PRIVACY POLICY

1. Introduction
RAD Business Solutions (Pty) Ltd trading as RADtech (‘RADtech’, ‘we’, ‘us’, ‘our’) is
committed to protecting the privacy and personal information of all individuals whose data
we collect, process, store, or otherwise handle in the course of our business operations.
This Privacy and Data Protection Policy sets out how RADtech collects, uses, stores, and
protects personal information in compliance with the Protection of Personal Information Act 4
of 2013 (POPIA), the National Environmental Management: Waste Act 59 of 2008
(NEMWA), the Second-Hand Goods Act 6 of 2009, and all other applicable South African
legislation.
RADtech operates as an e-waste management, IT asset disposal, and refurbishment
company. We are a 100% Black-owned, woman-led enterprise holding a Level 1 B-BBEE
certification and operating as a registered NPO with Section 18A PBO status. We are the
official Training Academy of the e-Waste Association of South Africa (eWASA).

2. Information Officer
In terms of POPIA, RADtech has designated the following person as its Information Officer:
• Name: Elizabeth Das
• Title: Chief Executive Officer & Founder
• Email: elizabeth@rad-tech.co.za
• Website: www.rad-tech.co.za
• Address: Kya Sands, Johannesburg, Gauteng, South Africa
Any queries, requests, or complaints relating to the processing of personal information
should be directed to the Information Officer. We will respond within 30 days.

3. Personal Information We Collect
3.1 Client and Corporate Information
In the course of providing e-waste management, IT asset disposal, data destruction, and
refurbishment services, we may collect:
• Full legal name and trading name of the organisation
• Contact person name, title, and contact details
• Business email addresses and telephone numbers
• Physical and postal addresses
• VAT registration numbers and company registration numbers
• Device serial numbers, asset tags, and inventory lists
• Signed chain-of-custody documentation and collection authorisations
• Data destruction certificates and BitRaser erasure reports
3.2 Staff and Personnel Information
For employees, contractors, and interns, we collect:
• Full names, identity numbers, and contact details
• Employment records, attendance data, and payroll information
• Banking details for salary and payment purposes
• Device usage and IT access logs
• Performance records and training certifications
3.3 Training Academy Delegates
For eWASA Training Academy participants, we collect:
• Full name, contact details, and identification
• Qualification and prior learning records
• Assessment results and certification records

4. How We Use Personal Information

RADtech processes personal information only for lawful purposes directly related to our
business operations, including:
• Providing e-waste collection, processing, and recycling services
• Executing IT asset disposal and certified data destruction contracts
• Issuing BitRaser data erasure certificates and destruction reports
• Compliance with NEMWA, EPR regulations, and Second-Hand Goods Act
obligations
• Managing client relationships, invoicing, and service delivery
• Operating the RADtech Training Academy and issuing QCTO-aligned certifications
• Internal human resources management and payroll administration
• Responding to regulatory audits, legal obligations, and law enforcement requests
• Operating and securing our IT systems, including Microsoft 365 and Intune device
management

5. Data Security and Device Management
5.1 IT Asset Security
• All data wiping operations are performed exclusively using BitRaser certified software
• BitRaser certificates are issued for every data-bearing device processed
• Company laptops and devices are enrolled in Microsoft Intune for remote
management
• BitLocker full-disk encryption is enforced on all company-issued devices
• Remote wipe capability is maintained for all enrolled devices
• Multi-factor authentication (MFA) is required for all staff accessing company systems
5.2 Access Controls
• Access to company systems and data is granted on a need-to-know basis
• Staff departures trigger immediate account deactivation and access revocation
• All code repositories and development environments require authenticated access
• Shared mailboxes and service accounts are monitored and access-controlled
5.3 Physical Security
• Our Kya Sands processing facility maintains access controls for all visitors and bulk
buyers
• Chain-of-custody documentation is maintained for all devices received
• Hard drive shredding and physical destruction is performed on-site where required

6. Sharing of Personal Information
RADtech does not sell, rent, or trade personal information. We may share information in the
following limited circumstances:
• With our in-country recycling partners in Southern Africa under formal data
processing agreements
• With eWASA as our governing industry association for compliance and reporting
purposes
• With SARS, the Department of Environment, and other regulatory bodies as legally
required
• With our IT service providers (including Microsoft) who process data on our behalf
under data processing agreements
• With law enforcement agencies where legally compelled to do so

7. Retention of Personal Information
RADtech retains personal information only for as long as necessary to fulfil the purpose for
which it was collected, or as required by law:
• Client records and chain-of-custody documentation: 5 years minimum (NEMWA and
Second-Hand Goods Act)
• Data destruction certificates and BitRaser reports: 7 years
• Employee records: 5 years after termination of employment
• Training Academy records: Duration of certification validity plus 3 years
• Financial and tax records: 5 years (as required by SARS)

8. Your Rights Under POPIA
As a data subject, you have the following rights:
• Right to be notified when your personal information is collected
• Right to access your personal information held by RADtech
• Right to request correction of inaccurate or incomplete information
• Right to request deletion of personal information (subject to legal obligations)
• Right to object to the processing of your personal information
• Right to lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, contact our Information Officer at elizabeth@rad-tech.co.za.

9. Information Regulator
If you are not satisfied with how RADtech handles your personal information, you may lodge
a complaint with the Information Regulator of South Africa:
• Website: www.inforegulator.org.za
• Email: inforeg@justice.gov.za
• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

10. Cookies and Website
Our website at www.rad-tech.co.za may use cookies to improve user experience. No
personally identifiable information is collected through cookies without your consent. You
may disable cookies through your browser settings.

11. Cross-Border Transfers
Where RADtech transfers personal information outside South Africa (for example, to cloud
service providers such as Microsoft Azure), we ensure that the receiving country or
organisation provides an adequate level of protection equivalent to POPIA requirements,
and that appropriate data processing agreements are in place.

12. Changes to This Policy
RADtech reserves the right to update this Policy from time to time. The current version is
always available on our website at www.rad-tech.co.za. Material changes will be
communicated to clients and staff directly.

13. Acceptance
By engaging RADtech’s services, accessing our facilities, or using our systems, you
acknowledge that you have read and understood this Privacy and Data Protection Policy.

Approved by:
Elizabeth Das
Chief Executive Officer & Founder
RAD Business Solutions (Pty) Ltd t/a RADtech
Date: 1st April 2026