Privacy Policy

1. Information We Collect

We collect information to provide better services to our clients and ensure the secure processing of electronics. This includes:

• Contact Information: Name, email address, phone number, and physical address.
• Business Details: Tax ID or company name (for B2B clients).
• Device Metadata: Serial numbers, asset tags, and device types of the items recycled.
• Payment Information: If applicable, for service fees or payouts.

2. Data Security & Destruction

Unlike standard businesses, we handle hardware that may contain sensitive data.
• Our Promise: We do not access, view, or copy personal data stored on recycled devices.
• Data Sanitization: All data-bearing media (HDD, SSD, Flash) is either physically destroyed or wiped using industry-standard methods (e.g., NIST 800-88 or DoD 5220.22-M).
• Certificates of Destruction: Upon request, we provide documentation confirming that data has been irreversibly destroyed.

3. How We Use Your Information

We use the information collected to:
• Issue receipts and Certificates of Destruction.
• Coordinate pickups and logistics.
• Comply with environmental regulations and state/federal recycling laws.
• Communicate updates regarding your recycling order.

4. Information Sharing

We do not sell your personal information. We only share data with:
• Downstream Partners: Only when necessary for specialized recycling processes (and only after data destruction is complete).
• Legal Authorities: When required by law to comply with environmental reporting or anti-theft statutes (e.g., "LeadsOnline" reporting for some jurisdictions).

5. Your Rights

Depending on your location (e.g., CCPA in California or GDPR in Europe), you may have the right to:
• Request a copy of the personal data we hold about you.
• Request that we delete your contact information from our records.

Section 6: Certificates of Destruction (CoD) & Data Sanitization

In alignment with Section 19 of POPIA (Security Safeguards), we take "appropriate, reasonable technical and organizational measures" to prevent the loss of, damage to, or unauthorized destruction of personal information.
• Irreversible Destruction: We ensure that all data stored on devices (hard drives, mobile phones, etc.) is destroyed using [Method, e.g., degaussing, physical shredding, or software overwriting].
• Verification: A formal Certificate of Destruction (CoD) will be issued upon request, linking the device serial number to the destruction event.
• Retention: We retain logs of these certificates for 5 years to comply with environmental and commercial record-keeping requirements.

Section 7: Your Rights Under POPIA

As a Data Subject in South Africa, you have the following rights regarding your personal information:

• Right to Access: You may request a record of the personal information we hold about you at no charge.
• Right to Correction: You may request that we update or correct personal information that is inaccurate, irrelevant, or out of date.
• Right to Deletion: You may request the destruction or deletion of your personal information, provided we are not legally required to retain it (e.g., for SARS or environmental reporting).
• Right to Object: You may object to the processing of your personal information for purposes of direct marketing.
How to Exercise Your Rights: To submit a request, please contact our Information Officer at epic.ewaste@gmail.com. We will respond to your request within 3 to 5 working days.

Section 8: Information Officer

In accordance with POPI Act requirements, we have appointed an Information Officer to oversee our privacy practices.

• Name: Kevin Harding
• Contact Email: epic.ewaste@gmail.com
• Physical Address: 10 Jellicoe Street, Pinelands

Section 9: Complaints to the Regulator

Should you believe that we have not handled your personal information in accordance with South African law, you have the right to lodge a complaint with the Information Regulator:

• Website: https://inforegulator.org.za/
• Email: enquiries@inforegulator.org.za