PRIVACY POLICY

Last Updated: 29 August 2025

1. Introduction & Our Role

Welcome to EZ Agri (Pty) Ltd ("EZ Agri," "we," "us," "our"). We are committed to protecting the personal information we handle. This Privacy Policy explains our data practices and is designed to comply with South Africa’s Protection of Personal Information Act (POPIA), Europe's General Data Protection Regulation (GDPR), and other applicable global data protection laws.

It is essential to understand that our role in protecting data depends on the context:

  • As a Responsible Party (or Data Controller): This applies when we determine the purposes and means of processing your personal information. This is primarily the data you provide when you visit our public website (https://ezagriptyltd.com) and use our contact forms.

  • As an Operator (or Data Processor): This applies when we provide our compliance management platform and services to our clients ("Clients"). In this role, our Client is the Responsible Party (Data Controller) who controls the data they and their users upload to our system. We simply process that data on their behalf, according to our contract with them.

This policy is divided into sections to clearly explain our duties in each role.

2. Part 1: When We Act as a Responsible Party / Controller (Your Website & Direct Business Dealings)

This section applies to the personal information we collect directly from you through our website or other direct communications.

  • Information We Collect:
    We collect personal information that you voluntarily provide to us when you fill out a contact form or email us. This may include: Your full name, email address, phone number, and company name.

  • How and Why We Use Your Information (Lawful Basis for Processing):
    We only process your personal information when we have a legal basis to do so. This includes:

    • To Fulfill a Contract: To establish and manage your account and provide the services you have requested.

    • Based on Your Consent: When you submit an inquiry, you consent to us using your information to respond.

    • For our Legitimate Interests: To manage our business relationship with you.

  • Your Data Protection Rights (for Website Data):
    You have comprehensive rights over your personal information. Depending on your location, these may include:

    • The Right to Access: You can ask for a copy of the personal information we hold about you.

    • The Right to Rectification (Correction): You can ask us to correct any inaccurate information.

    • The Right to Erasure (Deletion): You can request that we remove your contact information, provided we do not have a legal or contractual obligation to retain it.

    • The Right to Restrict Processing: You can ask us to temporarily suspend the processing of your data under certain conditions.

    • The Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

    • The Right to Object: You can object to us processing your data for our legitimate interests.

    • The Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority. For South African users, this is the Information Regulator. For users in the European Economic Area (EEA), you have the right to lodge a complaint with a supervisory authority in your member state.

To exercise any of these rights, please contact our Information Officer using the details provided below.

3. Part 2: When We Act as an Operator / Processor (Our Compliance Platform & Services)

This section applies to the data that our Clients and their authorized users upload, manage, and process using our online compliance platform.

  • Our Role as a Data Processor:
    When providing our services, EZ Agri is an Operator (Data Processor). Our Client is the Responsible Party (Data Controller). We do not own, control, or make any decisions about this data. We only process it in accordance with the service agreement we have with our Client.

  • Client Responsibilities:
    Our Clients are solely responsible for ensuring they have a lawful basis to collect, use, and manage the personal information of their users within our system.

  • Data Rights for End-Users of Our Platform:
    If you are an individual (such as an employee of one of our Clients) who uses our platform and you wish to exercise your data protection rights, you must contact your employer (our Client), who is the Data Controller. As the Processor, we are contractually obligated to direct all such requests to the relevant Client.

4. General Provisions (Applicable to All Data We Handle)

  • Data Security:
    We implement appropriate technical and organizational security measures to protect all personal information from unauthorized access, disclosure, alteration, or destruction.

  • Data Retention:

    • Website Data: We retain your contact information for as long as is necessary to fulfill the purposes outlined in Part 1.

    • Client Platform Data: We retain data on our platform for the duration of the service contract. Upon termination, data is handled (returned or securely deleted) as stipulated in the service agreement.

  • Cookies:
    Our website may use essential cookies to run effectively. You can control cookie usage through your browser settings.

  • Cross-Border Data Transfers:
    As a South African company, any data we process may be transferred internationally. We ensure all data transfers comply with applicable laws. For data originating from the EEA, UK, or Switzerland, we ensure that transfers are protected by legally recognized mechanisms, such as the European Commission's Standard Contractual Clauses (SCCs).

  • Disclosure to Third Parties & Data "Selling":
    We do not sell, rent, or share personal information with third parties for their own marketing purposes. We may use third-party sub-processors (e.g., cloud hosting providers) who are contractually bound to protect the data. For the purposes of US state privacy laws (like the CCPA/CPRA), we confirm that we do not "sell" or "share" personal information.

  • Children's Information:
    Our services are not directed at children under 18, and we do not knowingly collect their personal information. It is our Client’s responsibility, as the Data Controller, to ensure they have a lawful basis for processing any personal information of their employees, including minors, on our platform.

5. Information Officer & How to Contact Us

For any questions about this Privacy Policy or our practices as a Responsible Party / Controller, please contact our designated Information Officer:

6. Changes to this Privacy Policy

We may update this policy to reflect changes in our practices or the law. The "Last Updated" date at the top will indicate the latest revision. We encourage you to review this policy periodically.