Privacy Policy

Last updated: 2026-05-28

Probably Computers (Pty) Ltd ("we", "us", "our") operates the website at probablycomputers.com (the "Site"). This policy explains what personal information we collect through the Site, how we use and protect it, and what rights you have under the Protection of Personal Information Act 4 of 2013 ("POPIA") and, where applicable, the General Data Protection Regulation ("GDPR").

1. Who We Are

Responsible Party (POPIA) / Data Controller (GDPR)

Probably Computers (Pty) Ltd 15 Kruger Ave, Nestpark, Bapsfontein, Gauteng, South Africa +27 76 940 2399 [email protected]

For privacy-specific requests, contact us at the email above and mark your message "Privacy Request".

2. What Personal Information We Collect and Why

2.1 Contact Form

When you submit our contact form you provide:

  • Full name
  • Email address
  • Subject line
  • Message content

Purpose: To respond to your enquiry and, where relevant, to follow up on potential or existing business engagements.

Lawful basis (POPIA): Section 11(1)(a) consent (you voluntarily submit the form) and Section 11(1)(b) legitimate interest in responding to business enquiries.

Lawful basis (GDPR): Article 6(1)(a) consent and Article 6(1)(f) legitimate interests.

We do not use the contact form to collect sensitive personal information (as defined in POPIA Section 26).

2.2 Server and Infrastructure Logs

Our hosting infrastructure (Google Kubernetes Engine) may capture standard server logs including IP addresses, browser user-agent strings, and timestamps. These logs are used for security monitoring and operational troubleshooting only. They are not used for analytics or profiling.

2.3 Cookies and Tracking

The Site uses only the functional cookies necessary to serve the web application. We do not currently use analytics cookies, advertising cookies, or third-party tracking pixels.

The embedded Google Maps component may set cookies from Google's own domain when it loads. You can disable third-party cookies in your browser settings; this will prevent the map from rendering but will not affect the rest of the Site.

We do not operate a cookie consent banner because we do not set non-essential cookies ourselves. If we add analytics or advertising tools in future, we will update this policy and add consent management before doing so.

3. Third-Party Processors

We share personal data with the following third-party services. Each processes data on our behalf (they are operators / data processors, not independent controllers of your data in relation to this Site).

| Processor | Purpose | Data Shared | Location | |-----------|---------|-------------|----------| | Brevo (Sendinblue SAS) | Email delivery and contact management for enquiries | Name, email, subject, message | European Union (France) | | Google Cloud / GKE | Website hosting and infrastructure | Server logs, IP addresses | Primarily United States, South Africa region available | | Google Maps Platform | Embedded map to display our office location | IP address, browser fingerprint (via Google cookies) | United States | | Intuit QuickBooks Online | Invoicing and financial records for engaged clients only | Billing name, email, postal address, company name | United States |

Cross-border transfers: South Africa, the EU, and the US are the primary locations where your data may be processed. Transfers outside South Africa are made under POPIA Section 72 where the recipient country or organisation provides adequate protection, or we have ensured appropriate contractual safeguards (standard contractual clauses or equivalent). Brevo, Google, and Intuit all operate under documented data processing agreements and comply with international data transfer requirements under GDPR and comparable frameworks.

Intuit QuickBooks data is limited to clients who have engaged us for paid services and is used solely for billing and financial record-keeping. It is not collected from website visitors who only submit the contact form.

4. Data Retention

| Data Category | Retention Period | Basis | |---------------|-----------------|-------| | Contact form submissions (name, email, message) | 2 years from date of submission, or until you request deletion | Purpose limitation -- follow-up on enquiries | | Billing and financial records (QuickBooks) | 5 years after the relevant transaction | South African Income Tax Act record-keeping obligations | | Server infrastructure logs | 90 days | Operational security and proportionality | | Brevo contact records | Until you request removal or 2 years of inactivity | Legitimate interest in retaining enquiry records |

After the applicable retention period, personal data is deleted or anonymised so that you can no longer be identified from it.

5. Security Measures

We apply reasonable technical and organisational measures to protect personal information, including:

  • HTTPS encryption in transit for all Site traffic
  • Access controls limiting who within Probably Computers can view contact submissions
  • Encrypted storage at rest for hosted infrastructure
  • Third-party processors selected for their own security controls and compliance certifications

No method of transmission over the internet is completely secure. If we become aware of a data breach affecting your personal information, we will notify the Information Regulator of South Africa within 72 hours as required by POPIA, and notify affected individuals as soon as reasonably practicable.

6. Your Rights

Under POPIA (and the equivalent GDPR provisions where applicable), you have the right to:

  • Access: Request a copy of personal information we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to lawful retention obligations (such as financial records).
  • Objection: Object to the processing of your personal information where we rely on legitimate interest as the lawful basis.
  • Data portability (GDPR): Where processing is automated and based on consent or contract, receive your data in a structured, machine-readable format.
  • Complaint: Lodge a complaint with the Information Regulator of South Africa if you believe we have not handled your personal information lawfully.

To exercise any of the above rights, contact us at [email protected] with the subject line "Privacy Request". We will respond within 30 days.

Information Regulator of South Africa Website: https://www.justice.gov.za/inforeg/ Email: [email protected]

EU residents may also contact their local supervisory authority under GDPR.

7. Links to Other Sites

The Site may contain links to third-party websites. This policy applies only to our Site. We are not responsible for the privacy practices of external sites.

8. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

9. Contact

For any questions about this privacy policy or how we handle your personal information:

Probably Computers (Pty) Ltd 15 Kruger Ave, Nestpark, Bapsfontein, Gauteng, South Africa Email: [email protected] Phone: +27 76 940 2399