Privacy Policy

Effective Date: 2026-02-06
Company: Vermundo (Pty) Ltd
Registration Number: 2022 / 866554 / 07
Website: https://www.vermundo.co.za
Contact Email: info@vermundo.co.za

Introduction

Vermundo (Pty) Ltd (“we”, “us”, “our”) operates an Energy Management System (“EMS”) platform, including:

• A secure web portal
• On-site EMS Hub devices
• Monitoring, analytics and reporting services
• Technical support services

We are committed to protecting personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). This Privacy Policy explains how we collect, use, store and protect personal information.

Who We Are (Responsible Party)

For purposes of POPIA, Vermundo (Pty) Ltd is the Responsible Party for personal information processed through the EMS portal and related services.
Information Officer: H Bosman
Email: info@vermundo.co.za

Role as Operator (Where Applicable)

In certain deployments, the company may process personal information on behalf of a client acting as the Responsible Party. In such cases, the company acts as an Operator under POPIA and processes personal information only in accordance with client instructions and applicable agreements.

What Information We Collect

1. Account Information
   When users register or are invited to the EMS portal, we may collect:
   • Full name
   • Email address
   • Phone number
   • Company name
   • Job role / access role
   • Login credentials (encrypted)
2. Technical & Log Information
   When users access the portal:
   • IP address
   • Browser type
   • Login timestamps
   • Session activity logs
   • Audit logs of configuration changes
3. Site & System Information
   For EMS installations:
   • Site name
   • Installation address (may include residential addresses)
   • Device serial numbers
   • Energy telemetry data (meters, inverters, batteries, etc.)
   • Operational and performance data
4. Support Communications
   If you contact us:
   • Emails
   • Call notes
   • Support ticket content
   • Attachments

Purpose of Processing

We process personal information for the following purposes:

• Providing access to the EMS portal
• Managing user accounts and permissions
• Monitoring and analysing energy systems
• Generating reports and analytics
• Providing technical support
• Improving system reliability and security
• Complying with legal obligations

We are committed to protecting personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).
This Privacy Policy explains how we collect, use, store and protect personal information.

We do not sell personal information.

If we intend to process personal information for a purpose not originally specified at the time of collection, we will assess compatibility with the original purpose and obtain consent where required under POPIA prior to such processing.

Lawful Basis for Processing (POPIA)

We process personal information where:

• It is necessary to perform a contract (e.g. EMS service agreement)
• It is necessary for legitimate business interests
• It is required by law
• Consent has been provided (where required)

Data Storage and Location

All EMS data is hosted within the Republic of South Africa. We use secure data centres and infrastructure providers located in South Africa.
We do not intentionally transfer personal information outside of South Africa.

Security Safeguards

We implement appropriate technical and organisational safeguards, including:

• Encrypted communication (TLS)
• Encrypted database storage and backups
• Role-based access control
• Multi-factor authentication for administrative users
• Audit logging of system changes
• Secure development practices
• Regular software updates and patch management
• Restricted internal access to production systems

Despite these measures, no system can guarantee absolute security.

Retention of Information

We retain personal information only as long as necessary to:

• Provide EMS services
• Maintain operational and audit records
• Comply with legal requirements

Telemetry data may be retained for long-term system performance analysis. Where possible, older data may be aggregated or anonymised. Upon termination of services, personal information may be securely deleted or anonymised, subject to contractual, regulatory, and audit retention requirements.

Sharing of Information

We may share personal information with:

• Infrastructure hosting providers (as Operators under POPIA)
• Email and communication service providers
• Professional advisors (where legally required)
• Regulatory authorities if required by law

All service providers are contractually required to implement appropriate security safeguards.
We do not sell or rent personal information.

Data Subject Rights

Under POPIA, you have the right to:

• Request access to your personal information
• Request correction of inaccurate information
• Request deletion (where legally permissible)
• Object to certain processing
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with the Information Regulator

Upon verified request, personal information may be provided in a structured electronic format where technically feasible and contractually permissible.
Requests may be submitted to: info@vermundo.co.za
We may require identity verification before processing requests.

Security Compromise (Data Breach)

If we become aware of unauthorised access to personal information, we will:

• Investigate the incident
• Take corrective action
• Notify affected individuals where required
• Notify the Information Regulator where required under POPIA

Cookies and Website Analytics

Our website and portal may use cookies for:

• Authentication
• Security
• Performance optimisation

We do not use cookies to sell behavioural data.
You may configure your browser to refuse cookies, although this may affect functionality.

Children’s Information

Our EMS platform is intended for business and technical users.
We do not knowingly collect personal information from children.

Updates to This Policy

We may update this Privacy Policy from time to time.
The latest version will always be available at:
https://www.vermundo.co.za/privacy-policy.html

Contact Information

For any privacy-related queries:
Information Officer
Vermundo (Pty) Ltd
Email: info@vermundo.co.za

You may also contact the South African Information Regulator at:
https://www.inforegulator.org.za/