Home/POPIA Compliance

POPIA Compliance.

How MComm Technologies handles personal information in line with the Protection of Personal Information Act, 4 of 2013. Last reviewed 25 June 2026.

Effective: 25 June 2026 · Version 1.0
Responsible partyMComm Technologies (Pty) Ltd
Information officerMel Mtintsilana (Founder)
Contactadmin@mcommtech.co.za · 010 140 1490
RegulatorInformation Regulator (South Africa)

On this page

  1. Overview
  2. Lawful processing
  3. Purpose of collection
  4. Data residency
  5. Security safeguards
  6. Retention & deletion
  7. Your rights as a data subject
  8. Operators & third parties
  9. Data breach notification
  10. Complaints & contact

1. Overview

MComm Technologies (Pty) Ltd ("MComm") is committed to compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). This page explains how we collect, process, store, secure and dispose of personal information across the MComm Hosting platform.

2. Lawful processing

We only process personal information where we have a lawful basis under POPIA section 11. The bases most relevant to our services are:

  • Performance of a contract — to deliver hosting, server and cloud services you have signed up for;
  • Legitimate interests — to operate, secure and improve our infrastructure, provided these interests are not overridden by your rights;
  • Legal obligation — to comply with tax, regulatory and law-enforcement obligations;
  • Consent — for marketing communications and any processing not covered above. You may withdraw consent at any time.

3. Purpose of collection

We collect personal information for the following purposes:

  • Provisioning, operating and supporting hosting, virtual server, dedicated server, colocation and cloud services;
  • Billing, invoicing and debtor management;
  • Identity verification and fraud prevention;
  • Security monitoring, abuse handling and incident response;
  • Service notifications and important administrative communications.

4. Data residency

All primary customer data is stored on infrastructure hosted in vendor-neutral datacenters in Johannesburg, South Africa. This ensures that personal information of South African data subjects remains under South African jurisdiction and meets POPIA's cross-border transfer requirements (section 72).

Where a third-party service is used (for example, a global CDN), we confirm that the third party is bound by data-processing terms consistent with POPIA.

5. Security safeguards

We apply appropriate technical and organisational measures to protect personal information, including:

  • TLS encryption for all data in transit;
  • At-rest encryption for backups, databases and storage volumes;
  • Role-based access control and least-privilege principles for staff;
  • Multi-factor authentication for administrative access to infrastructure;
  • 24/7 monitoring with logged, auditable change management;
  • Regular vulnerability scanning and patching of underlying systems.

6. Retention & deletion

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Operational logs and telemetry are kept for a maximum of 12 months. Customer account data is retained for the duration of the customer relationship plus a reasonable period for billing, audit and legal-defence purposes. Backup copies are securely overwritten or cryptographically erased at the end of their retention period.

7. Your rights as a data subject

Under POPIA you have the right to:

  • Be informed about how your personal information is processed (this page is part of that commitment);
  • Access the personal information we hold about you (POPIA section 23);
  • Request correction or deletion of inaccurate or unnecessary information (sections 24 & 25);
  • Object to processing on reasonable grounds (section 26);
  • Submit a complaint to the Information Regulator.

Requests can be submitted to our information officer via the contact details below. We will respond within the timeframes required by POPIA.

8. Operators & third parties

Where we engage third-party operators (for example, payment processors or CDN providers) to process personal information on our behalf, we bind them to written agreements that require POPIA-compliant handling, security and confidentiality.

9. Data breach notification

In the event of a security compromise that affects your personal information, we will notify affected customers and the Information Regulator as soon as reasonably possible after the compromise is identified, in line with POPIA section 22.

10. Complaints & contact

For POPIA-related enquiries, requests or complaints, contact our information officer:

  • Email: admin@mcommtech.co.za
  • Phone: 010 140 1490
  • Post: Information Officer, MComm Technologies (Pty) Ltd, 1 Leo Road, Sunward Park, Boksburg, Gauteng, 1459, South Africa

If we are unable to resolve your concern, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

This POPIA notice is a concept preview for the MComm Hosting product site. It is awaiting formal legal review and sign-off by Themis (the hive's legal agent) before being treated as binding.