Skip to content
Hotwireless

Privacy Notice (POPIA)

Last updated: April 2026

This notice explains how Hotwireless collects, uses, and safeguards personal information. It applies to our website, our sales and support interactions, and to the captive portal software we operate on behalf of our venue customers.

Who we are

Hotwireless is a South African business registered in the Western Cape. Our Information Officer can be contacted at admin@hotwireless.co.za or 082 370 3007.

Information we collect

When you contact us via this website

  • Name, business name, email, phone, venue type, message content.
  • Necessary technical metadata (IP address, browser, referral source) to deliver and secure the service.

When you connect to a guest WiFi network we operate

  • Email and/or phone number (where you provide them).
  • Device identifier (MAC address) for session management.
  • Connection metadata (timestamp, data volume, session duration).
  • Any feedback or rating you choose to provide.

How we use it

  • To provide the service you've asked for — whether a demo call, a proposal, or WiFi access.
  • To send marketing communications if — and only if — you opt in.
  • To comply with our legal and regulatory obligations.
  • To secure and improve our services.

Our role vs the venue's role

When you use guest WiFi at one of our customer venues, the venue is the Responsible Party for your data and Hotwireless acts as the Operator. We process data only under instruction from the venue. If you want to exercise your rights in respect of data captured at a venue, please contact the venue directly; we will support them in responding.

Who we share it with

  • Service providers necessary to deliver our platform (cloud hosting, transactional email, SMS gateway) — all bound by confidentiality and processing agreements.
  • Your data is not sold, leased, or shared with marketing partners.
  • We comply with lawful requests from regulatory authorities.

Where we store it

Data is stored in South Africa or in compliant cloud regions that meet POPIA's adequacy requirements. Traffic to our platform is encrypted in transit; sensitive data at rest is encrypted.

How long we keep it

  • Connection logs: 12 months (regulatory retention).
  • Marketing opt-in contact data: for as long as consent remains active.
  • Business correspondence: 5 years for accounting and tax purposes.

Your rights

Under POPIA you have the right to access the personal information we hold about you, to request correction, and in many cases to request deletion. Contact our Information Officer to exercise these rights. We respond within 30 days.

Complaints

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

Changes to this notice

We'll update this notice from time to time and will post the current version at this URL. Material changes will be flagged.