PRIVACY NOTICE
Last updated 15 July 2025
Thank you for choosing to be part of our community at SDF Corp South Africa (PTY) Ltd (“SDF Corp”, “we”, “us” or “our”). We are committed to protecting your personal information and your right to privacy in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA), the Electronic Communications and Transactions Act 25 of 2002 (ECTA), and other applicable South African laws.
If you have questions about anything in this notice or about our privacy practices, you can reach our Information Officer at info@sdfcorp.co.za or call +27 64 630 5667.
1. Scope of this Notice
This notice applies to personal information we collect when you:
visit https://www.sdfcorp.co.za (the “Website”);
use any of our online or offline services, sales, marketing activities or events (collectively, the “Services”).
2. What Personal Information We Collect
| Category | Typical data in the category | Source |
|---|---|---|
| Information you give us | Names, job titles, company, e‑mail addresses, telephone numbers, billing details, correspondence | Directly from you (webforms, e‑mail, phone, contracts) |
| Information we collect automatically | IP address, browser type, device identifiers, pages visited, time‑and‑date stamps, referring URLs, estimated location (country/city) | Your device via cookies, log files, analytics tags |
| Information from third parties | Payment confirmation, training‑completion data (if you are our client’s learner) | Payment processors, accredited training providers |
Special personal information (e.g., race, health data, biometrics) is collected only when strictly necessary, with your consent or as otherwise lawful under POPIA s.26–28.
3. Legal Grounds for Processing
We process personal information only when one or more of the lawful grounds in POPIA s.11 applies:
Consent – you have consented.
Contract – processing is necessary to conclude or perform our contract with you.
Legal obligation – required by South African law (e.g., tax, employment, B‑BBEE, skills‑development reporting).
Legitimate interests – our legitimate business purposes and such interests do not override your privacy rights.
Public law duty or vital interests – less common, but recognised in POPIA.
4. How We Use Your Information
We use personal information to:
Provide and manage the Services – client onboarding, project delivery, learner administration, invoicing and payments.
Communicate with you – respond to queries, send service‑related notices and security alerts.
Improve our Website and Services – troubleshoot, analyse trends, develop new features, conduct statistical analysis.
Marketing (opt‑in only) – send newsletters, event invitations or promotions you have agreed to receive. You may withdraw consent at any time by using the unsubscribe link or e‑mailing us.
Comply with the law – keep statutory records, lodge mandatory returns, respond to lawful requests from regulators or courts.
Detect and prevent fraud or misuse – monitor, investigate and enforce our terms.
5. Cookies and Similar Technologies
We use first‑ and third‑party cookies, web beacons and local storage to:
remember your preferences;
compile aggregate statistics (via Google Analytics and similar tools);
secure your sessions.
You can refuse or delete cookies via your browser settings, but some site features may not work.
6. Sharing and Disclosure
We never sell your personal information. We may share it only:
| Recipient | Purpose | Safeguard |
|---|---|---|
| Service providers (hosting, IT support, payment gateways, couriers, accredited training providers) | To deliver the Services | Written data‑processing agreements, confidentiality undertakings |
| Business partners (e.g., verifiers, auditors) | To fulfil client mandates | Strict least‑information‑necessary principle |
| Regulators & law‑enforcement | Where required by law, subpoena, court order, or Information Regulator | POPIA s.21–23 compliance |
| Transferees in a merger or acquisition | Business continuity | Contractual obligation to honour this notice |
7. Cross‑Border Transfers
We may store or process data on servers outside South Africa (e.g., cloud hosting in the EEA or the United States). Before any cross‑border transfer we ensure:
the recipient country has laws that provide adequate protection or
we have a binding agreement with the recipient that upholds POPIA s.72 requirements or
you consent to the transfer, and it is not contrary to your privacy rights.
8. Data Security
We implement appropriate technical and organisational measures in line with POPIA s.19 and industry standards (ISO 27001‑aligned), including:
encryption in transit (TLS) and at rest for critical data;
access‑control, strong authentication, least‑privilege policies;
regular vulnerability scanning and penetration testing;
staff confidentiality agreements and training on POPIA and cyber‑security.
9. Retention
We keep personal information only as long as necessary for the purpose collected or as required by law (e.g., Companies Act & Tax Administration Act – 5 to 7 years; Skills Development Levies Act – 5 years). When retention expires, data are securely destroyed or anonymised.
10. Your POPIA Rights
You have the right to:
Access – request a record or a description of personal information we hold (PAIA s.23; POPIA s.23).
Correction/Deletion – ask us to correct, update, destroy or anonymise inaccurate or obsolete data (POPIA s.24).
Objection – object to certain processing (direct marketing, automated decision‑making) (POPIA s.11(3)).
Withdraw consent – where processing relies on consent, withdraw it at any time.
Data portability – receive personal information in a structured, commonly used format where technically feasible.
Lodge a complaint – with our Information Officer or with the Information Regulator.
To exercise any right, email info@sdfcorp.co.za. We will acknowledge within 1 business day and respond within the statutory period (usually 21–30 days).
11. Children
Our Services are intended for persons 18 years or older. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, please notify us so we can delete it.
12. Do‑Not‑Track
At present there is no uniform standard in South Africa for recognising browser “Do‑Not‑Track” signals; we therefore do not respond to them. If this changes, we will update this notice.
13. Updates to This Notice
We may revise this notice from time to time. The “Last updated” date will change accordingly. Material changes will be announced on the Website or via e‑mail.
14. Contact Us
E‑mail: info@sdfcorp.co.za
Phone: +27 64 630 5667
15. How to Review or Delete Your Data
To request access, correction or deletion, e‑mail svdmerwe@sdfcorp.co.za. We will verify your identity and respond within the timeframe required by POPIA.