sitesign.co.za | Version 1.1 | Last updated 30-Apr-26
| {h} | ))}
|---|
| {c} | ))}
SiteSign is a tablet-kiosk time-and-attendance product for South African industrial sites. The product is operated by Gridstone Holdings (Pty) Ltd, a private company registered in South Africa (registration number 2024/721587/07). When we say "SiteSign", "we", "our" or "us" in this notice, we mean Gridstone Holdings (Pty) Ltd.
Registered address: 22 Wrenrose Avenue, Birdhaven, 2196, Johannesburg, South Africa
Email: privacy@sitesign.co.za
Information Officer: Leon Kohrs, registered with the Information Regulator under POPIA section 56.
This notice describes how we collect, use, store, share and protect personal information when:
If you are a Worker whose attendance is recorded through the SiteSign product at a worksite, the privacy notice that applies to you is the Worker Privacy Notice provided by your employer at the kiosk. The notice on your employer's kiosk explains the collection and use of your face descriptor, selfie, GPS data, and clock-in / clock-out timestamps. SiteSign processes that data only on your employer's instructions, in our role as Operator under POPIA.
3.1 Information you give us. When you book a demo, request information, or correspond with us, we collect your name, work email, company name, role, team size, country, and the content of your message.
3.2 Information we collect automatically. When you visit the Website, we collect a limited set of technical information that does not identify you personally, including: page URLs visited, referrer URL, browser type and version, screen size, country (derived from your IP address but not stored), and timestamp.
3.3 Cookies. We use a small number of cookies. Strictly necessary cookies (for example, the cookie that records your cookie-consent choice) are set by default. Non-essential cookies (analytics) are OFF by default and are set only if you explicitly opt in. We do not use marketing or advertising cookies. We do not use Google Analytics. Our analytics provider is Plausible (privacy-first, IP-anonymising, no cross-site tracking, cookieless by default).
3.4 Outreach. If you receive a cold email or LinkedIn message from us, we obtained your work contact details from publicly available business sources (for example, your company website, LinkedIn, or business intelligence tools such as Apollo). We process your data on the legal basis of legitimate interest in growing SiteSign. You can opt out at any time by replying "unsubscribe" or by emailing unsubscribe@sitesign.co.za.
4.1 Demo and sales conversations. To respond to your enquiry, schedule a demo, share a proposal, and (if you sign a Pilot Agreement) onboard your team. Legal basis: performance of a contract or steps taken at your request prior to entering a contract.
4.2 Product communications. To send you product release notes, scheduled-maintenance notices, and security advisories if you are an existing customer. Legal basis: performance of contract.
4.3 Direct marketing. To send you occasional marketing emails about new SiteSign features. We rely on your consent (for new prospects) or on the soft-opt-in for existing customers in respect of products similar to those you have already taken from us. You can opt out at any time.
4.4 Improving the Website and the Service. To understand which Website pages and Service features are useful, fix bugs, and prioritise the roadmap. Legal basis: legitimate interest. Our analytics is privacy-first and aggregated; we do not profile individual users.
4.5 Compliance. To comply with our legal obligations, including under POPIA, the Companies Act 71 of 2008, the Income Tax Act 58 of 1962, and the Electronic Communications and Transactions Act 25 of 2002.
If you fill out a Website form or send us an email, please do not include sensitive personal information about yourself or others (for example, race, religion, health information). We do not need it for sales conversations, and SiteSign processes biometric information only on behalf of customers who have signed our Data Processing Agreement and obtained explicit Worker consent.
6.1 Demo and prospect data. We keep prospect data for as long as it is reasonably useful for sales conversations, and for at least three (3) years after our last interaction. After that, we delete or anonymise it.
6.2 Customer data (you, the buyer). We keep customer-account information for as long as the contract is in force and for seven (7) years after termination, to comply with section 24 of the Companies Act 71 of 2008 and the Income Tax Act 58 of 1962.
6.3 Worker data processed on the kiosk. Retention of Worker face descriptors, selfies, GPS data and timestamps is governed by our Data Processing Agreement with each customer. The default rules are: face descriptors and selfies deleted within seven (7) business days of the customer marking the Worker as terminated; selfies in any event auto-deleted twelve (12) months from capture; attendance records (timestamps + GPS as numeric values + corrections) retained for three (3) years from the last entry to comply with section 31 of the Basic Conditions of Employment Act, 1997.
6.4 Cookies. Strictly necessary cookies expire at the end of your browser session or when you next change your cookie-consent preference. Optional analytics cookies, if you opt in, expire after six (6) months.
7.1 Service providers (Operators). We share your information with carefully chosen service providers who help us operate SiteSign. They process your data only on our written instructions, under contracts that bind them to data-protection obligations no less protective than those we owe you. Our service providers include:
7.2 We do NOT. We do not sell or rent your information. We do not share your information with third-party advertisers. We do not provide it to data brokers.
7.3 Legal disclosure. We may disclose your information where we are required to do so by law, court order, regulator (including the Information Regulator and the South African Revenue Service), or stock exchange. Where lawful, we will give you reasonable prior notice.
7.4 Business transfers. If SiteSign is sold, merged, or restructured (including a transfer from Gridstone Holdings (Pty) Ltd to SiteSign (Pty) Ltd), we may transfer your information to the buyer or successor, on the same terms as this notice.
Some of the service providers in clause 7.1 are based outside South Africa. Where this is the case, we transfer your personal information in reliance on one or more of the safeguards in section 72 of POPIA, including (a) your consent, (b) the necessity of the transfer for the performance of a contract with you, and (c) written contract terms with the recipient that bind it to data-protection obligations no less protective than those we owe you. By using the Website or sending us your information, you consent to this cross-border transfer.
We use a combination of technical and organisational measures to protect your information, designed against section 19 of POPIA. These include encryption in transit (TLS) and at rest, access controls and multi-factor authentication for our staff, audit logging, regular software updates, and regular review of security risks. No internet-facing system is ever perfectly secure; if we become aware of a breach affecting your personal information, we will tell you in writing without undue delay and in any event within seventy-two (72) hours of becoming aware, and we will notify the Information Regulator as required by section 22 of POPIA.
Under POPIA, you have the right to:
To exercise your rights, contact our Information Officer at privacy@sitesign.co.za. We respond to requests within thirty (30) calendar days, unless the request is complex or large, in which case we will tell you why we need more time.
11.1 What are cookies. Cookies are small text files placed on your device by websites you visit. They serve various purposes, including making the website work, remembering your preferences, and helping the website owner understand how the site is used.
11.2 What cookies we set. We use only the following cookies:
11.3 No third-party advertising cookies. We do not set, and we do not allow third parties to set, advertising or tracking cookies on the Website.
11.4 How to control cookies. You can change your cookie-consent choice at any time by clicking the "Cookie preferences" link in the footer of the Website. You can also delete or block cookies through your browser settings. If you block strictly necessary cookies, parts of the Website may not work.
The Website and the SiteSign Service are not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we discover that we have done so, we will delete it. If you believe we have done so, please contact us at privacy@sitesign.co.za.
We review this notice at least annually, and update it when our practices change. The version number and last-updated date at the top of this notice show when we last did so. Material changes will be highlighted on the Website and, for active customers, communicated by email. Continued use of the Website after a change takes effect indicates your acceptance of the updated notice.
Information Officer: Leon Kohrs, privacy@sitesign.co.za
Postal address: Gridstone Holdings (Pty) Ltd, 22 Wrenrose Avenue, Birdhaven, 2196, Johannesburg, South Africa
Information Regulator (your right to complain): https://inforegulator.org.za, complaints.IR@inforegulator.org.za, +27 12 406 4818
End of Privacy Notice v1.1