Protection of Personal Information Act (4 of 2013) Compliance Terms
Terms of POPI
This information below serves the purpose of suggesting and giving clear guidelines on how Ramkat Web Hosting and its clients can be assured that Personal Information are kept safe at all times and that the Company do have clear safety procedures in place in order to reach for a honorable and ethical business practice methods.
Clients have a legal right to deny access to their personal information and have full control over what information is punched into WHMCS. Information can also easily be edited in WHMCS and no record is kept of changed Client Information Data.
Clients have a right to know what information of theirs is being used, who is using it and to what purpose. The company uses Personal information only for the purpose of managing correspondence to clients, send of invoices, etc,. Client Personal Info is not sold/given/exchanged to any third party/company/agent.
Clients personal data is up-to-date and accurate. At least once a year Client information is either updated or deleted. Closed accounts also gets deleted and no copy of such accounts are being kept.
The company assures total transparency and accountability on how your data is to be used (limited to the purpose of correspondence to the client) and will be notified if/when the data is compromised.
The company do provide our clients with full access to the clients own information as well as the right to have data removed and/or destroyed should the client so wish. This is done through the WHMCS Hosting and Billing Software.
The company only allows Admin Staff to access to Clients information. Adequate measures and controls are in place to track access and prevent unauthorized people, even within the same company, from accessing your information. All admin staff has also signed an agreement with the company not to misuse the privilege of having access to clients personal information.
The company stores its information in a Hosting and Billing software called WHMCS. WHMCS do have a dedicated team that constantly update their software and to make sure it is secure at all times. The software has an automatic update feature which ensures that software upgrades and updates stay up to date at all times.
Clients websites and emails do reside on servers that are based in Johannesburg and Capetown South Africa, which complies with the POPI Act. Multiple of the Protection Information Act, 2013 has been borrowed from the U.S.-EU Safe Harbor Framework. Backups of websites, MySQL Databases and emails are made on a weekly bases and kept for about 6 weeks after which it is deleted and no records of such deleted backups are being kept.
WHMCS, WHM and CPanel has password generators which give suggestions to clients on which passwords will be stronger to use. Passwords do get encrypted before it is saved in a database. Five consecutive failed logins into either WHM, WHMCS, Cpanel, Webmail will result in a Permanent IP Block and the IP address will be added to a blacklist.
- SmartServers Web Hosting and Domains do make use of SSL Certificates which means when you access our website you’ll notice a green lock to the left of the url. The url should read https://smartservers.co.za
- Clients have to “check” a check box on the order form before ordering any service, domain or hosting package. When clicked this check box, the Client agree to the use of their information for the purpose of sending invoices and correspondence related to their domain/service/hosting.
- The Company do make sure systems are setup in such a way to prevent Personal information from being lost, changed or stolen. Ways of how this is being done:
- All admin staff that needs to login to WHMCS (Hosting and Billing software) needs to have a 2-factor authentication login setup.
- All Resellers needs to login to their WHM with a 2-factor authentication login
- Cpanel users do have the option of activating their 2-factor authentication and it is highly recommended for client to do this on a continuous basis.
- All clients cabn choose any otion for OTP authentication whenever they log into their client portals
- The company do not collect, save, keep any credit card or financial account related information of their Clients. All payments happen either through online banking, pay at the bank teller/counter, PayPal and/or PayFast.