Infohub Services
Legal

Privacy & Cookie Policy

Effective date: 1 January 2026Version: 2026-01Applies to: www.infohubservices.net
POPIA (South Africa)UAE PDPLIndia DPDP Act 2023

1. Overview & Scope

Infohub Services ("Infohub", "we", "our", "us") is committed to protecting your personal information and privacy. This policy explains how we collect, use, store, share, and protect personal data when you visit www.infohubservices.net ("the Website") or engage with our services.

This policy is designed to comply with:

  • Protection of Personal Information Act 4 of 2013 (POPIA) - South Africa
  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) - United Arab Emirates
  • Digital Personal Data Protection Act 2023 (DPDP Act) - India
  • General principles of international data protection best practice

By using the Website, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of the Website.

2. Data Controller / Responsible Party Details

Infohub Services

3. Information We Collect

3.1 Information you provide voluntarily

  • Full name and contact details (email, phone, company)
  • Messages and enquiries submitted via contact forms
  • Service preferences and requirements
  • Communications via email or WhatsApp

3.2 Information collected automatically

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited, time spent, and navigation paths
  • Referring URLs and search terms
  • Device identifiers and screen resolution
  • Date and time of visit

3.3 Consent records

  • Your cookie consent decision (accepted/declined/categories)
  • Timestamp and policy version at time of consent
  • Technical identifiers for auditing compliance
  • Jurisdiction applicable to your consent record

4. Purpose & Legal Basis for Processing

  • Responding to enquiries & providing services - Contractual necessity / legitimate interest
  • Website analytics & performance improvement - Legitimate interest
  • Cookie consent record keeping - Legal obligation
  • Marketing communications - Consent only
  • Legal & regulatory compliance -Legal obligation
  • Fraud prevention & security - Legitimate interest / legal obligation

We will never sell or rent your personal information to third parties for commercial gain.

5. Cookies & Tracking Technologies

We use cookies and similar technologies on the Website. Your preferences are recorded through our consent banner on first visit and stored securely in our database for auditing purposes.

Essential Cookies

Required for core site functionality (session management, security, consent record). Cannot be disabled. No personal data is shared with third parties for these cookies.

Analytics Cookies

Google Analytics 4 - helps us understand how visitors interact with the site (pages visited, session duration, traffic sources). IP anonymisation is enabled. Governed by Google's Privacy Policy. Active only with your consent.

Functional Cookies

Remembers your preferences (e.g., language, region). Active only with your consent.

Marketing Cookies

May be used to deliver relevant advertising and track campaign performance. We do not currently run active advertising campaigns. Active only with your explicit consent.

You may change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or by contacting us.

6. Data Sharing & Third Parties

We may share your information with the following categories of recipients only where necessary:

  • Technology service providers (hosting, database, email - bound by data processing agreements)
  • Google Analytics (analytics data - anonymised; governed by Google Privacy Policy)
  • Legal or regulatory authorities, when required by applicable law
  • Professional advisers (legal, accounting) under confidentiality obligations

We do not sell, rent, or trade your personal information. All third parties are required to comply with applicable privacy and data protection laws.

7. International Data Transfers

Infohub Services operates across South Africa, the UAE, and India. Your personal data may be processed in any of these jurisdictions. We ensure appropriate safeguards are in place:

  • South Africa to UAE or India: transfers are made under POPIA Section 72 conditions, ensuring adequate protection
  • UAE: transfers comply with UAE PDPL Article 22 requirements for cross-border transfers
  • India: transfers comply with DPDP Act 2023 provisions and any applicable government notifications
  • Data processing agreements are in place with all third-party processors

8. Data Retention

  • Contact form submissions - 3 years or until request to delete
  • Cookie consent records - 5 years (legal compliance obligation)
  • Website analytics data - 26 months (Google Analytics default)
  • Client service records - Duration of engagement + 5 years
  • Marketing consent records - Until consent withdrawn + 3 years
  • Security & server logs - 12 months

On expiry of the relevant retention period, data is securely deleted or irreversibly anonymised.

9. Security Measures

We implement appropriate technical and organisational measures, including:

  • TLS/HTTPS encryption for all data in transit
  • Encrypted database storage with access controls
  • Role-based access controls - only authorised personnel have access to personal data
  • Regular security reviews and patch management
  • Incident response and breach notification procedures
  • Data minimisation - we collect only what is necessary

No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant regulator as required by applicable law.

10. Your Rights - South Africa (POPIA)

If you are located in South Africa or your data is processed under POPIA, you have the following rights:

  • Right to be notified - To be informed when your personal information is being collected.
  • Right to access - To request a record of personal information we hold about you.
  • Right to correction - To request correction of inaccurate, irrelevant, or outdated information.
  • Right to deletion - To request deletion or destruction of your personal information, subject to legal retention obligations.
  • Right to object - To object to the processing of your personal information in certain circumstances.
  • Right to complain - To lodge a complaint with the Information Regulator of South Africa.

11. Your Rights - UAE (Personal Data Protection Law)

If you are located in the UAE or your data is processed under UAE PDPL (Federal Decree-Law No. 45 of 2021), you have the following rights:

  • Right to access - Request access to your personal data and information about how it is processed.
  • Right to rectification - Request correction of inaccurate or incomplete personal data.
  • Right to erasure - Request deletion of your personal data where no legal ground for retention exists.
  • Right to restrict processing - Request restriction of processing in certain circumstances.
  • Right to data portability - Receive your personal data in a structured, machine-readable format.
  • Right to withdraw consent - Withdraw consent at any time without affecting prior lawful processing.

UAE Data Office: uaedataoffice.gov.ae

12. Your Rights - India (DPDP Act 2023)

If you are a Data Principal in India under the Digital Personal Data Protection Act 2023, you have the following rights:

  • Right to information - To obtain a summary of your personal data being processed and details of third parties with whom it is shared.
  • Right to correction & erasure - To request correction of inaccurate data or erasure of personal data no longer necessary for the stated purpose.
  • Right to grievance redressal - To have your grievances addressed within a reasonable timeframe.
  • Right to nominate - To nominate another individual to exercise your rights in the event of death or incapacity.
  • Right to withdraw consent - To withdraw consent at any time; processing after withdrawal will cease unless another lawful basis applies.
  • Right to complain - To file a complaint with the Data Protection Board of India.

Data Protection Board of India: To be established under the DPDP Act 2023.

13. Children's Privacy

Our Website and services are not directed at children under the age of 18. We do not knowingly collect personal information from children. Under POPIA, children's personal information receives heightened protection. Under the DPDP Act 2023, we are required to obtain verifiable parental consent before processing a child's personal data. If you believe we have inadvertently collected information from a child, please contact us immediately at business@infohubservices.net, and we will delete it promptly.

14. Do Not Track

We do not currently respond to browser-level "Do Not Track" (DNT) signals, as there is no industry-wide standard for compliance. You can manage your tracking preferences through our cookie consent banner on this site.

15. Changes to This Policy

We may update this policy periodically to reflect changes in our practices, services, or applicable legal requirements. Material changes will be communicated by updating the effective date at the top of this page and, where required by law, by direct notification. We recommend checking this page periodically. Continued use of the Website after changes constitutes your acceptance of the updated policy.

Your cookie consent record includes the policy version at the time of consent. If the policy is materially updated, a new consent may be requested.

16. Contact & Complaints

To exercise any of your rights, withdraw consent, or raise a privacy concern, please contact us:

Legal Disclaimer

This policy is provided for informational purposes. It does not constitute legal advice. If you require specific legal guidance on data protection compliance, please consult a qualified legal professional in the relevant jurisdiction.