This POPIA Operator Agreement forms part of the agreement between the customer as the responsible party and WISPGate as the operator where WISPGate processes personal information on behalf of the customer through the WISPGate services, including onboarding, migration, hosting, support, billing, CRM, radius, network operations, ticketing, automation, reporting, backup, and related technical services.
For purposes of the Protection of Personal Information Act, 4 of 2013, the customer determines the purpose of and means for processing personal information and acts as the responsible party. WISPGate processes personal information for or on behalf of the customer and acts as the operator, except where WISPGate independently determines the purpose and means of processing for its own account management, security, billing, legal, compliance, or administrative purposes.
WISPGate will process customer personal information only on documented instructions from the customer, unless required otherwise by applicable law. Documented instructions include the customer’s use of the services, administrator configurations, enabled modules, approved workflows, API activity, migration requests, tickets, support requests, signed order forms, statements of work, and written instructions issued by authorized customer representatives.
The subject matter of processing is the provision, configuration, migration, support, security, maintenance, and operation of the WISPGate services. Processing continues for the subscription term, onboarding or migration period, applicable support period, backup cycle, legal retention period, and any additional retention period required by the governing agreement or applicable law.
Processing may include collection, receipt, recording, organization, structuring, storage, hosting, indexing, retrieval, consultation, use, transmission, adaptation, analysis for operational support, migration mapping, troubleshooting, backup, restoration, security monitoring, restriction, erasure, destruction, and other processing necessary to provide the services under the customer’s instructions.
Customer personal information may include identity information, contact information, customer and subscriber account records, service plan information, billing and payment-related records, service usage metadata, network identifiers, device identifiers, installation addresses, support tickets, operational notes, system logs, radius/accounting records, provisioning data, and other information submitted by the customer or generated through authorized use of the services.
Data subjects may include the customer’s subscribers, prospective subscribers, business contacts, employees, contractors, administrators, technical users, support contacts, billing contacts, and other individuals whose personal information is submitted to or processed through the services by or on behalf of the customer.
WISPGate will ensure that persons authorized to process customer personal information are subject to confidentiality obligations. Access will be restricted to authorized WISPGate personnel and approved service providers with a legitimate business need related to implementation, migration, support, security, maintenance, or service delivery.
WISPGate will implement appropriate, reasonable technical and organizational safeguards designed to protect customer personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, misuse, damage, or other unlawful processing. Such safeguards may include access control, credential protection, secure hosting practices, backup controls, monitoring, least-privilege administration, operational separation, and internal security procedures appropriate to the nature of the services.
WISPGate will not sell customer personal information or use it for unrelated marketing, profiling, resale, or independent commercial exploitation. WISPGate may process customer personal information only as necessary to provide, secure, support, maintain, troubleshoot, improve, or document the services, or as otherwise instructed by the customer or required by applicable law.
The customer authorizes WISPGate to use subprocessors and service providers where necessary to deliver the services, subject to the WISPGate subprocessor list and applicable contractual controls. WISPGate will require subprocessors that process customer personal information to undertake obligations appropriate to the nature of the processing and no less protective in substance than the relevant obligations imposed on WISPGate under this agreement, to the extent applicable to the subprocessor’s services.
Taking into account the nature of processing and information available to WISPGate, WISPGate will provide reasonable assistance to the customer for data subject requests, security inquiries, regulatory inquiries, personal information impact assessments, breach response coordination, and customer compliance obligations under POPIA, where required by law and technically feasible. Assistance outside standard service support may be subject to reasonable professional service fees unless prohibited by law or agreed otherwise in writing.
WISPGate will notify the customer without undue delay after confirming a security compromise or personal information breach affecting customer personal information processed by WISPGate as operator. WISPGate will provide information reasonably available to it to assist the customer in assessing the incident and meeting its own notification obligations. Notification does not constitute an admission of fault, liability, or unlawful conduct.
Upon termination, expiration, or written instruction from the customer, WISPGate will return, delete, or make inaccessible customer personal information in accordance with the governing agreement, the Data Retention Policy, backup cycles, legal preservation obligations, security requirements, and technical feasibility. WISPGate may retain limited records where required for legal, billing, audit, dispute, security, or compliance purposes.
Where customer personal information is transferred, hosted, accessed, backed up, or processed outside South Africa, such processing shall be governed by the applicable cross-border transfer provisions, including any executed Cross-Border Transfer Addendum, Data Processing Agreement, order form, or equivalent contractual safeguards agreed by the parties.
Where legally required and contractually agreed, the customer may request reasonable information regarding WISPGate’s compliance with this agreement. Any audit or review must be proportionate, scheduled in advance, subject to confidentiality, and conducted in a manner that does not compromise WISPGate systems, security controls, trade secrets, other customers, employee privacy, or platform integrity. WISPGate may satisfy audit requests through written responses, security documentation, policies, certifications, screenshots, controlled demonstrations, or third-party reports where available.
The customer remains responsible for establishing a lawful basis for processing, issuing lawful instructions, obtaining required consents or notices, maintaining accurate data, managing its own user access, controlling its administrator accounts, approving migration activities, and ensuring that any personal information submitted to WISPGate may lawfully be processed by WISPGate as operator.
If this POPIA Operator Agreement conflicts with the Data Processing Agreement, SaaS Subscription Agreement, order form, or other signed agreement, the document that provides the higher level of protection for customer personal information shall control for the specific privacy or data-protection issue, unless a signed agreement expressly states otherwise.
Liability arising under this POPIA Operator Agreement is subject to the limitations, exclusions, and remedies stated in the master commercial agreement, unless prohibited by non-waivable applicable law.
Questions regarding this POPIA Operator Agreement should be directed to privacy@wispgate.us.
Your request has been submitted successfully.