Fire Sands Group

Privacy Policy

Last Updated - November 2025

Fire Sands Group – Privacy Policy

Last updated: November 2025

Fire Sands Group (“Fire Sands”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that your personal information is collected, used, stored, and disclosed responsibly and transparently.
This Privacy Policy explains how we handle personal information when you visit our website, engage with us online, or interact with our services.

This Policy complies with:

  • South Africa: Protection of Personal Information Act (POPIA)
  • New Zealand: Privacy Act 2020
  • UK Alignment: UK GDPR (informational alignment only; we do not target UK individuals directly)

If you do not agree with any part of this Policy, please discontinue using our website and services.

  1. Who We Are

Fire Sands Group
Operating in South Africa and New Zealand

Addresses:

  • Liebenberg Road, Eastleigh, Edenvale, South Africa
  • Dunedin, Otago, New Zealand

Contact email for privacy matters:
projects@firesands.com

Data Protection Officer (DPO):
Riley Pitman, Technical Officer

  1. Personal Information We Collect

We collect the following types of information:

2.1 Automatically Collected Data

When you use our website or digital tools, we automatically collect:

  • IP address
  • Device information
  • Browser type and version
  • Cookies and tracking data
  • Location data (approximate)
  • Usage information (pages visited, interactions, timestamps)

Tools involved may include Google Analytics, HubSpot tracking, and Microsoft Clarity.

2.2 Information You Provide to Us

Provided through forms, communications, onboarding, or newsletter signup:

  • Names
  • Email addresses
  • Phone numbers
  • Organisation / business information
  • General enquiry details

2.3 Sensitive or Special Category Data

We do not collect or process:

  • Health information
  • Biometrics
  • Identity documents
  • Data from minors
  • Any special-category personal data
  1. How We Collect Information

We collect information through:

  • Website forms and contact forms
  • Newsletter subscription forms
  • Cookies and tracking technologies
  • Third-party analytics and CRM tools (Google Analytics, HubSpot, Microsoft Clarity)
  • Customer onboarding and sales processes
  • Marketing campaigns
  • Payment processors (for workflow interactions only—not for storing payment data)
  • Cloud-based systems (Google Workspace, HubSpot CRM)

We use a least-privilege principle when granting internal or subcontractor access.

  1. Why We Process Your Personal Information

We process information for the following purposes:

  • To provide and manage our services
  • To respond to enquiries
  • Customer relationship management (CRM)
  • Contract fulfilment
  • Email marketing (where consent or legitimate interest applies)
  • Employment and contractor coordination
  • Debugging, security, and fraud prevention
  • Website analytics and performance monitoring
  • Legal and regulatory compliance
  • Improving customer experience and service quality
  • Behavioural advertising where cookies are accepted
  1. Lawful Bases for Processing

(Aligned with POPIA, NZ Privacy Act, and informational UK GDPR principles)

  • Consent — email marketing, cookies, optional features
  • Legitimate Interests — analytics, security monitoring, CRM operations
  • Contractual Necessity — responding to enquiries, delivering services
  • Legal Obligation — retaining tax records, compliance documentation

You may withdraw consent at any time.

  1. Sharing Your Information

We share personal information only when necessary:

6.1 Verified Third Parties

  • Google Workspace (email, storage) – EU Servers
  • HubSpot CRM & Marketing Tools – EU Servers
  • Microsoft Clarity (analytics)
  • Cloudflare (security and anti-fraud services)
  • Internal subcontractors (project-based; least-privilege access)

6.2 No Sharing With

  • Data brokers
  • Advertisers outside consented cookies
  • Social media platforms for profiling

6.3 Subcontractors

Subcontractors only receive access through Fire Sands, with:

  • Controlled permissioning
  • Confidentiality agreements
  • Limited and supervised scope
  • No direct customer data extraction allowed
  1. International Data Transfers

Your information may be transferred to or stored in:

  • European Union (Google Workspace, HubSpot)
  • South Africa
  • New Zealand

We do not store or process data in the United States.

Transfers are safeguarded through:

  • Standard contractual clauses
  • POPIA cross-border conditions
  • NZ Privacy Act transfer safeguards
  • Best-practice contractual protections
  1. Data Retention

We retain data only as long as needed:

  • Customer data: until removal request or account deletion
  • Tax and legal records: 6 years
  • Analytics data: 12 months
  • Marketing data: until consent is withdrawn
  • For legal or regulatory compliance: as required

Upon request, personal data is permanently deleted and proof of removal is provided.

  1. Cookies & Tracking

We use a cookie banner to ensure informed consent.

Cookie categories used:

  • Necessary (site security, basic functions)
  • Analytics (Google Analytics, HubSpot, Clarity)
  • Marketing/Behavioural (HubSpot, Google remarketing tools)

You may change cookie settings at any time.

  1. Behavioural Advertising

If you accept marketing cookies, we may:

  • Analyse interactions with our website
  • Deliver tailored content or promotions
  • Optimise marketing performance

We do not conduct intrusive profiling or automated decision-making.

  1. Use of AI Tools

Fire Sands may use AI tools (e.g., ChatGPT, transcription, or automation tools) strictly for:

  • Drafting content
  • Improving internal operations
  • Generating non-sensitive documentation
  • Conducting general analysis

We do not provide AI systems with personal data unless anonymised or strictly necessary, and only with safeguards in place.

  1. Security Measures

We implement strong safeguards:

  • SSL/TLS encryption
  • Access controls
  • Regular audits
  • Data minimisation
  • Staff and subcontractor confidentiality agreements
  • Secure cloud storage
  • Two-factor authentication
  • Antivirus monitoring

We currently do not run backup and disaster recovery systems for customer data beyond cloud provider defaults.

  1. Children’s Data

We do not target or knowingly collect personal information from:

  • Anyone under 18
  • Anyone under 13

If such data is discovered, it will be immediately deleted.

  1. Your Rights

Depending on your jurisdiction, you have rights to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion
  • Object to processing
  • Withdraw consent
  • Request restrictions on processing
  • Request proof of deletion
  • Lodge a complaint with a regulator

We respond to all rights requests within statutory timeframes.

  1. Complaints and Regulators

If you have any questions or concerns:

📩 projects@firesands.com

You may also lodge complaints with:

South Africa

Information Regulator (South Africa)
www.inforegulator.org.za

New Zealand

Office of the Privacy Commissioner
www.privacy.org.nz

(UK individuals may contact the ICO for general guidance, but Fire Sands does not actively target the UK market.)

  1. Data Breach Notification

If a data breach occurs posing a real risk of harm, we will:

  • Notify affected individuals without undue delay
  • Notify the relevant regulator (SA or NZ) where required
  • Provide guidance on recommended protective steps
  1. Changes to This Policy

We may update this Privacy Policy periodically.
Updates will be posted on this page with a revised “Last Updated” date.

Continued use of our website and services indicates acceptance of changes.

  1. Contact Us

If you have privacy concerns, access requests, or want your data removed:

projects@firesands.com