GoodFellas Protection Services (Pty) Ltd

Registration Number: 2004/106080/23

P.S.I.R.A No: 1655580

Last Updated: 25 February 2026

1. INTRODUCTION
GoodFellas Protection Services (Pty) Ltd (“GoodFellas”, “we”, “us”, “our”) is a private security services provider operating within the Republic of South Africa and regulated, where applicable, by the Private Security Industry Regulatory Authority (PSIRA).

We are committed to protecting and lawfully processing personal information in accordance with:

• The Protection of Personal Information Act, 4 of 2013 (POPIA)
• The Promotion of Access to Information Act, 2 of 2000 (PAIA)
• Applicable security industry regulations
• Any other applicable South African legislation

This Privacy Policy explains how we collect, process, store, safeguard, and share personal information through our website and in the course of providing our protection and security services.

2. DEFINITIONS

For purposes of this Policy:

• “Personal Information” shall have the meaning assigned in terms of POPIA.
• “Data Subject” refers to any identified or identifiable natural or juristic person.
•  “Processing” includes collection, receipt, recording, storage, updating, dissemination,
• destruction, or any other handling of personal information.

3. INFORMATION WE COLLECT
3.1 Information You Provide Voluntarily We may collect and process:

• Full name and surname
• Identity or passport number (where legally required)
• Email address
• Telephone number(s)
• Company or organisation details
• Physical address2 | P a g e
• Service requirements and risk-related information
• Details submitted through website forms
• CCTV or surveillance-related information where applicable
• Any other information voluntarily provided

3.2 Automatically Collected Information
When you access our website, we may automatically collect:

•  IP address
• Device identifiers
• Browser type and version
• Operating system
• Website usage statistics
• Referring URLs
• Cookies and tracking data

3.3 Special Personal Information
Where operationally necessary (e.g., high-risk protection services, security vetting, access control), we may process limited categories of special personal information strictly in accordance with POPIA and other applicable laws.

4. PURPOSE OF PROCESSING
We process personal information strictly for legitimate business purposes, including:

• Responding to enquiries and service requests
•  Conducting consultations and risk assessments
• Providing protection and security services
• Client verification and onboarding
• Contract administration
• Incident investigation and reporting
• Regulatory compliance (including PSIRA obligations)
• Cooperation with law enforcement agencies
• Website administration and performance monitoring
• Fraud prevention and security monitoring
• Protection of life, safety, and property

We do not collect excessive information beyond what is reasonably required.

5. LAWFUL BASIS FOR PROCESSING (POPIA COMPLIANCE)
Processing is undertaken under one or more of the following lawful bases:

• Data Subject consent
• Performance of a contract
• Compliance with legal or regulatory obligations
• Protection of legitimate interests
• Protection of the vital interests of the Data Subject or another person
• Legitimate operational interests of GoodFellas

6. DISCLOSURE AND SHARING OF INFORMATION GoodFellas does not sell, rent, or trade personal information. Information may be shared strictly where necessary with:

• Authorised security personnel
• Operational response teams
• Law enforcement agencies
• Emergency services
• Regulatory authorities (including PSIRA)
• Legal advisors
• IT service providers and hosting partners
• Cloud infrastructure providers
• Auditors or compliance officers

All third-party operators are bound by confidentiality, data protection, and non-disclosure obligations.
Where cross-border transfers occur (e.g., cloud hosting), we ensure that adequate data protection safeguards are in place as required by POPIA.

7. DATA SECURITY SAFEGUARDS
Given the nature of our operations, we implement enhanced security safeguards, including:

• Secure servers and encrypted communications (SSL/TLS)
• Access controls and authentication measures
• Role-based data access restrictions
• Confidentiality agreements with personnel
• Secure hosting infrastructure
• Monitoring for unauthorised access
• Secure disposal and destruction protocols

Despite reasonable safeguards, no internet transmission can be guaranteed 100% secure.

8. DATA RETENTION
We retain personal information only for as long as reasonably necessary:

• Active clients: duration of contractual relationship
• Security records and incident reports: as required by law or regulatory bodies
• Financial records: as required under tax legislation
• Enquiries: up to 12 months
• CCTV or surveillance data: in accordance with operational policies

Information is securely destroyed, de-identified, or anonymised once retention periods expire.

9. DATA SUBJECT RIGHTS
In terms of POPIA, you have the right to:

• Access your personal information
• Request correction or updating
• Request deletion where legally permissible
• Object to processing
• Withdraw consent (where processing is consent-based)
• Lodge a complaint with the Information Regulator Requests must be submitted in writing to the Information Officer.

10. INFORMATION OFFICER
In compliance with POPIA, GoodFellas has appointed an Information Officer. Information Officer Contact Details: Email: info@goodfellasprotection.co.za Telephone: +27 10 746 8629

11. COOKIES & WEBSITE ANALYTICS

Our website uses cookies and analytics tools to:

• Improve user experience
• Monitor website performance
• Analyse visitor trends
• Strengthen cybersecurity monitoring

Users may disable cookies in their browser settings, although some functionality may be affected.

12. LIMITATION OF LIABILITY
GoodFellas shall not be liable for any indirect, incidental, special, or consequential damages arising from unauthorised access to personal information where reasonable safeguards were implemented.

13. BREACH NOTIFICATION
In the event of a data breach involving personal information, GoodFellas will:

• Investigate the breach without undue delay
• Notify affected Data Subjects where required
• Notify the Information Regulator in accordance with POPIA
• Implement corrective measures

14. POLICY AMENDMENTS
We reserve the right to amend this Privacy Policy at any time. Updated versions will be published on our website with the revised effective date.