Triotek: Privacy Policy

This Privacy Policy explains how Triotek (Pty) Ltd collects, uses, stores, shares, protects and otherwise processes personal information. It applies when you use our websites, portal, guest Wi-Fi platform, campaign tools, support channels, online forms, integrations, and related services.

1. Who We Are

Triotek (Pty) Ltd is a private company registered in the Republic of South Africa under registration number 2023/804559/07. In this Privacy Policy, references to "Triotek", "we", "us" or "our" mean Triotek (Pty) Ltd.

We operate from Pretoria, Gauteng, South Africa. Our websites and services include, but are not limited to, triotek.co.za, portal.triotek.co.za, Triotek-branded customer portals, guest Wi-Fi/captive portal services, campaign and communication tools, support channels, and related online services.

For privacy questions, requests or complaints, you can contact us using the details below:

Email: help@triotek.co.za
Telephone: 087 821 7274
Location: Pretoria, Gauteng, South Africa

2. Purpose of This Privacy Policy

This Privacy Policy explains what personal information we collect, why we collect it, how we use it, when we may share it, how long we keep it, and what rights you have in relation to your personal information.

We process personal information in accordance with applicable South African privacy and data protection laws, including the Protection of Personal Information Act, 2013 ("POPIA"), where applicable. Where our services involve electronic communications, online transactions, direct marketing or third-party platforms, other laws and platform rules may also apply.

This Privacy Policy should be read together with our Terms of Use, Campaigns Policy, acceptable use rules, customer agreements, venue-specific terms, and any consent notices or opt-in notices shown to you when using a Triotek service.

3. Important Roles Under POPIA

Depending on the service being used, Triotek may act either as a responsible party or as an operator under POPIA.

Responsible party: where Triotek determines why and how personal information is processed, for example when we manage our own website, support channels, accounts, billing, security logs and business records.
Operator: where Triotek processes personal information on behalf of a customer, venue, reseller, property owner, managed service provider, or other contracting party that determines the purpose of processing.

Where a venue, customer, reseller or other third party uses the Triotek platform to collect information from guests, visitors, tenants, users or subscribers, that party may also be a responsible party for the information it collects and uses. In those cases, the third party must ensure that it has a lawful basis, proper notices, appropriate consent where required, and a valid reason for processing that personal information.

4. Personal Information We May Collect

The personal information we collect depends on how you interact with us, which services you use, and whether you are a website visitor, portal user, guest Wi-Fi user, customer, reseller, venue representative, support contact, campaign recipient, supplier, or other data subject.

4.1 Account, Identity and Contact Information

First name, last name, display name, username, role, user type and account status.
Email address, mobile number, telephone number and communication preferences.
Company, venue, property, branch, department, reseller or customer association.
Address information where required for billing, support, account setup, venue setup or compliance purposes.

4.2 Guest Wi-Fi and Captive Portal Information

Where you use a Triotek-powered guest Wi-Fi service, captive portal, hotspot login page or venue Wi-Fi experience, we may collect information such as:

Name, surname, email address, mobile number, date of birth, gender, custom form fields, survey answers or other fields configured by the venue or customer.
Wi-Fi login details, voucher details, session identifiers, authentication method, login time, logout time, session duration and access status.
Device information such as MAC address, device name, device type, IP address, browser, user agent, operating system and connection metadata.
Network information such as access point, SSID, venue, realm, NAS identifier, signal data, traffic counters, bandwidth usage, quota usage and RADIUS accounting records.
Consent records, campaign opt-ins, communication preferences, acceptance of terms and privacy notices, and timestamps of those actions.

4.3 Website, Portal and Technical Information

IP address, browser type, browser version, pages visited, referring pages, date and time of access, session duration and diagnostic data.
Cookies, session identifiers, CSRF tokens, authentication tokens, login history, audit logs and security logs.
Actions performed inside the portal, including profile updates, campaign actions, support requests, exports, venue changes, user administration, and configuration activity.

4.4 Support and Communication Information

Support tickets, incident reports, WhatsApp messages, email messages, call notes, attachments, screenshots and troubleshooting information.
Information you provide when requesting help, lodging a complaint, asking for technical support, reporting abuse, querying billing, or contacting us through online forms.

4.5 Billing, Commercial and Customer Administration Information

Customer name, company registration details, VAT details, billing address, purchase orders, invoices, payment status, service package and contract information.
Contact persons, authorised users, technical contacts, finance contacts and account administrators.

5. Special Personal Information and Children

We do not intentionally collect special personal information unless it is necessary for a specific lawful purpose, you have provided it voluntarily, the information is required by law, or the processing is otherwise permitted under POPIA.

Examples of special personal information may include health information, biometric information, religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, criminal behaviour, or information relating to a child.

Our general websites and portal services are not aimed at children under the age of 18. If a venue, property, school, parent, guardian or customer uses a Triotek service in a context where children may be involved, the responsible party must ensure that the correct lawful basis, notices, permissions and safeguards are in place. If we become aware that we have collected personal information of a child without the necessary legal basis, we may delete or restrict that information.

6. How We Collect Personal Information

We may collect personal information directly from you, automatically through your use of our services, or from third parties involved in providing or managing the service.

Directly from you: when you complete forms, register, log in, accept terms, contact support, update your profile, use a guest Wi-Fi login page, subscribe to communications, or communicate with us.
Automatically: when you use our websites, portal, Wi-Fi platform, authentication systems, campaign tools or support channels.
From customers, venues and resellers: where they upload, configure, import, capture or manage information through the Triotek platform.
From infrastructure and service providers: including network equipment, RADIUS systems, hosting providers, analytics providers, email gateways, SMS providers, WhatsApp Business tools and other integrated systems.
From public or business sources: where necessary for customer verification, fraud prevention, billing, support, legal compliance or business administration.

7. Why We Process Personal Information

We process personal information for legitimate and lawful business purposes, including:

Providing, operating, securing, maintaining and improving our websites, portal, guest Wi-Fi platform and related services.
Registering and managing accounts, users, venues, resellers, customers, roles, access permissions and service configurations.
Authenticating users, processing logins, issuing OTPs, validating sessions, preventing fraud and protecting accounts.
Providing guest Wi-Fi access, hotspot authentication, captive portal services, voucher access, venue reporting and usage analytics.
Delivering support, responding to queries, investigating incidents, resolving technical issues and communicating service-related information.
Sending transactional notices, system alerts, account notifications, OTPs, security messages, service updates and support feedback.
Enabling campaign, communication and marketing features where the correct consent or lawful basis exists.
Managing billing, subscriptions, invoices, payments, statements, debt collection, contracts and customer administration.
Monitoring platform performance, preventing abuse, detecting security incidents, enforcing acceptable use rules and protecting our systems.
Complying with legal, regulatory, tax, accounting, audit, reporting and dispute-resolution obligations.
Protecting Triotek, our customers, users, venues, resellers, service providers and the public against unlawful, harmful or abusive activity.

8. Lawful Grounds for Processing

Depending on the context, we may process personal information on one or more of the following lawful grounds:

Consent: where you have agreed to the processing, such as accepting a privacy notice, opting in to campaigns, or subscribing to communications.
Contract: where processing is necessary to provide services, manage an account, perform a customer agreement, or take steps at your request.
Legal obligation: where processing is required to comply with applicable laws, lawful requests, tax rules, accounting requirements, security obligations or regulatory duties.
Legitimate interests: where processing is reasonably necessary for our legitimate business interests or those of a customer, provided those interests do not unjustifiably override your rights.
Protection of rights: where processing is necessary to protect the rights, safety, property or lawful interests of Triotek, our customers, users or others.

9. Guest Wi-Fi, Venue Data and Campaign Data

Triotek provides technology that enables customers, venues and resellers to offer guest Wi-Fi access, collect user details, manage customer databases, and send campaigns through channels such as email, SMS, WhatsApp or other supported communication methods.

Where a venue or customer decides what information must be collected, what custom fields are displayed, what opt-in wording is used, and what campaigns are sent, that venue or customer is responsible for ensuring that its use of the platform is lawful and compliant.

Triotek may provide the technical platform, hosting, authentication, records, campaign tools, reporting and support functions. We are not responsible for the lawfulness of a customer’s campaign content, imported contact lists, consent wording, audience selection, promotional offers, or customer-specific data practices where those decisions are controlled by the customer or venue.

We may suspend, restrict or remove campaign functionality, Wi-Fi access, data exports, user access or customer accounts if we reasonably believe that the platform is being used unlawfully, abusively, fraudulently, contrary to this Privacy Policy, contrary to our Terms of Use, or in a way that may expose Triotek or others to risk.

10. Direct Marketing and Communication Preferences

Where we or our customers send marketing or promotional messages, the message must be sent using a lawful basis, proper consent where required, and a clear unsubscribe or opt-out mechanism where applicable.

You may opt out of marketing communications using the unsubscribe link, opt-out instruction, reply method, preference centre or contact details provided in the relevant message. Opting out of marketing does not prevent us from sending transactional, service, security, account, billing or support-related communications where those messages are necessary.

If you receive a campaign from a Triotek customer or venue and want your information removed from that venue’s campaign list, you may need to contact the venue or customer directly. Where technically possible and appropriate, Triotek may assist with suppression, opt-out records or data removal requests.

11. WhatsApp, SMS and Email Communications

We may use WhatsApp Business, SMS, email, phone calls and other communication tools to send service-related messages, support replies, account notifications, OTPs, incident feedback, billing communication, platform updates, and campaign messages where lawful.

WhatsApp messages may include transactional information, OTPs, account-related updates, support communication, incident feedback and responses to conversations you initiated. Where marketing is sent through WhatsApp, it will only be sent where the required consent or lawful basis exists and where the relevant platform rules allow it.

You confirm that any mobile number, WhatsApp number or email address you provide belongs to you or that you are authorised to use it. You are responsible for keeping your contact details up to date. If your number or email changes, you should update your profile or notify us so that sensitive or account-related messages are not sent to the wrong person.

Third-party communication platforms, including WhatsApp, mobile networks, email providers and SMS providers, may process data according to their own terms and privacy policies. We encourage you to review those policies where applicable.

12. Cookies and Similar Technologies

We use cookies, session storage, local storage, pixels, scripts and similar technologies to operate our websites and portal, maintain sessions, improve security, remember preferences, analyse usage, and improve our services.

Examples include:

Strictly necessary cookies: required for login, security, session management, CSRF protection and basic website operation.
Preference cookies: used to remember settings, preferences and user choices.
Analytics cookies: used to understand traffic, performance, page usage and improvement opportunities.
Security cookies: used to detect abuse, protect accounts, prevent fraud and monitor suspicious activity.

You can manage cookies through your browser settings. Blocking some cookies may prevent parts of our websites, portal, captive portal, login pages or account services from working correctly.

13. Analytics and Performance Monitoring

We may use analytics and monitoring tools, including Google Analytics or similar services, to understand website traffic, user interaction, performance, errors and service usage. These tools may collect information such as IP address, browser, device, pages visited and interaction events.

We use analytics to improve our websites, measure service performance, detect issues, optimise user experience and understand how our services are used. Where required, we will use appropriate privacy settings, access controls and safeguards.

14. When We Share Personal Information

We do not sell personal information. We may share personal information where necessary for legitimate business, operational, legal or service delivery purposes, including with:

Customers, venues, resellers or account owners who control or administer the relevant service, venue, campaign, Wi-Fi environment or customer database.
Hosting providers, cloud infrastructure providers, backup providers and database service providers.
Email, SMS, WhatsApp, communication, ticketing and support service providers.
Payment, billing, accounting, audit, tax, legal and professional service providers.
Analytics, monitoring, security, anti-abuse, logging and fraud-prevention providers.
Network equipment, RADIUS, captive portal, firewall, access point, gateway and connectivity-related systems involved in providing Wi-Fi services.
Law enforcement, regulators, courts, government authorities or other parties where disclosure is required or permitted by law.
Potential buyers, investors, successors, advisers or business partners in connection with a merger, acquisition, restructuring, financing, sale of assets or similar transaction, subject to appropriate confidentiality safeguards.

Where we use operators or service providers to process personal information on our behalf, we require them to process the information only for authorised purposes and to apply reasonable confidentiality and security measures.

15. International Transfers

Although Triotek operates from South Africa, some of our technology providers, cloud services, support tools, analytics providers, communication platforms or backups may process or store information outside South Africa.

Where personal information is transferred outside South Africa, we will take reasonably practicable steps to ensure that the transfer is lawful and that appropriate safeguards are applied. These may include contractual protections, security controls, provider due diligence, or reliance on jurisdictions or recipients that provide suitable protection for personal information.

16. Data Security

We take reasonable, appropriate and commercially sensible measures to protect personal information against loss, unauthorised access, misuse, interference, alteration, destruction and unlawful disclosure.

Security measures may include access controls, authentication, encryption where appropriate, TLS/HTTPS, role-based permissions, audit logs, firewall rules, server hardening, backups, monitoring, vulnerability management, administrator controls and staff or contractor confidentiality obligations.

No internet-based service, Wi-Fi network, software system, hosting environment or electronic communication method is completely secure. You are responsible for using strong account security, keeping login details confidential, updating your contact information, and notifying us promptly if you suspect unauthorised access to your account or device.

17. Security Incidents and Data Breaches

If we become aware of a security compromise involving personal information, we will assess the incident and take reasonable steps to contain, investigate and remediate it.

Where required by law, we will notify affected data subjects and/or the Information Regulator. A notice may include information about what happened, what personal information may have been affected, what steps we are taking, and what steps you may take to protect yourself.

Where Triotek acts as an operator for a customer, we may notify the relevant customer or responsible party so that they can meet their own legal obligations.

18. Data Retention

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, unless a longer retention period is required or permitted by law, contract, operational need, audit requirement, accounting rule, dispute, investigation, security purpose or legitimate business need.

Retention periods may differ depending on the type of information. For example, account records, billing records, support logs, security logs, RADIUS accounting records, campaign consent records and audit trails may be kept for different periods.

When personal information is no longer required, we may delete, de-identify, aggregate, archive, restrict or securely destroy it, subject to backup cycles and technical limitations.

19. Your Rights

Subject to POPIA and other applicable laws, you may have the right to:

Ask whether we hold personal information about you.
Request access to your personal information.
Request correction, update or deletion of inaccurate, irrelevant, excessive, outdated, incomplete, misleading or unlawfully obtained personal information.
Object to certain processing of your personal information where the law allows you to do so.
Withdraw consent where processing is based on consent, without affecting lawful processing that occurred before withdrawal.
Opt out of direct marketing communications.
Submit a complaint to us or to the Information Regulator.

To exercise your rights, contact us at help@triotek.co.za. We may need to verify your identity before responding to a request. In some cases, we may be legally allowed or required to refuse or limit a request, for example where disclosure would affect another person’s rights, compromise security, breach confidentiality, or conflict with legal obligations.

20. Accuracy of Your Information

You are responsible for ensuring that personal information you provide to us is accurate, complete and up to date. This is especially important for email addresses, mobile numbers, WhatsApp numbers, billing contacts, administrator accounts and support contacts.

If you provide information about another person, you confirm that you are authorised to do so and that the person has been informed of the processing described in this Privacy Policy or any relevant customer-specific privacy notice.

21. Third-Party Websites, Platforms and Integrations

Our websites and services may contain links to third-party websites or may integrate with third-party platforms such as payment providers, analytics tools, messaging platforms, social media platforms, customer systems, network equipment, accounting systems or other business tools.

We are not responsible for the privacy practices, security, content, terms or policies of third-party websites, platforms or systems that we do not control. You should review the privacy policies and terms of those third parties before using them.

22. Customer and Venue Responsibilities

Customers, venues, resellers and account administrators using the Triotek platform must ensure that they process personal information lawfully. This includes ensuring that:

They have a lawful basis for collecting and using personal information.
Their privacy notices, consent wording and campaign opt-ins are accurate and suitable for their use case.
They do not upload, import or use unlawfully obtained contact lists.
They honour unsubscribe, opt-out, suppression, access, correction and deletion requests where legally required.
They configure user access, administrator permissions and campaign permissions responsibly.
They do not use the platform for unlawful, misleading, abusive, discriminatory, harmful or unauthorised communications.

Triotek may provide tools and support to assist customers, but responsibility for customer-controlled processing remains with the relevant customer or venue.

23. Complaints

If you have a privacy concern, please contact us first so that we can try to resolve it:

Email: help@triotek.co.za
Telephone: 087 821 7274

You may also have the right to lodge a complaint with the Information Regulator (South Africa) if you believe your personal information has been processed in a way that violates POPIA.

24. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, technology, security practices, platform features or business operations.

When we update this Privacy Policy, we will change the effective date shown on this page. Where a change is material, we may provide additional notice through the website, portal, email, customer communication or another appropriate channel.

Your continued use of our websites or services after an updated Privacy Policy becomes effective means that you acknowledge the updated policy, subject to any consent requirements that may apply under law.

25. Contact Us

If you have questions about this Privacy Policy, your personal information, or how we process data, please contact Triotek:

Triotek (Pty) Ltd
Registration number: 2023/804559/07
Email: help@triotek.co.za
Telephone: 087 821 7274
Operating location: Pretoria, Gauteng, South Africa

26. Legal Review

This Privacy Policy is intended to provide a practical privacy framework for Triotek’s online services and platform operations. It should be reviewed by a qualified South African legal professional to confirm that it is appropriate for Triotek’s exact services, customer contracts, POPIA obligations, data flows, campaign processes and operational practices.