Privacy Policy | Red Hot Zone

Privacy Policy

Red Hot Zone (Pty) Ltd

Protecting your personal information in line with POPIA

Last updated: June 2026

1. Introduction

Red Hot Zone (Pty) Ltd ("Red Hot Zone", "we", "us", "our") is a Growth Systems consultancy that provides business consulting, marketing services, software products, and technology solutions to small and medium-sized businesses across South Africa and internationally.

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA"), the Electronic Communications and Transactions Act 25 of 2002 ("ECTA"), and all other applicable South African data protection legislation.

This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with our website, our client engagements, and the software products and platforms we provide or resell. By using our website or engaging our services, you acknowledge that you have read and understood this policy.

For users outside South Africa, we take reasonable steps to ensure equivalent data protection measures apply, consistent with international standards including the GDPR where relevant.

2. Responsible Party and Information Officer

Red Hot Zone is the Responsible Party for personal information processed in connection with our services. Our Information Officer is accountable for ensuring compliance with POPIA and this Privacy Policy.

Contact details:

3. Personal Information We Collect

We collect personal information in the course of providing consulting, marketing, and technology services, and through the operation of our website and client platforms. This includes:

3.1 Information you provide directly:

  • Full name and surname
  • Business name, job title, and industry
  • Email address, telephone number, and physical or postal address
  • Billing and payment information (processed securely through our payment partners — we do not store full card or banking details)
  • Account credentials for platforms we manage or provide on your behalf (stored in encrypted form)
  • Project briefs, business information, and operational data shared with us for the purpose of delivering our services
  • Communications, feedback, and correspondence submitted to us

3.2 Information collected automatically:

  • IP address, browser type, device type, and operating system
  • Website usage data including pages visited, time on page, and navigation paths (via Google Analytics and similar tools)
  • Cookie identifiers and tracking data (see Section 8 — Cookies)

3.3 Information received from third parties:

  • Profile or contact data from social media platforms when you interact with our integrations
  • Payment confirmation data from payment processors
  • Data from client CRM, project management, and operational platforms as part of service delivery

4. Purpose of Processing

We process personal information only for specific, defined, and lawful purposes. These include:

  • Delivering consulting, marketing, and operational systems services to clients
  • Onboarding clients onto third-party software platforms and proprietary tools that form part of our service offering
  • Processing once-off and recurring payments for our services
  • Managing client accounts, project workflows, and service delivery
  • Communicating with you about your engagement, project status, or service updates
  • Sending marketing communications, including newsletters and campaign updates (with your consent — you may opt out at any time)
  • Analysing website usage to improve our online presence and user experience
  • Using artificial intelligence tools to assist with content creation, design, workflow automation, and service delivery tasks (see Section 6 — AI Tools)
  • Complying with legal, regulatory, and contractual obligations
  • Detecting, preventing, and responding to fraud, security incidents, or misuse

5. Legal Basis for Processing

Under POPIA, we process your personal information on the following lawful grounds:

  • Consent — for marketing communications, non-essential cookies, and where we expressly request your permission
  • Performance of a contract — to deliver services you have engaged us for or to take steps at your request before entering into a contract
  • Legal obligation — to comply with applicable laws, tax requirements, and regulatory obligations
  • Legitimate interests — for fraud prevention, service improvement, and maintaining the security of our systems, where these do not override your rights and freedoms

6. Use of Artificial Intelligence Tools

Red Hot Zone makes use of artificial intelligence (AI) tools and platforms in the delivery of our services. AI may be used to assist with content creation, graphic design, workflow automation, copywriting, data analysis, campaign strategy, and other service-related tasks.

Where AI tools process personal information as part of service delivery, we take reasonable steps to ensure that:

  • Only the minimum personal information necessary is used
  • AI tool providers are subject to appropriate data protection obligations
  • Outputs are reviewed by our team before delivery to clients

AI-generated outputs (content, designs, strategies, reports) may form part of deliverables provided to clients. We will disclose the use of AI in deliverables where this is material to the engagement.

We do not use AI tools to make automated decisions about individuals that produce legal or similarly significant effects without human review.

7. Third-Party Software Platforms and Partners

Our service offering includes the resale, configuration, and support of third-party software platforms as part of client solutions. The specific platforms in our offering evolve over time as new tools become available.

These platforms may process personal information on behalf of our clients as independent controllers or sub-processors. Where a client uses a third-party platform through our service, that platform's own privacy policy and terms also apply.

We also collaborate with a network of strategic partners, including specialist developers, marketers, and process engineers, who may be involved in delivering services to clients. Where partners handle personal information, they are required to maintain appropriate data protection standards.

We may also use the following types of third-party services in our own operations:

  • Payment processors — for processing client payments securely
  • Email marketing platforms — for sending communications to opted-in contacts
  • Web analytics tools — for understanding website usage
  • Cloud hosting and infrastructure providers — who are bound by data processing agreements
  • Social media platforms — in connection with our marketing activities

We do not sell, rent, or trade your personal information to any third party.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to support functionality, analyse usage, and support marketing activity. Cookie types include:

  • Essential cookies — required for the website to function correctly
  • Analytics cookies — to understand how visitors use our website (e.g. Google Analytics)
  • Marketing and tracking cookies — used in connection with social media integrations and retargeting campaigns

You may manage or disable cookies through your browser settings. Disabling certain cookies may affect website functionality. Where required by law, we will request your consent before setting non-essential cookies.

9. Retention of Personal Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. General retention periods include:

  • Client and account information: for the duration of the engagement and 5 years after conclusion
  • Billing and transaction records: 5 years, in line with South African tax and financial record-keeping requirements
  • Marketing consent records: until consent is withdrawn, plus 3 years
  • Website analytics data: up to 26 months (in line with standard analytics platform defaults)

When personal information is no longer required, we will securely delete or anonymise it.

10. Security

We apply appropriate technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration, or destruction. Measures include:

  • SSL/TLS encryption for data transmitted via our website and client platforms
  • Encrypted storage of passwords and sensitive credentials
  • Role-based access controls — only authorised personnel access personal information on a need-to-know basis
  • Contractual data protection obligations with our partners and sub-processors
  • Regular review of security practices and systems

While we take all reasonable precautions, no internet transmission is completely secure. Please notify us immediately if you suspect any unauthorised use of your account or any security breach.

11. Your Rights Under POPIA

As a data subject, you have the following rights:

  • Right to be notified when your personal information is collected
  • Right of access — to request confirmation of what personal information we hold about you and to obtain a copy
  • Right to correction — to request that we update or correct inaccurate, incomplete, or outdated information
  • Right to deletion — to request deletion of your personal information in certain circumstances
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
  • Right to lodge a complaint with the Information Regulator

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

12. Children

Our website and services are not directed at persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

13. Transborder Data Flows

Some of the third-party platforms and AI tools we use may process or store data outside South Africa. Where this occurs, we take steps to ensure that adequate data protection measures are in place, consistent with Section 72 of POPIA governing transborder information flows.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting an updated policy on our website with a revised effective date. Continued use of our services after such changes constitutes your acceptance of the updated policy.

15. Information Regulator

You have the right to lodge a complaint with the Information Regulator of South Africa:

16. Contact Us

For any questions or requests relating to this Privacy Policy, please contact our Information Officer: