Effective Date: April 2026 | Last Updated: April 2026
1. Introduction
ZenDefend (Pty) Ltd (“ZenDefend”, “we”, “our”, or “us”) is a South African cybersecurity company specialising in managed security services, incident response, continuous threat exposure management, dark web monitoring, and security assessments and optimisations.
We are committed to protecting the privacy and personal information of our clients, website visitors, and all data subjects whose information we process. This Privacy Policy explains how we collect, use, store, share, and protect personal information in compliance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and its associated regulations.
By accessing our website at www.zendefend.co.za or engaging our services, you acknowledge that you have read and understood this Privacy Policy.
2. Responsible Party
In terms of Section 1 of POPIA, ZenDefend is the “Responsible Party” for the processing of your personal information. Our details are as follows:
| Company Name | ZenDefend (Pty) Ltd |
| Website | www.zendefend.co.za |
| info@zendefend.co.za | |
| Country | South Africa |
3. Key Definitions
Personal Information: Any information relating to an identifiable, living natural person or an identifiable, existing juristic person, including but not limited to names, email addresses, contact numbers, identity numbers, IP addresses, location data, and online identifiers.
Processing: Any operation or activity, whether automated or not, concerning personal information, including collection, receipt, recording, organisation, storage, updating, modification, retrieval, use, dissemination, merging, restriction, degradation, erasure, or destruction.
Data Subject: The person to whom personal information relates, as defined in POPIA.
Responsible Party: The entity that determines the purpose and means of processing personal information — in this case, ZenDefend (Pty) Ltd.
Operator: A person or entity that processes personal information on behalf of the Responsible Party in terms of a contract or mandate.
4. Personal Information We Collect
We may collect and process the following categories of personal information:
4.1 Information You Provide Directly
- Full name and surname
- Email address
- Business or company name
- Country of residence or operation
- Contact telephone numbers
- Details of your cybersecurity requirements and enquiries
- Any comments or messages submitted through our contact forms
4.2 Information Collected Automatically
- IP address and browser type
- Device information and operating system
- Pages visited and time spent on our website
- Referring website or source
- Cookies and similar tracking technologies (see Section 10)
4.3 Information from Third Parties
In the course of delivering our cybersecurity services, we may receive information from third-party intelligence sources, threat feeds, or our clients’ systems. This data is processed strictly for the purpose of providing the contracted security services.
5. Purpose of Processing
In accordance with Section 13 of POPIA, we process personal information only for the following lawful purposes:
- To respond to enquiries and provide requested information about our services
- To deliver, manage, and improve our cybersecurity services
- To communicate with you regarding service updates, security alerts, or contractual obligations
- To comply with legal and regulatory obligations
- To protect the legitimate interests of ZenDefend, our clients, and third parties
- To detect, prevent, and respond to fraud, security incidents, and cyber threats
- To administer and improve our website and user experience
- To fulfil contractual obligations with our clients
6. Legal Basis for Processing
We process your personal information based on one or more of the following legal grounds under POPIA:
- Consent: Where you have given us voluntary, specific, and informed consent
- Contract: Where processing is necessary to fulfil a contractual obligation
- Legal Obligation: Where processing is required by law
- Legitimate Interest: Where processing is necessary for our legitimate interests, provided these do not infringe on your rights and freedoms
7. Sharing of Personal Information
ZenDefend does not sell, rent, or trade your personal information to any third party. We may share your information only in the following limited circumstances:
- With trusted service providers and operators who assist us in delivering our services, bound by confidentiality agreements and POPIA-compliant data processing agreements
- With regulatory or law enforcement authorities where required by law or to comply with a legal process
- With professional advisors (legal, accounting, or auditing) under duties of confidentiality
- In connection with a merger, acquisition, or sale of assets, where your information may be transferred as part of that transaction, subject to continued POPIA compliance
8. Cross-Border Transfers of Personal Information
Should it be necessary to transfer personal information outside the Republic of South Africa, ZenDefend will ensure that such transfers comply with Section 72 of POPIA. This means we will only transfer personal information to a recipient in another country if:
- The recipient country has adequate data protection legislation
- The data subject has consented to the transfer
- The transfer is necessary for the performance of a contract
- The transfer is for the benefit of the data subject and consent cannot reasonably be obtained
- Adequate safeguards, such as binding corporate rules or contractual clauses, are in place
9. Retention of Personal Information
We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. In accordance with Section 14 of POPIA:
- Client data is retained for the duration of the service agreement and for a reasonable period thereafter to comply with legal, tax, and regulatory requirements
- Website enquiry data is retained for up to 24 months from the date of collection unless a longer retention period is required by law
- Upon expiry of the retention period, personal information will be securely destroyed, deleted, or de-identified in a manner that prevents reconstruction
10. Cookies and Tracking Technologies
Our website may use cookies and similar technologies to enhance your browsing experience and analyse website traffic. Cookies are small text files stored on your device when you visit our site.
10.1 Types of Cookies We Use
- Essential Cookies: Required for the operation of our website and cannot be disabled
- Analytics Cookies: Help us understand how visitors interact with our website, allowing us to improve functionality and content
- Functional Cookies: Remember your preferences and settings to enhance your experience
10.2 Managing Cookies
You may control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
11. Security Measures
As a cybersecurity specialist company, ZenDefend takes the security of your personal information extremely seriously. In accordance with Section 19 of POPIA, we implement appropriate technical and organisational measures to protect personal information against:
- Loss, damage, or unauthorised destruction
- Unlawful access or processing
- Theft, fraud, or misuse
Our security measures include, but are not limited to:
- Encryption of data in transit and at rest
- Access controls and role-based permissions
- Regular security assessments and vulnerability testing
- Employee awareness training on data protection
- Incident response procedures for data breaches
- Secure disposal of data when no longer required
12. Your Rights as a Data Subject
Under POPIA, you have the following rights in relation to your personal information:
- Right to Access: You may request confirmation of whether we hold your personal information and request access to it (Section 23)
- Right to Correction: You may request that we correct or update inaccurate, incomplete, or misleading personal information (Section 24)
- Right to Deletion: You may request the deletion or destruction of personal information that is no longer necessary for the purpose for which it was collected (Section 24)
- Right to Object: You may object to the processing of your personal information on reasonable grounds (Section 11(3))
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time
- Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator if you believe your rights under POPIA have been infringed
To exercise any of these rights, please contact us using the details provided in Section 14 of this policy. We will respond to your request within a reasonable time and no later than the timeframes prescribed by POPIA.
13. Data Breach Notification
In the event of a personal information security breach that poses a risk of harm to any data subject, ZenDefend will:
- Notify the Information Regulator as soon as reasonably possible after the discovery of the breach, in accordance with Section 22 of POPIA
- Notify affected data subjects as soon as reasonably possible, providing details of the breach, the possible consequences, and the measures taken or proposed to address the breach
- Take immediate steps to mitigate the effects of the breach and prevent further compromise
14. Contact Information
For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal information, please contact us:
| Company | ZenDefend (Pty) Ltd |
| info@zendefend.co.za | |
| Website | www.zendefend.co.za |
You may also contact the Information Regulator of South Africa:
| enquiries@inforegulator.org.za | |
| Website | www.justice.gov.za/inforeg |
| Complaints | complaints.IR@justice.gov.za |
15. Changes to This Privacy Policy
ZenDefend reserves the right to amend or update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Any material changes will be communicated via our website or through direct communication where appropriate.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.
16. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of South Africa, including the Protection of Personal Information Act, 4 of 2013 (POPIA) and its associated regulations.— End of