Contents
1. Controller details
Data Controller: Coxygen Global (Pty) Ltd (South Africa) (“Coxygen”).
Registration: 2024/326219/07
Address: 7 Gold Reef Road, Omonde, 2190, Johannesburg South, South Africa
Contact (privacy): info@coxygen.co / admin@coxygen.co
DPO / EU Representative: If we are required to appoint a Data Protection Officer (DPO) or EU/UK representative for your specific deployment, we will publish those contact details here and in our Privacy Policy.
2. GDPR principles
We aim to implement GDPR principles in our processes, including:
- Lawfulness, fairness, transparency – clear notices and documented purposes.
- Purpose limitation – data used only for defined purposes.
- Data minimization – collecting only what we need.
- Accuracy – maintaining correct records where feasible.
- Storage limitation – retention controls and deletion/anonymization.
- Integrity & confidentiality – security controls to protect data.
- Accountability – policies, training, vendor management, and records of processing activities.
3. Lawful bases
Depending on the feature, we rely on one or more lawful bases:
- Contract necessity (to provide accounts, support services, and requested features).
- Legitimate interests (security, fraud prevention, service improvement) with balancing tests where appropriate.
- Consent (certain marketing communications and non-essential cookies where required).
- Legal obligation (compliance, record-keeping, responding to lawful requests).
4. Data subject rights
If GDPR applies, you may have rights including: access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making, subject to legal exceptions.
To submit a request, email info@coxygen.co and include enough information for us to verify your identity and locate your data. We may ask for additional verification to prevent unauthorized disclosure.
5. Security measures
We apply technical and organizational measures appropriate to risk, which may include:
- Access controls, least privilege, and authentication protections
- Encryption in transit (TLS) and encryption at rest where feasible
- Logging, monitoring, vulnerability management, and secure development practices
- Backups, disaster recovery planning, and incident response procedures
- Vendor risk review and contractual security requirements
6. Processors & contracts
Where we use third-party processors (hosting, analytics, messaging, identity verification, payments), we seek to use appropriate contractual protections (e.g., data processing agreements) and limit access to what is necessary.
7. International transfers
Coxygen is based in South Africa, and we may store/process data in other countries via service providers. Where required, we use appropriate safeguards for cross-border transfers (e.g., contractual clauses and vendor controls).
8. Retention & minimization
We keep personal data only as long as needed for the purposes described in our Privacy Policy and to satisfy legal requirements. Where possible, we delete or anonymize data that is no longer needed.
9. Breach response
We maintain incident response procedures to assess, contain, and remediate suspected personal data breaches. Where GDPR applies and notification is required, we aim to notify the relevant supervisory authority without undue delay and, where feasible, within the required timeframe, and inform affected individuals when legally required.
10. Automated decision-making
We may use automated tools to detect fraud, secure accounts, and improve services. Where GDPR applies and we conduct automated decision-making that produces legal or similarly significant effects, we will provide appropriate notices and safeguards as required by law.
11. Contact & complaints
Contact us at info@coxygen.co / admin@coxygen.co. If you are in the EEA/UK and believe we have not addressed a concern, you may have the right to lodge a complaint with your local supervisory authority.