Digital Diner Marketing (Pty) Ltd (“Digital Diner”, “we”, “us”, “our”) provides digital-marketing services through digitaldiner.ai.
Registered office (SA): Edgemead, Cape Town 7441, South Africa.
Email: media@digitaldiner.ai | Tel: +27 (0) 72 592 0953.

We act as the “responsible party” (POPIA) and “data controller” (FADP) for personal information processed via our website, marketing platforms and client projects.

This statement explains how we collect, use, share and secure personal information when you:

• visit or interact with digitaldiner.ai;

• subscribe to newsletters or marketing updates;
  engage us for consultancy, analytics, or advertising services; or

communicate with us on social media or by email.

Category

Examples

Source

Identifiers

Name, email address, telephone, business role

forms, contracts

Marketing & usage data

IP address, device ID, pages visited, campaign metrics, cookies

automated tracking

Transactional data

Invoices, payment references

clients / suppliers

Communications

Emails, chat transcripts, support tickets

direct interactions

Sensitive data

Only if you voluntarily supply it (e.g., dietary needs for an event)

explicit consent required

We do not intentionally collect information about children under 16.

Purpose

POPIA justification

FADP / GDPR-aligned basis

Service delivery & contracts

Section 11(1)(b) – performance of a contract

Contractual necessity

Website analytics & optimisation

Section 11(1)(f) – legitimate interests balanced with data-subject interests

Legitimate interest

Direct marketing by email

Section 69 – opt-in consent

Consent / Legitimate interest (unsubscribe any time)

Regulatory compliance & security

Section 11(1)(c) – legal obligation

Legal obligation

Recruitment & HR

Consent or contractual necessity

Consent / Contract

We only share personal information with:

• vetted cloud hosts, email & CRM providers (servers in EU/EEA, Switzerland or South Africa);

• advertising, analytics and payment processors (Google, Meta, Stripe, PayFast, etc.);

• professional advisers (lawyers, accountants) and competent authorities when legally required.

All processors are bound by written agreements imposing confidentiality, security and—in the case of cross-border transfers—EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

• Switzerland ↔ South Africa: Transfers from Switzerland to South Africa use SCCs and supplementary technical measures to maintain an “adequate level of protection” as required by Art. 16 FADP.

• Outside SA & CH: Where we use US or other non-adequate providers, we rely on SCCs plus encryption at rest/in-transit and vendor risk assessments.

We keep personal information only as long as necessary for the purpose collected:

• Website analytics: 26 months (Google Analytics default)

• Marketing lists: until you unsubscribe or after 24 months of inactivity

• Contracts, invoices & tax records: 7 years (statutory)

• Job applications: 12 months unless hired

We then securely delete or anonymise data.

• TLS/HTTPS encryption

• Access controls and MFA for all internal systems

• Regular vulnerability scanning and staff privacy training

Breach-response plan aligned with POPIA Section 22 (mandatory regulator & data-subject notification) and Art. 24 FADP breach-notification duties.

Under POPIA and the FADP you may:

• Access the personal information we hold about you.

• Correct inaccurate or outdated information.
  Delete or restrict processing in certain circumstances.

• Object to processing for direct marketing or on grounds relating to your situation.

• Withdraw consent at any time (does not affect prior lawful processing).

• Data portability (Swiss FADP) – receive your data in a machine-readable format.

• Complain to:

• Information Regulator (South Africa) – complaints.IR@justice.gov.za
  Federal Data Protection and Information Commissioner (Switzerland) – info@edoeb.admin.ch

• To exercise any right, email media@digitaldiner.ai and we will respond within 30 days (extendable as permitted).

We use first- and third-party cookies for:

• essential site functionality;

• performance & analytics (e.g., Google Analytics);

• advertising (Google Ads, Meta Pixel).

The cookie banner allows you to accept, reject or customise non-essential cookies in line with both Section 18 POPIA (right to be notified) and FADP transparency rules. Detailed cookie descriptions appear in our separate Cookie Policy.

We send email newsletters only with your explicit opt-in consent (or soft opt-in for existing clients, with opt-out on every message). You may unsubscribe at any time by clicking the link in the email or emailing media@digitaldiner.ai.

Digital Diner does not make solely automated decisions with legal or similarly significant effects on you. If that changes, we will provide meaningful information about the logic involved and your right to request human intervention (Art. 21 FADP).

We may update this privacy statement to reflect legal or operational changes. The latest version will always appear at digitaldiner.ai/privacy. Significant changes will be notified via email or banner.
Effective date: 11 July 2025.

Questions, requests or concerns?
Email media@digitaldiner.ai or write to the addresses in Section 1.