1. Purpose of This Policy

At Airla ("we", "us", or "our"), we are committed to safeguarding the privacy and personal information of all individuals who interact with us in accordance with the Protection of Personal Information Act (POPIA), Act No. 4 of 2013 of South Africa.

This policy explains:

• What personal information we collect
• Why we collect it
• How it is used and stored
• Who we may share it with
• Your rights under POPIA
• How you can access and correct your personal information

2. Definitions

• Personal Information: Any information relating to an identifiable natural or juristic person as defined under POPIA.
• Processing: Any operation or activity concerning personal information, whether automatic or manual.
• Responsible Party: Airla, who determines the purpose and means of processing personal information.
• Operator: A third party who processes information on behalf of Airla.
• Data Subject: The individual or entity to whom the personal information relates.

3. Information We Collect

3.1 Information Provided Voluntarily

• Full name
• Company/organization details
• Email address and contact number
• Billing and invoicing information
• Technical project information

3.2 Automatically Collected Information

• IP address
• Browser and device data
• Website usage information (via cookies and analytics tools)

3.3 Sensitive or Confidential Information

Where relevant to cybersecurity or forensics work, you may voluntarily provide sensitive personal data. Such data will only be processed as necessary and in compliance with POPIA and any applicable NDAs.

4. Legal Basis for Processing

We process personal information under the following lawful bases as permitted by POPIA:

• With your consent
• To fulfil a contractual obligation
• To comply with a legal obligation
• Where it is in our or your legitimate interests, and does not infringe on your privacy rights

5. Purpose of Collection

Your information is collected and processed for the following purposes:

• To provide and manage our services
• To communicate regarding projects, proposals, billing, and support
• To secure systems and perform cybersecurity investigations
• To comply with accounting and legal record-keeping
• To improve our website and service offerings
• To protect our legal rights or respond to lawful requests

6. Disclosure of Personal Information

We do not sell your personal information. We may share it only under the following circumstances:

• TWith operators (e.g., trusted service providers like hosting or payment processors) bound by confidentiality agreements
• To communicate regarding projects, proposals, billing, and support
• With third parties if required by law or legal process
• With subcontractors working on your project, under NDA where applicable
• With consent, for showcasing completed work in our portfolio (excluding sensitive data)

7. Storage and Security

We implement technical and organisational safeguards to ensure your personal information is:

• Stored securely (e.g., access-controlled environments)
• Protected against unauthorised access, loss, or misuse
• Retained only as long as necessary for the purpose it was collected

In the event of a data breach, we will notify affected individuals and the Information Regulator as required by POPIA.

8. Retention of Information

We retain personal information:

• For the duration of the project and any post-launch support period
• For a minimum period required by law (e.g., financial records)
• Or until you request deletion, unless we are legally required to keep it

Data no longer required is securely deleted or anonymised.

9. Data Subject Rights

Under POPIA, you have the right to:

• Access the personal information we hold about you
• Correct or update inaccurate, outdated, or incomplete information
• Object to the processing of your information under certain circumstances
• Request deletion of your personal information, where legally permissible
• Withdraw consent where processing is based on your consent
• Lodge a complaint with the Information Regulator

Requests must be submitted in writing (see Section 12). We will verify your identity before actioning requests.

10. Use of Cookies

Our website uses cookies to improve functionality and analyze user behavior. You may disable cookies through your browser settings, but doing so may affect your site experience.

11. Cross-Border Transfers

We may store or process your data outside of South Africa using secure cloud services. When doing so, we ensure the destination country or service provider offers adequate data protection as required by POPIA.

12. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact:

Information Officer
Airla
Gauteng, South Africa
Email: admin@airla.co.za

If you are not satisfied with how we handle your information, you may lodge a complaint with:

The Information Regulator (South Africa)
Website: https://www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal obligations. All updates will be published on our website with a revised effective date. Continued use of our services after changes are posted constitutes acceptance of the new terms.