At Origami EV Connect (Pty) Ltd ("we", "us", or "our"), we are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Charge Point Management System (CPMS) platform and services.
This policy complies with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African data protection laws.
Secure Data
Bank-grade encryption for all personal information
Transparency
Clear disclosure of how we use your data
Your Rights
Full control over your personal information
1. Information We Collect
1.1 Personal Information
We collect the following types of personal information:
Account Information: Name, email address, phone number, company name, and job title
Charging Data: Charging session history, energy consumption, location data of charging stations used
Vehicle Information: EV make, model, and charging preferences (optional)
Technical Data: IP address, browser type, device information, operating system
1.2 Automatically Collected Information
Usage data and analytics (pages visited, features used, time spent)
Log data (timestamps, API calls, system events)
Cookie and tracking technology data (see our Cookie Policy)
1.3 Information from Third Parties
We may receive information from:
Payment processors (PayFast) for transaction verification
Charging hardware manufacturers for device status and diagnostics
Business partners and service providers (with your consent)
2. How We Use Your Information
We process your personal information for the following purposes:
2.1 Service Delivery
Provide, operate, and maintain our CPMS platform
Process charging sessions and transactions
Manage user accounts and authentication
Provide customer support and respond to inquiries
Send service-related notifications and updates
2.2 Business Operations
Process payments and manage billing
Calculate revenue shares for dealer partners
Generate invoices and financial reports
Detect and prevent fraud and security threats
Comply with legal and regulatory obligations
2.3 Service Improvement
Analyze platform usage and performance
Develop new features and services
Conduct research and analytics
Improve user experience and interface design
2.4 Marketing (with consent)
Send promotional materials and updates about our services
Provide personalized recommendations
Conduct surveys and request feedback
3. Legal Basis for Processing
Under POPIA, we process your personal information based on:
Consent: You have given clear consent for us to process your personal information for specific purposes
Contract: Processing is necessary to fulfill our contractual obligations to you
Legal Obligation: Processing is required to comply with South African law
Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security)
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information with:
4.1 Service Providers
Payment Processors: PayFast for secure payment processing
Cloud Infrastructure: Supabase (PostgreSQL hosting) with data stored in secure facilities
Communication Services: Email and SMS providers for notifications
Analytics Providers: For platform performance monitoring
4.2 Business Partners
Dealer Partners: Location and session data for charge points they operate
Charging Network Partners: Interoperability data for roaming services
4.3 Legal Requirements
We may disclose information when required by law or to:
Comply with legal process or government requests
Enforce our Terms of Service
Protect the rights, property, or safety of Origami EV Connect, our users, or the public
Detect, prevent, or address fraud, security, or technical issues
5. Data Security
We implement comprehensive security measures to protect your information:
Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
Access Controls: Role-based access control with multi-factor authentication
Infrastructure Security: Regular security audits, penetration testing, and vulnerability assessments
Data Backup: Regular automated backups with disaster recovery procedures
Employee Training: All staff undergo security awareness training
Incident Response: 24/7 security monitoring with incident response protocols
Important: While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach as required by POPIA.
6. Data Retention
We retain your personal information only as long as necessary:
Account Data: Retained while your account is active plus 7 years for legal and tax purposes
Charging Session Data: Retained for 7 years for billing, dispute resolution, and regulatory compliance
Payment Records: Retained for 7 years as required by South African tax law
Support Communications: Retained for 3 years
Marketing Data: Retained until consent is withdrawn or 2 years of inactivity
After the retention period, personal information is securely deleted or anonymized. You may request earlier deletion subject to our legal obligations.
7. Your Rights Under POPIA
You have the following rights regarding your personal information:
Right to Access
Request a copy of the personal information we hold about you
Right to Correction
Request correction of inaccurate or incomplete information
Right to Deletion
Request deletion of your personal information (subject to legal obligations)
Right to Object
Object to processing based on legitimate interests or for direct marketing
Right to Restriction
Request restriction of processing in certain circumstances
Right to Data Portability
Request your data in a structured, commonly used format
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent
To exercise any of these rights, please contact our Information Officer at privacy@origamievconnect.com. We will respond within 30 days as required by POPIA.
8. Cookies and Tracking
We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and your choices, please see our Cookie Policy.
9. International Data Transfers
Your information is primarily stored and processed in South Africa. If we transfer data internationally, we ensure adequate safeguards are in place as required by POPIA, including:
Transfers to countries with adequate data protection laws
Implementation of standard contractual clauses
Ensuring service providers comply with equivalent data protection standards
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@origamievconnect.com.
11. Third-Party Links
Our platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
Posting the updated policy on our website with a new "Last updated" date
Sending an email notification to your registered email address
Displaying a prominent notice on our platform
Your continued use of our services after such notification constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: