PRIVACY POLICY
Company Formation Consultants (Pty) Ltd
(Registration Number: 2022/863189/07)
Website: https://www.cipc-companyregistrations.co.za
Effective Date: 2022/12/15
1. INTRODUCTION
1.1 This Privacy Policy (“Policy”) is issued by Company Formation Consultants (Pty) Ltd (hereinafter referred to as “the Company”, “we”, “us”, or “our”) in accordance with the statutory provisions of the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”), as amended from time to time.
1.2 The purpose of this Policy is to provide data subjects with a comprehensive and detailed understanding of how we collect, use, process, disclose, retain, and otherwise handle Personal Information in the course of our business activities and when interacting with our website, online platforms, services, employees, contractors, and third-party service providers.
1.3 This Policy shall be binding upon all users, clients, potential clients, data subjects, service providers, contractors, employees, and representatives who may, directly or indirectly, provide or receive Personal Information from the Company.
1.4 By visiting our website, submitting data via our contact forms or client intake processes, or otherwise engaging our services, you expressly consent to the collection, processing, and transfer of your Personal Information as described herein.
1.5 This Policy must be read in conjunction with the applicable provisions of POPIA, and in the event of any inconsistency, POPIA shall prevail to the extent of such inconsistency.
2. DEFINITIONS
2.1 Unless the context clearly indicates otherwise, the terms set out below shall bear the following meanings:
2.1.1 “Data Subject” means the natural or juristic person to whom the Personal Information relates.
2.1.2 “Information Officer” means the individual duly designated by the Company in accordance with POPIA to ensure compliance with the Act and oversee the implementation and maintenance of this Policy.
2.1.3 “Operator” means any person or entity who processes Personal Information for or on behalf of the Responsible Party, in terms of a contract or mandate.
2.1.4 “Personal Information” has the meaning assigned to it in section 1 of POPIA and includes, without limitation, any information relating to an identifiable, living natural person or existing juristic person, including but not limited to: identity number, name, contact details, financial information, account details, demographic information, and correspondence.
2.1.5 “Processing” or “Process” means any operation or activity concerning Personal Information, whether or not by automatic means, including but not limited to collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure, or destruction.
2.1.6 “Responsible Party” means the Company, which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information.
3. COLLECTION OF PERSONAL INFORMATION
3.1 The Company may collect Personal Information through various means, including but not limited to:
3.1.1 Direct interactions with clients or potential clients;
3.1.2 Online forms and website interactions;
3.1.3 Email correspondence and telephonic communication;
3.1.4 Through regulatory authorities such as the Companies and Intellectual Property Commission (CIPC), the South African Revenue Service (SARS), or third-party agents acting on your behalf;
3.1.5 Automated technologies or interactions, including the use of cookies and server logs when accessing our website.
3.2 The Personal Information collected may include, but is not limited to:
3.2.1 Full name, surname, and identity or registration number;
3.2.2 Contact details such as email address, telephone number, and physical address;
3.2.3 Business information, including company name, registration details, tax numbers, and directors’ details;
3.2.4 Banking and financial information required for payment and verification purposes;
3.2.5 IP addresses, geolocation data, and browsing behaviour while accessing our website.
4. PURPOSE OF COLLECTION
4.1 The Company shall only collect Personal Information for a lawful purpose, which includes, but is not limited to:
4.1.1 Registering companies and facilitating regulatory compliance services;
4.1.2 Responding to inquiries or requests for information;
4.1.3 Administering contracts and processing payments;
4.1.4 Fulfilling obligations in terms of legal, accounting, and regulatory requirements;
4.1.5 Conducting internal audits, fraud detection, and prevention activities;
4.1.6 Enhancing user experience and improving service delivery;
4.1.7 Marketing and communicating with data subjects, subject to consent where applicable.
5. LEGAL BASIS FOR PROCESSING
5.1 The Company processes Personal Information based on one or more of the following legal grounds:
5.1.1 The data subject’s voluntary, informed, and specific consent;
5.1.2 Necessity for the performance of a contract to which the data subject is a party;
5.1.3 Compliance with an obligation imposed by law;
5.1.4 The legitimate interests of the Company or third parties, provided such interests do not override the data subject’s rights.
6. DISCLOSURE OF PERSONAL INFORMATION
6.1 Personal Information may be disclosed to the following third parties, subject to strict confidentiality obligations:
6.1.1 Governmental and regulatory authorities, including CIPC and SARS;
6.1.2 Auditors, legal representatives, and professional advisors;
6.1.3 Financial institutions and payment processors;
6.1.4 IT service providers, hosting platforms, and data storage providers;
6.1.5 Any third party to whom the data subject has consented in writing.
6.2 The Company shall not sell, lease, trade, or otherwise disclose Personal Information to unauthorised third parties.
7. INFORMATION SECURITY MEASURES
7.1 The Company implements reasonable technical and organisational security measures to protect Personal Information against accidental or unlawful destruction, alteration, loss, unauthorised disclosure, or access.
7.2 These measures include, but are not limited to:
7.2.1 Encryption of data in transit and at rest;
7.2.2 Secure access controls and password protocols;
7.2.3 Periodic vulnerability scans and penetration testing;
7.2.4 Backup systems and disaster recovery plans;
7.2.5 Staff training and confidentiality agreements.
8. CROSS-BORDER DATA TRANSFERS
8.1 The Company does not, as a general practice, transfer Personal Information across the borders of the Republic of South Africa.
8.2 Should cross-border transfers become necessary, such transfers shall occur only where:
8.2.1 The recipient jurisdiction has laws in place that provide adequate protection;
8.2.2 The data subject has consented to the transfer;
8.2.3 It is necessary for the performance of a contract or for the implementation of pre-contractual measures;
8.2.4 It is required by law or in the public interest.
9. RETENTION AND DESTRUCTION
9.1 Personal Information shall be retained for no longer than is necessary for the purpose for which it was collected, unless retention is required by law or justified by legitimate business needs.
9.2 Upon the lapse of the retention period, Personal Information will be securely deleted or destroyed in a manner that ensures it cannot be reconstructed or accessed.
10. RIGHTS OF DATA SUBJECTS
10.1 Data subjects have the following rights, as enshrined in Chapter 3 of POPIA:
10.1.1 The right to be informed of the collection of Personal Information;
10.1.2 The right to access Personal Information held by the Company;
10.1.3 The right to request correction or deletion of Personal Information;
10.1.4 The right to object to processing, particularly for direct marketing purposes;
10.1.5 The right to not be subject to automated decision-making processes;
10.1.6 The right to lodge a complaint with the Information Regulator.
10.2 All data subject requests shall be directed to the Information Officer at the contact details provided herein, and such requests shall be processed in accordance with the procedures prescribed under POPIA.
11. COOKIES AND TRACKING TECHNOLOGIES
11.1 Our website may use cookies and similar tracking technologies to enhance user experience, monitor website usage, and support analytics.
11.2 Users have the ability to manage cookie preferences through their browser settings. Disabling cookies may impact website functionality.
12. DIRECT MARKETING
12.1 The Company may send electronic communications to clients or prospective clients regarding services offered, subject to compliance with section 69 of POPIA.
12.2 Recipients may opt-out of receiving such communications at any time by notifying the Company or using the unsubscribe link provided in the communication.
13. CHANGES TO THIS POLICY
13.1 The Company reserves the right to amend, update, or revise this Policy at its sole discretion. Material changes shall be communicated via the website or other appropriate means.
13.2 Continued use of our services or website following such changes constitutes acceptance of the amended Policy.
14. CONTACT INFORMATION
For questions, requests, or complaints relating to the processing of Personal Information, please contact:
Rudolf Smith
Company Formation Consultants (Pty) Ltd
Email: info@cipc-companyregistrations.co.za
Website: https://www.cipc-companyregistrations.co.za
This Policy is subject to South African law and any dispute arising from or in connection with this Policy shall be resolved in accordance with the laws of the Republic of South Africa.
