Licentia processes and stores personal information through a combination of local and cloud-based systems used for service delivery, compliance management, governance oversight, communications, backups, and business continuity.

Because Licentia operates through centralised digital systems across Head Office, provincial entities, franchise operators, and internal departments, personal information may be hosted, stored, transmitted, backed up, or accessed through systems located inside and, where applicable, outside the Republic of South Africa.

Licentia will take reasonable steps to ensure that all hosting, storage, access, and cross-border transfers are conducted lawfully and subject to appropriate safeguards.

8.1 Local Hosting and South African-Based Systems

Licentia primarily uses systems and infrastructure hosted within South Africa for operational service delivery, including, where applicable:

• website hosting;
• local servers;
• provincial and Head Office data environments;
• internal storage and backup systems; and
• digital platforms used for quotations, mandates, SLAs, inspections, compliance tracking, and evidence storage.

Where systems are hosted locally, Licentia processes personal information subject to South African legal and regulatory requirements and its internal governance controls.

8.2 Cloud-Based Systems and Remote Access

Licentia may use cloud-based systems and applications for operational efficiency, storage, communications, backup, disaster recovery, and business continuity, including systems provided by third-party service providers.

This may include, without limitation:

• email and communication platforms;
• document storage and file-sharing systems;
• internal workflow and compliance systems;
• system backups and redundancy environments; and
• applications developed or maintained for Licentia’s operational use.

Where cloud systems are used, Licentia requires that they be used in a manner consistent with lawful processing, confidentiality obligations, access control standards, and reasonable security safeguards.

8.3 Cross-Border Transfers and International Backup/Storage

Licentia may, from time to time transfer, store, back up, or make personal information accessible outside South Africa, including through international cloud infrastructure, third-party service providers, or remote backup environments.

Such cross-border processing may occur where:

• international cloud services or infrastructure are used;
• off-site backup or redundancy environments are maintained;
• external operators or service providers host systems outside South Africa; or
• lawful professional or regulatory engagement requires limited cross-border access.

Where personal information is transferred outside South Africa, Licentia will take reasonable steps to ensure that such transfer is lawful and protected by appropriate safeguards, including where applicable:

• transfers to jurisdictions with adequate data protection standards;
• transfers subject to contractual confidentiality and security obligations;
• transfers necessary for the performance of a mandate/SLA or for the implementation of requested services;
• transfers required for the conclusion or performance of a contract in the interest of the data subject; and/or
• transfers otherwise permitted under POPIA.

8.4 Internal Cross-Access and Central Governance

Even where information is stored locally or provincially, Licentia Franchise SA may access data across the Licentia network through its centralised systems for lawful governance purposes, including:

• compliance oversight;
• audit and quality assurance;
• workflow integrity monitoring;
• legal escalation;
• financial governance and reporting; and
• business continuity and system protection.

This internal access is governed by role-based permissions, audit logging, confidentiality duties, and need-to-know limitations.

8.5 Third-Party Hosting Providers and Operators

Licentia may use third-party hosting providers, software vendors, email providers, backup services, developers, and system support providers to host, maintain, secure, or support parts of its digital environment.

Where such third parties process personal information on Licentia’s behalf, Licentia will require that such parties:

• process information only with Licentia’s knowledge or authority;
• treat personal information as confidential;
• apply appropriate technical and organisational safeguards; and
• not unlawfully retain, disclose, or use personal information outside the authorised scope.

8.6 Device-Level Capture and Central Storage Migration

Licentia’s operations may involve temporary capture of information on authorised field devices, including mobile devices used for inspections, communications, and process management.

Where personal information, photographs, or videos are captured on such devices, Licentia requires that such information be transferred into its controlled systems as part of the official client record and thereafter be managed in accordance with its governance, retention, access control, and deletion standards.

This applies to Head Office, provincial entities, and authorised franchise operators.

8.7 Business Continuity, Backup, and Disaster Recovery

Licentia may store backup copies of information and maintain redundancy systems for purposes of:

• business continuity;
• disaster recovery;
• system restoration;
• protection against data loss; and
• operational resilience.

Backup copies may be stored locally, in cloud environments, and/or through international backup infrastructure, subject to lawful safeguards and security controls.

8.8 Lawful Basis

The hosting, storage, remote access, backup, and cross-border processing of personal information is carried out on the basis of:

• contractual necessity, where systems are used to perform the mandate/SLA;
• legal and regulatory obligations applicable to recordkeeping, security, and regulated services; and
• lawful interests in operational continuity, system security, governance oversight, compliance assurance, and disaster recovery.