Privacy Policy

Jali Digital Solutions (Pty) Ltd ("Jali Digital Solutions", "we", "us", or "our") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

This Privacy Policy is drafted in compliance with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"), the Electronic Communications and Transactions Act, No. 25 of 2002 ("ECTA"), and other applicable South African legislation.

By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our website and services immediately.

We collect personal information that you voluntarily provide to us when you interact with our website, enquire about our services, or engage us for projects. The types of information we may collect include:

• Identity Information: Full name, title, date of birth, and identity or registration number where required for service delivery.
• Contact Information: Email address, phone number, physical address, and postal address.
• Business Information: Company name, job title, industry, and company registration details.
• Financial Information: Banking details, tax information, and payment records where applicable for invoicing and service delivery.
• Technical Information: IP address, browser type, operating system, device information, and browsing behaviour when you visit our website.
• Communication Records: Correspondence via email, phone, contact forms, and any other communication channels.
• Service-Specific Data: Information required for the specific services you engage us for, such as bookkeeping records, compliance documentation, or software project specifications.

In accordance with POPIA, we process your personal information only for lawful purposes directly related to our business activities. We use your information to:

• Provide, maintain, and improve our services across our Corporate, ICT, and Online divisions.
• Respond to your enquiries, requests, and communications.
• Process transactions and send related information, including invoices and receipts.
• Send you technical notices, updates, security alerts, and administrative messages.
• Comply with legal obligations, including tax reporting, B-BBEE compliance, and regulatory requirements.
• Protect against fraudulent, unauthorised, or illegal activity.
• Analyse usage patterns to improve our website, services, and user experience.
• Send marketing communications where you have opted in to receive them (you may opt out at any time).

We do not sell, rent, or trade your personal information. We may share your information with the following categories of recipients only where necessary and in compliance with POPIA:

• Service Providers: Trusted third-party providers who assist us in delivering our services, such as hosting providers, payment processors, and communication platforms. These providers are contractually bound to protect your data.
• Professional Advisors: Accountants, auditors, and legal advisors in the course of providing professional services to us.
• Regulatory Authorities: Government bodies, tax authorities (such as SARS), and regulatory bodies where required by law.
• Business Partners: Where you have engaged us for services that involve collaboration with approved partners, and only with your consent.
• Law Enforcement: Where we are legally obligated to disclose information in response to a valid legal process.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• SSL/TLS encryption for all data transmitted via our website.
• Secure hosting environments with regular security audits.
• Access controls limiting data access to authorised personnel only.
• Regular security assessments and vulnerability testing.
• Employee training on data protection and privacy best practices.
• Incident response procedures to address any data breaches promptly in accordance with POPIA requirements.

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small data files stored on your device that help us understand how you use our website.

We use necessary cookies to ensure the website functions correctly, analytics cookies to understand usage patterns, and functional cookies to remember your preferences. You can manage your cookie preferences at any time.

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:

• Client Records: For the duration of our business relationship plus 5 years, in accordance with the Companies Act, No. 71 of 2008, and tax legislation.
• Financial Records: 5 years from the end of the relevant financial year, as required by SARS.
• Communication Records: 3 years from the date of the last communication.
• Website Analytics Data: 26 months from the date of collection.
• Marketing Consent Records: For the duration of consent plus 1 year after withdrawal.

When personal information is no longer required, we securely delete or anonymise it in accordance with our data retention policy.

As a data subject under the Protection of Personal Information Act (POPIA), you have the following rights regarding your personal information:

• Right to Access: You may request confirmation of whether we hold your personal information and request access to it.
• Right to Correction: You may request that we correct or update any inaccurate, incomplete, or misleading personal information.
• Right to Deletion: You may request that we delete your personal information where it is no longer necessary for the purpose it was collected, subject to legal retention requirements.
• Right to Object: You may object to the processing of your personal information on reasonable grounds, including objecting to direct marketing.
• Right to Data Portability: You may request that your personal information be transmitted to another responsible party in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator if you believe your personal information has been processed in violation of POPIA.

To exercise any of these rights, please contact our Information Officer using the details provided below. We will respond to your request within 30 days as required by POPIA.

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

Our services are not directed at children under the age of 18. Where our Online Division services (such as Virtual Tutor SA or JDS PathFinder) are used by minors, we require the consent of a parent or legal guardian in compliance with POPIA Section 35. We do not knowingly collect personal information from children without such consent.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

Where material changes are made, we will make reasonable efforts to notify you via email or a prominent notice on our website.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please contact our Information Officer:

You may also lodge a complaint with the Information Regulator (South Africa) at inforeg@justice.gov.za if you believe your personal information has been processed unlawfully.