Privacy Policy

1. Introduction & Interpretation

1.1. DRAM (“DRAM”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”) and other applicable laws.

1.2. This Privacy Policy governs how we may collect, use, store, and share personal information when you visit our website https://dram.co.za/ (the “Website”) and use our services, and how you can exercise your rights in relation to that information.

1.3. By accessing or using the Website, or otherwise providing personal information to us, you acknowledge that you have read, understood, and consent to the practices described in this Policy (to the extent consent is required under POPIA), and that you are aware of your rights.

1.4. Words defined in POPIA (or other applicable laws) shall have the same meaning here. In particular:

  • “Personal Information” means any information relating to an identifiable, living natural person (or, where applicable, a juristic person), and includes but is not limited to name, contact details, identity numbers, email addresses, IP addresses, browser information, etc.

  • “Operator” means a person who processes personal information on behalf of a responsible party.

  • “Responsible Party” means the person or entity which determines the purpose of and means for processing personal information (in this case, DRAM).

2. The Personal Information We Collect & How

We may collect the following categories of personal information:

Category Examples / What We Collect Source Purpose
Identity / contact details Name, email address, telephone number, physical address You (via forms or communications) To contact you, respond to inquiries, provide services, billing, support
Account / login credentials Username, password, profile information You If your use involves registration or login
Usage & technical data IP address, browser type/version, device, pages visited, time stamps, clickstream / Web logs Automatically collected via cookies / web analytics To monitor and improve Website performance, usage analytics, troubleshooting
Communication data Correspondence between you and us, support requests You / our communications systems To maintain our records and respond to your requests
Marketing preferences Whether you opt in to communications, preferences You To send you marketing or promotional communications if you consent

We generally collect personal information directly from you (when you fill in a form, contact us, subscribe, etc.). We may also collect technical/usage data automatically via cookies, tracking technologies, and logs.

Where possible, we endeavour to indicate which fields are required and which are optional when you provide information to us.

3. Legal Basis / Lawful Processing Under POPIA

Under POPIA, we may process your personal information only if one or more of the following applies:

  • You have given consent (where required) for a specific purpose.

  • Processing is necessary for the performance of a contract to which you are a party (or to take steps prior to entering the contract).

  • Processing is required by law or regulation.

  • Processing is necessary to protect a legitimate interest (either yours or ours) and does not unduly prejudice your rights.

  • Processing is necessary for the proper performance of a public law duty or in the public interest (where applicable).

  • In limited cases, further processing (i.e. for a different purpose) is allowed if compatible with the original purpose.

We will not process your personal information for purposes incompatible with those for which it was collected, unless you give fresh consent or unless permitted by law.

4. Cookies, Tracking & Analytics

4.1 Use of Cookies and Similar Technologies
We use cookies and similar tracking technologies (e.g. pixel tags, web beacons, local storage) to collect technical and usage information, to help us understand traffic, site usage, performance, and user preferences.

4.2 Types of Cookies / Tracking

  • Essential / Strictly necessary cookies: required for core site functionality (e.g. login, security, session management).

  • Performance / Analytics cookies: to collect aggregated, anonymous data about website usage, e.g. Google Analytics.

  • Functional cookies: to remember your choices and preferences (e.g. language, region).

  • Marketing / Advertising cookies: to deliver advertisements relevant to you, to measure ad effectiveness, etc.

4.3 Consent and Control
Because cookies and tracking can involve processing personal information (e.g. IP addresses), we will seek your consent (where required) before setting non-essential cookies. You may accept or reject non-essential cookies via a cookie consent banner or settings on the Website.

4.4 Disabling / Managing Cookies
You can typically disable or restrict cookies via your browser settings. However, doing so may affect the functionality of the Website, and some features may not work properly.

4.5 Third-Party Cookies
We may allow third-party service providers (e.g. analytics, advertising networks) to place cookies via the Website. We strive to disclose which third parties are involved and for what purposes.

5. How We Use Personal Information & Disclosure to Third Parties

5.1 Purposes of Use
We will use your personal information for the following purposes (to the extent permitted):

  • To respond to your inquiries, requests, or communications

  • To render services you request

  • To manage your account or registration

  • To send you newsletters, marketing materials or promotional offers (if you opt in)

  • To monitor, analyze, and improve our Website, services and user experience

  • To detect, prevent, or investigate security issues, fraud, or abuse

  • To comply with legal obligations, court orders, audits, or regulatory requests

  • To enforce our rights, such as in relation to legal claims or disputes

5.2 Disclosure to Third Parties / Operators
We may share your personal information with:

  • Service providers, agents, contractors, or “operators” who perform services for us (e.g. hosting providers, analytics providers, email providers).

  • Third parties with whom we partner (subject to your consent or as permitted by law).

  • Law enforcement, courts, government or regulatory bodies, when required by law or in response to lawful requests.

  • Successors in interest (e.g. in case of a merger, acquisition, sale of assets).

We require that these third parties safeguard your personal information and comply with applicable data protection laws. We enter into agreements with them to ensure they treat personal information with confidentiality and security.

5.3 Cross-border Transfers
If we transfer your personal information outside South Africa, we will ensure that:

  • The foreign jurisdiction provides adequate protection or

  • Suitable safeguards are in place (e.g. contractual clauses, binding corporate rules, consent)

  • You are notified of such transfers and the mechanisms in place to protect your data.

POPIA allows cross-border transfers if one of the permissible conditions is met. InCountry+2Data Privacy Manager+2

6. Retention & Deletion

6.1 We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law (e.g. for tax, accounting, or record-keeping purposes).

6.2 Once the retention period expires or you request deletion (if applicable), we will securely destroy, anonymize, or delete your personal information, except to the extent that we are legally permitted or required to retain it.

7. Security & Safeguards

7.1 We implement reasonable technical, physical, and organizational measures to protect personal information against unauthorized access, loss, alteration, or destruction (e.g. encryption, access controls, secure storage).

7.2 We regularly review and update our security measures in light of evolving risks, technology, and threats.

7.3 In the event of a data breach (i.e. unauthorized access or disclosure of personal information), we will:

  • As soon as reasonably possible, notify the affected data subject(s), unless such notification would impede a criminal investigation or contravene other legal obligations

  • Report the breach to the Information Regulator, when required under POPIA

  • Take reasonable steps to contain, mitigate, and remediate the breach

POPIA requires notification of security compromises as part of the conditions for lawful processing. Data Privacy Manager+3Termly+3Scytale+3

8. Your Rights as a Data Subject

Under POPIA, you have a number of rights in relation to your personal information. To exercise any right, you may contact us (see Section 11 below). We may require proof of identity before acting.

Some of your rights include:

  1. Right to access — request a record or description of personal information we hold about you.

  2. Right to correction / updating — ask us to correct, update, or complete your personal information.

  3. Right to deletion / destruction / de-identification — subject to legal or contractual constraints, request deletion of your data.

  4. Right to object to processing — in certain circumstances, object to our processing of your personal information (e.g. direct marketing).

  5. Right to restrict or limit processing — request restriction of certain processing activities.

  6. Right to withdraw consent — where processing is based on your consent, you may withdraw that consent (though withdrawal does not affect prior lawful processing).

  7. Right to complain — lodge a complaint with us; or with the Information Regulator (South Africa).

We will respond to requests in a reasonable time, as required by law.

9. Direct Marketing & Electronic Communications

If you opt in, we may send you marketing communications (email, SMS, newsletters) about our services, offers, and events. You may unsubscribe or opt-out at any time, via a link in such communications or by contacting us.

We will not send you marketing communications without your explicit consent (unless permitted by law). If you are an existing client, we may have limited rights to send you offers related to similar products or services, but we will always provide a clear opt-out mechanism.

10. Links to Other Websites & Third-Party Services

Our Website may contain links to other websites or services operated by third parties. This Privacy Policy does not apply to those third-party sites, and we encourage you to review their privacy policies independently. We are not responsible for their practices or content.

11. Contact, Information Officer & Complaints

11.1 Information Officer
In terms of POPIA, DRAM has designated an Information Officer who is responsible for ensuring compliance with this Policy and POPIA obligations.

Information Officer:
[Name of Information Officer or title]
[Address]
[Email address]
[Telephone number]

11.2 Deputy Information Officer (if applicable)
[Name, contact details]

11.3 Queries, Requests, or Complaints
If you have questions about this Policy, wish to access, correct, or delete your personal information, or make a complaint, you may contact our Information Officer using the details above.

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator, whose contact details are published on their official website.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, practice, technology, or our business. When we make changes, we will update the “Last updated” date above. We encourage you to review this page periodically for any updates.

Your continued use of the Website after changes will constitute acceptance of those changes (if consent is required, we will seek fresh consent).

13. Miscellaneous

  • If any provision of this Policy is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

  • This Policy is governed by South African law.

  • Nothing in this Policy confers rights on third parties.