Legal

Privacy Policy

Last updated: 1 January 2026  ·  POPIA compliant

🔒 Shima Hosting is committed to protecting your personal information. This policy explains how we collect, use, and safeguard your data in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).

1. Who We Are

Shima Holdings (Pty) Ltd ("Shima Hosting", "we", "us", "our") is the responsible party for the personal information we process. We are a South African company providing web hosting, domain registration, email, and related digital services.

Information Officer: The Information Officer can be contacted at privacy@shimahosting.co.za.

2. What Personal Information We Collect

2.1 Information You Provide

  • Account information: Full name, email address, phone number, physical address, company name.
  • Payment information: Bank transfer proof of payment. Card details are handled directly by our payment providers and are not stored on our servers.
  • Support communications: Emails, support tickets, and chat messages you send us.
  • Domain registration data: WHOIS registrant information required by ICANN and ZADNA policies.

2.2 Information We Collect Automatically

  • IP address and browser/device information when you visit our website.
  • Pages visited, time spent, and navigation paths (via analytics).
  • Server access logs for security and operational purposes.

2.3 Information from Third Parties

We may receive basic information from payment processors (e.g., PayFast) confirming the status of a transaction. We do not receive your full card details from these providers.

3. How We Use Your Information

We process your personal information for the following lawful purposes:

  • Contract performance: To provision, manage, and support the services you have purchased.
  • Billing & payments: To issue invoices, process payments, and manage your account balance.
  • Customer support: To respond to your queries and resolve issues.
  • Security: To detect and prevent fraud, abuse, and unauthorised access.
  • Legal compliance: To meet our obligations under South African law, including POPIA and tax legislation.
  • Service improvements: To analyse usage patterns and improve our platform (using aggregated, anonymised data).
  • Marketing: To send you relevant updates and offers — only with your consent and with an easy opt-out at any time.

4. Sharing Your Information

We do not sell your personal information. We may share it with:

  • Payment processors: PayFast and our banking partners, solely to process transactions.
  • Domain registrars: ZADNA, Verisign, and other registries as required for domain registration and WHOIS.
  • Service providers: Hosting infrastructure, email delivery, and analytics vendors who are contractually bound to protect your data.
  • Legal authorities: Where required by a court order, regulatory requirement, or applicable South African law.

All third parties with whom we share data are required to process it only for the specified purpose and in accordance with applicable data protection law.

5. Cookies & Tracking

Our website uses cookies and similar technologies to:

  • Keep you logged in to the client portal (essential cookies).
  • Remember your preferences.
  • Analyse website traffic and usage (analytics cookies).

Essential cookies cannot be disabled as they are necessary for the site to function. You may disable analytics cookies via your browser settings. Continued use of our site after being informed of our cookie usage constitutes consent.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. After account closure:

  • Billing records are retained for 5 years as required by tax legislation.
  • Support communications are retained for 3 years.
  • Server logs are retained for 12 months.
  • All other personal data is deleted or anonymised within 90 days of account closure.

7. Security

We implement appropriate technical and organisational security measures to protect your personal information against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

  • TLS/SSL encryption for all data in transit.
  • Access controls and least-privilege principles for staff.
  • Regular security assessments of our infrastructure.
  • Payment card data is never stored on our systems.

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights, we will notify you and the Information Regulator as required by POPIA.

8. Your Rights

Under POPIA, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to our legal obligations.
  • Objection: Object to the processing of your information for marketing purposes.
  • Complaint: Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, email us at privacy@shimahosting.co.za. We will respond within 30 days.

9. POPIA Compliance

Shima Holdings (Pty) Ltd processes personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). Our lawful basis for processing is primarily contractual necessity (providing services you have ordered), legal compliance, and where applicable, legitimate interest or consent.

Our designated Information Officer is responsible for ensuring compliance with POPIA. You may contact the Information Regulator of South Africa at www.justice.gov.za/inforeg/ if you believe we have not handled your personal information appropriately.

10. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

11. International Transfers

Your data is primarily stored and processed within South Africa. Where we use third-party providers located outside South Africa (e.g., certain analytics or email delivery tools), we ensure they provide an adequate level of protection equivalent to POPIA requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via notice in the client portal. The updated policy will show the revised "Last updated" date at the top of this page.

13. Contact Us

For any privacy-related queries, requests, or complaints:

  • Email: privacy@shimahosting.co.za
  • WhatsApp: +27 68 246 5575
  • Registered Address: Shima Holdings (Pty) Ltd, South Africa