Privacy and Information Policy

Privacy and Information Policy


This Privacy and Information Policy (“Privacy Policy”) has been developed to acknowledge the importance of and assist in providing a framework for, the appropriate level of protection for consumer identification, collection, holding, using, disseminating, merging, collating, disclosing and protection of your personal information (“process” or “processing”). The policy represents the company‘s commitment to compliance with its obligations under the Protection of Personal Information Act 4 of 2013 (“POPI”).

This Privacy Policy applies in respect of Pivotal Data (Pty) Ltd and its processing of personal information.

The processing of personal information
We provide this policy in accordance with POPI, detailing the lawful approach we take in the collection of information and in regard to the management, use and processing of all information collected from you and other legitimate sources and all subsequent dealings with your lawful representatives, credit reporting bodies and other entities listed in this policy.

In the course of our business we only process personal information in relation to our clients in terms of the services requested by them, which will be detailed in the agreement between us (“the lawful purpose”).

The types of personal information collected and processed
We gather information about yourself primarily from you and in some instances from other organisations, agents, services providers, advisers, credit reporting bodies and/or Government agencies.

Why we process personal information
We process personal information:

  • to communicate to you offers in relation to our services or products that we think may be of interest to you;
  • unless requested not to, to communicate with you offers in relation to products and services promoted by us via other websites owned and operated by Pivotal Data (Pty) Ltd;
  • unless requested not to, to send you marketing materials which promote the goods or services of us and our affiliate companies (including by way of electronic direct marketing activities);

By clicking ‘submit’ on our website you are providing your consent to us to collect your details to process the information for the lawful purpose.

What laws authorise us to collect personal information?
We are authorised to collect your personal information, for a lawful purpose, by POPI. In order to access/collect/process your information, we act on your behalf as the “responsible party” requesting access to your information under South African legislation.

How we collect personal information
We collect personal information in South Africa from these possible legitimate sources:

  • from you;
  • from the documentation we request and you provide;
  • from information about you that is publicly available, including court and tribunal reports and decisions.

Please note, depending on circumstances, we may choose not to collect information from all these sources.

How we hold personal information securely
In all circumstances the information is held by us on our secure systems. We take all reasonable steps to secure the integrity and confidentiality of your personal information and protect your information from misuse, loss, interference, unauthorised access, modification or unauthorised disclosure.

Hard copies are held in a locked and secure environment, with other security protection after business hours. Electronic copies are held in a secure environment, with the application of appropriate passwords and other computer and software security techniques.

How we use your personal information provided
Once you have submited your information, we are entitled to use your personal information as follows:

  • to identify you as per the above;
  • to check when the last time you used our service was, if at all;
  • to inform you of goods, services and/or products which we think you may be interested in (unless you have opted out);
  • to receive confirmation that you have granted us authority to act as the ”responsible party” if information is held by a third party;
  • to transfer your information across borders; and
  • for any purpose permitted by law.

What do we do with your personal information?
We will use our personal information for the purposes of providing you with the services as per your agreement with us.

We do not sell, trade, share or rent your personal information to any third party for marketing purposes unless you have given your permission for us to do so.

We may, for an indefinite period, unless otherwise notified by you, use the information provided by you for promotional, marketing, research and profiling purposes. We will add your contact details to our database and may also send you emails from time to time about our offers and offers of our third party advertisers. Every group email that is sent to our database also contains an “unsubscribe” option.

We may use your information (with your consent)for marketing purposes to inform you of goods, services and/or products from Pivotal Data (Pty) Ltd and/or related entities or third party entities, for goods, services and/or products which we consider of interest to you. At any point in time you are able to opt out of this by informing the Privacy Manager, whose contact details are set out in this policy. You may be informed about these goods, services and/or products through a range of communication methods, including telephone, SMS, email, social media, other electronic means and/or targeted advertising.

Parties we share your information with

  • We may, from time to time, share your personal information with credit reporting bodies, credit providers and/or brokers and any other organisations which are part of offering our services to you that are not within our organisation but only for a lawful purpose.
  • We ensure protection of your personal information, by only entering into agreements with third parties that have policies that comply with POPI. Compliance with POPIA ensures the personal information we have disclosed is used only for the specific lawful purpose we have requested on your behalf.

What kinds of website visitor information we collect
Unless requested not to, we may aggregate and hold the information we collect to research and help us understand broad demographic trends, but before we use or hold such aggregated data we remove anything and everything that identifies you personally. This generic de-identified and aggregated information may be shared with third parties and in this event, we undertake to never share any of this information if it is personally identifiable without your prior consent. We take your privacy seriously and are committed to protecting it. If you would prefer not to participate in this generic de-identified data gathering, you can opt-out by notifying our Privacy Policy Manager, whose contact details are contained within this policy.

Notifiable matters
From time to time we may have notifiable matters we wish to communicate to you. At any time you may request a hard copy, or emailed copy, of the notifiable matters or notify us that you opt out of this service.

Transfer of information between us and a third party supplier
The information you provide may be transferred across foreign borders.

This information transfer is permitted under Chapter 9 of POPI which authorises the access seeker (known as the responsible party) to transfer the information across foreign borders in the following circumstances:

  • the recipient must be governed by laws, binding corporate rules, binding agreements or memorandum of understanding between two public bodies which provide an adequate level of protection; or
  • the Data Subject must consent to the transfer; or
  • the transfer must be necessary for:
    • the performance of a contract between the Data Subject and Responsible Party, or for the implementation of pre-contractual measures taken in response to a Data Subject’s request;
    • the conclusion or performance of a contract concluded in the interest of the Data Subject between the Responsible Party and a third party; or
  • the transfer is for the benefit of the Data Subject and: –
    • it is not reasonably practicable to obtain the consent of the Data Subject to that transfer; and
    • if it were reasonably practicable to obtain such consent, the Data Subject would be likely to give it.

How you may complain about our failure to comply with POPIA
There are 2 ways you may complain:

  • Verbally, or in writing, to our Privacy Manager.
  • If you are a resident in South Africa, you can lodge a complaint to the Regulator completing the form as prescribed.

There is no charge for lodging a complaint.

How we will deal with such a complaint: We will write to you acknowledging receipt of the complaint. After appropriate investigation, the Privacy Manager will write to you as soon as practicable after a decision has been reached, outlining the decision and the reasons for reaching it.

Latest news


AI reshaping CX in the age of digitisation

We need to reframe our perceptions regarding AI and look for ways to augment it into the workplace to enhance the way we work and operate, rather than resist it. In doing so, we will open up innumerable opportunities to create value, both for customers and the business itself.Read more »

Partner with Pivotal Data

Discover future solutions today!