PRIVACY POLICY

1. INTRODUCTION

1.1 This Privacy Policy sets out how KHAUTA Risk Advisory (Pty) Ltd (“the Company”, “we”, “us”, or “our”) processes and protects personal information in compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

1.2 The Company respects your privacy and is committed to ensuring that your personal information is collected, processed, and protected lawfully and transparently.

2. SCOPE OF APPLICATION

2.1 This Policy applies to all users (“you”, “your”, or “data subjects”) who visit or interact with our Website, contact us electronically, or engage with the Company’s consulting and advisory services.

2.2 By using our Website or providing personal information to the Company, you consent to the practices described herein.

3. INFORMATION WE COLLECT

3.1 The Company may collect and process the following categories of personal information:

  • Full name and contact details (email, phone number);
  • Organisation name and job title;
  • Information submitted via contact forms or service requests;
  • Technical information automatically collected through cookies (such as IP address, browser type, and website usage data).

3.2 We do not collect or store sensitive personal information unless required by law or with your explicit consent.

4. PURPOSE OF PROCESSING PERSONAL INFORMATION

4.1 The Company collects and uses personal information solely for the following lawful purposes:

  • To communicate with clients and respond to enquiries;
  • To deliver consulting and advisory services in the fields of Enterprise Risk Management, Regulatory Compliance & Combined Assurance, Insurance & Risk Financing Solutions, Artificial Intelligence Driven Risk & Decision Solutions and Board Governance & Executive Advisory;
  • To send updates, newsletters, or insights (where consented to);
  • To improve our Website, analytics, and service offerings;
  • To comply with applicable legal or regulatory obligations.
5. LEGAL BASIS FOR PROCESSING

5.1 Processing of personal data is carried out in accordance with:

  • The data subject’s consent;
  • The necessity to perform a contract or pre-contractual steps;
  • Compliance with legal obligations;
  • The Company’s legitimate interest in improving its services and communications.
6. DATA STORAGE AND SECURITY

6.1 The Company implements appropriate technical and organisational measures to safeguard personal information against unauthorised access, loss, misuse, or alteration.

6.2 Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

7. COOKIES AND WEBSITE TRACKING

7.1 The Website uses cookies and analytics tools to enhance functionality and improve user experience.

7.2 Users may adjust browser settings to decline cookies; however, certain features of the Website may not function properly without them.

8. SHARING OF PERSONAL INFORMATION

8.1 The Company does not sell, rent, or trade personal information.

8.2 Information may be shared only with:

  1. Authorised service providers who assist in operating the Website or delivering services (bound by confidentiality obligations);
  2. Regulatory authorities, where required by law; or
  3. Third parties, only with your explicit consent.
9. TRANSFER OF INFORMATION ACROSS BORDERS

9.1 Personal information may be transferred outside South Africa for secure data storage or service processing.

9.2 In such cases, the Company ensures that adequate protection measures consistent with POPIA and GDPR are in place.

10. DATA SUBJECT RIGHTS

10.1 In accordance with POPIA and GDPR, you have the right to:

  1. Access and obtain a copy of your personal information;
  2. Request correction or deletion of inaccurate data;
  3. Object to or restrict the processing of your personal information;
  4. Withdraw consent at any time;
  5. Lodge a complaint with the Information Regulator (South Africa) or relevant Data Protection Authority (EU).
11. INFORMATION REGULATOR (SA)

Contact details of the Information Regulator are available at:

Website: www.inforegulator.org.za
Email: complaints.IR@justice.gov.za

12. CHANGES TO THIS POLICY

12.1 The Company reserves the right to update or amend this Privacy Policy at any time without prior notice.

12.2 Any updates will be posted on this Website and will take effect immediately upon publication.

13. CONTACT INFORMATION

For privacy-related enquiries or to exercise your data rights, please contact:

KHAUTA Risk Advisory (Pty) Ltd
Email: info@khautariskadvisory.com
Website: www.khautariskadvisory.com
Phone: (+27) 72 355 6268
Registration Number: 2023/722049/07
VAT Number: 9259160266