Compliance, Privacy & Terms

Legal Centre

Last updated: 9 June 2026  ·  Effective immediately upon publication

Privacy Policy & POPIA Compliance POPIA

South African POPIA Compliance Notice: This Privacy Policy has been prepared in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA), which came into full effect on 1 July 2021. It sets out how Market Africa collects, uses, stores and protects your personal information.

1. Who We Are (Responsible Party)

Market Africa ("we", "us", "our") is the responsible party as defined by POPIA in respect of personal information collected via this website (marketafrica.co.za) and all related services.

We are registered and operate in the Republic of South Africa. All privacy enquiries may be directed to our Information Officer — see Section 5 below.

2. Personal Information We Collect

We only collect information that is adequate, relevant and not excessive for the purpose for which it is collected.

2.1 Information you provide voluntarily

  • Full name
  • Email address
  • Phone number (optional)
  • Message content submitted via our contact form
  • Service of interest selected

2.2 Information collected automatically

  • IP address (logged per form submission for security purposes only)
  • Browser type and approximate user-agent string (security only)
  • Pages visited and time of visit (if analytics are enabled)
  • Cookie data (see our Cookie Policy)

2.3 Information we do NOT collect

  • We do not collect special personal information (race, religion, health, biometrics, etc.)
  • We do not knowingly collect children's personal information
  • We do not collect financial or payment information on this website

3. Why We Process Your Information

Your personal information is processed for the following specific, lawful purposes only:

  • Contact form enquiries: To respond to your enquiry and provide information about our services.
  • Security and fraud prevention: IP logging and reCAPTCHA to protect our contact system.
  • Legal compliance: To comply with applicable South African law including POPIA.
  • Analytics (if enabled): To understand how visitors use our website and to improve our services.

We will not process your personal information for any other purpose without your consent.

4. Lawful Basis for Processing (POPIA Section 11)

  • Consent: You voluntarily submit your details via the contact form.
  • Legitimate interest: Security logging and fraud prevention.
  • Legal obligation: Where required by South African law.
  • Contractual necessity: Where processing is required to fulfil a service agreement.

5. Sharing of Personal Information

We do not sell, rent or trade your personal information to third parties. We share only in the following limited circumstances:

  • Service providers: Email delivery and hosting providers who process data on our behalf under binding data processing agreements.
  • Google reCAPTCHA: IP address and usage data may be shared with Google for spam prevention. See Google's Privacy Policy.
  • Legal requirements: Where required by a court order, law enforcement or regulatory authority.

6. Retention of Personal Information

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:

  • Contact form enquiries: Up to 12 months, unless an ongoing client relationship exists.
  • Security logs (IP addresses): Up to 90 days.
  • Financial records: As required by the Companies Act and SARS (generally 5 years).

Upon expiry of the retention period, personal information is securely deleted or anonymised.

7. Security Measures

We implement technical and organisational measures to protect your personal information, including:

  • SSL/TLS encryption (HTTPS) for all data in transit, enforced via HSTS
  • CSRF token protection on all web forms
  • Server-side input validation and sanitisation
  • Rate limiting to prevent automated abuse
  • Content Security Policy (CSP) with per-request nonces
  • HTTP security headers (X-Frame-Options, X-Content-Type-Options, Permissions-Policy)
  • Contact data obfuscation — no email addresses or phone numbers appear in page source
  • Environment-based credential management (no credentials in source code)
  • Regular review of security practices and third-party dependency monitoring

While we take all reasonable steps, no transmission over the internet is completely secure.

8. Cookies and Tracking

We use cookies and similar technologies. For full details see our Cookie Policy. You may withdraw consent for non-essential cookies at any time via the cookie banner on our website.

9. Your Rights as a Data Subject (POPIA) All 8 Rights

Under POPIA you have the following eight rights. To exercise any of them contact our Information Officer — see Section 11. We will respond within 30 days.

9.1 Right of access

Request confirmation of whether we hold your personal information and receive a copy of it.

9.2 Right to correction or deletion

Request that we correct inaccurate, irrelevant, excessive, out-of-date or misleading information, or delete it where we are no longer lawfully entitled to retain it.

9.3 Right to object

Object to the processing of your personal information on reasonable grounds relating to your particular situation, or where processing is for direct marketing.

9.4 Right to withdraw consent

Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

9.5 Right not to be subject to automated decisions

Request human review of any automated decision that significantly affects you.

9.6 Right to restriction of processing

Request that we restrict the processing of your personal information where: (a) you contest its accuracy; (b) processing is unlawful and you oppose deletion; (c) we no longer need it but you require it for a legal claim; or (d) you have objected and a decision is pending.

9.7 Right to data portability

Receive personal information you provided to us in a structured, commonly used, machine-readable format where technically feasible, so that it can be transferred to another responsible party.

9.8 Right to lodge a complaint

Lodge a complaint with the Information Regulator at any time — see Section 12.

How to submit a POPIA request:
Use our secure contact form with subject "POPIA Data Subject Request". Include your full name and a clear description of your request. We may verify your identity before processing. We will respond within 30 days as required by POPIA.

10. Cross-Border Transfer of Personal Information Section 72

Market Africa may transfer personal information to third-party service providers located outside the Republic of South Africa. We only do so in compliance with POPIA Section 72, which requires that the recipient be subject to a law, binding corporate rules or binding agreement that provides a comparable level of protection to POPIA's conditions for lawful processing.

Current third-party recipients and safeguards:

Google LLC (United States)
Service: reCAPTCHA v3 spam and fraud prevention
Safeguard: Google maintains binding data processing terms and participates in applicable international privacy frameworks. Data processed: IP address, browser usage signals.
Reference: google.com/privacy
Zoho Corporation Pvt. Ltd. (India)
Service: Invoicing and financial record keeping (ZohoBooks)
Safeguard: Zoho maintains ISO 27001 certification and standard data processing agreements. India has been assessed as providing an adequate level of protection for the categories of data processed.
Reference: zoho.com/privacy.html
Afrihost (Pty) Ltd. (South Africa)
Service: Web hosting and email infrastructure
Safeguard: South African entity — processing remains within the jurisdiction of POPIA. Bound by our hosting agreement.

Where required, we implement data processing agreements with foreign recipients to ensure your personal information is protected to a standard substantially equivalent to POPIA. We do not transfer personal information to recipients in jurisdictions with inadequate safeguards without your express consent or as required by law.

11. Information Officer POPIA Section 1 & 55

Market Africa has designated an Information Officer as required by POPIA. The Information Officer is responsible for ensuring compliance with POPIA and for handling all data subject requests, complaints and privacy enquiries.

Information Officer
Name: LCG
Title: Director
Organisation: Market Africa
Country: Republic of South Africa

Contact:
To contact our Information Officer, please use our secure contact form and select "Privacy / POPIA Enquiry" as the subject, or submit a written request.
No direct contact details are published on this website to prevent automated harvesting — they are available on verified written request.

Response time: Within 30 days of receipt of written request, as required by POPIA.

12. Right to Lodge a Complaint

If you are not satisfied with our response to a privacy concern you have the right to escalate to the Information Regulator (South Africa):

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, 2017
Website: www.inforegulator.org.za
Complaints: Submit via the Regulator's online portal
General enquiries: www.inforegulator.org.za/contact

13. Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact our Information Officer immediately.

14. Direct Marketing

We will only send marketing communications where you have given express consent. You may opt out at any time via the unsubscribe link in any marketing email, or by contacting our Information Officer. We will process your opt-out within the timeframes required by POPIA.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Where changes are material, we will take reasonable steps to notify you. Continued use of our website constitutes acceptance of the revised policy.

16. Data Breach Notification Policy POPIA Section 22

POPIA Section 22 requires Market Africa to notify both the Information Regulator and affected data subjects "as soon as reasonably possible" after becoming aware of a security compromise involving personal information. The Information Regulator considers 72 hours best practice for initial notification.

Our breach response process includes:

  • Detection: Security monitoring, rate-limit alerts and server log review to detect anomalies.
  • Containment: Immediate isolation of affected systems or data to limit further exposure.
  • Assessment: Determine scope, nature of compromised data and likely impact on data subjects.
  • Notification: Notify the Information Regulator using the prescribed Form 1 within 72 hours where feasible. Notify affected data subjects in clear, plain language as soon as reasonably possible.
  • Remediation: Implement corrective measures, update security controls and document the incident.

Notification to data subjects will be provided via email (where held), website notice, or other reasonable means appropriate to the nature of the breach.

ECTA Section 43 Disclosure ECTA 2002

In compliance with Section 43 of the Electronic Communications and Transactions Act 25 of 2002 (ECTA), Market Africa discloses the following company information:

Full legal name: Market Africa
Registration number (CIPC): Request for this via contact us.
Country of incorporation: Republic of South Africa
Physical address: Roodepoort, Johannesburg, South Africa, 1735
Postal address: Roodepoort, Johannesburg, South Africa, 1735
Website: marketafrica.co.za
Contact: Via our secure contact form
Governing law: Republic of South Africa

Contact details are not published directly on this page to prevent automated harvesting. All contact requests are handled via our secure web form which is encrypted, rate-limited and spam-protected. Contact details are available on verified written request.

Terms of Website Use ECTA / Common Law

By accessing and using marketafrica.co.za you agree to be bound by the following terms. If you do not agree, please discontinue use of this website.

T1. Intellectual Property

All content on this website — including text, graphics, logos, images, code and design — is the property of Market Africa or its content suppliers and is protected by South African copyright law and applicable international treaties. You may not reproduce, distribute, modify or create derivative works from any content without our prior written permission, except for personal, non-commercial use.

T2. Acceptable Use

You agree not to use this website to:

  • Transmit any unlawful, harmful, threatening, abusive or defamatory material
  • Attempt to gain unauthorised access to any part of our systems or infrastructure
  • Introduce malware, viruses or any other harmful code
  • Conduct automated scraping, crawling or data extraction without prior written consent
  • Impersonate Market Africa or any of its representatives
  • Use the contact form for unsolicited commercial communications (spam)

T3. Disclaimer of Warranties

This website and its content are provided "as is" without warranties of any kind, whether express or implied. Market Africa does not warrant that the website will be uninterrupted, error-free or free from viruses or other harmful components. Content is provided for informational purposes and does not constitute professional advice.

T4. Limitation of Liability

To the fullest extent permitted by South African law, Market Africa shall not be liable for any direct, indirect, incidental, special or consequential damages arising from your use of or inability to use this website or its content. This includes, without limitation, loss of revenue, loss of data or loss of business opportunity.

T5. Third-Party Links

This website may contain links to third-party websites. These links are provided for your convenience only. Market Africa has no control over the content of those sites and accepts no responsibility for them or for any loss or damage that may arise from your use of them. Linking does not imply endorsement.

T6. Service Availability

Market Africa reserves the right to modify, suspend or discontinue any part of this website at any time without notice. We shall not be liable to you or any third party for any such modification, suspension or discontinuance.

T7. Governing Law and Jurisdiction

These Terms of Website Use are governed by the laws of the Republic of South Africa. Any dispute arising from your use of this website shall be subject to the exclusive jurisdiction of the South African courts. Nothing in these terms limits your statutory rights as a South African consumer.

PAIA Section 51 Information Manual PAIA 2000

In terms of Section 51 of the Promotion of Access to Information Act 2 of 2000 (PAIA), every private body is required to compile a manual to facilitate access to records held by that body.

P1. Records Held by Market Africa

Market Africa holds records in the following categories:

  • Client and prospect records: Contact details, correspondence, service agreements and project documentation
  • Financial records: Invoices, payment records and financial statements
  • Human resources records: Employment agreements, payroll records and personnel files
  • Operational records: Technical documentation, system configurations and project records
  • Website records: Form submissions, server logs and security logs

P2. Voluntary Disclosure

Market Africa voluntarily makes the following information available without a formal PAIA request: this Privacy Policy, our Cookie Policy, our Terms of Website Use and this ECTA disclosure.

P3. How to Submit a Formal PAIA Request

To request access to records not voluntarily disclosed, submit a written request to our Information Officer via our secure contact form with the subject line "PAIA Access Request". Include the description of the records sought and the form of access required.

A prescribed PAIA request form (Form C as per Regulations) is available from the Information Regulator's website. Request fees are as prescribed by the Promotion of Access to Information Act Regulations.

P4. Response Timeframes

We will respond to a PAIA request within 30 days of receipt, extendable by a further 30 days in complex cases with notice to the requestor. Access may be refused on grounds permitted under PAIA (e.g. protection of privacy, commercial confidentiality or legal privilege).

Full PAIA Section 51 Manual:
A comprehensive PAIA Section 51 manual is available on request from our Information Officer. Contact us via our secure contact form with the subject "PAIA Manual Request". The manual will be provided within 30 days of a verified request.

GDPR Addendum — EU & UK Residents GDPR 2018

Where Market Africa processes personal data of individuals in the European Union or United Kingdom, the EU General Data Protection Regulation (GDPR) 2016/679 and/or UK GDPR applies in addition to POPIA. This addendum supplements our Privacy Policy for those individuals.

G1. When This Applies

This addendum applies if you are located in the EU or UK when you interact with our website or services, regardless of where Market Africa is based.

G2. Lawful Basis Under GDPR (Article 6)

  • Consent (Art. 6(1)(a)): For contact form submissions and marketing communications.
  • Legitimate interests (Art. 6(1)(f)): For security logging and fraud prevention.
  • Contract performance (Art. 6(1)(b)): Where processing is necessary to fulfil a service agreement.
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law.

G3. Additional Rights Under GDPR (Articles 15–22)

In addition to your POPIA rights, EU/UK residents have the right to:

  • Receive a copy of personal data in a structured, commonly used format (data portability — Art. 20)
  • Object to processing based on legitimate interests (Art. 21)
  • Not be subject to solely automated decisions with significant effects (Art. 22)
  • Withdraw consent at any time without affecting prior processing (Art. 7(3))
  • Lodge a complaint with your local supervisory authority (Art. 77)

G4. International Transfers Under GDPR (Chapter V)

Transfers of EU/UK personal data outside the EEA (including to South Africa) are conducted under appropriate safeguards. South Africa is not currently designated as an adequate country under EU GDPR. Where required, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism, or transfer is necessary for the performance of your service contract.

G5. Contact for GDPR Requests

EU/UK data subjects may exercise their GDPR rights by contacting our Information Officer via our secure contact form with the subject "GDPR Data Request". We will respond within 30 days (extendable by a further 60 days for complex requests with notice).

EU residents may also lodge complaints with their national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).

Governing Law

This Legal Centre document — including the Privacy Policy, Terms of Use, ECTA disclosure, PAIA manual and GDPR addendum — is governed by and construed in accordance with the laws of the Republic of South Africa, including:

  • Protection of Personal Information Act 4 of 2013 (POPIA)
  • Electronic Communications and Transactions Act 25 of 2002 (ECTA)
  • Promotion of Access to Information Act 2 of 2000 (PAIA)
  • Consumer Protection Act 68 of 2008 (where applicable)

Any dispute arising from this document or from the use of our website shall be subject to the exclusive jurisdiction of the South African courts.

← Back to Home Cookie Policy