Join the Business Re-imagined Masterclass on 24 February
Contact

Privacy Policy

  1. Introduction

This Notice explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).

At Lockstep (Pty) Ltd (and including this website, POPIAct-Compliance, hereafter “we”, “us”, or “our”), we are committed to protecting your privacy and to ensuring that your personal information is collected and used properly, lawfully and transparently.

  1. About the Company

Lockstep (Pty) Ltd

  1. The Information We Collect

We collect and process your personal information mainly to contact you for the purposes of understanding your requirements and delivering services accordingly. For this purpose, we will collect contact details including your name, email address, and organisation.

We collect information directly from you when you provide us with your personal details, for example, when you complete a contact form. Where possible, we will inform you of the information you are required to provide to us and what is optional.

  1. Cookies and Website Usage Information

When you visit our website, we may collect information using “cookies”. This allows us to collect standard internet visitor usage information and understand our visitors’ behaviour.

  • What are cookies? Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information.
  • Types of cookies we use:
    • Strictly Necessary Cookies: These are essential for the website to function. They are typically set in response to actions made by you, such as setting your privacy preferences. These cookies do not store any personally identifiable information and do not require your consent.
    • Analytical/Performance Cookies: We use third-party cookies, specifically Google Analytics, to help us understand how visitors use our site. This tool collects anonymous data such as your country of origin, the time you spend on the site, and whether you are a repeat visitor. This information is aggregated and helps us improve our website.
  • Your Consent: We use a cookie banner to ask for your consent to place analytical/performance cookies on your device. If you do not consent, we will only use the strictly necessary cookies required for the site to work. You can also decline cookie tracking by managing your preferences via our cookie banner or by adjusting your browser settings to refuse cookies.
  1. Our Lawful Basis for Processing

We will only process your personal information if we have a lawful basis to do so. We process your information based on one or more of the following conditions:

  • Your Consent: Where you have given us clear and explicit consent to process your information for a specific purpose (which you can withdraw at any time).
  • Contractual Obligation: Where processing is necessary for us to deliver a service to you as part of a contract.
  • Legal Obligation: Where we are required to process your information to comply with the law (e.g., for tax and record-keeping purposes).
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as for statistical analysis to improve our services, provided it does not override your fundamental rights.
  1. How We Use Your Information

We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary, your information may be retained for legal or research purposes.

For example:

  • To gather contact information to respond to your queries.
  • To confirm and verify your identity or to verify that you are an authorised user for security purposes;
  • To deliver our services to you as per our contractual agreement;
  • For the detection and prevention of fraud, crime, money laundering or other malpractice;
  • To conduct market or customer satisfaction research or for statistical analysis (using anonymised data where possible);
  • For audit and record-keeping purposes as required by law;
  • In connection with legal proceedings.
  1. Disclosure of Information

We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements of POPIA.

We may also disclose your information:

  • Where we have a duty or a right to disclose in terms of law or industry codes;
  • Where we believe it is necessary to protect our rights.
  1. International Data Transfers

We make use of third-party service providers, such as Google (G Suite) and Mailchimp, to deliver our services and manage our communications. These providers may store or process your personal information in data centres located outside of South Africa.

When we transfer your information internationally, we will take all reasonable steps to ensure that it is protected with the same level of security as required by POPIA. We do this by ensuring that our providers are subject to binding corporate rules or data processing agreements that provide adequate protection for your information.

  1. Information Security

We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access and use of personal information. We will continue to review our security controls and related processes on an ongoing basis to ensure that your personal information remains secure.

Our security policies and procedures cover:

  • Physical security;
  • Computer and network security;
  • Access to personal information;
  • Secure communications;
  • Security in contracting out activities or functions;
  • Retention and disposal of information;
  • Acceptable usage of personal information;
  • Governance and regulatory issues;
  • Monitoring access and usage of private information;
  • Investigating and reacting to security incidents.

When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that personal information for which we remain responsible is kept secure.

In the event of a data breach (security compromise), if there are reasonable grounds to believe your personal information has been accessed or acquired by any unauthorised person, we will notify the Information Regulator and you, the affected data subject, as soon as reasonably possible.

  1. Data Retention

We will not retain your personal information for longer than is necessary for the purposes for which it was collected. Our retention periods are as follows:

  • We retain contact form submissions for 6 months to ensure we have resolved your query.
  • We retain customer records for 5 years after our last interaction, as required by law (e.g., for tax and financial record-keeping).
    After these periods, your personal information will be securely and irreversibly de-identified or destroyed.
  1. Your Rights as a Data Subject

You have the right to:

  • Request Access: You have the right to request a copy of the personal information we hold about you. To do this, please contact our Information Officer (details below). We will need a copy of your ID document to confirm your identity before providing details. Please note that any such access request may be subject to a payment of a legally allowable fee.
  • Request Correction: You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes. We would appreciate it if you would keep your personal information accurate.
  • Withdraw Consent: Where we process your information based on your consent, you have the right to withdraw that consent at any time.
  • Object to Processing: You have the right to object to the processing of your personal information, for example, for the purposes of direct marketing.
  • Lodge a Complaint: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe we are not processing your information in compliance with POPIA.

The Information Regulator (South Africa):

Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191

Email for complaints: POPIAComplaints@inforegulator.org.za

General enquiries: enquiries@inforegulator.org.za

  1. Information About Minors

Our website and services are not intended for minors (children under the age of 18). We do not knowingly collect personal information from individuals under 18.

  1. Definition of Personal Information

According to the Act, “personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act, Lockstep also includes the following items as personal information:

  • All addresses, including residential, postal and email addresses.
  • Change of name – for which we may require copies of a marriage certificate or an official change of name document.
  1. How to Contact Us

If you have any queries about this notice, need further information about our privacy practices, or wish to exercise any of your rights, please contact our Information Officer:

Information Officer: Rowan Belchers
Email: rowan@lockstep.global