Privacy Policy

Last updated: June 2026

RCTD Holdings (Pty) Ltd (Reg. 2013/177609/07) ("we", "us", "the Company") operates OHS Risk Assessment Pro, available at risk.rctdholdings.co.za. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).

1. Information we collect

Account information: name, email address, username, company name and the user role assigned within your organisation.
Payment information: processed securely by our payment provider, PayFast. We do not store your card or banking details on our servers.
Service data: the risk assessments, hazards, controls and related records that you and your users create in the platform.
Technical data: session cookies and basic log data needed to operate and secure the service.

2. Why we process your information

To create and manage your account and provide the platform.
To process payments and issue licences and invoices.
To send service communications (licence keys, renewal and expiry notices, support).
To maintain the security, integrity and availability of the service.
To comply with our legal and regulatory obligations.

3. Legal basis

We process personal information where it is necessary to perform our contract with you, to comply with the law, to pursue our legitimate interests in operating the service, and/or with your consent.

4. Sharing of information

We do not sell your personal information. We share it only with:

PayFast (Payfast (Pty) Ltd) — to process payments;
Our hosting provider — to host the platform on infrastructure located in South Africa;
Authorities or advisors where required by law.

5. Security

We apply appropriate technical and organisational measures, including encryption of sensitive fields, encrypted transport (HTTPS), hashed passwords, role-based access control and tenant isolation so that one customer cannot access another customer's data.

6. Retention

We retain your information for as long as your account is active and thereafter only as long as necessary to meet legal, accounting or reporting requirements. On cancellation you may request an export of your data, after which it may be deleted in line with our retention schedule.

7. Your rights under POPIA

You have the right to access, correct or delete your personal information, to object to processing, and to lodge a complaint. To exercise these rights, contact us at info@rctdholdings.co.za.

You may also complain to the Information Regulator (South Africa): inforegulator.org.za, email enquiries@inforegulator.org.za / POPIAComplaints@inforegulator.org.za.

8. Information Officer

The Information Officer, RCTD Holdings (Pty) Ltd, Kempton Park, Gauteng, South Africa. Email: info@rctdholdings.co.za.

9. Changes

We may update this policy from time to time. The current version is always available at risk.rctdholdings.co.za/legal/privacy.