Privacy Policy

Effective date: 24 April 2026  |  Version 1.0

COMA-IT ("we", "us", "our") is committed to protecting the privacy and security of personal information we collect and process. This policy describes how we handle personal data in compliance with the Protection of Personal Information Act (POPIA) and, where applicable, the General Data Protection Regulation (GDPR).

1. Who We Are

COMA-IT is a managed IT services provider based in South Africa. Our contact details are:

• Email: info@coma-it.co.za
• Address: South Africa

2. Information We Collect

We collect personal information only to the extent necessary to provide our services:

• Contact enquiries: Name, email address, phone number, and message content submitted via our contact form.
• Service delivery: Business contact details, system access credentials (stored encrypted), and IT configuration data necessary to deliver managed services.
• Website usage: Server logs (IP addresses, timestamps, browser type) retained for security and audit purposes.

3. How We Use Your Information

• To respond to your enquiries and provide requested services.
• To manage and deliver managed IT services under a service agreement.
• To maintain audit logs for security monitoring and incident response (SOC 2 CC7).
• To comply with legal and regulatory obligations.

We do not sell, rent, or trade your personal information to third parties.

4. Legal Basis for Processing

• Contractual necessity: Processing required to deliver services under agreement.
• Legitimate interests: Security monitoring, fraud prevention, and audit logging.
• Consent: Where you have explicitly provided consent (e.g., contact form submission).
• Legal obligation: Where required by applicable law.

5. Data Retention

We retain personal data only as long as necessary:

• Contact form submissions: 12 months unless an ongoing service relationship is established.
• Audit logs: 12 months minimum (SOC 2 requirement), then securely destroyed.
• Service delivery data: Duration of the service agreement plus 5 years for legal compliance.

6. Data Security

We implement technical and organisational measures to protect your data, including:

• TLS encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Access controls with principle of least privilege.
• Regular security assessments and vulnerability management.
• Audit logging and access monitoring.

7. Your Rights

Under POPIA and GDPR, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information (subject to legal retention requirements).
• Object to certain types of processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time (where consent is the basis for processing).

To exercise any of these rights, contact us at info@coma-it.co.za. We will respond within 30 days.

8. Cookies

This website uses only a single session cookie (strictly necessary) to maintain your session state and security controls (CSRF protection). No analytics, tracking, or advertising cookies are used.

9. Third-Party Services

Our website may load fonts from Google Fonts and icons from Font Awesome via CDN. These services may collect limited technical data (IP address, browser headers) per their own privacy policies. No personal data you submit to us is shared with these providers.

10. Children's Privacy

Our services are directed at businesses, not individuals under 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will reflect the latest revision. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact & Complaints

For privacy-related queries or complaints, contact our Information Officer at info@coma-it.co.za. You also have the right to lodge a complaint with the Information Regulator of South Africa.