Why This Document Exists
Clearvisi Onnation operates within the financial communication sector. That means our work touches information that people and businesses consider sensitive. We've written this notice to explain what happens to the details you share when you interact with our platform, request our services, or simply browse our website.
This isn't a cookie policy. We address tracking technologies separately because they deserve focused attention. If that's what you're looking for, you'll find a dedicated document covering scripts, pixels, and session management.
What follows is organized around the information lifecycle—how details emerge, what we do with them while they're in our care, and when they eventually disappear.
Information That Reaches Us
Direct Submissions
Most of what we receive arrives because someone chose to provide it. When you fill out a contact form, register for an account, request a consultation, or communicate through our messaging system, you're handing over specifics—name, email address, phone number, company details, job title, communication preferences.
Some submissions include more. If you're inquiring about business communication services, you might describe organizational structure, communication challenges, operational pain points, or strategic objectives. These descriptions help us understand context. They often contain commercially sensitive observations about your business environment.
Operational Records
Our systems generate records as part of normal functioning. When someone accesses our website, technical logs capture IP addresses, browser characteristics, timestamp data, pages viewed, and navigation patterns. This isn't surveillance—it's infrastructure maintenance. We need these records to keep the platform running, diagnose technical failures, and detect unauthorized access attempts.
If you become a client, transactional records emerge: service agreements, invoicing history, payment confirmations, project deliverables, correspondence archives. These records document the business relationship.
Third-Party Channels
Information sometimes arrives through external sources. If you reach us through a professional referral, we might receive your name and business context from a mutual connection. If you interact with us through social media platforms (though we maintain minimal social presence), those platforms may share interaction data according to their own policies.
We don't purchase demographic databases, aggregate consumer profiles, or data broker compilations. Every piece of information in our systems arrived through direct interaction or legitimate business necessity.
How We Handle What We Receive
Service Delivery Operations
The primary reason we hold any information is to deliver financial communication services. Contact details let us respond to inquiries. Project specifics allow us to develop appropriate solutions. Business context helps us tailor communication strategies to organizational needs.
This sounds obvious, but it's worth stating clearly: we use your information to do the work you've asked us to do. If you request a consultation about stakeholder communication, we'll review whatever context you've provided. If you become a client, we'll reference project details throughout our engagement.
Platform Administration
Technical records serve operational purposes. System logs help our technical team identify performance issues, trace error sources, and maintain security postures. Access patterns inform infrastructure scaling decisions. Security logs trigger alerts when unusual activity occurs.
We occasionally analyze aggregated usage patterns—not individual behaviors—to understand which platform features receive attention and which get ignored. This shapes development priorities.
Legal Compliance
Financial services operate under regulatory frameworks. South African financial regulations, data protection statutes, and industry-specific requirements create obligations. Sometimes those obligations require record retention, disclosure, or reporting.
We maintain records as long as legal requirements demand. When regulatory authorities issue legitimate requests, we respond according to statutory procedures.
Business Continuity
Information gets backed up. Our backup systems create redundant copies stored in geographically separate locations. These copies exist solely for disaster recovery—if primary systems fail, we can restore operations without losing client work or critical records.
Backup retention follows a rolling schedule. Older backups eventually get overwritten as new ones are created, unless legal hold requirements demand preservation.
We don't mine client information for marketing insights, sell contact lists to third parties, or repurpose business context for purposes outside our service relationship. Your information serves the specific function that justified its collection.
External Access and Movement
Service Infrastructure
Like most modern operations, we rely on specialized service providers. Cloud hosting infrastructure stores our systems. Email delivery services transmit communications. Payment processors handle financial transactions. Calendar systems manage scheduling.
These providers access limited portions of our data as necessary to perform their functions. Hosting providers can technically access anything stored on their infrastructure, though contractual terms prohibit unauthorized use. Payment processors receive transaction details. Email services handle message routing.
We select providers based on security practices, contractual protections, and compliance certifications. But the fundamental reality remains: when information moves to external infrastructure, those providers become part of the trust chain.
Professional Advisors
Our legal counsel, financial auditors, and professional consultants occasionally need access to specific records. When litigation occurs, attorneys review relevant documentation. During financial audits, auditors examine transaction records. When we seek specialized advice, consultants might review operational data.
These professionals operate under their own confidentiality obligations, but they do gain access when legitimate business needs arise.
Regulatory Disclosure
Government authorities can compel disclosure through proper legal channels. Court orders, subpoenas, regulatory investigations, and statutory requirements sometimes mandate information release. When faced with valid legal demands, we comply while notifying affected parties unless prohibited by law.
Business Structure Changes
If Clearvisi Onnation undergoes acquisition, merger, or structural reorganization, information assets would likely transfer to successor entities. This represents a reality of business operations—data doesn't simply vanish when organizational structures change.
We never sell client lists, rent contact databases, or participate in marketing data exchanges. Information leaves our direct control only when service delivery requires it, professional obligations demand it, or legal authority compels it.
Protection Measures and Limitations
We implement technical and organizational safeguards appropriate to the sensitivity of information in our care. But security exists on a spectrum—there's no absolute guarantee, and anyone claiming otherwise is either naive or dishonest.
Technical Safeguards
Our infrastructure employs encryption for data transmission and storage. Access controls limit who can reach which systems. Authentication mechanisms verify identity before granting access. Network monitoring detects suspicious patterns. Regular security updates patch known vulnerabilities.
These measures reduce risk. They don't eliminate it. Sophisticated attackers occasionally breach even well-defended systems. Software contains undiscovered vulnerabilities. Human error creates unexpected exposures.
Organizational Practices
Internally, access follows need-to-know principles. Team members can only reach information relevant to their responsibilities. We conduct background verification for personnel with system access. Security awareness training addresses common threat vectors.
But organizations consist of people, and people make mistakes. An employee might fall for a phishing attack. A contractor might misconfigure a system. Someone might accidentally send sensitive information to the wrong recipient.
Physical Security
Our South African office maintains physical access controls, surveillance systems, and secure document disposal procedures. But most of our infrastructure exists in third-party data centers. We depend on their physical security measures—guards, biometric access, environmental controls.
If a security incident compromises information in our care, we'll notify affected parties according to legal requirements and reasonable timelines. We won't downplay the severity, blame victims, or delay disclosure while scrambling for PR strategies.
Individual Rights and Practical Limits
Access and Correction
You can request copies of information we hold about you. We'll provide it in a reasonable format within a reasonable timeframe—usually within thirty days, sometimes longer if the request involves complex searches or voluminous records.
If you spot inaccuracies, let us know. We'll correct factual errors promptly. But understand that some records are inherently historical—if you sent us a message containing incorrect information last year, we can't retroactively alter that archived communication.
Deletion Requests
You can ask us to delete your information, and we'll honor such requests when legally permissible. But several scenarios prevent immediate deletion. Active service relationships require ongoing record retention. Completed financial transactions must be preserved for regulatory compliance periods. Legal disputes demand document preservation. Backup systems retain copies until rolling retention cycles complete.
When deletion is possible, it happens. When it isn't, we'll explain why and indicate when eventual deletion will occur.
Processing Restrictions
You can object to specific uses of your information or request processing limitations. If you no longer want marketing communications, we'll stop sending them. If you believe processing lacks legitimate basis, we'll review the situation and adjust accordingly unless legal obligations require continuation.
Data Portability
For information you've directly provided—contact forms, account details, communications—you can request structured copies suitable for transfer to another service provider. We'll deliver these in common formats like CSV or JSON.
To exercise any of these rights, contact us using the details below. We'll verify your identity before processing requests—we can't release or delete information based solely on an email claim.
Retention Logic and Eventual Disappearance
Nothing stays forever. Information eventually loses relevance, legal obligations expire, and digital clutter accumulates. Our retention approach balances operational needs, legal requirements, and storage practicality.
Active Relationship Period
During active client relationships, we retain everything necessary for service delivery and ongoing project work. This includes communication histories, project documentation, account details, and transactional records.
Post-Relationship Retention
After a business relationship concludes, most operational data becomes expendable. But financial records must persist for tax compliance periods—currently seven years under South African regulations. Communication archives might persist longer if they document significant business decisions or contain reference value for similar future projects.
Technical Records
System logs typically persist for ninety days, then get purged. Backup copies exist for thirty to sixty days depending on backup tier. Security incident records might persist longer depending on resolution status and legal implications.
Marketing Contacts
If you've subscribed to updates or newsletters without becoming a client, we'll retain your contact information until you unsubscribe or until the address becomes consistently undeliverable. Inactive marketing contacts—those showing no engagement for two years—eventually get purged.
When deletion occurs, it's genuine. We overwrite storage locations and remove references from active databases. Backup copies persist until rolling retention expires, but they're never restored except during disaster recovery scenarios.
Questions, Concerns, and Escalation
This document covers broad strokes, but specific situations often require individual assessment. If you have questions about how we're handling your information, want to exercise any rights described above, or believe something isn't right, reach out directly.
We'll respond to privacy inquiries within five business days—faster when possible, sometimes longer for complex questions requiring legal review.
If our response doesn't resolve your concern, you have the right to escalate to South Africa's Information Regulator. They handle complaints about data protection practices and can investigate potential violations of privacy legislation.
This notice reflects our practices as of January 2025. Changes happen—new services launch, regulations evolve, business operations shift. When significant changes occur, we'll update this document and notify active clients through usual communication channels.