Privacy Policy

Section 1: Introduction

afrAIca (PTY) Ltd is committed to protecting the privacy and personal information of all individuals who interact with our organisation. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA), as well as internationally recognised data protection principles.

We process personal information because our work requires it, not because we can. Every piece of personal information we hold is held for a reason, used for that reason, and protected accordingly.

This policy applies to all personal information processed by afrAIca (PTY) Ltd in the course of its business operations, including information about clients, prospective clients, employees, contractors, suppliers, website visitors, and research participants.

Section 2: Who We Are

afrAIca (PTY) Ltd is the responsible party for the personal information it processes.

Section 3: Personal Information We Collect

We collect only the personal information that is necessary for the purposes described in this policy.

3.1 Client and Prospective Client Information

• Full name, job title, and organisation name
• Business contact details
• Information provided during AI readiness assessments
• Contractual information and correspondence
• Financial information for invoicing
• Feedback and survey responses

3.2 Website and Digital Interaction Information

• IP address, browser type, device type
• Pages visited and navigation paths
• Information submitted through contact forms
• Cookie data

3.3 Employee, Contractor, and Associate Information

• Identity information including full name and identity number
• Contact details
• Employment information including qualifications and work history
• Financial information including banking details and tax number
• Health information where relevant to occupational health obligations
• Emergency contact details

3.4 Research and Survey Participants

• Name and organisation unless anonymous
• Role, industry, and organisation size
• Survey responses and interview data retained in de-identified form where possible

3.5 Information We Do Not Intentionally Collect

We do not intentionally collect special personal information as defined in section 26 of POPIA unless legally obliged, the data subject has consented, or it is necessary for a legitimate function. We do not knowingly collect the personal information of children under 18 without consent of a competent person as defined in POPIA.

Section 4: How We Collect Personal Information

• Directly from you when you complete a contact form, request a proposal, participate in an assessment, sign a contract, or correspond with us
• During service delivery through consulting and implementation engagements
• Via website interaction through cookies and analytics
• Through employment and contracting processes
• Via third-party referrals
• Through research activities and surveys
• From publicly available sources where lawfully obtained

Section 5: Lawful Basis for Processing

• Contractual necessity: processing required to enter into or perform a contract
• Legal obligation: processing required by applicable law
• Legitimate interest: necessary business interests not overriding privacy rights
• Consent: where freely given, specific, informed, and unambiguous, and withdrawable at any time
• Vital interests: in limited circumstances to protect life
• Public interest: for research activities with appropriate safeguards

Section 6: How We Use Personal Information

6.1 Service Delivery

• Conducting AI readiness assessments and advisory engagements
• Developing and implementing AI solutions
• Managing client relationships and project delivery
• Issuing proposals, contracts, invoices, and reports

6.2 Business Operations

• Managing supplier and contractor relationships
• Processing payments
• Complying with legal obligations
• Maintaining audit records

6.3 Communication and Marketing

• Responding to enquiries
• Sending thought leadership and event invitations to consenting subscribers
• Notifying you of relevant services

You may opt out of marketing at any time via progress@afraica.co.za.

6.4 Research and Improvement

• Conducting market research into African AI adoption
• Analysing anonymised data to improve assessment frameworks
• Contributing to published research where data is anonymised or appropriately consented

6.5 Employment and HR

• Recruiting, onboarding, managing, and offboarding employees and contractors
• Administering payroll and statutory obligations
• Maintaining personnel records

Section 7: Sharing Personal Information

We do not sell personal information. We do not share personal information for unrelated advertising. Sharing occurs only in the following circumstances:

• With operators and service providers including cloud hosting, accounting software, email platforms, and project management tools, all bound by written contracts reflecting POPIA obligations
• With professional advisers including legal, audit, and compliance consultants
• For legal and regulatory disclosure where required by law or the Information Regulator
• In business transactions such as mergers or acquisitions, subject to appropriate agreements
• With your explicit consent for other purposes

Section 8: Transborder Transfers

afrAIca’s commitment to African data sovereignty extends to our own data handling. We do not transfer personal information to a foreign country unless that country provides adequate protection, the data subject has consented, or another condition under section 72 of POPIA is satisfied.

We document all transborder transfers. Where a client’s engagement requires data to remain within South Africa, we structure our delivery accordingly and document that commitment in the service agreement.

Section 9: Retention of Personal Information

We retain personal information only as long as necessary.

When no longer required, information is securely deleted, anonymised, or destroyed.

Section 10: Security of Personal Information

10.1 Technical Measures

• Encryption of personal information in transit and at rest
• Access controls and role-based permissions
• Multi-factor authentication
• Secure password-protected systems with activity logging
• Regular security assessments

10.2 Organisational Measures

• Privacy-by-design principles applied to all new systems
• Confidentiality obligations in all contracts
• Staff awareness and training
• Documented procedures for data subject requests and breach response

10.3 Security Incidents and Breach Notification

In the event of a security compromise, we will contain and remediate the incident and where required under POPIA will notify the Information Regulator and affected data subjects without unreasonable delay.

Section 11: Cookies and Tracking Technologies

Our website uses cookies to support functionality, measure performance, and improve user experience.

• Strictly necessary: essential for website function and session retention
• Functional: remember preferences, retained for up to 12 months
• Analytics: measure visitor interaction in aggregated and anonymised form, retained for up to 13 months
• Marketing: only with explicit consent, retained for up to 12 months or until consent withdrawn

You may control or withdraw cookie consent through browser settings at any time.

Section 12: Your Rights as a Data Subject

• Right of access: request confirmation and a copy of personal information held
• Right to correction: request correction of inaccurate or incomplete information
• Right to deletion: request deletion where no lawful basis for continued retention exists
• Right to object: object to processing based on legitimate interest
• Right to withdraw consent: withdraw consent at any time without affecting prior processing
• Right to complain: lodge a complaint with the Information Regulator of South Africa
• Right to data portability: request personal information in a structured format where technically feasible
• Right not to be subject to automated decisions: we do not make solely automated decisions with significant effects without human review

To exercise any right, contact progress@afraica.co.za. We will acknowledge within five business days and respond fully within 30 days.

Section 13: The Information Regulator of South Africa

Section 14: Third-Party Websites and Services

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information.

:Children’s Personal Information

afrAIca’s services are directed at organisations and professionals. We do not knowingly collect, process, or retain personal information relating to children under 18. If you believe a child’s personal information has been submitted, contact progress@afraica.co.za and we will act promptly to delete it.

Section 16: Changes to This Privacy Policy

We review this policy at least annually and whenever material changes occur. Changes will be published at www.afraica.co.za with the updated version date. Where changes are material, we will notify clients and subscribers directly.

Section 17: Contact and Complaints

Privacy is not a compliance requirement we satisfy. It is a value we hold. Our work is built on the principle that data about people belongs to those people. We will always handle your personal information with the care, transparency, and respect that principle demands.