Understanding Our Approach
When individuals explore budget communication guidance through our platform, certain details naturally move through our systems. We've structured intake around necessity—what allows us to respond, deliver materials, maintain accounts, and meet legal obligations in South Africa.
Think of information flow in phases. First comes emergence: someone registers, asks a question, or subscribes to updates. Then handling occurs—we route inquiries, send confirmations, schedule consultations. Retention follows: records sit in databases for defined periods. Eventually, disappearance: deletion protocols activate once legal and operational timelines expire.
What Gets Recorded
Details fall into recognizable bands:
- Identity markers: Names, email addresses, phone numbers provided during registration or contact form submission
- Communication records: Message content when someone reaches out through our inquiry system, timestamps of exchanges, response histories
- Operational metadata: IP addresses captured during platform interaction, browser signatures, device types connecting to our services
- Engagement patterns: Which resources get downloaded, webinar attendance logs, content preferences indicated through user behavior
- Financial transaction details: Payment information processed when purchasing consultation packages or educational materials
Regarding cookies and tracking mechanisms: This notice intentionally excludes discussion of browser storage, analytics scripts, or similar technologies. Those topics live in our separate Cookie Policy document. If you're wondering about tracking pixels or session cookies, consult that resource instead.
| Information Category | Collection Method | Primary Purpose |
|---|---|---|
| Contact Details | Direct submission through forms | Enable correspondence and service delivery |
| Communication History | Automated logging during exchanges | Maintain context across conversations |
| Technical Access Data | Server logs during site visits | Security monitoring and performance optimization |
| Usage Behavior | Platform interaction tracking | Content personalization and service improvement |
| Payment Records | Transaction processor integration | Billing, receipts, financial compliance |
Why Collection Occurs
Data doesn't accumulate randomly. Each category serves distinct operational requirements that benefit both the organization and individuals seeking budget guidance.
Contact information enables the fundamental service promise: when someone submits an inquiry about financial planning workshops, we can actually respond. Without an email address or phone number, consultation scheduling collapses. Payment details allow transaction completion—pretty straightforward there.
Communication records exist because fragmented conversations waste everyone's time. When a client emails about modifying their budget review appointment, having the original exchange prevents confusion. Operational metadata feeds security systems that flag unusual access patterns, which protects accounts from unauthorized entry.
Usage behavior reveals what's working. If downloadable budget templates go untouched while video tutorials get heavy traffic, that informs content development priorities. This isn't surveillance—it's pattern recognition that shapes service evolution.
Legal Foundations
South African legislation, particularly the Protection of Personal Information Act, establishes frameworks we operate within. Several legal bases justify our handling:
- Contractual necessity: fulfilling agreements when someone purchases consultation services
- Legitimate interests: maintaining platform security and improving educational content
- Legal obligations: tax compliance, financial record retention requirements
- Consent: where explicitly obtained for marketing communications or optional features
Information Movement and Access
Data doesn't sit in isolated vaults. It moves—internally among team members with defined roles, and externally under specific circumstances that merit explanation.
Internal Handling
Within Prakento Nilomas, access follows function. Budget consultants reviewing client files before appointments can see consultation histories and previously submitted financial questions. Administrative staff processing registrations access contact details and payment confirmations. Technical personnel maintaining platform infrastructure interact with system logs and performance data.
This isn't open access—it's role-based. The person answering general inquiries doesn't peek at payment records. Database administrators don't browse consultation notes.
External Transfers
Sometimes information crosses organizational boundaries:
- Payment processors: Financial transaction details route through third-party services that handle card payments securely
- Email service providers: When we send newsletters or appointment confirmations, those messages travel through specialized communication platforms
- Cloud infrastructure providers: Our platform operates on hosted servers, meaning data resides in facilities managed by technology companies
- Legal authorities: If South African regulators or courts issue valid requests, compliance may require disclosure
- Professional advisors: Accountants, lawyers, or auditors occasionally review records during operational assessments
Each external party operates under contractual obligations limiting their ability to repurpose information. Payment processors can't suddenly start marketing their own services using client details they encounter during transaction processing.
Geographic movement matters: some service providers operate servers outside South Africa. This means certain data categories may physically reside in other jurisdictions, subject to those regions' legal frameworks. We select partners carefully, but cross-border movement introduces complexity worth acknowledging.
Security Measures and Realistic Limitations
Protection strategies span technical controls, procedural safeguards, and organizational policies. But absolute security remains fictional—better to explain actual defenses alongside inherent vulnerabilities.
Active Protections
Encryption shields data during transmission between browsers and servers. Access credentials use hashing algorithms that prevent plaintext password storage. Regular backups create recovery options if systems fail. Firewalls filter incoming traffic, blocking common attack patterns.
Procedurally, staff undergo training about handling sensitive details appropriately. Access permissions get reviewed quarterly. Outdated accounts face deactivation. Physical security at our Durban office (5 Signal Rd, Point) restricts entry to authorized personnel.
Acknowledging Exposure
Despite precautions, breaches remain possible. Sophisticated attacks might bypass defenses. Human error could expose records accidentally. Third-party vulnerabilities might create indirect pathways to our data. Natural disasters or infrastructure failures could disrupt systems.
If a breach occurs, we'll notify affected individuals within timeframes specified by South African law, explain what happened, and describe remediation steps. Transparency beats silence when things go wrong.
Individual Control and Retention
People retain agency over their details, with certain practical constraints.
Access and Correction
Want to see what we hold? Submit a request to info@nodilscopds.biz specifying the information categories you're curious about. We'll compile records within 30 days unless complexity extends that timeline.
Spotted outdated or incorrect details? Correction requests follow the same channel. If your phone number changed or an email address contains a typo, let us know and we'll update records.
Deletion Requests
Individuals can ask us to erase their information, though legal obligations sometimes prevent complete deletion. Financial records must persist for tax compliance periods. Contractual disputes might require retaining communication histories until resolution. But where no compelling reason exists to keep data, removal proceeds.
Objection Rights
If you disagree with how we're handling your details for legitimate interest purposes, raise an objection. We'll assess whether our needs override your concerns or whether alternative approaches exist.
Automated Decision Opposition
Currently, we don't deploy automated systems making significant decisions about individuals. If that changes—say, algorithmic assessment of consultation eligibility—affected people would gain rights to request human review.
Standard Retention Windows
| Data Type | Typical Retention Duration | Deletion Trigger |
|---|---|---|
| Active client consultation records | Duration of engagement plus 7 years | Financial regulation compliance periods expire |
| General inquiry communications | 2 years from last contact | Operational relevance lapses |
| Marketing consent records | Until consent withdrawal | Individual opts out |
| Payment transaction details | 7 years from transaction date | Tax authority requirements met |
| Technical access logs | 12 months | Security analysis window closes |