Privacy Policy
1. Terms of Service (TOS)
1.1 Jurisdiction & Governing Law
- Primary Law: Governed by South African law (Courts of Johannesburg) for disputes involving SA-based users .
- International Users: For EU users, GDPR applies; for US users, CCPA applies where applicable. Disputes outside SA may use arbitration (ICC Rules) .
1.2 User Eligibility
- Age Requirements:
- SA & Global: Users must be 18+ (or age of majority in their jurisdiction).
- EU: Explicit parental consent required for users under 16 .
1.3 Prohibited Activities
- Global Compliance:
- SA: Prohibit actions violating POPIA/Cybercrimes Act (e.g., data theft, phishing) .
- EU: Ban GDPR breaches (e.g., unauthorized data processing) .
- US: Prohibit CCPA violations (e.g., selling consumer data without consent) .
ย
2. Mutual Non-Disclosure Agreement (NDA)
2.1 Scope
- Confidential Information: Includes user data, trade secrets, and proprietary tech.
- Exclusions: Publicly available data or information obtained legally from third parties .
2.2 Penalties for Breach
- SA: Up to ZAR 10 million or 10 years imprisonment under POPIA .
- EU: GDPR fines up to โฌ20M or 4% of global turnover .
- Global: Civil liability for damages in affected jurisdictions .
ย
3. Service Level Agreement (SLA)
3.1 Uptime & Performance
| Region | Uptime Guarantee | Support Response |
|---|---|---|
| South Africa | 99.9% | <1hr (Enterprise), <24hr (All) |
| EU | 99.95% | <2hr (GDPR-critical issues) |
| North America | 99.9% | <4hr (Business hours EST/PST) |
3.2 Data Sovereignty
- SA: Hosted locally (Teraco/Johannesburg) for POPIA compliance .
- EU: AWS Frankfurt/GDPR-compliant servers .
- US: AWS Virginia/CCPA-aligned infrastructure .
ย
4. Privacy Policy
4.1 Data Collection
- Types Collected: Names, emails, payment details, device/IP data.
- Legal Basis:
- SA (POPIA): Consent, contractual necessity .
- EU (GDPR): Explicit consent, legitimate interest .
- US (CCPA): Right to opt-out of data sales .
4.2 Cross-Border Data Transfers
- Mechanisms:
- EUโSA: Standard Contractual Clauses (SCCs) .
- GlobalโSA: POPIA Chapter 9 (Adequacy/Consent) .
- US: CCPA-compliant third-party vendors (e.g., Stripe, AWS) .
4.3 Data Subject Rights
| Region | Access | Deletion | Portability | Objection |
|---|---|---|---|---|
| SA (POPIA) | โ๏ธ | โ๏ธ | Limited | โ๏ธ |
| EU (GDPR) | โ๏ธ | โ๏ธ | โ๏ธ | โ๏ธ |
| US (CCPA) | โ๏ธ | โ๏ธ | โ๏ธ | โ๏ธ |
ย
5. Compliance & Certifications
5.1 Regional Compliance
- SA: POPIA, Cybercrimes Act, National Data and Cloud Policy .
- EU: GDPR, ePrivacy Directive .
- US: CCPA, COPPA (for child-directed services) .
- Global: ISO 27001 (data security), PCI DSS (payments) .
5.2 Reporting Obligations
- Data Breaches:
- SA: Notify Information Regulator within 72 hours .
- EU: Notify supervisory authority within 72 hours (GDPR) .
- CA: Notify affected users if >500 residents impacted (CCPA) .
ย
6. Dispute Resolution
6.1 Jurisdiction
- SA Users: Johannesburg High Court .
- EU Users: Arbitration in Brussels (GDPR disputes) .
- US Users: California courts (CCPA-related claims) .
6.2 Mediation/Arbitration
- Mandatory 60-day mediation before litigation.
- International disputes resolved via ICC Arbitration .
ย
7. Display & Accessibility
7.1 Security/Privacy Page
- Mandatory Content:
- Privacy Policy summary (GDPR/POPIA/CCPA rights).
- Compliance certifications (ISO 27001, PCI DSS badges).
- Contact details for Data Protection Officer (DPO):
> CloudMonkey (Pty) Ltd
> 155 West Street, Sandton, Johannesburg, 2196
> Email: dpo@cloudmonkey.co.za | Tel: +27 71 044 36376
7.2 User Acceptance
- Checkbox during signup: โI agree to the TOS, Privacy Policy, and SLA.โ
- Cookie Banner (EU): Explicit GDPR consent for tracking .
ย
8. Key Regional Contacts
| Region | Legal Entity | DPO Contact |
|---|---|---|
| South Africa | CloudMonkey (Pty) Ltd | dpo@cloudmonkey.co.za |
| EU | CloudMonkey EU Rep* | eu-dpo@cloudmonkey.co.za |
| US | CloudMonkey Inc. (Delaware) | us-compliance@cloudmonkey.co.za |
*Required under GDPR Article 27 for non-EU businesses.
ย
