information Regulator
Data processing agreements with enhanced protection measures
Binding corporate rules for intra-group transfers
Certification schemes and codes of conduct
Specific contractual provisions for data protection
Technical Safeguards:
End-to-end encryption of data in transit
Secure transmission protocols and channels
Access controls and authentication measures
Regular security assessments and audits
Incident monitoring and response procedures
Organizational Safeguards:
Staff training on international data protection requirements
Regular compliance reviews and assessments
Data protection impact assessments for transfers
Ongoing monitoring of recipient countries’ legal frameworks
Procedures for suspending transfers if protections are inadequate
9.5 Consent and Notification
For certain types of cross-border transfers, we may seek your explicit consent:
Consent-Based Transfers:
When transfers are not covered by adequacy determinations or appropriate safeguards,
we will seek your explicit consent and provide clear information about the risks and
protections in place.
Notification Requirements:
We will notify you of significant cross-border transfers and provide information about
the recipient countries, purposes of transfer, and safeguards implemented.
9.6 Monitoring and Review
We continuously monitor the adequacy of protection for cross-border transfers:
Regular Assessments:
Annual reviews of transfer arrangements and safeguards
Monitoring of changes in recipient countries’ legal frameworks
Assessment of new adequacy determinations and guidance
Evaluation of emerging risks and threats
Updates to contractual and technical safeguards
Incident Response:
Procedures for responding to changes in legal protections
Mechanisms for suspending or modifying transfers
Notification requirements for affected data subjects
Coordination with the Information Regulator when required
Documentation and reporting of transfer-related incidents

Data Security and Protection
10.1 Security Commitment
Oltan Online is committed to protecting your personal information through
comprehensive security measures that address both technical and organizational
aspects of data protection. We implement industry-standard security practices and
continuously update our measures to address evolving threats.
10.2 Technical Security Measures
Encryption and Data Protection:
We employ strong encryption protocols to protect personal information both in transit
and at rest. This includes AES-256 encryption for stored data, TLS 1.3 for data
transmission, and end-to-end encryption for sensitive communications. All databases
containing personal information are encrypted, and encryption keys are managed
through secure key management systems.
Access Controls and Authentication:
We implement multi-factor authentication for all systems containing personal
information, role-based access controls that limit access to authorized personnel only,
and regular access reviews to ensure appropriate permissions. User accounts are subject
to strong password policies, automatic lockout procedures, and regular authentication
audits.
Network Security:
Our network infrastructure includes firewalls, intrusion detection and prevention
systems, regular vulnerability assessments, and network segmentation to isolate
sensitive systems. We monitor network traffic continuously and implement automated
threat detection and response systems.
System Monitoring and Logging:
We maintain comprehensive logs of all access to personal information, implement realtime monitoring for suspicious activities, and conduct regular security audits and
assessments. All security events are logged, analyzed, and retained in accordance with
our security policies and legal requirements.
10.3 Organizational Security Measures
Staff Training and Awareness:
All employees receive regular training on data protection principles, security best
practices, and their responsibilities under POPIA. We conduct annual security awareness
programs, phishing simulation exercises, and specialized training for staff handling
personal information.
Security Policies and Procedures:
We maintain comprehensive security policies covering data handling, access
management, incident response, and business continuity. These policies are regularly
reviewed and updated to reflect changes in technology, threats, and regulatory
requirements.
Vendor and Third-Party Management:
We conduct thorough security assessments of all vendors and third parties who may
have access to personal information. This includes due diligence reviews, contractual
security requirements, regular audits, and ongoing monitoring of third-party security
practices.
10.4 Physical Security
Facility Security:
Our offices and data centers implement appropriate physical security measures,
including access controls, surveillance systems, environmental controls, and secure
storage for physical documents containing personal information.
Equipment Security:
All devices and equipment used to process personal information are secured through
encryption, remote wipe capabilities, automatic screen locks, and secure disposal
procedures for end-of-life equipment.
10.5 Business Continuity and Disaster Recovery
Backup and Recovery:
We maintain regular backups of all systems containing personal information, with
backups stored in secure, geographically distributed locations. Our disaster recovery
procedures ensure rapid restoration of services while maintaining data integrity and
security.
Business Continuity Planning:
We have comprehensive business continuity plans that address various scenarios,
including natural disasters, cyber attacks, and system failures. These plans include
procedures for maintaining data protection during emergency situations.
10.6 Security Incident Management
Incident Response Procedures:
We have established procedures for detecting, responding to, and recovering from
security incidents. This includes immediate containment measures, forensic analysis,
impact assessment, and remediation activities.
Breach Notification:
In accordance with POPIA requirements, we have procedures for notifying the
Information Regulator and affected data subjects of security breaches within the
required timeframes. Our breach response includes assessment of risks to data subjects
and implementation of measures to mitigate potential harm.
10.7 Continuous Improvement
Security Assessments:
We conduct regular security assessments, including penetration testing, vulnerability
scans, and security audits by independent third parties. These assessments help identify
potential weaknesses and areas for improvement.
Technology Updates:
We maintain current security technologies and regularly update systems, software, and
security tools to address emerging threats and vulnerabilities. This includes patch
management, security software updates, and technology refresh cycles.
Industry Standards and Certifications:
We align our security practices with recognized industry standards and frameworks,
including ISO 27001, NIST Cybersecurity Framework, and other relevant security
standards. We pursue appropriate certifications and regularly assess our compliance
with these standards.
Data Retention
11.1 Retention Principles
Oltan Online retains personal information only for as long as necessary to fulfill the
purposes for which it was collected, comply with legal obligations, resolve disputes, and
enforce our agreements. Our retention practices are guided by the principles of data
minimization and purpose limitation as required by POPIA.
11.2 Retention Periods by Category
Client and Project Data:

Active client information: Retained for the duration of the business relationship plus 7
years for legal and tax compliance purposes
Project files and deliverables: Retained for 5 years after project completion for
warranty, support, and reference purposes
Communication records: Retained for 3 years after the last interaction for relationship
management and dispute resolution
Financial records: Retained for 7 years in accordance with South African tax and
accounting requirements
Marketing and Lead Data:
Active prospects: Retained while consent remains valid and engagement continues
Inactive prospects: Retained for 2 years after last engagement, then deleted unless
consent is renewed
Marketing analytics: Aggregated and anonymized data may be retained indefinitely for
business intelligence purposes
Email marketing data: Retained until unsubscribe or 3 years of inactivity, whichever
occurs first
Website and Technical Data:
Website analytics: Retained for 26 months in accordance with Google Analytics default
settings
Server logs: Retained for 12 months for security and performance monitoring purposes
Backup data: Retained for 90 days for disaster recovery purposes, then securely deleted
Security incident data: Retained for 7 years for legal compliance and security analysis
Employment and HR Data:
Current employee records: Retained for the duration of employment plus 5 years
Former employee records: Retained for 5 years after termination for legal compliance
Recruitment data: Retained for 12 months after recruitment process completion
Training and performance records: Retained for 5 years for compliance and reference
purposes
11.3 Secure Deletion Procedures
When personal information reaches the end of its retention period, we implement
secure deletion procedures:
Digital Data Deletion:
Secure overwriting of data using industry-standard methods
Cryptographic erasure for encrypted data
Verification of deletion completion
Documentation of deletion activities
Regular audits of deletion procedures
Physical Document Destruction:
Secure shredding of paper documents
Witnessed destruction for highly sensitive materials
Certificates of destruction for audit purposes
Secure disposal of storage media
Environmental compliance in disposal methods
11.4 Legal Hold Procedures
In certain circumstances, we may need to suspend normal deletion procedures:
Litigation Hold:
When legal proceedings are anticipated or commenced, relevant personal information is
preserved until the matter is resolved and all appeal periods have expired.
Regulatory Investigations:
During regulatory investigations or audits, relevant personal information is retained
until the investigation is complete and any required follow-up actions are finished.
Dispute Resolution:
Personal information relevant to ongoing disputes is retained until the dispute is
resolved and any appeal or enforcement periods have expired.
11.5 Data Subject Requests
Notwithstanding our standard retention periods, we will delete personal information
upon valid request from data subjects, except where:
Legal obligations require continued retention
Legitimate interests justify continued processing
Consent has been withdrawn but other lawful bases apply
The information is necessary for the establishment, exercise, or defense of legal
claims
11.6 Regular Review and Updates
We regularly review and update our retention policies to ensure they remain appropriate
and compliant:
Annual Reviews:
Assessment of retention periods for appropriateness
Review of legal and regulatory requirements
Evaluation of business needs and purposes
Updates to deletion procedures and technologies
Training updates for staff on retention requirements
Compliance Monitoring:
Regular audits of retention practices
Monitoring of deletion activities
Assessment of data minimization efforts
Review of legal hold procedures
Documentation of retention decisions and rationale

Your Rights as a Data Subject
12.1 Overview of Rights
Under POPIA, you have several important rights regarding your personal information.
Oltan Online is committed to facilitating the exercise of these rights and will respond to
valid requests within the timeframes specified by law.
12.2 Right of Access
You have the right to request access to your personal information that we process:
What You Can Request:

Confirmation of whether we process your personal information
Description of the personal information we hold about you
Purposes for which your personal information is processed
Categories of third parties to whom your information may be disclosed
Information about cross-border transfers
Retention periods for your personal information
How to Exercise This Right:
Submit a written request to our Information Officer, including sufficient information to
verify your identity and specify the information you seek. We will respond within 30 days
and may charge a reasonable fee for providing copies of extensive records.
12.3 Right to Correction
You have the right to request correction of inaccurate or incomplete personal
information:
What You Can Request:
Correction of factual errors in your personal information
Completion of incomplete personal information
Updates to outdated information
Clarification of misleading information
Our Response:
We will investigate your request and make appropriate corrections within 30 days. If we
disagree with your request, we will provide reasons for our decision and inform you of
your right to complain to the Information Regulator.
12.4 Right to Deletion (Erasure)
You have the right to request deletion of your personal information in certain
circumstances:
When Deletion May Be Required:
The personal information is no longer necessary for the original purpose
You withdraw consent and no other lawful basis exists
Your personal information has been unlawfully processed
Deletion is required for compliance with legal obligations
You object to processing and no overriding legitimate grounds exist
Limitations on Deletion:
We may refuse deletion requests where processing is necessary for legal compliance,
establishment or defense of legal claims, or other legitimate purposes recognized by
law.
12.5 Right to Object
You have the right to object to certain types of processing:
Direct Marketing:
You have an absolute right to object to processing for direct marketing purposes. We will
stop such processing immediately upon receiving your objection.
Legitimate Interests:
You may object to processing based on our legitimate interests. We will stop such
processing unless we can demonstrate compelling legitimate grounds that override your
interests, rights, and freedoms.
Automated Decision-Making:
You have the right to object to decisions based solely on automated processing,
including profiling, that produce legal effects or significantly affect you.
12.6 Right to Data Portability
Where technically feasible, you have the right to receive your personal information in a
structured, commonly used format:
Scope of Portability:
This right applies to personal information you have provided to us based on consent or
contract, and which we process by automated means.
Format and Transfer:
We will provide your personal information in a commonly used electronic format and,
where technically feasible, transmit it directly to another controller at your request.
12.7 Right to Restrict Processing
You have the right to request restriction of processing in certain circumstances:
When Restriction May Apply:
You contest the accuracy of personal information (during verification)
Processing is unlawful but you prefer restriction to deletion
We no longer need the information but you need it for legal claims
You have objected to processing (pending verification of legitimate grounds)
Effect of Restriction:
When processing is restricted, we will only process your personal information with your
consent or for legal claims, protection of rights, or protection of another person’s rights.
12.8 Exercising Your Rights
How to Submit Requests:
Email: privacy@oltan.co.za
Phone: (+27) 71 868 9307
Post: Information Officer, Oltan Online (Pty) Ltd, [Address]
Required Information:
Clear description of the right you wish to exercise
Sufficient information to verify your identity
Specific details about the personal information involved
Preferred method for receiving our response
Response Timeframes:
Initial acknowledgment: Within 5 business days
Substantive response: Within 30 days (may be extended by 30 days for complex
requests)
Urgent requests: We will prioritize requests involving potential harm or legal deadlines
Fees:
Most requests are processed free of charge
Reasonable fees may apply for extensive or repetitive requests
We will inform you of any fees before processing your request
12.9 Complaints and Appeals
If you are dissatisfied with our response to your request:
Internal Review:
You may request an internal review by our Information Officer, who will conduct an
independent assessment of your complaint.
Information Regulator:
You have the right to lodge a complaint with the Information Regulator of South Africa:
Website: www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Phone: +27 12 406 4818
Legal Remedies:
You may also pursue legal remedies through the courts if you believe your rights have
been violated.

Cookies and Tracking Technologies
13.1 What Are Cookies
Cookies are small text files that are stored on your device when you visit our website.
They help us provide you with a better browsing experience by remembering your
preferences, analyzing website usage, and enabling certain functionality.
13.2 Types of Cookies We Use
Essential Cookies:
These cookies are necessary for the website to function properly and cannot be
disabled. They include:

Session management cookies
Security and authentication cookies
Load balancing cookies
Accessibility preference cookies
Performance and Analytics Cookies:
These cookies help us understand how visitors interact with our website:
Google Analytics cookies for traffic analysis
Heat mapping cookies for user behavior analysis
Performance monitoring cookies
A/B testing cookies for optimization
Functional Cookies:
These cookies enhance your browsing experience:
Language and region preference cookies
User interface customization cookies
Form auto-fill cookies
Chat and support system cookies
Marketing and Advertising Cookies:
These cookies are used for marketing purposes:
Social media integration cookies
Advertising platform cookies
Retargeting and remarketing cookies
Campaign tracking cookies
13.3 Third-Party Cookies
Our website may include third-party cookies from:
Analytics Providers:
Google Analytics
Google Tag Manager
Facebook Pixel
LinkedIn Insight Tag
Social Media Platforms:
Facebook social plugins
LinkedIn sharing buttons
Twitter integration
YouTube embedded videos
Marketing Platforms:
Email marketing platforms
Customer relationship management systems
Advertising networks
Conversion tracking tools
13.4 Cookie Consent and Management
Consent Mechanism:
We use a cookie consent banner to obtain your consent for non-essential cookies. You
can:
Accept all cookies
Reject non-essential cookies
Customize your cookie preferences
Change your preferences at any time
Managing Cookies:
You can control cookies through:
Our cookie preference center
Your browser settings
Third-party opt-out tools
Device privacy settings
Browser Controls:
Most browsers allow you to:
View and delete cookies
Block cookies from specific sites
Block all cookies
Receive notifications when cookies are set
13.5 Other Tracking Technologies
Web Beacons:
We may use web beacons (pixel tags) in emails and on our website to track opens, clicks,
and user engagement.
Local Storage:
We may use HTML5 local storage and similar technologies to store preferences and
improve website performance.
Fingerprinting:
We do not use device fingerprinting or other invasive tracking technologies to identify
users across sessions or devices.
13.6 Impact of Disabling Cookies
If you disable cookies, some website functionality may be affected:
You may need to re-enter information on each visit
Personalization features may not work
Some forms and interactive features may not function
We may not be able to remember your preferences
13.7 Cookie Retention
Different cookies have different retention periods:
Session cookies: Deleted when you close your browser
Persistent cookies: Retained for periods ranging from 30 days to 2 years
Analytics cookies: Typically retained for 26 months
Marketing cookies: Retention periods vary by provider

Marketing Communications
14.1 Types of Marketing Communications
Oltan Online may send you various types of marketing communications, always in
compliance with POPIA and applicable marketing regulations:
Email Marketing:

Monthly newsletters featuring industry insights and company updates
Service announcements and new offering introductions
Educational content including whitepapers, case studies, and guides
Event invitations and webinar announcements
Promotional offers and special pricing communications
Social Media Marketing:
Targeted advertising on LinkedIn, Facebook, and other platforms
Organic content sharing and engagement
Industry thought leadership and commentary
Client success stories and testimonials
Company news and culture content
Direct Communications:
Personalized business development outreach
Follow-up communications after meetings or events
Customized proposals and service recommendations
Industry event networking and relationship building
Partnership and collaboration opportunities
14.2 Consent and Opt-In Procedures
Explicit Consent:
We obtain explicit consent before adding you to our marketing communications lists.
This consent is:
Freely given and specific to marketing purposes
Informed with clear information about what you’re consenting to
Unambiguous through positive action (not pre-ticked boxes)
Documented with records of when and how consent was obtained
Double Opt-In:
For email marketing, we use a double opt-in process where:
You initially provide your email address and consent
We send a confirmation email with a verification link
You must click the verification link to confirm your subscription
Only then are you added to our marketing lists
Consent Records:
We maintain detailed records of marketing consent including:
Date and time of consent
Method of consent collection
Specific communications consented to
IP address and other technical details
Any subsequent changes to consent status
14.3 Personalization and Targeting
Behavioral Targeting:
We may personalize marketing communications based on:
Your interactions with our website and content
Services you’ve inquired about or purchased
Industry sector and company size
Geographic location and market preferences
Engagement history with previous communications
Segmentation:
We segment our marketing lists to ensure relevance:
Industry-specific content and offers
Service-based segmentation
Geographic and language preferences
Engagement level and communication frequency
Customer lifecycle stage and relationship status
Automated Marketing:
We use marketing automation tools to:
Send triggered emails based on website behavior
Nurture leads through educational content sequences
Re-engage inactive subscribers
Provide timely and relevant communications
Track and analyze marketing performance
14.4 Opt-Out and Unsubscribe
Easy Unsubscribe:
Every marketing email includes:
Clear and prominent unsubscribe links
One-click unsubscribe functionality
Options to modify preferences rather than complete removal
Confirmation of unsubscribe action
Processing within 10 business days
Preference Management:
We provide preference centers where you can:
Choose specific types of communications to receive
Adjust frequency of communications
Update contact information and preferences
Temporarily pause communications
Manage consent for different marketing channels
Suppression Lists:
We maintain suppression lists to ensure:
Unsubscribed contacts are not re-added to marketing lists
Opt-out preferences are respected across all systems
Legal compliance with marketing regulations
Regular auditing and cleaning of marketing databases
Proper handling of bounced and invalid email addresses
14.5 Third-Party Marketing
Partner Communications:
We may share your information with trusted partners for joint marketing initiatives, but
only:
With your explicit consent
Under strict data protection agreements
For specific, disclosed purposes
With the ability to opt-out at any time
In compliance with all applicable privacy laws
Co-Marketing:
When participating in co-marketing activities:
We clearly identify all parties involved
Obtain separate consent for each party’s communications
Provide opt-out mechanisms for each party
Ensure all parties comply with privacy requirements
Maintain records of consent and opt-out preferences
14.6 Marketing Analytics and Measurement
Performance Tracking:
We track marketing performance through:
Email open rates and click-through rates
Website traffic and conversion metrics
Social media engagement and reach
Lead generation and qualification rates
Return on investment and campaign effectiveness
Privacy-Compliant Analytics:
Our marketing analytics practices:
Use aggregated and anonymized data where possible
Implement privacy-by-design principles
Comply with cookie consent requirements
Provide transparency about tracking methods
Allow opt-out from tracking and analytics
14.7 Compliance and Best Practices
Regulatory Compliance:
Our marketing practices comply with:
POPIA requirements for consent and processing
Consumer Protection Act provisions
Electronic Communications and Transactions Act
Industry-specific marketing regulations
International standards for cross-border marketing
Best Practice Standards:
We follow industry best practices including:
Regular training for marketing staff on privacy requirements
Documented procedures for consent management
Regular audits of marketing databases and practices
Prompt handling of complaints and opt-out requests
Continuous improvement of privacy protection measures

Data Breach Notification
15.1 Breach Detection and Response
Oltan Online has implemented comprehensive procedures to detect, assess, and
respond to data breaches in accordance with POPIA requirements and industry best
practices.
15.2 Breach Definition and Classification
What Constitutes a Breach:
A data breach includes any incident where personal information is:

Accessed by unauthorized persons
Disclosed without authorization
Lost or stolen
Altered or destroyed without authorization
Made available to unauthorized persons
Breach Classification:
We classify breaches based on:
Severity of potential harm to data subjects
Number of individuals affected
Types of personal information involved
Likelihood of misuse or further disclosure
Availability of mitigation measures
15.3 Immediate Response Procedures
Incident Detection:
Our breach detection mechanisms include:
Automated security monitoring and alerts
Staff reporting procedures
Regular security audits and assessments
Third-party security notifications
Customer and public reports
Immediate Actions:
Upon detecting a potential breach, we:
Contain the incident to prevent further unauthorized access
Assess the scope and nature of the breach
Preserve evidence for investigation
Implement immediate remediation measures
Document all actions taken
Investigation Process:
Our investigation includes:
Forensic analysis of affected systems
Determination of root cause
Assessment of personal information involved
Evaluation of potential harm to data subjects
Identification of remediation requirements
15.4 Notification to Information Regulator
Notification Requirements:
In accordance with section 22 of POPIA, we will notify the Information Regulator of data
breaches that are likely to result in harm to data subjects.
Notification Timeline:
Initial notification: As soon as reasonably possible after becoming aware of the breach
Detailed report: Within 72 hours of initial notification
Follow-up reports: As investigation progresses and additional information becomes
available
Notification Content:
Our notifications to the Information Regulator include:
Description of the nature of the breach
Categories and approximate number of data subjects affected
Categories and approximate number of personal information records involved
Likely consequences of the breach
Measures taken or proposed to address the breach
Contact details for further information
15.5 Notification to Data Subjects
Notification Criteria:
We will notify affected data subjects when a breach is likely to result in a high risk of
harm, considering:
Sensitivity of personal information involved
Likelihood of misuse or identity theft
Potential for financial or reputational harm
Availability of mitigation measures
Public interest considerations
Notification Methods:
We will notify data subjects through:
Direct email or postal communication
Prominent website notices
Public announcements in media
Social media communications
Other appropriate channels based on circumstances
Notification Content:
Our notifications to data subjects include:
Clear description of what happened
Types of personal information involved
Steps we have taken to address the breach
Recommendations for protecting themselves
Contact information for questions and support
Information about complaint procedures
15.6 Remediation and Follow-Up
Immediate Remediation:
Closing security vulnerabilities
Implementing additional security measures
Providing credit monitoring services (if applicable)
Offering identity protection services
Providing ongoing support and assistance
Long-Term Improvements:
Reviewing and updating security policies
Enhancing staff training and awareness
Implementing additional technical safeguards
Conducting comprehensive security assessments
Updating incident response procedures
Documentation and Reporting:
Maintaining detailed records of all breaches
Documenting lessons learned and improvements
Providing regular reports to management
Conducting post-incident reviews
Sharing relevant information with industry peers
15.7 Delayed Notification
Circumstances for Delay:
We may delay notification to data subjects if:
Law enforcement requests delay for investigation purposes
The Information Regulator advises delay
Immediate notification would impede criminal investigation
Delay is necessary to implement security measures
Public safety considerations require delay
Monitoring and Review:
Regular review of delay justifications
Coordination with relevant authorities
Documentation of delay decisions and rationale
Prompt notification when delay is no longer necessary
Ongoing assessment of data subject risk

Third-Party Services and Links
16.1 Third-Party Service Providers
Oltan Online works with various third-party service providers to deliver our services
effectively. We carefully select and manage these relationships to ensure appropriate
protection of your personal information.
16.2 Categories of Third-Party Services
Technology and Infrastructure:

Cloud hosting providers (AWS, Microsoft Azure, Google Cloud)
Content delivery networks and performance optimization
Database and analytics platforms
Security and monitoring services
Backup and disaster recovery providers
Business and Professional Services:
Customer relationship management (CRM) systems
Email marketing and communication platforms
Project management and collaboration tools
Accounting and financial management systems
Legal and professional advisory services
Marketing and Analytics:
Web analytics platforms (Google Analytics)
Social media management tools
Advertising and marketing platforms
Survey and feedback collection tools
Market research and intelligence services
16.3 Due Diligence and Selection
Vendor Assessment:
Before engaging third-party services, we conduct thorough assessments including:
Security and privacy policy reviews
Compliance with applicable data protection laws
Technical and organizational security measures
Financial stability and business continuity
References and reputation in the market
Contractual Requirements:
All third-party service agreements include:
Data processing clauses compliant with POPIA
Security and confidentiality requirements
Incident notification and response procedures
Audit rights and compliance monitoring
Data return and deletion obligations
16.4 Ongoing Management
Regular Reviews:
We conduct regular reviews of third-party services including:
Annual security and compliance assessments
Monitoring of service performance and reliability
Review of contract terms and conditions
Assessment of changing business needs
Evaluation of alternative service providers
Incident Management:
When third-party incidents occur, we:
Coordinate response with the service provider
Assess impact on our clients and operations
Implement additional protective measures if necessary
Communicate with affected parties as appropriate
Document lessons learned and improvements
16.5 External Links and Integrations
Website Links:
Our website may contain links to third-party websites, including:
Client websites and portfolios
Industry resources and publications
Social media platforms
Partner and vendor websites
Educational and reference materials
Social Media Integration:
We integrate with social media platforms for:
Content sharing and engagement
Social login and authentication
Marketing and advertising campaigns
Customer support and communication
Industry networking and thought leadership
Embedded Content:
Our website may include embedded content from:
Video platforms (YouTube, Vimeo)
Social media feeds and widgets
Maps and location services
Document and presentation viewers
Third-party tools and applications
16.6 Privacy Implications
Data Sharing:
When you interact with third-party services through our website:
Your personal information may be shared with those services
Third-party privacy policies will apply to their processing
We are not responsible for third-party privacy practices
You should review third-party privacy policies before use
Tracking and Analytics:
Third-party services may:
Set cookies and tracking technologies on your device
Collect information about your browsing behavior
Use information for their own purposes
Share information with their partners and affiliates
16.7 Your Choices and Controls
Managing Third-Party Interactions:
You can control third-party interactions by:
Reviewing and adjusting cookie preferences
Using browser privacy settings and extensions
Opting out of third-party tracking where available
Avoiding interaction with third-party content
Contacting us with questions or concerns
Alternative Options:
Where possible, we provide alternatives to third-party services:
Direct contact methods instead of social media
Native website functionality instead of third-party tools
Manual processes instead of automated integrations
Local hosting instead of external services

Children’s Privacy
17.1 Age Restrictions
Oltan Online’s services are designed for businesses and adult professionals. We do not
knowingly collect personal information from children under the age of 18 without
appropriate parental consent.
17.2 Inadvertent Collection
If we become aware that we have inadvertently collected personal information from a
child under 18:

We will take immediate steps to delete such information
We will not use the information for any purpose
We will not disclose the information to third parties
We will implement additional safeguards to prevent future collection
17.3 Parental Rights
Parents and guardians have the right to:
Request access to their child’s personal information
Request correction or deletion of their child’s information
Withdraw consent for processing their child’s information
Object to marketing communications directed at their child
17.4 Educational and Training Content
When we provide educational content or training that may be accessed by minors:
We obtain appropriate parental consent where required
We implement age-appropriate privacy protections
We limit data collection to what is necessary for the service
We provide clear information about our privacy practices

Changes to This Privacy Policy
18.1 Policy Updates
Oltan Online may update this Privacy Policy from time to time to reflect changes in our
practices, services, legal requirements, or business operations.
18.2 Notification of Changes
Significant Changes:
For material changes to this Privacy Policy, we will:

Provide at least 30 days’ advance notice
Send email notifications to registered users
Post prominent notices on our website
Provide opportunities to review and comment
Allow time for you to exercise your rights before changes take effect
Minor Changes:
For minor or administrative changes, we will:
Update the “Last Updated” date at the top of this policy
Post the updated policy on our website
Maintain previous versions for reference
Provide summaries of changes upon request
18.3 Continued Use
Your continued use of our services after changes take effect constitutes acceptance of
the updated Privacy Policy. If you do not agree with changes, you may:
Discontinue use of our services
Request deletion of your personal information
Exercise your rights under the previous policy terms
Contact us to discuss your concerns
18.4 Version Control
We maintain version control for this Privacy Policy including:
Date stamps for all revisions
Summaries of changes made
Archive of previous versions
Documentation of approval processes
Records of notification and communication

Complaints and Disputes
19.1 Internal Complaint Process
If you have concerns about our privacy practices or believe your rights have been
violated:
Step 1: Contact Our Information Officer

Email: privacy@oltan.co.za
Phone: (+27) 71 868 9307
Provide detailed description of your concern
Include relevant documentation or evidence
Specify the resolution you are seeking
Step 2: Investigation and Response
We will acknowledge your complaint within 5 business days
Conduct thorough investigation of your concerns
Provide substantive response within 30 days
Implement corrective measures if necessary
Document the complaint and resolution
Step 3: Internal Review
If you are not satisfied with our initial response:
Request review by senior management
Independent assessment of the complaint
Additional investigation if required
Final response within 30 days of review request
19.2 External Complaint Options
Information Regulator of South Africa:
Website: www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Phone: +27 12 406 4818
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg
Legal Remedies:
You may also pursue legal remedies through:
High Court applications for urgent relief
Civil claims for damages
Constitutional Court for constitutional matters
Alternative dispute resolution mechanisms
19.3 Complaint Documentation
We maintain records of all complaints including:
Nature and details of the complaint
Investigation procedures and findings
Corrective measures implemented
Communication with complainants
Lessons learned and process improvements

Contact Information
20.1 General Contact Details
Oltan Online (Pty) Ltd
Website: https://www.oltan.co.za
Email: info@oltan.co.za
Phone: (+27) 71 868 9307
20.2 Privacy-Specific Contacts
Information Officer:
Email: privacy@oltan.co.za
Phone: (+27) 71 868 9307
Data Protection Queries:
Email: dataprotection@oltan.co.za
Security Incidents:
Email: security@oltan.co.za
Phone: (+27) 71 868 9307 (24/7 emergency line)
20.3 Physical Address
73 Buitekring Rd, Dalsig, Stellenbosch, 7600, South Africa
20.4 Business Hours
Office Hours:
Monday to Friday: 8:00 AM – 5:00 PM (SAST)
Saturday: 9:00 AM – 1:00 PM (SAST)
Sunday: Closed
Emergency Contact:
For urgent privacy or security matters, contact us at (+27) 71 868 9307
Conclusion
This Privacy Policy represents Oltan Online’s commitment to protecting your personal
information and respecting your privacy rights. We encourage you to read this policy
carefully and contact us if you have any questions or concerns.
By using our services, you acknowledge that you have read, understood, and agree to be
bound by this Privacy Policy and our commitment to protecting your personal
information in accordance with POPIA and other applicable laws.
Document Information:

This Privacy Policy is governed by South African law and complies with the Protection of
Personal Information Act, 2013 (Act No. 4 of 2013) and other applicable privacy and data
protection laws.