Privacy and Data Protection

Key Definitions

The following terms are used throughout this policy and carry the meanings set out below.

The Company / TIN-SOLUTIONS means TIN-SOLUTIONS (PTY) LTD, Registration Number 2020/437198/07, SARS Tax Reference Number 9893376179, with its registered office at Khumbula, Kabokweni, 1245, Mpumalanga, South Africa.

Consent means any voluntary, specific, and informed expression of will in terms of which a user gives permission for their personal information to be processed.

Data subject means any natural or juristic person to whom personal information relates.

Direct marketing means approaching a person either in person, by mail, or by electronic communication, for the direct or indirect purpose of promoting or offering goods or services.

Information Officer means the designated officer responsible for ensuring compliance with POPIA on behalf of TIN-SOLUTIONS. The Information Officer of TIN-SOLUTIONS is Mr Thulani Ndhlovu, Director, who can be contacted at support@tinsolutions.co.za.

Operator means a third party who processes personal information for or on behalf of TIN-SOLUTIONS in terms of a contract or mandate, and who does not process it for their own purposes.

PAIA means the Promotion of Access to Information Act, 2 of 2000, including any amendments.

Personal information means any information relating to an identifiable living natural person or existing juristic person, including but not limited to: full name; identity or passport number; email address; physical or postal address; telephone number; IP address; financial information including banking and billing details; account history; correspondence of a private or confidential nature; personal opinions, views or preferences; and any other identifier that can be used to identify a person directly or indirectly.

POPIA means the Protection of Personal Information Act, 4 of 2013, including any regulations or codes of conduct promulgated under it.

Processing means any operation or activity performed on personal information, whether automated or not, including collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, transmission, merging, linking, restriction, degradation, erasure, or destruction of that information.

Responsible party means the public or private body or person that determines the purpose of and means for processing personal information. TIN-SOLUTIONS is the responsible party for all personal information it collects and processes.

Services means all products and services provided by TIN-SOLUTIONS, including but not limited to business registration, compliance, graphic design, website development, hosting, printing, document services, and related administrative services.

Special personal information means data relating to a person's religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour.

User / you / your means any visitor to our website or application, or any person who uses our services or engages with TIN-SOLUTIONS in any capacity.

Words in the singular include the plural, and vice versa. Any gender includes all other genders. References to legislation include any amendments or re-enactments.

Information We Collect

TIN-SOLUTIONS collects only the personal information that is necessary to provide our services and comply with our legal obligations. The categories of information we may collect include the following.

Identity information — your full name, South African identity number or passport number, date of birth, and nationality. This is required for business registrations, CIPC submissions, SARS compliance, and B-BBEE processing on your behalf.

Contact information — email address, physical and postal address, and telephone or mobile number. This is used for service delivery, billing, and official correspondence.

Account information — your login credentials, service history, account status, subscription details, and support ticket records.

Financial information — billing address, bank account details for debit orders, and transaction history. TIN-SOLUTIONS does not store credit or debit card numbers directly; card payments are processed by accredited payment gateways.

Business information — company name, registration number, VAT number, director details, and other information required to complete regulatory filings or business registrations on your behalf with CIPC, SARS, the Central Supplier Database (CSD), the Department of Labour (COIDA), or any other statutory body.

Technical information — IP address, browser type and version, operating system, device type, referring URLs, pages visited, and time and date of access. This is collected automatically when you visit our website and is used in aggregate form for analytics and security monitoring. No individual user is identified from this data alone.

Communication records — records of emails, support tickets, phone calls, and any other messages you send to TIN-SOLUTIONS. These are retained for service quality and dispute resolution purposes.

Collection directly from you. TIN-SOLUTIONS collects personal information directly from you wherever reasonably possible. We may collect from third-party sources only where you have consented, where the information is publicly available, where direct collection is not reasonably practicable, or where legislation authorises or requires it. Where information is collected from a third-party source, we record the details of that source in writing.

Voluntary disclosure. The supply of personal information is voluntary. However, if you refuse to supply information that is required to deliver a service or meet a legal obligation, TIN-SOLUTIONS may be unable to conclude or perform the relevant contract or comply with the applicable law.

Legal basis for collection. Certain laws require or authorise TIN-SOLUTIONS to collect specific personal information, including RICA, FICA, CIPC regulations, SARS requirements, and directives issued under these Acts.

How We Use Your Data

TIN-SOLUTIONS processes personal information only for specific, explicitly defined, and lawful purposes. The purposes for which we use your data include the following.

Service delivery — to create and manage your account; to provision, configure, and maintain services; to complete CIPC registrations, SARS submissions, B-BBEE certifications, CSD registrations, COIDA and PAYE/UIF registrations, and all other compliance filings on your behalf; and to process domain registrations, website development, graphic design, printing, and document services.

Billing and administration — to generate and send invoices, process payments, manage debit orders, apply administration fees where applicable, and maintain accurate financial records as required by the South African Income Tax Act. TIN-SOLUTIONS has a December financial year end and retains financial records accordingly.

Communication — to send service-related notifications, invoices, renewal reminders, technical alerts, and support responses. These communications are necessary for the delivery of services and cannot be opted out of while your account is active.

Legal and regulatory compliance — to meet our obligations under POPIA, PAIA, FICA, RICA, the Companies Act, the Income Tax Act, and any other applicable South African legislation, including responding to lawful requests from regulatory authorities or courts.

Security and fraud prevention — to monitor for unauthorised access, detect and investigate fraudulent activity, enforce our terms of service, and protect the rights and interests of TIN-SOLUTIONS and our clients.

Service improvement — to analyse technical logs and usage patterns in aggregate to improve our website performance, product offering, and client experience. Individual users are not identified in this analysis.

Direct marketing — to send you promotional material about TIN-SOLUTIONS products and services where you have provided consent. You may withdraw your consent and opt out at any time by contacting us or using the unsubscribe link in any marketing email.

Further processing. TIN-SOLUTIONS will not process your personal information for any purpose not described above unless we have obtained your written consent, the further processing is compatible with the original purpose, or it is required or permitted by law. Where we intend to process for an additional purpose, we will notify you and explain the consequences before doing so.

No sale of personal information. TIN-SOLUTIONS will not sell your personal information to any third party under any circumstances.

Third-Party Sharing

TIN-SOLUTIONS may share your personal information with third parties only where it is necessary to deliver our services, comply with legal obligations, or protect legitimate interests. We do not share personal information for third-party marketing purposes.

Regulatory bodies and government agencies — we share personal and business information with CIPC, SARS, the National Treasury (Central Supplier Database), the Department of Labour (COIDA), and other statutory bodies solely for the purpose of completing registrations, filings, or compliance submissions on your behalf.

Payment processors — we share billing information with accredited payment gateways to process transactions. These parties are contractually bound to maintain the confidentiality and security of your financial data.

Service providers and operators — TIN-SOLUTIONS may share information with trusted third-party service providers who assist us in operating our systems, hosting infrastructure, delivering communications, or supporting our internal processes. All operators are bound by written data processing agreements that require them to process data only on our instructions, maintain adequate security, and not disclose it to unauthorised parties.

Professional advisors — we may share information with lawyers, auditors, or accountants to the extent necessary for professional advice, audits, or legal proceedings.

Law enforcement and legal authorities — TIN-SOLUTIONS will disclose personal information if required to do so by law, court order, or lawful direction from a regulatory authority. We may also disclose information where necessary to defend our legal rights, prevent fraud, or protect the safety of our clients or the public.

Business transfers — in the event of a merger, acquisition, restructuring, or sale of any part of the TIN-SOLUTIONS business, personal information held by us may be transferred to the successor entity. We will take reasonable steps to ensure the successor is bound by comparable data protection obligations.

Cross-border transfers. Some of our service providers and infrastructure partners may be located in countries outside South Africa. By using our services, you consent to your personal information being transferred to such countries, including countries that may not have data protection laws equivalent to POPIA. TIN-SOLUTIONS takes reasonable contractual steps to ensure that cross-border recipients maintain appropriate levels of protection.

Aggregated data. TIN-SOLUTIONS may share de-identified, aggregated statistics about website usage or service patterns with third parties. No individual is identifiable from this information.

Security Measures

TIN-SOLUTIONS is committed to protecting the personal information in our custody against loss, damage, unauthorised access, disclosure, alteration, and destruction. We implement and maintain appropriate technical and organisational security measures proportionate to the nature and sensitivity of the information held.

Technical safeguards — data transmitted between your browser and our systems is protected using industry-standard Transport Layer Security (TLS) encryption. Access to our systems is controlled through authentication mechanisms, role-based access controls, and firewall protection. Sensitive data at rest is encrypted where technically feasible.

Organisational safeguards — access to personal information is restricted to staff members who require it to perform their duties. All staff are trained on data protection obligations and TIN-SOLUTIONS' internal information security policies. Confidentiality obligations form part of all employment and contractor agreements.

Physical safeguards — physical records containing personal information are stored in secure facilities at our Kabokweni premises with restricted access.

Backup and recovery — TIN-SOLUTIONS maintains regular, tested backups of personal information stored on our systems. Backup copies are stored separately from primary data to ensure recovery in the event of a system failure.

Risk management — we continuously identify, document, and assess risks to the personal information we hold and ensure that appropriate safeguards are in place to address those risks.

Operator obligations. All third-party operators who process personal information on behalf of TIN-SOLUTIONS are contractually required to: process data only on our instructions; treat all data as confidential; maintain security measures equivalent to or exceeding our own; notify us immediately upon becoming aware of any actual or suspected data breach; comply with applicable data protection laws in their jurisdiction; and notify us before disclosing data to any other party pursuant to a legal obligation.

Limitations. While TIN-SOLUTIONS takes all reasonable precautions, no system or method of transmission over the internet is completely secure. We cannot guarantee the absolute security of your personal information. In the event of a breach, we will act promptly as described in our Data Breach Notification section.

Data Breach Notification

In terms of section 22 of POPIA, TIN-SOLUTIONS is required to notify affected users and the Information Regulator if we have reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person.

What constitutes a breach. A data breach includes any incident in which personal information is inadvertently or unlawfully accessed, disclosed, altered, lost, or destroyed by an unauthorised party. This includes both external attacks and internal mishandling.

Our response obligations. Upon discovering or reasonably suspecting a breach, TIN-SOLUTIONS will take the following steps without unreasonable delay.

We will identify all users whose personal information may have been compromised and assess the scope and likely consequences of the breach.

We will notify the Information Regulator of the Republic of South Africa as required by POPIA.

We will notify affected users by email to their last known address, or by the fastest reasonably available means, providing a description of the nature of the breach, the categories of information affected, the likely consequences, and the steps we have taken or recommend you take to mitigate the risk.

Internal incident response. TIN-SOLUTIONS maintains an internal data breach response procedure. All staff are required to escalate any suspected breach to the Information Officer, Mr Thulani Ndhlovu, immediately upon becoming aware of it.

Third-party operator breaches. Operators processing data on behalf of TIN-SOLUTIONS are contractually required to notify us immediately upon becoming aware of any actual or suspected breach. We will then fulfil our own notification obligations as described above.

Information Regulator contact details. The Information Regulator of South Africa can be reached at inforegulator.org.za.

POPIA Compliance

TIN-SOLUTIONS is committed to full compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA). This section outlines our role, legal basis for processing, and the conditions we apply to all data processing activities.

Responsible party. TIN-SOLUTIONS (PTY) LTD (Reg. No. 2020/437198/07, SARS Tax Ref. 9893376179) is the responsible party in respect of all personal information we collect and process. Our designated Information Officer is Mr Thulani Ndhlovu, Director, who is responsible for overseeing POPIA compliance and can be contacted at support@tinsolutions.co.za.

Registered details.

Lawfulness of processing. TIN-SOLUTIONS processes personal information only where at least one of the following lawful bases applies: the processing is necessary to conclude or perform a contract with you; the processing is required to comply with a legal obligation; the processing is necessary to protect your vital interests or those of another person; the processing is in our legitimate business interests, provided those interests do not override your right to privacy; or you have given us your informed and voluntary consent.

Purpose limitation. We collect personal information only for specific, explicitly defined, and lawful purposes related to our business functions. We do not process information in a manner incompatible with those stated purposes.

Minimality. We collect only the personal information that is adequate, relevant, and not excessive relative to the purpose for which it is collected.

Quality. TIN-SOLUTIONS takes reasonably practicable steps to ensure that the personal information we hold is complete, accurate, not misleading, and updated when necessary.

Transparency. We process personal information in an open and transparent manner. This policy serves as our standing notification of all processing activities and remains valid for as long as you hold an active account or use our services.

Special personal information. TIN-SOLUTIONS does not process special personal information (including health, race, religion, or biometric data) unless you have expressly consented, the processing is required by law, or it is necessary to comply with an obligation under employment law. We apply the highest level of care and security to any special personal information we hold.

PAIA manual. Our PAIA manual, which sets out the procedure for requesting access to records held by TIN-SOLUTIONS, is available on request from our Information Officer.

Your Legal Rights

POPIA grants you specific rights in relation to your personal information. TIN-SOLUTIONS is committed to honouring these rights promptly and without unnecessary obstruction. All requests must be submitted in writing to our Information Officer, Mr Thulani Ndhlovu, at support@tinsolutions.co.za.

Right to access. You have the right to request confirmation of whether TIN-SOLUTIONS holds personal information about you, and to be given access to that information. Access requests are processed in accordance with the procedure set out in our PAIA manual.

Right to correction or deletion. You have the right to request that we correct or update any personal information that is inaccurate, incomplete, misleading, or out of date. You may also request the deletion of personal information where there is no longer a lawful basis for TIN-SOLUTIONS to retain it. Upon receiving a valid correction request, we will suspend use of that information until accuracy is verified.

Right to object. You have the right to object, on reasonable grounds, to the processing of your personal information at any time. You may also object at any time to the processing of your information for direct marketing purposes, without providing reasons. TIN-SOLUTIONS will give effect to such objections unless we are required by law to continue processing or have an overriding legitimate purpose.

Right to withdraw consent. Where processing is based on your consent, you may withdraw that consent at any time by notifying our Information Officer in writing. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal, and may mean TIN-SOLUTIONS is unable to continue providing certain services.

Right to data portability. You may request a copy of personal information we hold about you in a structured, commonly used, and machine-readable format, where technically feasible.

Right to lodge a complaint. If you believe that TIN-SOLUTIONS has processed your personal information unlawfully or in breach of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

Response times. TIN-SOLUTIONS will acknowledge receipt of any rights request within 5 business days and endeavour to provide a full response within 30 calendar days, unless the complexity of the request requires additional time, in which case we will notify you of the delay and expected response date.

Identity verification. For the protection of your data, TIN-SOLUTIONS may require you to verify your identity before we process any access, correction, or deletion request.

Cookie Policy

The TIN-SOLUTIONS website uses cookies and similar tracking technologies to improve your experience, maintain session security, and analyse how visitors use our site.

What cookies are. Cookies are small text files placed on your device by a web server when you visit a website. They are stored by your browser and sent back to the originating server on subsequent visits. Cookies do not contain executable code and cannot access other data stored on your device.

Types of cookies we use.

Strictly necessary cookies — these are essential for our website and client portal to function. They enable core features such as user authentication, session management, and security. These cookies cannot be disabled without significantly impairing your ability to use our services.

Functional cookies — these remember your preferences and settings to provide a more personalised experience. They remain active for the duration of your session or a defined period thereafter.

Analytics cookies — these collect information about how visitors interact with our website, including pages viewed, time spent, and navigation paths. This data is used in aggregate to improve our website performance and content. It does not identify individual users.

Third-party cookies. Some content or features on our website may be provided by third-party services. These third parties may set their own cookies. TIN-SOLUTIONS does not control these cookies and is not responsible for them. We recommend reviewing the privacy policies of any third-party services you interact with.

Your cookie choices. You can control and manage cookies through your browser settings. Most browsers allow you to view, block, or delete cookies. Please note that blocking strictly necessary cookies may prevent certain parts of our website or client portal from functioning correctly. TIN-SOLUTIONS does not use cookies to track your activity on other websites.

Session data. Even if you visit our website without logging in or providing personal information, our servers may automatically collect technical data such as your IP address, browser type, operating system, and referring URL. This data is used only in aggregate form for analytics and security purposes and does not identify individual visitors.

Data Retention and Deletion

TIN-SOLUTIONS retains personal information only for as long as is necessary to fulfil the purpose for which it was collected, or as required or permitted by law.

Retention periods. Personal information linked to an active account is retained for the duration of the account and the applicable contract. Financial and transactional records are retained for a minimum of five years from the date of the last transaction, as required by the South African Income Tax Act. TIN-SOLUTIONS has a December financial year end; records are therefore maintained accordingly. Records relating to CIPC registrations, SARS filings, and other statutory submissions are retained for the periods prescribed by the relevant legislation.

Post-account closure. Following the closure or termination of an account, TIN-SOLUTIONS may continue to retain certain personal information for as long as is necessary to: comply with legal retention obligations; resolve any pending disputes or support requests; protect against fraud or enforce our agreements; or maintain records for audit purposes.

Indefinite retention. You consent to TIN-SOLUTIONS retaining your personal information indefinitely unless you formally object in writing. Upon receipt of a valid objection, we will retain only the information we are legally required or entitled to keep, and will delete or destroy the remainder as soon as reasonably practicable.

Deletion and destruction. When personal information is no longer required and no legal obligation to retain it applies, TIN-SOLUTIONS will permanently destroy or delete it using secure methods. Where technically feasible, digital data is overwritten or cryptographically erased; physical records are shredded or destroyed in a manner that prevents reconstruction.

Return or transfer of information. Upon written request and where we are no longer authorised to retain personal information, TIN-SOLUTIONS may return the information to you or transfer it to a nominated third party, provided this is technically feasible and legally permissible.

Note for active accounts. Personal information linked to an account with an active service cannot be removed while that service remains active, as it is required for service delivery, billing, and compliance purposes.

Consent, Policy Updates and Contact

Your consent. By accessing the TIN-SOLUTIONS website or using any of our services, you confirm that you have read this policy, that you understand its contents, and that you voluntarily and expressly consent to the processing of your personal information as described herein. This includes consent to the processing of any special personal information where applicable, and to the cross-border transfer of personal information as described in the Third-Party Sharing section.

Withdrawing consent. If you wish to withdraw any consent previously given, you must notify our Information Officer in writing at the contact details below. Please be aware that withdrawal of consent may affect our ability to deliver certain services. Withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal.

Direct marketing opt-out. You may opt out of direct marketing communications from TIN-SOLUTIONS at any time by clicking the unsubscribe link in any marketing email, or by contacting us directly. Transactional and service-related communications cannot be opted out of while your account is active.

Policy updates. TIN-SOLUTIONS reserves the right to amend this policy at any time. All changes are effective from the date they are published on this page. It is your responsibility to review this page periodically. Continued use of our website or services after any update constitutes acceptance of the revised policy.

Contact our Information Officer. To exercise any of your rights under POPIA, to request access to or correction of your personal information, to withdraw consent, or to submit any privacy-related complaint or enquiry, please contact our Information Officer in writing:

TIN-SOLUTIONS will acknowledge your request within 5 business days and provide a full response within 30 calendar days, or advise you of any necessary extension and the reason for it.

Information Regulator of South Africa. If you believe your personal information has been processed unlawfully and you are not satisfied with TIN-SOLUTIONS' response, you have the right to lodge a complaint directly with the Information Regulator at inforegulator.org.za.

This policy was last reviewed and updated in February 2026 and reflects the current operating details of TIN-SOLUTIONS (PTY) LTD as registered with the Companies and Intellectual Property Commission (CIPC).