Privacy Policy
1. Who We Are and Who This Notice Applies To
This Privacy Policy ("Policy") is published by ConsultingWorx (operated by Wayne Levine, a natural person conducting business from Cape Town, Western Cape, South Africa) ("ConsultingWorx", "we", "us", "our").
This Policy applies to all individuals ("data subjects") whose personal information we collect and process, including clients, prospective clients, website visitors, contractors, and suppliers. It describes what personal information we collect, why we collect it, how we use it, how we protect it, and what your rights are.
By providing your personal information to us or using our website and services, you acknowledge that you have read and understood this Policy.
2. The Responsible Party and Information Officer
Responsible Party: ConsultingWorx (Wayne Levine)
Information Officer: Wayne Levine
Email: wayne@consultingworx.co.za
Physical Address: Cape Town, Western Cape, South Africa
Website: https://www.consultingworx.co.za
The Information Officer is responsible for ensuring that ConsultingWorx complies with the Protection of Personal Information Act, 4 of 2013 (POPIA) and with this Policy. All privacy-related queries or requests should be directed to the Information Officer.
3. Personal Information We Collect
We collect personal information only where it is necessary for a legitimate business purpose. The types of personal information we may collect include:
3.1 Information You Provide Directly
- Identity information: Full name, job title, company name
- Contact information: Email address, telephone number, physical address
- Enquiry information: Content of your message or enquiry submitted via our contact form
- Engagement information: Business information, financial information, and operational information shared during consulting engagements
- Contract and billing information: Invoicing details, payment records
3.2 Information We Collect Automatically
- IP address and general location data
- Browser type and operating system
- Pages visited, time on site, and referring URL (via website analytics)
- Date and time of visits
3.3 Special Categories of Information
We do not intentionally collect special personal information (as defined in Section 26 of POPIA) such as race, religion, health, sexual orientation, or criminal history. If such information is inadvertently disclosed during an engagement, it will be handled with heightened care and protection.
4. Lawful Grounds for Processing
We process your personal information on one or more of the following lawful grounds:
| Lawful Ground | Examples |
|---|---|
| Contract performance | Processing necessary to perform our consulting agreement with you |
| Legitimate interest | Business development, client relationship management, service improvement |
| Legal obligation | Tax records, PAIA compliance, regulatory requirements |
| Consent | Where we ask for your consent before processing (e.g., marketing communications) |
5. How We Use Your Personal Information
We use your personal information for the following purposes:
- To respond to your enquiries and communicate with you
- To provide, manage and improve our consulting services
- To prepare and send invoices and manage payment
- To maintain our client records and engagement history
- To comply with our legal and regulatory obligations
- To send service-related communications (e.g., project updates)
- To improve our website and user experience (via analytics)
- To send marketing or business development communications, where you have not opted out
We will not use your personal information for any purpose that is incompatible with the purposes listed above without your prior consent.
6. Sharing of Personal Information
We do not sell, rent, or trade your personal information to third parties. We may share your personal information with:
- Service providers: Third-party technology and software providers (e.g., email platforms, accounting software, cloud storage) that process data on our behalf and are subject to confidentiality and data processing agreements
- Professional advisors: Legal, tax, and financial advisors, subject to professional confidentiality obligations
- Regulatory authorities: Where required by law, court order, or regulatory obligation
- Business successors: In the event of a business sale, merger, or restructuring, subject to equivalent data protection obligations
All third parties with whom we share personal information are required to maintain appropriate technical and organisational measures to protect your information.
7. Cross-Border Transfers
Some of our service providers may process personal information outside South Africa. Where this occurs, we ensure that the recipient country provides an adequate level of protection, or that appropriate safeguards are in place (such as standard contractual clauses), in accordance with Section 72 of POPIA.
8. Retention of Personal Information
We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. Our general retention periods are:
| Category | Retention Period |
|---|---|
| Client and engagement records | 7 years after end of engagement (for tax and legal purposes) |
| Financial and accounting records | 5 years (as required by tax legislation) |
| Website enquiry data | 3 years from date of enquiry |
| Marketing communications | Until you opt out or withdraw consent |
| Website analytics data | 26 months (anonymised after 14 months) |
When personal information is no longer required, it will be securely deleted or anonymised.
9. Security of Personal Information
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, destruction, or disclosure. These measures include:
- Encrypted communications (TLS/HTTPS)
- Password-protected systems and access controls
- Restricted access on a need-to-know basis
- Secure cloud storage with reputable providers
- Regular review of security practices
No method of transmission over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a serious information breach, we will notify you and the Information Regulator as required by POPIA.
10. Your Rights Under POPIA
As a data subject, you have the following rights in respect of your personal information:
- Right of access: You may request access to the personal information we hold about you
- Right to correction: You may request that we correct inaccurate or incomplete personal information
- Right to deletion: You may request that we delete your personal information, subject to our legal retention obligations
- Right to object: You may object to the processing of your personal information on grounds relating to your particular situation
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal
- Right to complain: You may lodge a complaint with the Information Regulator of South Africa
To exercise any of these rights, please contact our Information Officer at wayne@consultingworx.co.za. We will respond within 30 days of receiving your request.
11. Cookies and Website Analytics
Our website may use cookies and similar tracking technologies to improve your browsing experience and to understand how visitors use our site. Cookies are small text files stored on your device.
We use the following types of cookies:
- Strictly necessary cookies: Required for the website to function correctly. These cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are anonymised and do not identify individuals.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of our website. We do not use cookies for targeted advertising or profiling purposes.
12. Marketing Communications
We may occasionally send you information about our services that we believe may be of interest to you. You have the right to opt out of marketing communications at any time by emailing us at wayne@consultingworx.co.za with the subject "Unsubscribe".
We will never sell your contact details to third parties for marketing purposes.
13. Children's Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information about a minor, please contact us immediately and we will take steps to delete such information.
14. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. The effective date at the top of this Policy indicates when the most recent update was made. We encourage you to review this Policy periodically. Material changes will be communicated via our website.
15. Contact and Complaints
ConsultingWorx — Information Officer
Wayne Levine · Cape Town, Western Cape, South Africa
Email: wayne@consultingworx.co.za
If you are dissatisfied with our response to a privacy complaint, you may contact the Information Regulator of South Africa:
Information Regulator of South Africa
Website: www.inforegulator.org.za · Email: inforeg@justice.gov.za
POPIAComplaints@inforegulator.org.za · PAIAComplaints@inforegulator.org.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001