top of page

Privacy and Data Policies.

Agilocity (PTY) Ltd. trading as Agilocity Consulting is committed to protecting the privacy and data of our customers, employees, vendors, and other stakeholders. This Data and Privacy Policy outlines how we collect, use, store, and protect personal information in compliance with the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR).

1. The POPI Act

For the POPI Act, the Company is deemed to be an organization that engages in all aspects of business. It follows that personal information could be processed in some of the following categories:

  1. Employees

  2. Clients

  3. Vendors

  4. Stakeholders, i.e. shareholders

  5. Governing bodies, i.e. directors

  6. Statutory bodies, i.e. SARS

  7. Public viewers, i.e. websites

  8. Hostile invaders i.e. hackers

  9. Newsletter subscribers

A list of the processors, persons privy to the processing is:

  1. Company owners

  2. Company administrators

The following general information is collected from the parties above:

  1. Name

  2. Surname

  3. Address

  4. Contact Details

  5. All labor related information

  6. All client information relating to accounting, products, services in common

  7. All vendor information relating to accounting, products, services in common

  8. Information stakeholders could be interested in

  9. Information governing bodies could be interested in

  10. All Statutory information on which the Company is to report / act upon

  11. Information destined for marketing and sales in future

  12. Purpose for holding information

The Company vows to protect the information as prescribed by the POPI Act. As far as the Company understands, all personal information is private and attended to according to the POPI Act.

The Company will at all times measure the risk of breach of the POPI Act and actively manage same on a daily basis.

2. Data Collection and Use

We collect and process personal information only for legitimate business purposes and with the consent of the data subjects. The information collected may include but is not limited to names, contact details, financial information, and any other data required to provide our services or fulfill our contractual obligations.

3. Lawful Basis for Processing

We process personal information on the lawful bases as specified under POPIA and GDPR, which may include consent, contract performance, legal obligations, and legitimate interests. Data subjects will be informed of the specific purpose of data processing when their information is collected.

4. Data Security

We employ appropriate technical and organizational measures to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures are designed to comply with both POPIA and GDPR requirements.

5. Data Minimization and Accuracy

We only collect and retain personal information that is necessary for the purpose it was collected. We ensure the accuracy of the data we hold and update it when necessary. Data subjects have the right to request corrections to their personal information.

6. Data Transfer

We may transfer personal information to third-party service providers or business partners as necessary to fulfill our contractual obligations or provide our services. Such transfers are conducted under GDPR-compliant mechanisms, such as Standard Contractual Clauses or approved adequacy decisions.

7. Data Subject Rights

Data subjects have the right to access their personal information, rectify inaccuracies, erase their data (subject to legal requirements), restrict processing, and object to processing. We will respond to data subject rights requests in accordance with the timelines specified in POPIA and GDPR.

8. Data Retention

Personal information will be retained for as long as necessary to fulfill the purposes for which it was collected, and to comply with legal and regulatory requirements. Data that is no longer required will be securely deleted or anonymized.

9. Data Breach Notification

In the event of a data breach that poses a risk to individuals' rights and freedoms, we will notify the relevant supervisory authorities and affected data subjects as required by POPIA and GDPR.

10. International Data Transfers

If personal information is transferred to countries outside the European Economic Area (EEA) or South Africa, we will ensure adequate safeguards are in place to protect data subjects' rights and comply with the requirements of POPIA and GDPR.

11. Privacy by Design and Impact Assessments

We implement privacy by design principles and conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with our data processing activities.

Contacting Us

For any inquiries or concerns related to data privacy, please use the Contact form on our website or email us at

Last updated on 4 July 2023.

bottom of page