Privacy Policy

Data Privacy Policy

Definitions

For the purposes of these terms and conditions:

  • “User” means a person who uses and/or accesses computer Software and/or material via the Ditto site and applications.

  • “Ditto Secure” means the company, system, website, applications, affiliates, and creators.

  • “Data” means any data (including Personal Information) provided to Ditto by a User;

  • “Personal Information” includes, but is not limited to, any Data or information about an identifiable User, including an email address.

Introduction

Ditto Secure has formulated this Privacy Policy to explain how it collects Data and for what purposes thereof. 

Ditto Secure will maintain the privacy of its clients by complying with both national & international data privacy standards & best practices.

The Ditto Secure system is hosted using Google Cloud Services. Ditto Secure system is hosted in the EU-Central region in Germany and uses the EU’s GDPR (General Data Protection Regulation) as its standard due to GDPR being the most stringent data protection regulation. By complying with the EU’s GDPR; Ditto Secure also complies with the South African POPI act based on principles and standards between the EU’s GDPR and the POPI act.

Google cloud & the General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a privacy legislation that replaced the 95/46/EC Directive on Data Protection of 24 October 1995 on May 25, 2018. GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:

  • Regulates how businesses can collect, use, and store personal data

  • Builds upon current documentation and reporting requirements to increase accountability

  • Authorizes fines on businesses who fail to meet its requirements

Google Cloud supports GDPR compliance efforts by:

  1. Committing in its contracts to comply with the GDPR in relation to our processing of customer personal data in all Google Cloud and Google Workspace services

  2. Offering additional security features that may help better protect the personal data that is most sensitive

  3. Giving documentation and resources to assist in privacy assessment of Google Cloud services

  4. Continuing to evolve capabilities as the regulatory landscape changes

Google Cloud & the South African POPI Act

South Africa’s Protection of Personal Information Act (POPI), establishes requirements for how both public and private organizations process personal information. Organizations who are subject to POPI and who engage in the collection, storage, or processing of personal information, must comply with this law.

Google Cloud provides product capabilities and contractual commitments to facilitate compliance with South Africa's POPI Act. 

Collection of Data

The collection and processing of personal information on the Ditto Secure system is limited to its intended purpose.

Ditto Secure does not collect, process, store and/or purge personal information for any other reason than for the systems intended purpose.

Users of the Ditto Secure system will be provided with clear reasons for the collection of their personal data and for what intended purposes it is required.

Personal information collected by Ditto Secure is stored in a secure operating environment that is not available to the public. Ditto Secure deploys various cyber security measures to ensure against unwarranted data access or data breaches.

User personal information can be purged automatically by the Ditto Secure system as per clients data retention/storage period requirements.

Users of the Ditto Secure system are able to update their personal information to ensure current data accuracy.

Only requisite personal information will be collected from the Ditto Secure system users to ensure the effective use of the system.

Authorised access to Data

Ditto has a User Access Management, Information Security and IT Access Control policies to ensure that only authorized personnel have access to the data to fulfil their required objectives & functions.

Ditto Secure clients own all data relating to the users processed on their respective database. As a minimum standard; Ditto Secure clients database is stored and backed up for a period of 3 years in to the past; this period can be extended upon the clients request.

All Data is available only to the User and those authorized employees to whom Ditto Secure has granted permissions by issuing a username and password. It is the responsibility of each User to maintain the confidentiality and security of their password and to alert Ditto Secure or reset their password if a compromise of security is suspected. Any unauthorized use of Ditto Secure systems and attempts to access Data without expressed authorization is a violation of this policy, the act of which is prosecutable by law.

Limitation

Ditto Secure has no control over the information or privacy policies of third-party websites hyperlinked to and from Ditto Secure.

These third-party links are being provided for the convenience of the Users of Ditto Secure and Ditto Secure does not endorse and is not responsible or liable for the content, nature, or reliability of any linked website or any link contained in a linked website.

Ditto Secure takes no responsibility for monitoring, updating, supplementing, or correcting any information on any linked website and makes no representation or warranties regarding such information.

Please be aware that in linking to these outside websites, Users are leaving Ditto Secure and that Ditto Secure is not responsible for the content of any other site.