Privacy Policy

At Yellow Metal SA (Pty) Ltd, your privacy isn’t just a policy—it’s a priority. We know that by sharing your personal information, you’re placing trust in our hands. That’s why we treat your data with the same care and integrity that defines everything we do.

📦 What We Collect

To give you the best possible experience, we gather information in three ways:

·         🖥️ Automatic Information: Like most websites, we use cookies and tracking technologies to understand how you interact with our site and emails. This helps us optimise performance and your overall experience.

·         📝 Information You Provide: Whether it's through our website, by email, or other channels—details you give us help ensure seamless transactions and service.

·         ✉️ Email Insights: We may receive confirmation when you open emails we send, allowing us to tailor future communication.

✅ Your Consent & How We Use It

By sharing your information with us, you’re saying, “I trust you”—and we take that seriously. Here’s what that means:

·         🔒 No Sharing Without Consent: We do not share your information with third parties unless it's essential to fulfil your transaction—or we’re legally required to.

·         📊 Safe Stats Only: We may compile anonymised, aggregated data for business insights—but never in a way that identifies you.

·         ⚖️ Legal Compliance: If compelled by law, we may disclose data as necessary—but we’ll protect your rights wherever possible.

🛡️ How We Keep Your Info Safe

We don’t just promise security—we build it in. Yellow Metal SA and our partners use industry-standard security measures to protect your information. While no system is impenetrable, we stay on top of evolving threats to keep your data protected with up-to-date safeguards.

We’re proud of the trust our customers place in us, and we work hard to keep it. For questions, concerns, or to learn more about how we protect your data, reach out to us any time at 📧 admin@ymsa.co.za.

🛡️ POPIA Compliance Agreement – Yellow Metal SA

At Yellow Metal SA (Pty) Ltd, protecting personal information is part of our commitment to responsible business. This agreement sets out how we handle, process, and safeguard the data entrusted to us by partners, customers, and service providers—in compliance with the Protection of Personal Information Act (POPIA).

📘 1. Definitions & Interpretation

This agreement aligns with the Protection of Personal Information Act (Act 4 of 2013). Terms such as 'Personal Information', 'Processing', 'Responsible Party', and 'Operator' retain their legal meanings under the Act.

🔄 2. Processing of Company Personal Information

External Parties must only process Company Personal Information as instructed and solely for contract-related purposes. All data must be treated as confidential, safeguarded, and processed in full compliance with POPIA.

🔐 3. Security Measures

The External Party must proactively identify and address internal and external risks to data security. Technical and organisational safeguards should be regularly tested, updated, and enforced.

👥 4. Personnel Access & Confidentiality

Access to personal information must be limited to authorised staff with a legitimate need. All personnel must uphold strict confidentiality obligations.

🔗 5. Sub-Processing

No data may be transferred to third-party sub-processors without Yellow Metal SA’s prior written consent.

📬 6. Data Subject Rights

External Parties must support Yellow Metal SA in fulfilling requests from individuals to access, correct, or delete their data. No direct response may be made without Yellow Metal SA’s authorisation.

🚨 7. Breach Notification

Any security breach affecting personal information must be reported to Yellow Metal SA without delay. The External Party must cooperate fully in investigating and resolving the incident.

📝 8. Impact Assessments & Consultations

Where necessary, the External Party shall support data impact assessments or regulatory consultations, in line with POPIA compliance.

🧹 9. Return or Deletion of Information

Within 10 business days of service termination, all personal data must be securely deleted or returned—unless retained for legal compliance.

📊 10. Audit Rights

Yellow Metal SA may conduct audits or request documentation to confirm POPIA compliance. Full cooperation is expected from the External Party.

🌍 11. Cross-Border Data Transfers

No personal information may be transferred outside South Africa without written permission. All transfers must be legally protected.

⚖️ 12. Breach of Agreement

Should either party breach this agreement, the other party may issue a 10-day notice for correction. If unresolved, further legal remedies may be pursued.

📄 13. General Conditions

This document represents the entire agreement between the parties and overrides previous discussions. No section may be altered without written consent. Rights may not be transferred without approval, except within Yellow Metal SA’s corporate group.