Privacy Policy
Transparency by Design
Comprehensive Privacy & Data Protection Report
Our Commitment to Your Privacy
At CodeRise Solutions, we view data privacy not just as a legal requirement under the Protection of Personal Information Act (POPIA), but as a fundamental user right. This infographic report outlines exactly what data we collect, why we need it, and the rigorous measures we employ to secure it.
The Data We Collect
We practice data minimization. We only collect the specific types of personal information required to deliver our software solutions, manage client relationships, and improve our digital platforms. The visualization illustrates the relative footprint of different data categories we process.
- ●Identity & Contact: Names, emails, phone numbers.
- ●Technical Data: IP addresses, browser types, OS.
- ●Usage Metrics: Platform interaction patterns.
Purpose of Processing
Every piece of data serves a specific, documented purpose. We do not sell your personal information. The primary driver for data collection is delivering core service functionality, followed by essential customer support and legal obligations.
Key Takeaway
Over 60% of data processing is dedicated purely to Service Delivery and Customer Support, ensuring you get the product experience you expect.
Defense-in-Depth Architecture
Protecting your data requires a multi-layered approach. We benchmark our security posture across five critical domains. Our highest investments are in Data Encryption (both in transit and at rest) and strict Access Control protocols.
AES-256
Database Encryption
TLS 1.3
Transit Protocol
Your POPIA Rights
You are in control of your personal information. Here is what you can request at any time.
Right to Access
Request a complete copy of the personal data we hold about you.
Right to Rectify
Update or correct any inaccurate or incomplete personal information.
Right to Erasure
Request the deletion of your data when it is no longer legally required.
Right to Object
Opt-out of direct marketing or specific types of data processing.
To exercise these rights, please contact our Information Officer at privacy@coderisesolutions.co.za
Statutory Privacy Governance and Compliance Framework for Code Rise Solutions (Pty) Ltd
The Evolutionary Landscape of Data Privacy in the South African Republic
The architectural design of data privacy in South Africa has undergone a profound transformation since the full implementation of the Protection of Personal Information Act, No. 4 of 2013 (POPIA), which became enforceable with mandatory penalties in July 2021. This legislative shift represents more than a mere administrative hurdle; it is a fundamental realignment of the relationship between corporate entities and the individuals whose data they process. For an enterprise such as Code Rise Solutions (Pty) Ltd, which is positioned within the highly technical and sensitive domain of custom software development and graduate mentorship, the mandate for a comprehensive privacy policy is both a legal necessity and a strategic imperative for brand integrity.
The South African constitutional right to privacy serves as the bedrock for POPIA, necessitating that all "Responsible Parties"—those who determine the purpose and means of processing personal information—adhere to rigorous standards of transparency, accountability, and security. In the contemporary digital economy, where information is frequently described as the "new gold," the risks associated with non-compliance are severe. The Information Regulator, the statutory body established to oversee data protection, possesses the authority to issue administrative fines reaching R10 million or to facilitate criminal prosecutions that may lead to ten years of imprisonment for the most egregious breaches. For small and medium-sized enterprises (SMEs) like Code Rise Solutions, which are essential to the South African economy, these risks are compounded by the potential for irreparable reputational damage in a competitive IT services market.
The implementation of a Privacy Policy for https://www.coderisesolutions.co.za/ requires a nuanced understanding of the specific technological stack utilized by the firm, most notably the Zoho ecosystem, and the unique data lifecycle inherent in its mentorship program. This report serves as an exhaustive compliance framework, integrating legal requirements with the operational realities of a software development house.
Corporate Profile and Regulatory Identity Analysis
Code Rise Solutions (Pty) Ltd is a registered private company in South Africa, identified by the registration number CK: 2025/421251/07. The firm’s mission is centered on bridging the technical gap between academic achievement and industry demands, primarily through bespoke digital crafting and a structured, year-long mentorship program for IT graduates. This dual focus necessitates the processing of diverse data categories, ranging from standard business contact information to sensitive academic and professional records.
The company’s vision is to be a premier development house in South Africa, characterized by technical expertise and ethical practices. Achieving this vision requires a privacy-first approach to software engineering and organizational governance. The following table outlines the fundamental corporate identity markers relevant to its privacy governance.
| Entity Characteristic | Statutory and Operational Detail |
|---|---|
| Legal Registered Name | CODERISE SOLUTIONS (PTY) LTD. |
| Registration Number | CK: 2025/421251/07. |
| Primary Industry | Information Technology and Software Development. |
| Website URL |
|
| Technology Platform | Powered By Zoho Sites. |
| Key Service Pillars | Custom Software, IT Consultancy, Graduate Mentorship. |
| Core Values | Excellence, Empowerment, Innovation, Integrity, Social Impact. |
The interaction between the firm's core values—particularly "Integrity" and "Excellence"—and its statutory obligations creates a framework where data protection is viewed as a quality assurance metric rather than a checkbox exercise. The "Integrity" value, defined as operating with honesty and transparency, is directly satisfied through the publication of a clear, accessible Privacy Policy in "Plain South African English".
Analysis of Data Collection Points and Processing Activities
A critical step in achieving POPIA compliance is the performance of a thorough data inventory or audit. For Code Rise Solutions, this inventory must encompass every point on the website where a data subject (an individual or juristic person) interacts with the Company’s digital systems.
Website Interface and Contact Mechanisms
The website https://www.coderisesolutions.co.za/ serves as the primary portal for client engagement and mentorship applications. Each interaction point represents a distinct data inflow that must be governed by the Privacy Policy.
| Website Feature | Data Element Collected | Purpose and Legal Justification |
|---|---|---|
| Contact Form | Name, email address, message content. | Responding to inquiries; necessity for potential contract. |
| Appointments (Zoho Bookings) | Name, email, contact number, service type. | Scheduling strategy sessions or consultations. |
| Mentorship Portal | CVs, transcripts, ID details (inferred), skills. | Candidate evaluation; legitimate interest of the firm. |
| Email Links | Sender's email address and metadata. | Direct professional correspondence. |
| Analytics/Cookies | IP-derived location, browser data, session IDs. | Site optimization and security; user consent. |
The use of Zoho Bookings is particularly noteworthy, as it automates the collection of contact details (Name, Email, and Contact Number) which are mandatory fields by default. The Company has the ability to add custom fields, such as address or meeting requirements, further expanding the scope of personal information under its control. These fields are often pushed to a CRM (Customer Relationship Management) system, creating a persistent record that must be managed according to retention policies.
The Mentorship Program Lifecycle
The Graduate Mentorship Program is a cornerstone of Code Rise Solutions’ social impact strategy. However, from a privacy perspective, it represents a high-risk activity due to the processing of "Special Personal Information" or highly sensitive personal data. Applicants provide comprehensive records of their academic history and professional aspirations. This information is not only processed during the selection phase but is also utilized throughout the year-long program for progress tracking and industry placement. The firm must ensure that this data is not repurposed for marketing or shared with third-party recruitment partners without explicit, informed consent from the graduates.
Deep Dive into the Eight Conditions for Lawful Processing
POPIA mandates that all processing must adhere to eight fundamental conditions. For Code Rise Solutions, these conditions must be woven into the very fabric of their software development lifecycle and administrative operations.
Condition 1: Accountability
Accountability requires that the firm ensures all conditions are met at the time of determining the purpose of processing. This means that before Code Rise Solutions builds a new software tool for a client or updates its own website, the Information Officer must assess the privacy implications. The CEO, as the default Information Officer, is legally responsible for this compliance, even if the task is delegated to a technical lead.
Condition 2: Processing Limitation
Processing must be lawful and minimal. On the website’s appointment forms, the firm should avoid asking for information that is not essential for scheduling a meeting. For example, marital status or income levels are generally irrelevant for an initial IT consultation and should be excluded to maintain data minimization. Furthermore, consent must be obtained directly from the data subject, particularly when using automated forms on https://www.coderisesolutions.co.za/.
Condition 3: Purpose Specification
Information must be collected for a specific, explicitly defined, and lawful purpose related to a function or activity of the Company. When a graduate submits a CV for the mentorship program, the purpose is recruitment and training. Code Rise Solutions cannot later use those email addresses to send marketing materials about their custom software services unless that secondary purpose was disclosed at the point of collection or fresh consent is obtained. This condition also governs data retention: once a mentorship cycle is complete and the administrative requirements (such as tax or labor records) are satisfied, the personal information must be destroyed or de-identified.
Condition 4: Further Processing Limitation
Any further processing of information must be compatible with the original purpose. For instance, analyzing mentorship applicants' data to improve the program’s curriculum is likely compatible with the original recruitment purpose. However, sharing that data with an external advertising agency to target developers for a different product would violate this condition unless the data subject provided specific consent.
Condition 5: Information Quality
The firm must take reasonably practicable steps to ensure that personal information is complete, accurate, not misleading, and updated. This is critical for the "Service Name" and "Customer Name" fields in the Zoho Bookings module, as errors here could lead to service delivery failures or the accidental disclosure of one client’s data to another.
Condition 6: Openness
Openness requires transparency. The firm must maintain documentation of all processing operations and ensure that the data subject is aware of the collection. This is the primary function of the Privacy Policy on the website. It must inform the user about the identity of the responsible party (Code Rise Solutions), the purpose of collection, and their rights to access or object to the processing.
Condition 7: Security Safeguards
Condition 7 is perhaps the most technical requirement for an IT firm. It mandates appropriate, reasonable technical and organizational measures to prevent unauthorized access or loss of data. For Code Rise Solutions, this includes using HTTPS across the site, ensuring admin access to Zoho is protected by multi-factor authentication, and ensuring that any custom software developed for clients includes "Privacy by Design" features.
Condition 8: Data Subject Participation
Data subjects have the right to request access to their personal information and to request corrections or deletions. The Company must have a clear internal process for responding to these requests within the 30-day timeframe typically required by South African law.
Comprehensive Privacy Policy for Code Rise Solutions (Pty) Ltd
The following section represents the formal Privacy Policy designed for public display on https://www.coderisesolutions.co.za/. It has been structured to meet the "Openness" and "Transparency" requirements of POPIA while reflecting the specific service offerings of the firm.
1. Introduction and Commitment to Privacy
Code Rise Solutions (Pty) Ltd (hereinafter referred to as "the Company," "we," "us," or "our") is a private company registered in the Republic of South Africa. We are committed to the protection of personal information and the ethical management of data. This Privacy Policy outlines our practices regarding the collection, use, and safeguarding of information obtained through our website, custom software services, and our mentorship programs. We recognize that our clients and program participants entrust us with their information, and we are dedicated to maintaining that trust through compliance with the Protection of Personal Information Act (POPIA).
2. Information We Collect
We collect personal information that is necessary to provide our services and manage our professional relationships. This collection occurs through various channels, including website forms, appointment scheduling tools, and direct communication.
| Category of Data | Specific Information Examples | Source of Collection |
|---|---|---|
| Contact Identifiers | Full names, email addresses, and phone numbers. | Contact forms, booking system. |
| Professional Records | CVs, academic transcripts, and skills assessments. | Mentorship portal. |
| Business Data | Company names, project requirements, and technical specifications. | Consultancy inquiries. |
| Technical Data | IP addresses, browser types, and cookie identifiers. | Website tracking tools. |
| Correspondence | Content of emails and messages submitted to our team. | Direct email and contact forms. |
We process personal information only for legitimate business purposes, including:
Providing bespoke digital crafting and software integration services.
Managing consultations and strategy sessions through our appointment system.
Facilitating the Graduate Mentorship Program, including selection and training.
Responding to general inquiries and providing customer support.
Improving website performance and security through technical analytics.
Complying with statutory requirements, such as tax laws and labor regulations.
4. Legal Basis for Processing
Under POPIA, we must have a lawful basis for processing your data. We rely on the following:
Consent: Where you have explicitly agreed to the processing (e.g., signing up for updates).
Contractual Necessity: Where processing is required to fulfill our obligations under an agreement with you.
Legal Obligation: Where we are required by South African law to process certain information.
Legitimate Interest: Where processing is necessary for our legitimate business interests, provided it does not infringe on your privacy rights.
5. Third-Party Disclosures
As our digital platform is "Powered By Zoho," certain information is processed by Zoho as an "Operator" on our behalf. We ensure that our service providers adhere to strict data protection standards and that transborder data flows are managed in accordance with POPIA. We do not sell your personal information to third parties for marketing purposes.
6. Security Measures
We implement appropriate technical and organizational measures to safeguard your information. These include:
The use of HTTPS encryption for all website traffic.
Strict access controls and password protections for internal systems.
Regular security audits of our data handling practices.
Staff training on data privacy and security awareness.
7. Data Retention and Destruction
We retain personal information only for the period necessary to achieve the stated purpose. For example, mentorship records are kept for the duration of the program plus any legally required period for employment records. When information is no longer required, it is securely deleted or de-identified.
8. Your Rights as a Data Subject
You have the right to:
Request access to the personal information we hold about you.
Request the correction of inaccurate or outdated information.
Request the deletion of your data where no legal basis for retention exists.
Object to the processing of your data for direct marketing.
Lodge a complaint with the South African Information Regulator if you believe your rights have been infringed.
9. Contact Our Information Officer
The designated Information Officer for Code Rise Solutions (Pty) Ltd is responsible for overseeing compliance with this policy.
Information Officer:.
Email: tshepo@coderisesolutions.co.za.
Phone: +27 72 245 8286.
Registered Address:.
Cookie and Tracking Technology Framework
The website https://www.coderisesolutions.co.za/ utilizes cookies—small data files stored on a visitor's device—to improve site functionality and provide a more personalized experience. As the site is built on the Zoho platform, it adheres to the standard Zoho cookie categories.
Classification of Cookies Utilized
The following table provides a detailed breakdown of the cookies that may be set during a visit to the Code Rise Solutions website.
| Cookie Category | Purpose | Necessity and Impact |
|---|---|---|
| Strictly Necessary | Used for load balancing, session stickiness, and security (e.g., | Mandatory; the website cannot function correctly without these. |
| Functional/Preference | Remembers choices like language or cookie banner dismissal ( | Enhances user experience; can be disabled but may limit features. |
| Analytics | Tracks page load times and visitor behavior to improve performance ( | Optional; used for internal reporting and optimization. |
| Third-Party | Set by embedded content like YouTube videos or Google Analytics pixels. | Managed by the third-party providers; subject to their privacy policies. |
Consent Management Mechanism
Code Rise Solutions employs a "User-friendly cookie bar" provided by Zoho Sites. Upon the first visit, users are presented with a banner that allows them to grant or withdraw consent for different categories of cookies. This satisfies the POPIA requirement for informed, granular consent. The site does not load non-essential tracking cookies until the user has actively consented via this banner.
Governance of the Graduate Mentorship Program Data
The "Empowerment" value of Code Rise Solutions is realized through its mentorship program, which aims to transform graduates into proficient IT professionals. This program involves a unique "Data Lifecycle" that requires specialized governance.
The Recruitment and Onboarding Phase
During the application process, the Company collects significant amounts of personal data to determine a candidate's suitability. This includes academic transcripts, which under POPIA may be considered sensitive information if they reveal details about a person’s disability or other protected characteristics. The firm must ensure that:
Only information relevant to the technical mentorship is requested.
Unsuccessful candidates are notified, and their data is either destroyed or retained only for a short period to allow for potential future openings, provided they are informed of this.
All digital records are stored in the secure Zoho environment with limited access granted only to the recruitment committee.
The Mentorship and Training Phase
Once a candidate is enrolled, the "Further Processing" limitation becomes relevant. Data collected during training—such as progress reports or skills assessments—is processed to manage the mentorship. If the Company wishes to use a graduate’s success story for marketing or to feature them on the website, explicit "Success Story Consent" must be obtained. This ensures that the graduate remains in control of their professional image and personal information.
Technical and Organizational Security Measures (TOMS)
As an IT service provider, Code Rise Solutions is held to a high standard of "Cyber Resilience". Condition 7 of POPIA requires the firm to secure the integrity and confidentiality of personal information in its possession.
Technical Safeguards
The Company leverages the security infrastructure of Zoho Sites while maintaining its own endpoint security.
Encryption at Rest and in Transit: All website communications are encrypted via SSL/TLS certificates. Data stored in the Zoho ecosystem is encrypted to protect against unauthorized physical access.
Access Control and Identity Management: Access to sensitive data is managed through a central console, ensuring that only employees with a "legitimate need to use it" have access. This includes the use of strong passwords and multi-factor authentication for all administrative accounts.
Data Loss Prevention (DLP): For internal operations, the firm should utilize features such as remote wipe or lock on company-issued devices to reduce the risk of a breach following a theft or loss.
Organizational Safeguards
Technical measures alone are insufficient; the "human factor" remains a significant vulnerability.
Employee Awareness Programs: Regular training sessions are conducted to ensure that all staff understand POPIA principles and can recognize threats like phishing.
Incident Response Protocol: The Company maintains a written plan for responding to data breaches. This includes identifying roles, timelines for notification, and a process for analyzing the cause of the breach to prevent recurrence.
Operator Management: Before engaging any third-party service provider, Code Rise Solutions conducts a "POPIA due diligence" to ensure that the provider is compliant and that a written contract is in place to protect the data.
The Role of the Information Officer and PAIA Manual
The Information Officer (IO) is the cornerstone of the firm’s privacy architecture. By default, the head of the organization (CEO or Managing Director) is the Information Officer, although a Deputy Information Officer (DIO) may be appointed for operational support.
Statutory Duties of the Information Officer
The IO’s responsibilities are multifaceted, encompassing both internal governance and external liaison.
Encouraging Compliance: Driving the privacy-first culture and ensuring that policies are implemented in daily operations.
Request Handling: Managing requests for access to information under both PAIA and POPIA.
Liaison with Regulator: Serving as the official point of contact for the South African Information Regulator during investigations or audits.
Registration: The IO must be registered with the Information Regulator through their online portal before they can legally perform their duties.
The PAIA Manual Requirement
The Promotion of Access to Information Act (PAIA) requires all private bodies to publish a "Manual" that explains how individuals can exercise their right to access information. For Code Rise Solutions, this manual must be available on the website and include:
The contact details of the Information Officer.
A description of the categories of records held by the firm (e.g., Financial, Human Resources, Client Data).
The procedure for making a request and the standard fees involved.
The CIPC and Information Regulator provide guidelines on the fee structure for these requests, which may include charges for reproduction and search time.
| Service Description | Fee (ZAR) |
|---|---|
| Electronic Disclosure Certificate | R30.00. |
| Inspection of Company File (Personal) | R100.00. |
| Photocopy per A4 page | R1.50. |
| Certification of Document | R20.00. |
Direct Marketing and Electronic Communication Governance
POPIA introduces strict regulations for approaching data subjects for the purpose of direct marketing. Code Rise Solutions must navigate these rules carefully to maintain its "Integrity" value while growing its business.
Consent for New Leads
The firm may not approach individuals for marketing via email or SMS unless they have provided their prior consent. This consent must be obtained in the "prescribed Form 4" or a functional equivalent that ensures the user is fully informed of what they are opting into. On the website coderisesolutions.co.za, this means that any newsletter sign-up or "Keep me updated" checkbox must not be pre-ticked.
The Customer Exception
There is an exception for existing customers. If an individual has previously engaged Code Rise Solutions for custom software development, the firm may send them marketing about similar IT services, provided that:
The customer’s contact details were obtained in the context of the sale of a service.
The marketing is for the firm’s own similar services.
The customer was given a reasonable opportunity to object (opt-out) at the time the details were collected and in every subsequent marketing communication.
For mentorship graduates, if they are considered "customers" of the training service, the same rule applies, but only for services related to their professional development.
Transborder Data Flows and the Zoho Relationship
As a "Responsible Party" using an international service provider like Zoho, Code Rise Solutions must ensure that data transfers across South African borders are lawful.
Compliance with Section 72 of POPIA
Section 72 governs transborder flows and requires that the recipient (Zoho) is subject to a law or binding agreement that provides a "substantial level of protection". Zoho’s commitment to GDPR (General Data Protection Regulation) standards and its standardized privacy framework provide this level of assurance. However, Code Rise Solutions remains accountable for ensuring that Zoho only processes the data according to the firm's instructions.
The Privacy Policy must explicitly disclose that data is stored in the Zoho ecosystem and may be hosted in jurisdictions outside of South Africa, such as the United States or India, where Zoho maintains data centers. This transparency fulfills the "Openness" condition and allows the data subject to make an informed choice about interacting with the site.
Breach Notification and Incident Response Framework
Despite robust security measures, data breaches remain a possibility in the IT sector. POPIA requires a proactive and transparent response to such incidents.
Defining a Security Compromise
A breach occurs whenever there are "reasonable grounds to believe" that personal information has been accessed or acquired by an unauthorized person. This is a broad definition that includes not only hacking and ransomware but also accidental disclosures, such as sending a spreadsheet of mentorship applicants to the wrong email address.
Notification Timelines and Content
The Information Officer must notify the Information Regulator and the affected data subjects "as soon as reasonably possible". This notification must include:
A description of the possible consequences of the breach.
A description of the measures taken or proposed to be taken by the firm to address the breach.
A recommendation regarding the measures the data subject should take to mitigate the potential effects of the breach (e.g., changing passwords).
The identity of the unauthorized person, if known.
Code Rise Solutions should conduct "tabletop drills" once a year to ensure the Information Officer and technical team are prepared to execute this plan under pressure.
Strategic Implementation Roadmap for Code Rise Solutions
The transition from a basic website to a fully POPIA-compliant enterprise requires a phased approach.
Phase 1: Foundation (Weeks 1-4)
The first phase focuses on the immediate legal requirements.
Information Officer Registration: Complete the registration of the CEO as the Information Officer with the Information Regulator portal.
Website Audit: Update the "Contact" and "Appointments" pages to include mandatory links to the Privacy Policy and ensure marketing checkboxes are unticked.
Policy Publication: Upload the comprehensive Privacy Policy and the PAIA Manual to the website footer.
Phase 2: Operationalization (Weeks 5-12)
The second phase integrates privacy into the firm’s business processes.
Staff Training: Conduct a mandatory workshop for all developers and administrative staff on data handling and breach identification.
Data Inventory Update: Finalize the "Data Flow Map" specifically for the mentorship program to track where applicant CVs are stored and who has access.
Third-Party Review: Audit contracts with any other service providers (e.g., email marketing tools or cloud storage) to ensure they include POPIA clauses.
Phase 3: Continuous Improvement (Ongoing)
The final phase involves maintaining and auditing the framework.
Annual Audit: Conduct an internal audit of data protection practices to identify any new risks.
Policy Review: Update the Privacy Policy and PAIA Manual annually or whenever a significant change in processing occurs.
Incident Drills: Run a "fake breach" scenario to test the response team.
Conclusion: Privacy as a Foundation for Innovation
For Code Rise Solutions (Pty) Ltd, compliance with POPIA is not a constraint on innovation but a catalyst for it. By building a "premier development house" on a foundation of ethical data practices and transparency, the firm secures its position as a trusted partner for South African businesses and a responsible mentor for the next generation of IT talent. The rigorous application of the eight conditions for lawful processing, the transparent management of cookies through the Zoho ecosystem, and the empowerment of data subjects through clear rights and access procedures demonstrate a sophisticated understanding of the modern digital landscape. Ultimately, the integration of this Privacy Governance Framework ensures that Code Rise Solutions remains resilient in the face of regulatory scrutiny and esteemed in the eyes of its stakeholders.
