1. Introduction
KTH Tech (Pty) Ltd ("KTH Tech", "we", "us", or "our"), based in Pretoria, South Africa, respects your right to privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you interact with our website, platforms, and services.
We comply with the Protection of Personal Information Act, 2013 (POPIA) and all applicable South African data protection legislation. By accessing or using our website and services, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
We collect the following categories of information:
Personal Data (provided directly by you):
- Identity information — your name and surname
- Contact information — email address, phone number
- Professional information — company name, job title, industry
- Communication data — enquiry messages submitted through our contact forms
Usage Data (collected automatically):
- Technical data — IP address, browser type and version, operating system, device type
- Browsing data — pages visited, time spent on pages, referring URLs, click patterns
- Location data — approximate geographic location derived from your IP address
Cookies and Tracking Technologies:
- Session and persistent cookies as detailed in Section 4 (Cookie Policy) below
- Local storage data used for site preferences (e.g., cookie consent choice)
We collect personal data directly from you when you submit a contact form, send us an email, or engage with our services. Usage data is collected automatically through cookies and similar technologies when you browse our website.
3. How We Use Your Information
Your personal information is used for the following lawful purposes:
- Service delivery — providing and delivering our consulting, platform development, and project delivery services
- Communication — responding to your enquiries, providing customer support, and sending relevant updates about our services where you have consented
- Analytics and improvement — analysing website usage patterns to improve the functionality, performance, and user experience of our website and platforms
- Legal compliance — complying with legal and regulatory obligations, including POPIA, tax laws, and any court orders
- Security — detecting, preventing, and addressing technical issues, fraud, or security threats
- Business operations — managing our internal business processes, including administration, billing, and record-keeping
We process your information on the following legal bases under POPIA: your consent, performance of a contract, compliance with a legal obligation, or our legitimate interests (where these do not override your rights).
4. Cookie Policy
Our website uses cookies and similar technologies to enhance your experience. Cookies are small text files stored on your device when you visit our website.
Types of cookies we use:
- Essential cookies — required for the website to function correctly. These include session cookies and cookies that remember your cookie consent preference. These cannot be disabled.
- Functional cookies — remember your preferences and settings (e.g., language, region) to provide a more personalised experience.
- Analytics cookies — help us understand how visitors interact with our website by collecting and reporting information anonymously. This includes page views, session duration, and navigation patterns.
- Marketing cookies — we do not currently use marketing or advertising cookies. Should this change, we will update this policy and obtain your consent.
Specific cookies used on this site:
kth_cookie_consent— stores your cookie consent preference (essential, localStorage, persistent)
Managing cookies:
You can manage or delete cookies through your browser settings at any time. Most browsers allow you to refuse cookies or alert you when a cookie is being set. Please note that disabling essential cookies may affect the functionality of our website. You can also withdraw your cookie consent by clearing your browser's local storage for our domain.
5. Third-Party Services
Our website uses the following third-party services that may collect or process data:
- Google Fonts — we load the Inter and JetBrains Mono typefaces from Google Fonts (fonts.googleapis.com, fonts.gstatic.com). Google may collect your IP address and browser information when fonts are requested. See Google's Privacy Policy.
- Email service — enquiries submitted via our contact form are routed through your device's default email client to enterprise@kth-tech.com. We do not use a third-party form processing service.
- Hosting provider — our website is hosted on infrastructure that may log standard web server data (IP addresses, request timestamps, user agent strings) for security and performance purposes.
We do not use third-party advertising networks, social media tracking pixels, or remarketing services on this website.
6. Data Sharing
KTH Tech does not sell, rent, or trade your personal information to any third party.
We may share your information in the following limited circumstances:
- Service providers — with trusted service providers who assist us in operating our website and delivering our services, under strict contractual agreements that require them to protect your data to the same standard we do
- Legal requirements — where required by law, regulation, court order, or governmental request
- Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, with prior notice provided to you
- Protection of rights — where necessary to protect the rights, property, or safety of KTH Tech, our users, or the public
The legal basis for any data sharing is either your consent, the performance of a contract, compliance with a legal obligation, or our legitimate interests as permitted under POPIA.
7. Data Retention
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected. Specific retention periods include:
- Contact form enquiries — retained for 24 months from the date of submission, after which they are securely deleted unless an ongoing business relationship exists
- Client engagement data — retained for the duration of the engagement plus 5 years, as required for contractual, legal, and auditing purposes
- Website usage data — anonymised analytics data may be retained indefinitely; identifiable usage data is retained for no more than 12 months
- Cookie consent records — retained for the duration of your consent (stored locally on your device)
Deletion procedures: Once the applicable retention period has expired, your personal information is securely deleted or irreversibly anonymised. You may request early deletion at any time by contacting our Information Officer (see Section 8).
8. Your Rights Under POPIA
As a data subject under the Protection of Personal Information Act (POPIA), you have the following rights:
- Right to access — request confirmation of whether we hold your personal information and obtain a copy of it
- Right to rectification — request the correction or updating of inaccurate, incomplete, or misleading personal information
- Right to erasure — request the deletion or destruction of your personal information where it is no longer necessary for the purpose it was collected, or where you withdraw your consent
- Right to restriction — request that we limit the processing of your personal information in certain circumstances
- Right to data portability — request a copy of your personal information in a structured, commonly used, and machine-readable format
- Right to object — object to the processing of your personal information on reasonable grounds, including for direct marketing purposes
- Right to withdraw consent — withdraw previously given consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal
- Right to lodge a complaint — lodge a complaint with the Information Regulator if you believe your rights under POPIA have been infringed
To exercise any of these rights, please contact our Information Officer using the details in Section 9 below. We will respond to your request within a reasonable period, and no later than 30 days as required by POPIA. We may request verification of your identity before processing your request.
9. Information Officer
KTH Tech has appointed an Information Officer responsible for ensuring compliance with POPIA and handling all data subject requests:
Information Officer
KTH Tech (Pty) Ltd
Email: enterprise@kth-tech.com
Location: Pretoria, South Africa
The Information Officer is responsible for encouraging compliance with the conditions for the lawful processing of personal information, dealing with requests made by data subjects, and working with the Information Regulator in relation to investigations.
10. Children's Privacy
Our website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information.
If you are a parent or guardian and believe your child has provided personal information to us, please contact our Information Officer immediately at enterprise@kth-tech.com.
11. International Data Transfers
KTH Tech is based in Pretoria, South Africa. In some cases, your personal information may be transferred to, stored, or processed in countries outside of South Africa — for example, when using third-party services such as Google Fonts or cloud hosting providers.
Where cross-border transfers occur, we ensure that:
- The recipient country has adequate data protection legislation, or
- Appropriate safeguards are in place, such as binding contractual clauses that require the recipient to protect your data to a standard consistent with POPIA, or
- You have provided your consent to the transfer after being informed of the possible risks
We take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.
12. Security Measures
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption — all data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols
- Access controls — access to personal information is restricted to authorised personnel only, on a need-to-know basis, with appropriate authentication measures
- Encryption at rest — personal information stored in our systems is encrypted using industry-standard encryption algorithms
- Regular security assessments — we conduct periodic security reviews and vulnerability assessments to identify and address potential risks
- Secure hosting infrastructure — our website and data are hosted on secure infrastructure with appropriate physical and digital safeguards
- Incident response — we maintain an incident response plan to promptly address any data breaches, including notification to affected data subjects and the Information Regulator as required by POPIA
While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the highest practicable standard.
13. Changes to This Policy
KTH Tech reserves the right to update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make changes:
- The "Last updated" date at the bottom of this page will be revised
- For material changes, we will provide a prominent notice on our website
- Where required by law, we will seek your consent before applying significant changes to how your data is processed
We encourage you to review this page periodically to stay informed about how we protect your information.
14. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us:
Information Officer
KTH Tech (Pty) Ltd
Email: enterprise@kth-tech.com
Location: Pretoria, South Africa
Information Regulator (South Africa)
The body responsible for enforcing POPIA:
Email: enquiries@inforegulator.org.za
Website: https://inforegulator.org.za
Complaints email: complaints.IR@justice.gov.za
Phone: 012 406 4818
Last updated: June 2026