POPIA Notice & Consent

POPIA Notice & Consent

This notice explains how we collect and use personal information, and how consent applies when you contact us.

Effective: 23 December 2025 Last updated: 23 December 2025

Consent by Contacting Us

By contacting us (via contact form, email, phone call, WhatsApp, social media message, or any other channel), you voluntarily provide your personal information and you expressly consent to Web&AppPro (Terrence Munodei) collecting, using, storing, and processing that information for the purposes described in this notice.

This consent is limited to enabling us to respond to your enquiry, communicate with you, prepare quotes/proposals, deliver requested services, and comply with legal obligations. You can withdraw consent at any time (see “Your Rights”), but withdrawal may affect our ability to assist you.

1. Responsible Party

The “Responsible Party” (as defined under the Protection of Personal Information Act, 2013 (“POPIA”)) is:

2. Scope

This notice applies when you visit our website, submit an enquiry, request a quote, purchase or receive services, or communicate with us through any channel.

3. Information We Collect

Depending on how you engage with us, we may collect:

  • Identity & contact details: name, email address, phone number, company name, role.
  • Project and service information: requirements, scope notes, timelines, feedback, briefs, specifications, designs, assets you provide.
  • Billing details: invoicing information, payment references, VAT details (if applicable).
  • Technical and usage data: IP address, device/browser data, pages visited, cookies/analytics data (where enabled).
  • Communications: messages via email, WhatsApp, calls, contact forms, and similar.

Minimality: We aim to collect only what is reasonably necessary to deliver the purpose you requested.

4. Purposes of Processing

We process personal information to:

  • Respond to your enquiry and communicate with you.
  • Assess feasibility, prepare quotes/proposals, and scope work.
  • Deliver services (websites, web apps, mobile apps, prototypes/MVPs, managed websites, infrastructure implementation, AI integration, project management).
  • Manage our relationship with you (support, updates, issue resolution).
  • Invoice you, receive payment, and maintain accounting records.
  • Protect our website and services against fraud, abuse, or security threats.
  • Comply with applicable laws and regulatory obligations.

5. Lawful Basis (How Processing is Justified)

Under POPIA, processing must be lawful and reasonable. We rely on one or more of the following bases, depending on the context:

  • Consent: where you explicitly or implicitly consent (for example, when you contact us and provide your details to receive a response).
  • Contract / steps prior to contract: to provide a quote, engage on a project, and deliver agreed services.
  • Legitimate interests: to run and secure our business, prevent abuse, and maintain service quality.
  • Legal obligation: where we must keep records or comply with law.

Important: If you want the consent statement to be “exclusive” in a strict sense, you should also present a checkbox on your contact form (“I consent…”) and store a timestamp + IP + wording version.

6. Sharing, Operators & Sub-processors

We do not sell personal information. We may share information only when necessary to provide services or comply with law, including with:

  • Hosting & infrastructure providers (e.g., website hosting, cloud services).
  • Communication tools (email, WhatsApp, ticketing/support tools, conferencing tools).
  • Analytics tools (only if enabled on your site and subject to cookie settings).
  • Payment processors (where you pay for services and processing is required).
  • Professional advisors (e.g., accountants, legal counsel) when necessary.
  • Regulators / law enforcement where required by law.

Where a third party processes personal information on our behalf, we treat them as an “operator” and require appropriate confidentiality and security safeguards.

7. Retention

We keep personal information only for as long as needed for the purpose it was collected, unless a longer retention period is required by law (e.g., accounting records) or necessary to resolve disputes or enforce agreements.

8. Security Safeguards

We take reasonable technical and organisational measures to secure personal information against loss, unauthorised access, or disclosure. Measures may include access controls, least-privilege, encryption in transit where supported, backups, and security monitoring.

No system can be guaranteed 100% secure. If a breach occurs that requires notification under applicable law, we will take appropriate steps to notify affected parties and/or the Information Regulator where required.

9. Your Rights

Subject to POPIA and applicable law, you may request:

  • Access to your personal information we hold.
  • Correction or deletion of inaccurate, irrelevant, excessive, or unlawfully obtained information.
  • Restriction or objection to processing in certain circumstances.
  • Withdrawal of consent (where we rely on consent).

To exercise rights, email hello@terrencemunodei.co.za. We may ask for reasonable verification before acting on a request.

Withdrawing consent: If you withdraw consent, we may still retain minimal data needed for legal compliance, invoicing records, dispute resolution, or security logs, as permitted by law.

10. Cross-border Transfers

Some service providers may store or process data outside South Africa. Where cross-border transfers occur, we take steps to ensure appropriate safeguards consistent with POPIA (for example, contractual protections and reputable providers).

11. Children

Our services are not directed to children. If you are a minor, you should have consent from a competent person/guardian before providing personal information.

12. Changes to this Notice

We may update this notice from time to time. Changes will be posted on this page with an updated “Last updated” date.

13. Contact

If you have questions or complaints regarding POPIA or this notice, contact:

Optional: Add a line here with your Information Officer contact (if you designate one), and add your cookie banner + cookie policy link if you use analytics/marketing cookies.