Plot 59, Elandsdrift, Krugersdorp, 1738

Privacy Policy

This privacy statement was last updated on July 12, 2021 and applies to citizens and legal permanent residents of South Africa.

In this privacy statement, we explain what we do with the data we obtain about you via We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following:

1.1 Contact – Through phone, mail, email and/or webforms

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Telephone number


The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We retain this data until the service is terminated.

1.2 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Telephone number


The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We retain this data until the service is terminated.

1.3 Compiling and analyzing statistics for website improvement

For this purpose we use the following data:

  • IP Address
  • Location
  • Visitor behaviour


The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We retain this data until the service is terminated.

2. What if you don’t provide us with your personal information?

If you don’t provide us with your personal information, we may not be able to provide you with the information, products or assistance that you are seeking.

3. Sharing with other parties

We only share or disclose this data to operators for the following purposes:


Name: Creators Digital Agency
Country: South Africa
Purpose: Website Maintenance

4. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.  We have concluded a data processing agreement with Google. Google may not use the data for any other Google services. The inclusion of full IP addresses is blocked by us.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party website

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Regulator South Africa:
P.O Box 31533,
Complaints email: 

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact Details

Environmental Drilling & Remediation Services
Plot 59 Elandsdrift, Krugersdorp 1739
South Africa
Phone number: +27 10 596 1000

We have appointed a contact person for the organization’s policies and practices and to whom complaints or inquiries can be forwarded:
Derek Whitfield
Plot 59 Elandsdrift, Krugersdorp 1739


  1. Scope and objective of the policy

1.1 The Protection of Personal Information (POPI) policy is intended to ensure the legitimate concerns of individuals/companies about the ways in which their data may be used.

1.2 The Personal information Act, 4 of 2013 (signed into law in November 2013) has the following aims:

1.2.1 to promote the protection of personal information processed by organisations in the public and private sectors.

1.2.2 to establish minimum requirements for the processing of personal information.

1.2.3 to establish an Information Regulator with powers.

1.2.4 to provide for the issuing of codes of conduct.

1.2.5 to protect the rights of people regarding unsolicited electronic communications and automated decision making.

1.2.6 to regulate the transborder flow of information.

1.2.7 to provide for connected matters.

1.3  This policy has been developed in line with the Personal Information (POPI) Act, 4 of 2013 and aims to ensure that the processing of personal information & special/sensitive personal information adhere to the conditions for lawful processing as set out in Chapter 3 of the POPI Act.

1.4 The POPI Act and this policy does not apply to the processing of personal information of a deceased person.

1.5. The POPI act includes identifiable, existing jurisdic person (where applicable) in its definition of personal information.  The processing of personal information of the directors of companies or partners in business partnerships, for example, falls within the parameters of the POPI Act and this policy.

  1. Definitions

2.1 ‘’competent person’’ – means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

2.2 ‘‘Consent’’ – means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;

2.3 “Company” – a legal registered entity.

2.4 “Privacy” – is about ensuring that both individuals and juristic entities are aware of                                     what is being done with their personal information.

2.5 “Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person, including, but not limited to:

  1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
  2. Information relating to the education or the medical, financial, criminal or employment history of the person.
  3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
  4. The biometric information of the person.
  5. The personal opinions, views or preferences of the person.
  6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  7. The views or opinions of another individual about the person, and
  8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

The definition of personal information includes special or sensitive personal information.  These categories refer to sensitive areas which a person would not like published.

2.6 “Special personal information” relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or the biometric information of a data subject.  It also relates to the criminal behaviour of a data subject regarding the alleged commission of an offence or any proceedings in respect of any offence allegedly committed by the data subject or the disposal of such proceedings; a history of a person’s education, medical, financial, criminal or employment history; and/or the processing of biometric information of a person.

  1. Legal Principles

The following legislation is applicable to this policy:

  1. the Constitution of South Africa act 108 of 1996.
  2. The Personal Information Act, Act 4 of 2013.
  3. Regulation of Interception of Communications & Provision of Communication-related Information Act, 70 of 2002.
  4. Electronic Communications & Transactions Act, 25 of 2002.
  5. National Credit Act, 34 of 2005.
  6. The Cybercrimes and Cybersecurity Bill and relevant proposed Bills.
  7. The Spatial Data Infrastructure Act 54 of 2003.
  8. Codes of Conduct published by industries/bodies (e.g. Advertising Standards Authority of South Africa).
  9. Policy
    1. The policy applies to any information regarding clients, suppliers and employees including contact details and correspondence. Human Resources and payroll data, curricula vitae, applications for employment, CCTV records, performance reviews and internal e-mail records of the employee, customers, and Environmental Drilling & Remediation Services.
    2. The policy applies to any form of recorded information, regardless of the form of medium and include, but is not limited to information on:
      1. Tape recorder
      2. Computer
      3. Labels
      4. Markings
      5. Books
      6. Maps
      7. Photographs
      8. Films
      9. Negative type/other devices.

4.2 The policy conditions impact technology, processes, and the way Environmental Drilling & Remediation Services process personal information.

4.3 Personal information may only be used for the purpose agreed with your customers, clients, and employees.

4.4 Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply – Environmental Drilling & Remediation Services to implement opt-in and opt-out strategies.

4.5 Personal information may only be retained for as long as necessary – Environmental Drilling & Remediation Services to specify retention periods.

4.6 Environmental Drilling & Remediation Services shall not process more personal information than is necessary.

4.7 Processing of special personal information is prohibited unless provisions stipulated in this policy apply.

4.8 Personal information of employees, clients, customers and Environmental Drilling & Remediation Services will be sufficiently protected and used in a manner that facilitates transparency around the following:

4.8.1 what is done with the personal information;

4.8.2 why and how it is processed (i.e. this covers all phases of a typical information management life cycle – from collection, to usage, sharing, disposal, archiving, etc);

4.8.3 who the personal information is shared with (i.e. third parties – both locally and internationally, other legal entities – sometimes within the same group or company, etc);

4.8.4 what types of personal information is processed and for what purpose.

4.9 Personal Information of the employees, clients, and customers includes:

4.9.1 contact details;

4.9.2 demographic information;

4.9.3 personal history, criminal record;

4.9.4 email addresses, date of birth and age;

4.9.5 education information physical address; and

4.9.6 financial information as well as communication records.

4.10 Personal information (PI) of Environmental Drilling & Remediation Services includes:

4.10.1 financial information;

4.10.2 intellectual property (processes, methods);

4.10.3 ICT systems/ programmes; and

4.10.4 CCTV surveillance and guard monitoring systems

  1. Procedure

5.1 Environmental Drilling & Remediation Services is expected to identify what they classify as Personal Information and take reasonable measures to protect the data. This will likely reduce the risk of data breaches and avoid legal ramifications for Environmental Drilling & Remediation Services

5.2 Environmental Drilling & Remediation Services, therefore, must receive consent from individuals before they can obtain and retain personal information for communication or any other purpose.

5.3 The employee, clients, customers, and Environmental Drilling & Remediation Services will be kept updated of what is being done with their information and the associated reasoning.

5.4 In accordance with the Protection of Personal Information Act, as soon as a privacy breach is detected and established, it must be reported to the regulator and to the party whose information was accessed.

5.5 All responsible parties need to know and be able to explain how the breach occurred, what has been done to contain any harm and how will any such breach be prevented in the future.

5.6 Should employees for any given reason no longer service the organisation; information prescribed as personal (financial information, intellectual property) as according to Environmental Drilling & Remediation Services policy should not be disclosed to the public (i.e. companies operating in the same industry). The same principal applies to Environmental Drilling & Remediation Services.

5.7 Those concerned (Environmental Drilling & Remediation Services the employee, and clients) have the right to complain and escalate any issues related to privacy, especially if they believe that their right to information privacy has been violated.

5.8 Employees are expected to protect the private information of Environmental Drilling & Remediation Services e.g.:

5.8.1 confidential files are expected to be put in a secure area (locked draws); and

5.8.2 personal login details to Environmental Drilling & Remediation Services’s ITC systems are expected to be kept confidential to avoid unauthorized access to private systems.

5.9 Failure to comply with the requirements of the policy will result in immediate dismissal, fine or severe legal consequences.