1

Let's Define Our Terms

Just to make sure we're speaking the same language, here is what we mean when we use these terms:

Personal Data
Any information relating to an identified or identifiable individual that you submit to Coding Hub.
Controller
That's you. You determine the "why" and "how" of the personal data being processed.
Processor
That's us (Coding Hub). We process the data purely on your behalf and based on your instructions.
Sub-processor
Any third-party business we hire to help us process your data (like cloud hosting providers).
Role clarity: This DPA establishes a Controller-to-Processor relationship. You remain responsible for ensuring that your use of our Services complies with applicable data protection laws.
2

Our Role and Instructions

We will only process your Personal Data based on your documented instructions.

Documented Instructions

The main Terms of Service, along with your use of the Coding Hub platform, count as your complete instructions to us regarding data processing.

Processing Beyond Instructions

If we ever need to process your data for any other reason because a specific law requires us to, we will give you a heads-up before doing it—unless that law strictly forbids us from telling you.

What this means in practice: We won't use your data for our own purposes (like marketing to your users or building profiles) unless you explicitly ask us to or we're legally required to do so.
3

Security and Confidentiality

Keeping your data safe is a core part of what we do.

Area Our Commitment
Security Measures We maintain robust technical and organizational security measures to protect your Personal Data against accidental loss, unauthorized access, or illegal destruction.
Our Team Anyone at Coding Hub who has access to your data is bound by strict confidentiality agreements. They only access what is absolutely necessary to do their jobs.
Need more detail? You can request our security documentation or schedule a security review with our team. Contact us at info@codinghub.co.za.
4

Sub-processors

We don't build every single piece of our infrastructure from scratch, which means we occasionally use third-party vendors to help provide our service.

General Permission

By accepting this DPA, you give us general permission to use these Sub-processors. We maintain an up-to-date list of them on our website.

New Sub-processors

If we decide to bring a new Sub-processor on board, we will notify you (usually via email or an in-app notice) at least 15 days before they start handling your data.

Objecting to a new vendor: If you have a legitimate, privacy-related reason to object to a new vendor, you can let us know, and we'll work with you to find a solution.

Our Current Sub-processors

Cloud Infrastructure
Hosting providers for data storage and computing resources
Communication Services
Email and notification delivery services
Monitoring & Analytics
System performance monitoring and error tracking

For the full, up-to-date list, please visit our Sub-processor List page.

5

Data Subject Rights

Helping you help your users exercise their data protection rights.

When Users Come to You

If one of your users (a "Data Subject") reaches out to you wanting to access, correct, or delete their personal data, we will provide you with the tools or assistance you need to fulfill that request.

When Users Come to Us Directly

If a user reaches out to Coding Hub directly with one of these requests, we won't respond to them or take action on the data ourselves. Instead, we'll point them in your direction and notify you immediately.

Why we redirect: As the Controller, you are the primary point of contact for Data Subjects. We act only as your Processor and must follow your instructions when handling such requests.

Rights We Support

  • Right of Access: Users can request a copy of their personal data
  • Right to Rectification: Users can request correction of inaccurate data
  • Right to Erasure: Users can request deletion of their data
  • Right to Restrict Processing: Users can request limitation of processing
  • Right to Data Portability: Users can request their data in a structured format
6

What Happens in a Data Breach

Nobody wants to think about a security incident, but if the worst happens and your Personal Data is compromised, we will act quickly.

Our Breach Response Process

Immediate Detection

We will notify you without undue delay and no later than 48 hours after becoming aware of the breach.

Full Disclosure

We'll give you all the details we have: what happened, what data was exposed, and what we are doing to fix it.

Ongoing Cooperation

We will cooperate with you entirely so you can meet your own regulatory reporting obligations.

48-hour window: This timeline aligns with POPIA and GDPR requirements. We take this obligation seriously and have internal processes in place to ensure rapid detection and notification.

What We'll Tell You

Information Description
Nature of the breach What type of incident occurred (unauthorized access, accidental disclosure, etc.)
Data categories affected What types of personal data were involved
Approximate number of subjects How many individuals may be affected
Likely consequences What risks this breach may pose to data subjects
Measures taken What steps we've taken to contain and remediate the breach
7

Deleting or Returning Your Data

When you decide to leave Coding Hub and our contract ends, you get to choose what happens to your data.

Return Data

Ask us to return a complete copy of your data to you in a standard, machine-readable format.

Delete Data

Ask us to permanently delete all your data from our systems with no recovery option.

30-day window: If you don't explicitly ask for either option within 30 days of the contract ending, our standard procedure is to securely wipe your data from our systems.

Legal Retention Exceptions

The only exception to deletion is if local or international laws require us to keep a specific piece of data archived for legal reasons. In such cases:

  • We will inform you which data must be retained and why
  • The retained data will be subject to additional access restrictions
  • It will be deleted as soon as the legal obligation expires
8

Audits

You have the right to verify that we're actually doing everything we promise in this document.

Option 1: Review Our Audit Reports

Usually, the easiest way to verify our compliance is by requesting our most recent third-party security audit reports (like a SOC 2 or ISO 27001 certification). These are available upon request at no charge.

Option 2: Conduct Your Own Audit

If our reports don't satisfy your regulatory requirements, we will allow you—or an independent auditor you hire—to conduct a reasonable audit of our data processing practices.

Audit conditions: We just ask for standard written notice beforehand, and we expect the audit to happen during normal business hours so it doesn't disrupt our operations. All auditors must sign a confidentiality agreement before accessing any systems or data.

How to Request an Audit

  1. Send a written request to info@codinghub.co.za specifying the scope and purpose of the audit
  2. We'll acknowledge your request within 5 business days and propose a timeline
  3. Both parties agree on audit dates, scope, and any confidentiality requirements
  4. The audit is conducted, and we provide a response to any findings within 30 days

Need to Discuss This DPA?

If you have questions about this addendum or need to request an audit, our team is ready to help.

Email
info@codinghub.co.za
Phone
(27) 053 004 0014
Address
South Africa