Hibernate Systems
HibernateSystems

Legal

Privacy Policy

This Privacy Policy explains how Hibernate Systems ('we', 'us', 'our') collects, uses, shares, and protects personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA), and applicable WhatsApp Business Platform policies.

Last updated: 5 March 2026

1. Who we are

Hibernate Systems is based in Capri, Western Cape, South Africa (7975). We are the responsible party in respect of personal information processed through our website and services, as defined under POPIA.

Contact: [email protected]

2. Data we collect

2.1 Information you provide to us

  • Name, email address, and company name when you contact us or submit an enquiry form.
  • Project details and other information you share in correspondence.
  • WhatsApp phone numbers and message content when you use our WhatsApp-enabled client services.

2.2 Information collected automatically

  • IP address, browser type, operating system, and pages visited (via analytics).
  • Cookies and similar tracking technologies (see our Cookie Policy).
  • Referral source and session duration.

2.3 WhatsApp Business Platform data

Where we operate or integrate WhatsApp Business API services on behalf of clients, we may process:

  • Phone numbers and display names of end users who initiate or receive WhatsApp messages.
  • Message content, delivery status, and read receipts.
  • Media files sent or received via WhatsApp.
  • Opt-in and opt-out consent records as required by Meta's policies.

We act as a data processor in relation to end-user data on behalf of our business clients (the data controllers). Our processing is governed by a Data Processing Agreement with each client.

3. Lawful grounds for processing

Under POPIA, we process personal information only where we have a lawful ground:

  • Contract: to fulfil our obligations to clients and respond to enquiries.
  • Legitimate interests: to improve our services, manage our business, and prevent fraud — balanced against your rights.
  • Consent: for marketing communications and non-essential cookies — you may withdraw consent at any time.
  • Legal obligation: where required by law, including tax and financial record-keeping obligations.

4. How we use your data

  • To respond to enquiries and manage client relationships.
  • To deliver, operate, and improve our services.
  • To send service-related communications (invoices, project updates).
  • To send marketing emails or WhatsApp messages where you have given consent.
  • To comply with legal obligations and resolve disputes.
  • To analyse website usage and improve user experience.

5. WhatsApp messaging — specific obligations

As a WhatsApp Business Solution Provider and Tech Partner, we adhere to Meta's Business Messaging Policy and the WhatsApp Business Terms of Service. In particular:

  • We only send messages to users who have opted in to receive them.
  • We honour opt-out requests immediately and maintain suppression lists.
  • We do not send spam, unsolicited bulk messages, or prohibited content categories.
  • Message templates are submitted to Meta for approval before use.
  • We maintain audit trails of consent and message delivery as required.
  • End users may request deletion of their data — see Section 8.

6. Data sharing and third parties

We do not sell your personal data. We may share data with:

  • Meta Platforms Ireland Ltd — as the WhatsApp Business Platform infrastructure provider.
  • Cloud and hosting providers (e.g. AWS, Vercel) under appropriate data processing agreements.
  • Analytics providers (e.g. Plausible Analytics — cookieless and POPIA-compliant by default).
  • Payment processors (e.g. Stripe) where applicable.
  • Legal and regulatory authorities where required by law.
  • Professional advisers (lawyers, accountants) under obligations of confidentiality.

7. Cross-border transfers

Some of our service providers are based outside South Africa. Where personal information is transferred internationally, we ensure the recipient country or organisation provides an adequate level of protection as required by POPIA Section 72, or that the data subject has consented to the transfer.

8. Your rights (POPIA)

Under POPIA you have the right to:

  • Be notified that your personal information is being collected.
  • Access the personal information we hold about you (POPIA Section 23).
  • Request correction or deletion of inaccurate, irrelevant, or excessive personal information.
  • Object to the processing of your personal information on reasonable grounds.
  • Withdraw consent at any time without affecting prior processing.
  • Submit a complaint to the Information Regulator of South Africa: inforegulator.org.za.

To exercise any right, contact us at [email protected]. We will respond within 30 days. For data deletion requests, please also see our Data Deletion page.

9. Data retention

  • Enquiry and contact data: 3 years from last contact, or as long as necessary to fulfil a contract.
  • Client project data: 7 years from project completion (legal/tax obligations).
  • WhatsApp message logs: as specified in the Data Processing Agreement with each client, typically 12 months.
  • Website analytics: aggregated only; no identifiable data retained beyond 90 days.

10. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include encryption in transit and at rest, access controls, and regular security reviews.

In the event of a personal information breach, we will notify affected data subjects and the Information Regulator of South Africa within the timescales required by POPIA Section 22.

11. Cookies

We use cookies and similar technologies. Please see our Cookie Policy for full details.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (where we hold your address) or by posting a notice on our website. The date at the top of this page reflects the most recent revision.