Terms of Service (TOS)
1. Terms of Service (TOS)
1.1 Jurisdiction & Governing Law
Primary Law: Governed by South African law (Courts of Johannesburg) for disputes involving SA-based users .
International Users: For EU users, GDPR applies; for US users, CCPA applies where applicable. Disputes outside SA may use arbitration (ICC Rules) .
1.2 User Eligibility
Age Requirements:
SA & Global: Users must be 18+ (or age of majority in their jurisdiction).
EU: Explicit parental consent required for users under 16 .
1.3 Prohibited Activities
Global Compliance:
SA: Prohibit actions violating POPIA/Cybercrimes Act (e.g., data theft, phishing) .
EU: Ban GDPR breaches (e.g., unauthorized data processing) .
US: Prohibit CCPA violations (e.g., selling consumer data without consent) .
2. Mutual Non-Disclosure Agreement (NDA)
2.1 Scope
Confidential Information: Includes user data, trade secrets, and proprietary tech.
Exclusions: Publicly available data or information obtained legally from third parties .
2.2 Penalties for Breach
SA: Up to ZAR 10 million or 10 years imprisonment under POPIA .
EU: GDPR fines up to €20M or 4% of global turnover .
Global: Civil liability for damages in affected jurisdictions .
3. Service Level Agreement (SLA)
3.1 Uptime & Performance
Region Uptime Guarantee Support Response
South Africa 99.9% <1hr (Enterprise), <24hr (All)
EU 99.95% <2hr (GDPR-critical issues)
North America 99.9% <4hr (Business hours EST/PST)
3.2 Data Sovereignty
SA: Hosted locally (Teraco/Johannesburg) for POPIA compliance .
EU: AWS Frankfurt/GDPR-compliant servers .
US: AWS Virginia/CCPA-aligned infrastructure .
4. Privacy Policy
4.1 Data Collection
Types Collected: Names, emails, payment details, device/IP data.
Legal Basis:
SA (POPIA): Consent, contractual necessity .
EU (GDPR): Explicit consent, legitimate interest .
US (CCPA): Right to opt-out of data sales .
4.2 Cross-Border Data Transfers
Mechanisms:
EU→SA: Standard Contractual Clauses (SCCs) .
Global→SA: POPIA Chapter 9 (Adequacy/Consent) .
US: CCPA-compliant third-party vendors (e.g., Stripe, AWS) .
4.3 Data Subject Rights
Region Access Deletion Portability Objection
SA (POPIA) ✔️ ✔️ Limited ✔️
EU (GDPR) ✔️ ✔️ ✔️ ✔️
US (CCPA) ✔️ ✔️ ✔️ ✔️
5. Compliance & Certifications
5.1 Regional Compliance
SA: POPIA, Cybercrimes Act, National Data and Cloud Policy .
EU: GDPR, ePrivacy Directive .
US: CCPA, COPPA (for child-directed services) .
Global: ISO 27001 (data security), PCI DSS (payments) .
5.2 Reporting Obligations
Data Breaches:
SA: Notify Information Regulator within 72 hours .
EU: Notify supervisory authority within 72 hours (GDPR) .
CA: Notify affected users if >500 residents impacted (CCPA) .
6. Dispute Resolution
6.1 Jurisdiction
SA Users: Johannesburg High Court .
EU Users: Arbitration in Brussels (GDPR disputes) .
US Users: California courts (CCPA-related claims) .
6.2 Mediation/Arbitration
Mandatory 60-day mediation before litigation.
International disputes resolved via ICC Arbitration .
7. Display & Accessibility
7.1 Security/Privacy Page
Mandatory Content:
Privacy Policy summary (GDPR/POPIA/CCPA rights).
Compliance certifications (ISO 27001, PCI DSS badges).
Contact details for Data Protection Officer (DPO):
CloudMonkey (Pty) Ltd
155 West Street, Sandton, Johannesburg, 2196
Email: dpo@cloudmonkey.co.za | Tel: +27 71 044 36376
7.2 User Acceptance
Checkbox during signup: “I agree to the TOS, Privacy Policy, and SLA.”
Cookie Banner (EU): Explicit GDPR consent for tracking .
8. Key Regional Contacts
Region Legal Entity DPO Contact
South Africa CloudMonkey (Pty) Ltd dpo@cloudmonkey.co.za
EU CloudMonkey EU Rep* eu-dpo@cloudmonkey.co.za
US CloudMonkey Inc. (Delaware) us-compliance@cloudmonkey.co.za
*Required under GDPR Article 27 for non-EU businesses.
