Privacy Policy

Growth-X Consultancy (“Growth-X”, “we”, “us” or “our”) is committed to protecting personal information in compliance with South Africa’s Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA), as well as relevant international standards. This policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have under applicable laws.

​

1. Who We Are and Scope of This Policy

​

Growth-X Consultancy (including any affiliates or subsidiaries) is the responsible party that collects and processes personal information as described below. This policy applies to all personal information collected by Growth-X in South Africa (and globally to the extent applicable) in connection with our business activities, including from:

​

• Visitors to our website (https://www.growth-x.business/) and online platforms; 

• Attendees or registrants of Growth-X events, webinars, training sessions, or conferences; 

• Clients, partners, suppliers, or other business contacts in the course of our consulting, coaching and facilitation services; 

• Individuals subscribing to our newsletters, marketing communications, or service updates; 

• Social media profiles and online channels where Growth-X engages with the public; 

• Third-party services we use (such as analytics providers, payment processors, or cloud services); 

• Publicly available sources (for example, a publicly listed company directory or professional networking sites).

​

This policy covers personal data about adult individuals (aged 18 or over) only. We do not knowingly collect personal information from minors (children under 18). It does not apply to our employees, contractors or job applicants (who are covered by separate internal policies).

​

2. The Information We Collect

​

We collect various categories of personal information when you interact with us or use our services. The types of personal data we may collect include:

​

• Identity and Contact Information: Name, email address, postal address, telephone number, employer or company name, job title, and other contact details.   

• Professional and Business Data: Business affiliations, professional qualifications, and work history if relevant to our services.   

• Demographic or Background Information: Nationality, languages spoken or written, communication preferences.   

• Financial and Transactional Data: Bank account or payment card details (for billing), invoicing and payment records, tax or VAT numbers if applicable.   

• Communications Data: Records of correspondence and communications with us (emails, letters, call recordings) and feedback provided during services or events.   

• Event and Newsletter Data: Information you provide when registering for events or subscribing to newsletters (e.g. dietary preferences, job role, interests).   

• Website and Technical Data: Internet Protocol (IP) address, browser type, device identifiers, usage data, and cookies (see Section 7 below).

​

Special categories of personal information (such as health, racial/ethnic origin, political or religious beliefs, genetic or biometric data, sexual orientation, trade-union membership, etc.) are not included in the ordinary data we collect. We will only collect or process such sensitive data if explicitly required for a specific purpose and with your explicit consent, in line with POPIA requirements.  

 

We only collect information directly relevant to the purposes listed below and avoid collecting information that is unnecessary or not required by law. All mandatory fields in our forms or processes will be clearly indicated; failure to provide required information may mean we cannot deliver the requested service or process your request.

​

3. How We Collect Your Information

​

Growth-X gathers personal information through a variety of channels, including:

 

Direct Interactions: You may give us your personal data when you subscribe to our services or newsletters, register for events, request a proposal or quotation, fill out contact or inquiry forms on our website, or communicate with us by email, phone, or in person.   

 

Third-Party Sources: We may obtain information from publicly accessible business sources, partners, or service providers. For instance, we might use third-party data to perform anti-fraud, credit, or due diligence checks as required by law (such as anti-money-laundering regulations) or to validate data provided by you. We may also receive information from social media profiles if you have engaged with us on those platforms.   

 

Cookies and Online Technologies: When you visit our website, we automatically collect certain technical and usage information via cookies, web beacons, or similar technologies (see Section 7 below).   

 

Business Relationships: If you apply to work with or for Growth-X, or if you supply goods or services to us as a contractor or vendor, we will collect the necessary information to manage those relationships (subject to separate employment or procurement policies, as applicable).

​

In all cases, we will inform you at or before the time of collection about the purpose of collection, whether it is voluntary or mandatory, and the consequences of not providing the information, as required by POPIA Section 18. We also ensure you know our identity and how to contact us. If we receive your personal information from a third party, we take reasonable steps to inform you about the source of that information as required by law. 

 

4. Why We Use Your Personal Information (Purposes of Processing)

​

We process your personal information only for specific, lawful purposes that are outlined below. Under POPIA, personal information must be used only for clear and legitimate reasons. Growth-X may use and process your data for the following purposes: 

 

Provision of Services: To register and manage you as a client or event participant, to provide you with consulting, coaching, facilitation, or other services you have requested, and to perform any contract or agreement with you. This includes handling your instructions, scheduling sessions, sending deliverables, and billing for services. Processing personal data is necessary for the performance of our contracts and agreements with you.  

 

Communications: To communicate with you regarding our services, projects, events, or your account. This includes responding to your inquiries or support requests, delivering newsletters or marketing materials to which you have consented, and sending updates or confirmations about bookings or subscriptions.   

 

Marketing and Events (with Consent): To send you information about our services, events, publications, or other offerings that you have opted in to receive. We will only send marketing communications (by email) if you have given us your explicit consent (or have not objected after an introductory contact). You may opt out of marketing communications at any time (see Section 10).   

 

Administration and Relationship Management: To administer your account and relationship, including managing payments, processing subscriptions, maintaining records, and handling any complaints or feedback. We may use your information to ask you to provide a review or survey about our services (again, with your consent).   

​

Compliance and Legal Obligations: To comply with our legal and regulatory obligations (for example, tax, audit, and financial reporting requirements), including processing KYC/AML checks if required. We will share information with law enforcement or regulators when legally required (such as a subpoena or statutory request). We may also monitor, record, and retain communications (phone calls, emails, online chats) when necessary for security, legal compliance, or evidence. Processing may be necessary to comply with applicable laws and regulations.   

 

Security and Fraud Prevention: To protect the security and integrity of our systems, prevent fraud, and ensure the safety of our offices, staff, and clients (for example through CCTV at our premises). We may process data to detect and prevent unauthorized activities on our website or networks.   

 

Business Development and Improvement: To conduct market research and data analysis, improve our website, products, services, and marketing (using anonymized or aggregated data as appropriate), and to ensure our offerings remain relevant and effective.   

Record Keeping: To keep records of business transactions, correspondence, and historical documentation, as needed to demonstrate our work and for archival purposes. We also retain certain information for the establishment, exercise or defence of legal claims, or to enforce our agreements. 

 

In summary, we only use your information for the purposes that we have specifically told you about, and for which you have provided consent or which are justified by law or our contractual rights. We do not process data in ways that are incompatible with these stated purposes.

​

5. Legal Basis for Processing

​

Under POPIA, we process personal information only when lawful conditions are met. These conditions include (among others):  

 

Consent: Where you have given clear permission for us to process your specific personal information for a specific purpose (e.g. consenting to receive marketing emails or newsletters). You have the right to withdraw consent at any time for such processing.  

 

Contractual Necessity: When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract. For example, processing your contact and payment information to deliver a service you have requested.   

 

Legal Obligation: When processing is necessary to comply with a statutory or regulatory obligation (such as tax laws, financial regulations, or court orders).

​

Legitimate Interests: When processing is necessary for the legitimate interests of Growth-X or a third party, provided that those interests are not overridden by your own rights. Examples might include network and information security, preventing fraud, or direct marketing to existing customers (subject to opt-out rights).

​

Personal information will not be processed unless one of these lawful bases exists. For marketing communications or cookies that are not strictly necessary, we will obtain your explicit consent before processing. We never process your data in a way that violates these principles. 

​

6. Consent for Marketing, Cookies, and Special Data

​

We respect your privacy choices. Whenever we use your personal information to send marketing messages (such as newsletters, promotional offers or event invitations), we will do so only if you have actively opted in or subscribed. You can withdraw your consent for marketing at any time by clicking “unsubscribe” in any email we send you, or by contacting our Information Officer.

 

Our website uses cookies and similar tracking technologies. We use essential cookies (required for site functionality, logging in, and security) by default. For non-essential cookies (such as analytics or marketing-related cookies), we will obtain your prior consent (typically via a cookie banner or preferences panel) before storing them on your device. You can always configure your web browser to refuse or delete cookies; however, disabling essential cookies may affect the functionality of our site. 

​

We do not collect or process sensitive personal information (special categories) without explicit permission. If in the future we need to process sensitive data (e.g. health or biometric information), we will obtain your explicit consent beforehand, as required by POPIA.  

7. How We Share and Protect Your Information

​

Sharing Your Information

​

We will not sell, rent, or trade your personal information to third parties. We share personal data only as needed for legitimate business purposes and under strict controls. Categories of recipients include:

​

Group Companies and Affiliates: Your data may be shared with Growth-X’s group companies or subsidiaries if needed to provide joint services.

​

Service Providers: Trusted third-party vendors (e.g. cloud hosting providers, email marketing platforms, analytics and payment processors, professional advisers, IT consultants, event organizers) who perform services on our behalf. These parties process data only according to our instructions and under confidentiality agreements. 

​

Legal and Regulatory Bodies: Government agencies, law enforcement, tax authorities, or industry regulators as required by law or to protect our legal rights (for example, anti-terrorism or anti-money laundering agencies).

​

Professional Advisors: Lawyers, accountants, auditors, or consultants we engage, who may receive peripheral personal data as needed for their work with us.

​

Other Third Parties: With your consent or at your direction, we may share information with third parties you authorize (for example, a referrer or business partner you designate). In such cases, we will let you know where your data is going. 

All third parties to whom we disclose personal information are contractually obligated to maintain the confidentiality and security of the information and to process it only for the purposes we specify.

​

Data Security

​

We take data security very seriously. Growth-X implements appropriate technical and organizational measures to protect personal information against unauthorized access, loss, alteration, or misuse. For instance, we use industry-standard security measures such as firewalls, encryption of data in transit and at rest, access controls (limiting database access to authorized personnel only), regular data backups, anti-virus and anti-malware tools, and secure data centers. Our staff and contractors are trained in data protection practices, and we routinely review our security measures.

​

Despite these safeguards, no method of online transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we will promptly address any suspected data breach. In the unlikely event of a security compromise affecting personal information, we will comply with POPIA breach notification requirements and inform affected individuals and the Information Regulator as soon as possible.  

 

8. International Data Transfers

​

Growth-X is based in South Africa and does not transfer personal data outside of South Africa for processing. All our servers and service providers are located or contracted in jurisdictions with data protection laws that provide protection comparable to POPIA.

 

For awareness: POPIA requires that if personal data were to be transferred outside South Africa, it must be to countries with adequate protections or under binding agreements. We will ensure any cross-border processing (if it occurs in the future) is done in full compliance with POPIA’s cross-border requirements.

​

9. Data Retention

​

We retain personal information only for as long as necessary to fulfil the purposes outlined above, or to comply with legal and regulatory requirements. For example, we may keep financial records and billing information for up to 7 years as required by tax law. When personal data are no longer needed, we will securely delete, destroy, or anonymize them. You may request deletion earlier (see Section 10) but note that we may sometimes need to retain minimal information for legitimate reasons (such as record-keeping, prevention of fraud, or compliance with a legal obligation) as allowed by POPIA.

​

10. Your Rights as a Data Subject

​

Under POPIA and related laws, you have several legal rights regarding your personal information, including:

​

Right to Access: You have the right to request confirmation of whether we hold personal information about you, and to obtain a copy of that information.

​

Right to Correction: You may request that we correct or update any of your personal data that is inaccurate or incomplete.   

Right to Deletion (Erasure): You may request that we delete your personal information if we no longer need it for the purposes collected, or if you have withdrawn consent (and it is not required by law to keep it).

​

Right to Object: You can object to certain types of processing (such as direct marketing) if you do not consent or if you believe we have no legitimate interest.

​

Right to Withdraw Consent: If our processing is based on your consent, you may withdraw it at any time (for example, unsubscribing from marketing communications).

​

Right to Data Portability: Where technically feasible, you have the right to receive the personal data you provided to us in a structured, commonly used format, or to have us transfer it to another organization (if feasible).

  

Right to Complaints: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your data has been mishandled. You can contact them via their website or hotline as published on www.inforegulator.org.za.

​

To exercise any of these rights, please contact our Information Officer (see Section 11) with your request in writing. We will respond within the timeframes specified by law. As confirmed by POPIA, making a request for information should be free of charge for the first request (though fees may apply for additional copies. We will require proof of your identity before providing any personal information.

​

If you are not satisfied with our response, you have the right to escalate the matter to the Information Regulator or seek a remedy through South African courts.

​

11. Information Officer Contact

​

In line with POPIA and PAIA requirements, Growth-X has appointed an Information Officer (and Deputy) to oversee our data protection compliance. You can contact our Information Officer for privacy queries or data requests at:

​

Name: Amanda Framcke 

Title: Information Officer, Growth-X Consultancy ​

Email: amanda@growth-x.business​

Telephone: +27 82 708 0160

​

Please direct any requests to access or correct your personal information, or any other privacy-related concerns, to this contact. We aim to assist and respond to all requests promptly and in accordance with the law.

​

12. PAIA Manual and Access to Information

​

As required by the Promotion of Access to Information Act (PAIA), Growth-X has a PAIA manual that describes the categories of records we hold and how you can request access to them. This manual, along with the Guide issued by the Information Regulator, is available from our Information Officer upon request. You may submit a PAIA request for records if you need access for exercising or protecting any rights or to understand how we process personal information. The procedure for such requests is set out in PAIA and in our PAIA manual.

​

13. Updates to This Policy

​

We regularly review and update this Privacy Policy to reflect changes in the law, our practices, or our services. The policy is updated at least annually (last revision May 2026). Material changes will be posted on our website with the revised effective date. We encourage you to revisit this policy periodically. The current version applied to data collected by Growth-X from the effective date above. 

​

14. Additional Information

​

If you have questions or concerns about how we handle your personal information, please contact our Information Officer (Section 11).

​

For information on POPIA’s requirements or your data protection rights, you may consult the Information Regulator’s website (inforegulator.org.za) or seek independent legal advice.

  

This Privacy Policy is intended to comply with South African POPIA and PAIA and also takes into account general principles from international privacy standards (e.g. GDPR) to the extent relevant. 

​

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. We appreciate your trust in Growth-X and are committed to keeping your personal information secure and handled with care in accordance with the law.