Privacy Policy

1. Who we are

MVT Systems is a South African IT services provider delivering managed IT, Microsoft 365, Azure cloud hosting, cybersecurity, backups, connectivity and voice solutions to businesses across South Africa. For the purposes of POPIA, MVT Systems acts as the responsible party for personal information collected through our website and direct interactions, and as an operator when processing client-owned personal information in the course of delivering contracted services.

Contact: info@mvt-systems.co.za · +27 10 006 5530

2. Information we collect

We only collect information that is necessary, relevant and proportionate to the purpose for which it is collected.

2.1 Information you provide directly

• Contact and enquiry information submitted through our website forms, email or phone — including full name, company name, business email address, contact number and the contents of your enquiry.
• Service onboarding information required to deliver contracted services — including billing details, technical contacts, environment information and authorised approvers.
• Support information shared when raising tickets, including descriptions of the issue, screenshots, logs and device identifiers.

2.2 Information we collect automatically

• Website analytics such as pages viewed, referring URL, approximate location (derived from IP), browser and device type. We use this only in aggregated form to improve the site.
• Security and integrity data such as IP address, user agent and timestamps, used to detect abuse, spam and automated submissions.

2.3 Information we process on behalf of clients

When delivering managed services, we may process personal information that belongs to our clients (for example, end-user mailbox data, account identities, device telemetry, log data and backup contents). This information is processed strictly under the terms of the relevant client agreement and only for the purposes of delivering, supporting and securing the contracted services.

3. How we use your information

We use personal information for the following purposes:

• To respond to enquiries and provide requested information.
• To deliver, support, maintain and improve the services you have engaged us for, including Microsoft 365, Azure, backups, cybersecurity and connectivity.
• To manage licensing, renewals, billing and contractual communication.
• To detect, prevent and respond to security incidents, fraud and misuse of services.
• To comply with legal, regulatory and contractual obligations.
• To send relevant operational notifications. Marketing communication is only sent where you have a legitimate business relationship with us or have opted in, and you can unsubscribe at any time.

We do not sell, rent or trade your personal information to any third party.

4. Legal basis for processing

We process personal information on one or more of these bases:

• Consent — for example when you complete our contact form or subscribe to updates.
• Performance of a contract — when processing is necessary to deliver the services you have engaged us for.
• Legal obligation — where required to comply with applicable laws, including tax, accounting and regulatory requirements.
• Legitimate interests — for example to secure our services, prevent abuse, recover debts and operate our business, where these interests are not overridden by your rights.

5. Sharing and disclosure

We share personal information only where it is necessary and lawful, and only with parties that provide appropriate protection for the information. This may include:

• Service providers and sub-processors who help us deliver our services (for example Microsoft, our hosting, monitoring, ticketing, billing and communication platforms).
• Professional advisers such as auditors, lawyers and accountants under appropriate confidentiality obligations.
• Regulators, law enforcement or courts where we are legally required to disclose information.
• Acquirers in the event of a merger, acquisition or business reorganisation, subject to the same protections set out in this policy.

6. International transfers

Some of our service providers (including Microsoft 365 and Azure) may process information outside of South Africa. Where this occurs, we ensure that the receiving country, organisation or contract provides an adequate level of protection for personal information, in line with section 72 of POPIA and equivalent international frameworks.

7. Data retention

We retain personal information only for as long as it is needed for the purpose it was collected, or as required by law. Typical retention periods include:

• Enquiry data — retained for up to 24 months from last contact, then deleted or anonymised.
• Contractual and billing records — retained for the duration of the relationship and for as long as required by South African tax and company law (typically 5 years).
• Support and security logs — retained for the period set out in the relevant service agreement or as required for security investigations.
• Client-owned data — retained and returned or deleted in line with the relevant client agreement.

8. How we protect your information

We apply appropriate technical and organisational measures to protect personal information against loss, unauthorised access, alteration and disclosure, including:

• Encryption of data in transit (TLS) and at rest where supported.
• Multi-factor authentication and Conditional Access on staff accounts.
• Role-based access control and the principle of least privilege.
• Endpoint protection, patch management and centralised logging.
• Tenant-side audit logging and monitoring.
• Vendor due diligence on sub-processors handling personal information.
• Staff confidentiality obligations and security awareness training.

No system is completely secure, but we work continuously to align our controls with current good practice and industry standards.

9. Cookies and similar technologies

When you first visit our website you are asked to accept or decline analytics cookies via our cookie consent banner. Analytics cookies (Google Analytics 4) are only loaded if you accept. You can change your choice at any time using the “Cookie preferences” link in the footer. Our website otherwise uses only a minimal set of cookies and similar technologies, limited to those needed for the site to function and to understand aggregate usage. We do not use third-party advertising cookies. You can control or block cookies through your browser settings.

10. Your rights

Subject to applicable law, you have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of personal information where it is no longer required and no legal obligation applies.
• Object to processing based on legitimate interests, and to direct marketing at any time.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.

To exercise any of these rights, contact us at info@mvt-systems.co.za. We will respond within a reasonable period and in line with our legal obligations. We may need to verify your identity before acting on a request.

11. Children

Our services are intended for businesses. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently received such information, please contact us and we will take appropriate action.

12. Data breaches

If a security compromise involves personal information for which we are responsible, we will notify the Information Regulator and any affected parties as required under section 22 of POPIA, without undue delay, with the information necessary to take protective action.

13. Third-party links

Our website may link to third-party sites (such as our security posture portal, social channels and vendor pages). We are not responsible for the privacy practices of those sites and encourage you to review their policies.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our services, technology, legal requirements or industry practice. The current version is always published at this URL with a "last updated" date. Material changes will be communicated through reasonable channels.

15. Contact and complaints

For any privacy enquiry, request or complaint, contact our Information Officer at:

• Email: info@mvt-systems.co.za
• Phone: +27 10 006 5530

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa).