Privacy Policy

Privacy Policy & Data Protection

Chemplanet Scientific Solutions (Pty) Ltd is committed to protecting your privacy and complying with applicable data protection laws, including South Africa's Protection of Personal Information Act (POPIA) and the EU's General Data Protection Regulation (GDPR).

Last Updated: 26/01/2026
βœ… POPIA Compliant
βœ… GDPR Compliant
πŸ”’ Data Secure

πŸ“‹ Table of Contents

Important Notice

This privacy policy applies to all personal information processed by Chemplanet (Pty) Ltd, whether collected through our website, email, telephone, in-person interactions, or any other means. By using our services, you acknowledge that you have read and understood this policy.

🏒

1. Who We Are

Responsible Party (Data Controller)

Chemplanet Scientific Solutions (Pty) Ltd
Registration Number: 2019/549346/07

Physical Address

8 Hunters Green
Summer Greens
Cape Town, 7441
South Africa

Information Officer

As required by POPIA, we have appointed an Information Officer who is responsible for overseeing our data protection strategy and compliance:

Name: Cosmas Mutsimhu
Email: info@chemplanet.co.za
Phone: (+27) 21-555-0053
Cell: (+27) 63-571-0130

Business Activities

Chemplanet Scientific Solutions is Southern Africa's leading provider of mass spectrometry, chromatography, spectroscopy instruments, and scientific solutions. We serve pharmaceutical, mining, food & beverage, environmental, academic, and industrial sectors across Africa.

πŸ“Š

2. Information We Collect

We collect different types of information depending on your interaction with us:

Data Category Examples Collection Method
Contact Information Name, email, phone number, company, job title, physical address Contact forms, email, phone calls, trade shows
Professional Information Company details, industry, department, purchasing authority Account registration, quotation requests
Technical Data IP address, browser type, device information, cookies Website analytics, security logs
Equipment Data Equipment models, serial numbers, service history, warranty information Service requests, maintenance agreements
Financial Information Invoice details, payment history, credit terms (processed securely) Purchases, account setup, payment processing
Communication Records Email correspondence, support tickets, call recordings (with consent) Customer service interactions
Marketing Preferences Newsletter subscriptions, communication preferences Opt-in forms, preference centers

Special Category Data

We do not intentionally collect special category data (sensitive personal information) such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If such information is inadvertently provided, we will handle it with the utmost care and in accordance with applicable laws.

🎯

3. How We Use Your Information

We process your personal information for the following legitimate business purposes:

πŸ“§

Service Delivery

To provide quotes, process orders, deliver equipment, and provide technical support

πŸ”§

Equipment Service

To schedule maintenance, provide emergency repairs, and maintain service history

πŸ’Ό

Contract Fulfillment

To fulfill contractual obligations, manage accounts, and process payments

πŸ“ˆ

Business Operations

To improve our services, conduct analytics, and manage our relationship with you

βš–οΈ

Legal Compliance

To comply with legal obligations, tax requirements, and industry regulations

πŸ›‘οΈ

Security & Fraud

To protect our business, prevent fraud, and ensure network security

πŸ“’

Marketing

To send relevant product updates, industry news, and promotions (with consent)

πŸ‘₯

Customer Support

To respond to inquiries, provide training, and offer technical assistance

Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

βš–οΈ

4. Legal Basis for Processing

We process your personal information based on one or more of the following legal grounds:

Legal Basis Description Examples
Consent You have given clear consent for us to process your personal data for a specific purpose Marketing communications, newsletter subscriptions, demo requests
Contract Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract Quotation processing, order fulfillment, service agreements
Legal Obligation Processing is necessary for us to comply with the law Tax records, financial reporting, regulatory compliance
Legitimate Interests Processing is necessary for our legitimate interests or the legitimate interests of a third party Customer relationship management, service improvements, fraud prevention
Vital Interests Processing is necessary to protect someone's life Emergency service situations (rarely applicable)
Public Task Processing is necessary for us to perform a task in the public interest or for official functions Compliance with government requests (when legally required)
🀝

5. Data Sharing & Third Parties

We may share your personal information with the following categories of recipients:

Service Providers

  • Technical Support Partners: Authorized service technicians (only necessary contact and equipment information)
  • Payment Processors: Secure payment gateways (they process but do not store full payment details)
  • Cloud Services: Secure hosting providers with data processing agreements
  • Shipping Companies: Delivery information for equipment shipments
  • Marketing Platforms: Email service providers (only with your marketing consent)

Legal & Regulatory Sharing

  • Government authorities when required by law
  • Law enforcement agencies with valid legal requests
  • Regulatory bodies for compliance purposes

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and outline your choices.

Data Processing Agreements

All third-party service providers who process personal information on our behalf are contractually obligated to:

  • Implement appropriate security measures
  • Use data only for specified purposes
  • Comply with data protection laws
  • Delete or return data upon contract termination
⏱️

6. Data Retention Periods

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

Data Type Retention Period Reason for Retention
General Inquiries 12 months Follow-up and customer service records
Quotation Requests 24 months Business development and pricing history
Customer Accounts 7 years after last activity Legal and financial record-keeping requirements
Service Records 10 years Equipment warranty, service history, and compliance
Financial Records 5 years after transaction Tax and financial reporting requirements
Marketing Consent Until withdrawn Active marketing communications
Website Analytics 26 months Website improvement and analytics
Technical Support 36 months Issue resolution and service improvement

Data Deletion

Upon expiration of the retention period, or if you exercise your right to erasure, we will securely delete or anonymize your personal information. Some data may be retained for longer periods where required by law.

Archival Storage

Some information may be moved to secure archival storage after the active retention period for historical or statistical purposes, where it is fully anonymized or encrypted.

πŸ“

7. Your Rights (POPIA & GDPR)

You have the following rights regarding your personal information:

πŸ‘οΈ

Right of Access

Request confirmation of whether we process your data and access to that data

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal information

πŸ—‘οΈ

Right to Erasure

Request deletion of your personal information under certain conditions

⏸️

Right to Restrict

Request restriction of processing under certain circumstances

πŸ“€

Right to Portability

Receive your data in a structured, commonly used format

🚫

Right to Object

Object to processing based on legitimate interests or direct marketing

βš–οΈ

Right to Complain

Lodge a complaint with the Information Regulator (South Africa) or supervisory authority

πŸ”

Right to Information

Be notified when personal information is being collected (POPIA specific)

Exercising Your Rights

To exercise any of these rights, please contact our Information Officer using the contact details in Section 13. We will respond to your request within 21 business days as required by POPIA.

Identity Verification

For security purposes, we may need to verify your identity before processing certain requests. This helps prevent unauthorized access to your personal information.

Withdrawing Consent

Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

πŸ”’

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Security Measures

  • Encryption: Data in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access, strong authentication, least privilege principle
  • Network Security: Firewalls, intrusion detection, regular security audits
  • Secure Development: Security-focused development practices, regular code reviews
  • Backup & Recovery: Regular encrypted backups, disaster recovery plans
  • Endpoint Security: Antivirus, device encryption, mobile device management

Organizational Security Measures

  • Data Protection Training: Regular training for all employees on data protection
  • Security Policies: Comprehensive information security policies and procedures
  • Incident Response: Documented incident response plan for data breaches
  • Vendor Management: Security assessments for third-party vendors
  • Physical Security: Secure facilities, access controls, visitor management
  • Regular Audits: Internal and external security audits and assessments

Data Breach Response

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  1. Contain the breach and assess the risk
  2. Notify the Information Regulator within 72 hours (if required)
  3. Notify affected individuals without undue delay
  4. Document the breach and our response
  5. Implement measures to prevent recurrence
🌍

9. International Data Transfers

As a South African company serving clients across Africa, we primarily process and store data within South Africa. However, in some cases, data may be transferred to other countries.

Transfer Scenarios

  • Equipment Manufacturers: Limited equipment data may be shared with international manufacturers for warranty claims or technical support
  • Cloud Services: Some cloud services may store data in multiple locations (with appropriate safeguards)
  • Multinational Clients: Data related to multinational corporations may be processed in their country of operation

Safeguards for International Transfers

When transferring data outside South Africa, we ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by relevant authorities
  • Binding corporate rules for intra-group transfers
  • Adequacy decisions for transfers to countries with adequate data protection laws
  • Explicit consent for specific transfers when required

Your Rights Regarding International Transfers

You have the right to be informed about international transfers of your data and the safeguards in place. You may request details of specific transfers involving your data by contacting our Information Officer.

πŸͺ

10. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic.

Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Necessary for website functionality, security, and basic features Session or up to 24 months
Analytics Cookies Help us understand how visitors interact with our website Up to 26 months
Preference Cookies Remember your settings and preferences Up to 12 months
Marketing Cookies Used to deliver relevant advertisements (only with consent) Up to 12 months

Managing Cookies

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Third-Party Analytics

We use Google Analytics to analyze website traffic. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our site. We use the information from Google Analytics only to improve our site and services.

πŸ‘Ά

11. Children's Privacy

Our services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Academic & Research Institutions

When working with academic or research institutions, we may process information about students or researchers. In such cases, we rely on the institution to obtain any necessary consents and ensure compliance with applicable laws regarding minors' data.

πŸ”„

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes

When we make material changes to this policy, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify registered users via email (if we have your contact details)
  • Post a notice on our website for significant changes
  • Provide a summary of changes for easy reference

Your Acceptance

By continuing to use our services after changes become effective, you agree to be bound by the revised policy. If you do not agree with the changes, you should discontinue use of our services.

Version History

We maintain a version history of this policy. You may request previous versions by contacting our Information Officer.

πŸ“ž

13. Contact Information

For any questions, concerns, or requests regarding this privacy policy or our data protection practices, please contact us:

πŸ‘€

Information Officer

Cosmas Mutsimhu

Email: info@chemplanet.co.za

Phone: (+27) 21-555-0053

Cell: (+27) 63-571-0130

Hours: Mon-Fri, 8:00-17:00

🏒

Postal Address

Information Officer

Chemplanet Scientific Solutions (Pty) Ltd

8 Hunters Green

Summer Greens

Cape Town, 7441

South Africa

βš–οΈ

Information Regulator

South Africa

Website: https://www.justice.gov.za/inforeg/

Email: inforeg@justice.gov.za

Phone: +27 (0)12 406 4818

Address: SALU Building, 316 Thabo Sehume Street, Pretoria

Response Time

We strive to respond to all privacy-related inquiries within 21 business days as required by POPIA. Complex requests may require additional time, in which case we will notify you and provide an estimated response timeline.

Complaints

If you are not satisfied with our response or believe we are processing your personal information in a way that is not compliant with data protection laws, you have the right to lodge a complaint with the Information Regulator of South Africa or your local supervisory authority.

πŸ“š

14. Definitions

Personal Information
Any information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person.
Processing
Any operation or activity concerning personal information, including collection, storage, use, dissemination, or destruction.
Data Subject
The person to whom personal information relates (you).
Responsible Party
The party that determines the purpose and means of processing personal information (Chemplanet).
Operator
A person who processes personal information on behalf of the responsible party.
Information Officer
The person responsible for ensuring compliance with POPIA within an organization.
Consent
Any voluntary, specific, and informed expression of will by a data subject.
Special Personal Information
Sensitive information including religious beliefs, race, health, biometrics, etc.
Data Breach
Unauthorized access to or acquisition of personal information.
Anonymization
The process of removing personal identifiers from data so that the data subject cannot be identified.
Pseudonymization
The processing of personal information so that it can no longer be attributed to a specific data subject without additional information.
Data Minimization
The principle of collecting only the personal information that is necessary for the specified purpose.

Legal References

This policy is designed to comply with:

  • South Africa: Protection of Personal Information Act, 2013 (POPIA)
  • European Union: General Data Protection Regulation (GDPR)
  • Other applicable data protection laws in African countries where we operate

πŸ“‹ Document Control

Policy Owner: Information Officer
Approved By: Chemplanet Scientific Solutions Management
Review Cycle: Annual review, or as required by legislative changes
Distribution: Available on website, provided upon request

This document is the official privacy policy of Chemplanet Scientific Solutions (Pty) Ltd and supersedes all previous versions.