Privacy Policy

Effective date:

Last updated:

1. Introduction

This Privacy Policy explains how Andrich van Wyk ("Operator", "we", "us", or "our"), acting in a personal capacity as the operator of Lochrono (the "Service"), collects, uses, stores, and protects your personal information.

We are committed to safeguarding your privacy and processing your personal information in accordance with the Protection of Personal Information Act of South Africa, 2013 ("POPIA") and other applicable data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Responsible Party

For the purposes of POPIA, the responsible party is:

Andrich van Wyk
Email: [email protected]

3. Information We Collect

3.1 Information You Provide Directly

When you register for and use the Service, you may provide us with:

  • Account information: name, email address, and login credentials.
  • Profile information: professional details such as qualifications, practice numbers, or specialisations.
  • Client and agency data: names, contact details, and business information for the clients and agencies you manage through the Service.
  • Financial data: invoicing details, expense records, bank account details (for inclusion on your invoices), and billing information related to your subscription.
  • Scheduling and time data: appointment details, time entries, and mileage logs.
  • Credential records: professional licences, certifications, and their expiry dates.
  • Communications: messages or correspondence you send to us for support or feedback.

3.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Usage data: pages viewed, features used, actions taken, and timestamps.
  • Device and browser information: browser type, operating system, screen resolution, and language preference.
  • Log data: IP addresses, access times, and referring URLs.
  • Cookies and similar technologies: as described in Section 9 below.

3.3 Information from Third Parties

We may receive information from third-party payment processors in connection with your subscription (such as confirmation of payment and partial card details). We do not receive or store your full payment card numbers.

4. How We Use Your Information

We process your personal information for the following purposes:

  • Providing the Service: hosting, storing, and processing your data so you can manage clients, schedules, invoices, expenses, credentials, and reports.
  • Account management: creating and maintaining your account, authenticating your identity, and communicating with you about your account.
  • Billing: processing subscription payments through our third-party payment processor.
  • Service improvement: analysing usage patterns to improve, maintain, and develop the Service.
  • Support: responding to your enquiries and resolving issues.
  • Legal compliance: complying with applicable laws, regulations, or lawful requests.
  • Security: detecting and preventing fraud, abuse, or security incidents.

Under POPIA, we process your personal information on the following grounds:

  • Contract performance: processing necessary to provide the Service you have subscribed to (POPIA Section 11(1)(b)).
  • Legitimate interest: processing necessary for our legitimate interests in operating and improving the Service, provided these interests are not overridden by your rights (POPIA Section 11(1)(f)).
  • Legal obligation: processing necessary to comply with a legal obligation to which we are subject (POPIA Section 11(1)(c)).
  • Consent: where you have given us specific consent for a particular processing activity (POPIA Section 11(1)(a)). You may withdraw consent at any time, but this will not affect the lawfulness of processing carried out before withdrawal.

6. Data Sharing and Disclosure

We do not sell your personal information to third parties.

We may share your personal information only in the following circumstances:

  • Service providers: with third-party providers who assist us in operating the Service (such as hosting providers, payment processors, and email delivery services). These providers are contractually bound to process your information only on our instructions and in accordance with applicable data protection laws.
  • Legal requirements: where required by law, regulation, court order, or governmental authority.
  • Protection of rights: where necessary to enforce our Terms of Service, protect our rights or safety, or protect the rights or safety of others.
  • Business transfer: in the event of a sale, merger, or transfer of the Service or its assets, your information may be transferred to the successor operator, subject to the terms of this Privacy Policy.

7. Data Retention

7.1. We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

7.2. Active accounts: your data is retained for the duration of your account and subscription.

7.3. After termination: upon account termination, we may retain your data for a reasonable period (not exceeding 90 days) to allow you to export your information. After this period, your data will be deleted or anonymised, except where retention is required by law (for example, financial records that must be kept for tax purposes).

7.4. Backup copies: residual copies of your data may persist in backup systems for a limited period in accordance with our standard backup retention cycles, after which they are permanently deleted.

8. Data Security

8.1. We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

8.2. These measures include, but are not limited to, encryption of data in transit, access controls, and secure hosting infrastructure.

8.3. Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data, and you use the Service at your own risk.

9. Cookies and Tracking Technologies

9.1. The Service may use cookies and similar technologies to maintain your session, remember your preferences, and analyse usage patterns.

9.2. Essential cookies are necessary for the Service to function and cannot be disabled.

9.3. Analytics cookies help us understand how the Service is used. Where required by law, we will obtain your consent before placing non-essential cookies.

9.4. You can manage cookie preferences through your browser settings, though disabling certain cookies may affect the functionality of the Service.

10. International Data Transfers

10.1. Your data may be processed and stored on servers located outside the Republic of South Africa, depending on our hosting and service infrastructure.

10.2. Where your data is transferred to a country that does not provide an adequate level of data protection under POPIA, we take reasonable steps to ensure that appropriate safeguards are in place, such as contractual obligations on the receiving party to protect your data to a standard consistent with POPIA.

11. Your Rights Under POPIA

You have the following rights in relation to your personal information:

  • Access: the right to request confirmation of whether we hold personal information about you, and to request a copy of that information.
  • Correction: the right to request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
  • Objection: the right to object to the processing of your personal information on reasonable grounds.
  • Deletion: the right to request the deletion or destruction of your personal information where we are no longer authorised to retain it.
  • Withdrawal of consent: where processing is based on your consent, you have the right to withdraw that consent at any time.
  • Complaint: the right to lodge a complaint with the Information Regulator (South Africa) if you believe your rights under POPIA have been infringed.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable time, and in any event within the timeframes prescribed by POPIA.

Information Regulator (South Africa):
Website: https://inforegulator.org.za
Email: [email protected]

12. Children's Privacy

The Service is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

13. Changes to This Privacy Policy

13.1. We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law.

13.2. Material changes will be communicated to you via the Service or by email with reasonable advance notice.

13.3. Your continued use of the Service after a revised Privacy Policy takes effect constitutes your acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Andrich van Wyk
Email: [email protected]

This Privacy Policy was last reviewed on 16 March, 2026. It does not constitute legal advice. You are encouraged to seek independent legal counsel to understand your rights and obligations under POPIA and other applicable data protection laws.

Back to home