Privacy Policy
Last updated: 01 December 2025
This Privacy Policy explains how Kaleidocode (Pty) Ltd and Kaleidocode Pivot (Pty) Ltd (together, “Kaleidocode”, “we”, “us” or “our”) collect, use, store and protect personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and its amended Regulations effective 17 April 2025.
By using our websites, platforms, services, or engaging with us in any way, you agree to the processing of your personal information as set out in this Policy.
1. Definitions
In this Policy, unless the context indicates otherwise:
2. Scope
This Policy applies to:
3. What Personal Information We Collect
We may collect and process, among other things:
We will indicate where the provision of information is mandatory or voluntary, and explain any consequences of not providing it.
4. How We Collect Personal Information
We collect personal information:
5. Why We Process Your Personal Information (Purposes)
We process personal information for purposes including:
We will only process personal information for purposes that are lawful, reasonable and not excessive in relation to the function or activity concerned.
6. Legal Basis for Processing
We rely on one or more of the following lawful grounds:
Where consent is the basis, you may withdraw your consent at any time – see section 11 below.
7. Direct Marketing and Consent (Updated for 2025 Regulations)
We may contact you by email, phone, SMS, WhatsApp or other electronic means about our services, events, insights and training, only where we are lawfully allowed to do so.
In line with the amended POPIA Regulations (Regulation 6):
We will not sell your personal information to third parties for their own marketing purposes.
8. Cookies and Similar Technologies
We use cookies and similar technologies to:
You can control cookies through your browser settings. Some essential cookies are required for the website to function and cannot be disabled without affecting performance.
9. Disclosure and Cross-Border Transfers
We may share your personal information with:
If we transfer personal information to another country, we will ensure that:
10. How We Protect Your Personal Information
We implement appropriate, reasonable technical and organisational measures to protect personal information against:
In line with the Regulator’s 2025 e-Portal requirements, if a security compromise (data breach) occurs that may impact your personal information, we will:
11. Retention and Destruction
We will not retain personal information for longer than is necessary for the purposes for which it was collected, unless:
When information is no longer required, we will take reasonable steps to de-identify, delete or destroy it in a secure manner.
12. Your Rights as a Data Subject (Updated for 2025 Regulations)
Under POPIA and its 2025 amended Regulations, you have the right to:
13. How to Object, or Request Correction / Deletion
Please find forms referenced below at the following link to the South African Information Regulator's latest amendments of the regulations relating to the Protection of Personal Information Act (2018).
In terms of the amended Regulations:
Please address such requests to our Information Officer (see section 15).
14. Complaints
Please find forms referenced below at the following link to the South African Information Regulator's latest amendments of the regulations relating to the Protection of Personal Information Act (2018).
If you have a concern or complaint about how we process your personal information, please contact us first so we can try to resolve it.
If you are not satisfied, you may lodge a complaint with the Information Regulator (South Africa) using Form 5 or a form substantially similar to it, by:
The Regulator will acknowledge receipt of your complaint and provide a reference number within the period prescribed in the Regulations.
15. Information Officer Details
In terms of POPIA, our Information Officer is:
Name: Rory Clarke
Role: Information Officer and Chief Executive Officer
Email: [email protected]
Postal / Physical Address: Unit 501, 197 Peter Mokaba Road, Morningside, Durban, 4001
Telephone: +27313032299
All data-subject requests, POPIA-related queries and objections should be directed to the Information Officer.
16. Children’s Information
Our services are primarily directed at adults and corporate entities. We do not intentionally collect personal information of children without the consent of a competent person (parent or legal guardian) where required by law. If you believe we have collected such information without proper consent, please contact our Information Officer so we can investigate and, where appropriate, delete it.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology or our business practices. The updated version will be posted on our website with a revised “Last updated” date. We encourage you to review it periodically.
18. Contact Us
For any questions, requests or concerns regarding this Policy or our handling of personal information, please contact:
Information Officer – Rory Clarke
Email: [email protected]
This Privacy Policy explains how Kaleidocode (Pty) Ltd and Kaleidocode Pivot (Pty) Ltd (together, “Kaleidocode”, “we”, “us” or “our”) collect, use, store and protect personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and its amended Regulations effective 17 April 2025.
By using our websites, platforms, services, or engaging with us in any way, you agree to the processing of your personal information as set out in this Policy.
1. Definitions
In this Policy, unless the context indicates otherwise:
- “Personal information” means information relating to an identifiable, living, natural person, and where applicable, an identifiable juristic person, as defined in POPIA.
- “Data subject” means the person (individual or organisation where applicable) to whom the personal information relates.
- “Responsible party” means Kaleidocode, which determines the purpose and means of processing personal information
- “Processing” includes any operation or activity concerning personal information (collection, use, storage, dissemination, modification, destruction, etc.).
- “Complaint” and “complainant” have the meanings given in the amended POPIA Regulations.
- “Day”, “office hours” and “writing” have the meanings given in the POPIA Regulations.
2. Scope
This Policy applies to:
- Visitors to our websites and online platforms;
- Prospective and existing clients;
- Suppliers, service providers and partners;
- Job applicants, apprentices and learners;
- Any other person whose personal information we process in the course of our business.
3. What Personal Information We Collect
We may collect and process, among other things:
- Identity information – name, surname, title, ID/passport, company details, registration numbers.
- Contact details – email address, telephone numbers, physical/postal addresses.
- Professional information – role, employer, qualifications, CV content, skills, references.
- Transactional information – contracts, proposals, invoices, payment details (banking details).
- Usage and technical information – IP address, browser type, device details, pages visited, and cookies / similar technologies.
- Apprenticeship & training information – training records, feedback, assessments and related reports.
- Any other information you voluntarily provide to us (for example via contact forms, email, or interviews, business requirements).
We will indicate where the provision of information is mandatory or voluntary, and explain any consequences of not providing it.
4. How We Collect Personal Information
We collect personal information:
- Directly from you (for example when you contact us, request a proposal, apply for a role, or participate in a bootcamp/apprenticeship).
- From your use of our websites and platforms (cookies, analytics and logs).
- From third parties where lawful and appropriate (for example, references, background checks, or from our clients in the course of work we perform for them).
- From publicly available sources where relevant and lawful (e.g. professional profiles such as LinkedIn).
5. Why We Process Your Personal Information (Purposes)
We process personal information for purposes including:
- Providing, operating and supporting our software development, consulting and training services.
- Responding to enquiries and requests for proposals.
- Managing our relationship with clients, suppliers and partners (onboarding, contracts, billing).
- Recruiting, assessing and managing staff, apprentices and learners.
- Meeting legal, regulatory, tax and governance obligations.
- Conducting security, quality, and performance monitoring of our systems.
- Providing updates, insights, events and marketing communications, where you have given appropriate consent or where permitted by law.
We will only process personal information for purposes that are lawful, reasonable and not excessive in relation to the function or activity concerned.
6. Legal Basis for Processing
We rely on one or more of the following lawful grounds:
- Your consent (for example, consent to receive direct marketing communications).
- Performance of a contract or steps taken at your request before entering into a contract.
- Compliance with legal/ regulatory obligations.
- Legitimate interests of Kaleidocode or a third party (for example, preventing fraud, system security, or improving services), balanced against your rights as a data subject.
Where consent is the basis, you may withdraw your consent at any time – see section 11 below.
7. Direct Marketing and Consent (Updated for 2025 Regulations)
We may contact you by email, phone, SMS, WhatsApp or other electronic means about our services, events, insights and training, only where we are lawfully allowed to do so.
In line with the amended POPIA Regulations (Regulation 6):
- We will obtain your explicit, affirmative consent before sending direct marketing via unsolicited electronic communications, unless another lawful basis applies.
- Consent requests will be free of charge and reasonably accessible, and may be obtained via email, online forms, SMS, WhatsApp, phone calls or similar channels.
- If consent is obtained telephonically or via automated calling systems, we will keep an electronic recording of that consent and make it available to you, free of charge, upon request.
- You can opt out or withdraw consent at any time using the unsubscribe options in our communications, or by contacting us directly (see section 15).
We will not sell your personal information to third parties for their own marketing purposes.
8. Cookies and Similar Technologies
We use cookies and similar technologies to:
- Make our websites function correctly;
- Gather analytics about how our websites are used;
- Improve user experience and content relevance.
You can control cookies through your browser settings. Some essential cookies are required for the website to function and cannot be disabled without affecting performance.
9. Disclosure and Cross-Border Transfers
We may share your personal information with:
- Our group companies (including Kaleidocode Pivot) where necessary for business operations;
- Third-party service providers (e.g. hosting providers, HR and payroll systems, email and collaboration tools, analytics, legal and professional advisers);
- Clients, where you are part of a project team or apprenticeship engagement;
- Regulators, courts, law-enforcement or other public bodies, where required by law.
If we transfer personal information to another country, we will ensure that:
- The recipient is subject to a law, binding corporate rules or binding agreements that provide an adequate level of protection, or
- You have consented to the transfer, or
- The transfer is otherwise permitted under POPIA (for example, it is necessary for a contract with you).
10. How We Protect Your Personal Information
We implement appropriate, reasonable technical and organisational measures to protect personal information against:
- Loss, damage or destruction;
- Unauthorised access or disclosure;
- Unlawful processing.
In line with the Regulator’s 2025 e-Portal requirements, if a security compromise (data breach) occurs that may impact your personal information, we will:
- Take reasonable steps to contain and investigate the incident;
- Assess the risk to affected data subjects;
- Notify the Information Regulator via its online e-Services Security Compromise Reporting portal; and
- Notify affected data subjects, where required, in line with POPIA.
11. Retention and Destruction
We will not retain personal information for longer than is necessary for the purposes for which it was collected, unless:
- Retention is required or authorised by law;
- We need it for lawful business purposes;
- It is required for legal proceedings or to protect our rights.
When information is no longer required, we will take reasonable steps to de-identify, delete or destroy it in a secure manner.
12. Your Rights as a Data Subject (Updated for 2025 Regulations)
Under POPIA and its 2025 amended Regulations, you have the right to:
- Be informed – to know what personal information we collect, why and how we use it.
- Access – to request confirmation of whether we hold personal information about you and to access that information.
- Correction – to request that we correct or update inaccurate or incomplete information.
- Deletion / destruction – to request that we delete or destroy personal information that we are no longer lawfully entitled to retain.
- Object to processing – to object, on reasonable grounds, to our processing of your personal information (including for direct marketing).
- Withdraw consent – where processing is based on consent, to withdraw that consent at any time.
- Lodge a complaint – to complain to the Information Regulator if you believe your privacy rights have been infringed.
13. How to Object, or Request Correction / Deletion
Please find forms referenced below at the following link to the South African Information Regulator's latest amendments of the regulations relating to the Protection of Personal Information Act (2018).
In terms of the amended Regulations:
- You may object to processing (including direct marketing), or request correction, deletion or destruction of your personal information:
- In writing (email or letter);
- By submitting a form substantially similar to Form 1 (objection) or Form 2 (correction/deletion) as issued by the Information Regulator;
- By any reasonably accessible, free-of-charge channel, including hand delivery, fax, post, email, SMS, WhatsApp or other expedient methods.
- We will respond to your request within the time periods prescribed by law (currently within 30 days of receipt of a valid request, unless an extension is legally permitted).
Please address such requests to our Information Officer (see section 15).
14. Complaints
Please find forms referenced below at the following link to the South African Information Regulator's latest amendments of the regulations relating to the Protection of Personal Information Act (2018).
If you have a concern or complaint about how we process your personal information, please contact us first so we can try to resolve it.
If you are not satisfied, you may lodge a complaint with the Information Regulator (South Africa) using Form 5 or a form substantially similar to it, by:
- Visiting the Regulator’s website: inforegulator.org.za;
- Emailing: [email protected]; or
- Submitting an online complaint via the channels indicated on the Regulator’s website.
The Regulator will acknowledge receipt of your complaint and provide a reference number within the period prescribed in the Regulations.
15. Information Officer Details
In terms of POPIA, our Information Officer is:
Name: Rory Clarke
Role: Information Officer and Chief Executive Officer
Email: [email protected]
Postal / Physical Address: Unit 501, 197 Peter Mokaba Road, Morningside, Durban, 4001
Telephone: +27313032299
All data-subject requests, POPIA-related queries and objections should be directed to the Information Officer.
16. Children’s Information
Our services are primarily directed at adults and corporate entities. We do not intentionally collect personal information of children without the consent of a competent person (parent or legal guardian) where required by law. If you believe we have collected such information without proper consent, please contact our Information Officer so we can investigate and, where appropriate, delete it.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology or our business practices. The updated version will be posted on our website with a revised “Last updated” date. We encourage you to review it periodically.
18. Contact Us
For any questions, requests or concerns regarding this Policy or our handling of personal information, please contact:
Information Officer – Rory Clarke
Email: [email protected]
