Last Updated: April 2025
Privacy Policy
How Kaymerc X collects, uses, and protects your personal information under POPIA and GDPR.
1. Introduction and Responsible Party
Kaymerc X (Pty) Ltd (CIPC Reg. 2024/720931/07) is the responsible party for the processing of personal information as defined under the Protection of Personal Information Act 4 of 2013 (POPIA) and the General Data Protection Regulation (GDPR) where applicable.
Information Officer: Karabo Moshidi
Email: admin@kaymercx.tech
Phone: +27 82 867 6363
Registered Address: Little Falls, Gauteng, South Africa
2. Information We Collect
We collect the following categories of personal information:
- Contact information: name, email address, phone number, company name, and job title
- Enquiry details: service interests, business challenge descriptions, and uploaded documents
- Payment information: processed via Yoco — Kaymerc X does not store card details on its systems
- Assessment data: personality and behavioural assessment responses and results
- Technical data: IP address, browser type, and pages visited (via Google Analytics 4, consent-gated)
- Communications: email correspondence and WhatsApp messages related to our services
3. How We Use Your Information
We process your personal information for the following purposes:
- Responding to service enquiries and booking consultations
- Delivering contracted services as agreed in engagement letters
- Sending administrative communications including invoices and confirmations
- Assessment report delivery and debrief scheduling
- POPIA-compliant marketing communications (consent-based only)
- Improving our website and service offerings
- Compliance with applicable legal obligations
4. Legal Basis for Processing
All processing of personal information is conducted on one of the following lawful grounds:
- Consent: marketing communications and assessment data processing
- Contract performance: service delivery under a signed engagement letter
- Legitimate interest: responding to direct enquiries from prospective clients
- Legal obligation: SARS compliance, CIPC statutory requirements, and other applicable legislation
5. Data Retention
We retain personal information only for as long as necessary for the purpose for which it was collected:
| Data Category | Retention Period | Basis |
|---|---|---|
| Financial records | 7 years | SARS statutory requirement |
| Client engagement records | 5 years | Contractual and legal |
| Enquiry data (non-converted) | 2 years | Legitimate interest |
| Assessment data (individual) | 24 months | Service delivery |
| Website analytics | 26 months | GA4 default |
6. Third-Party Processors
All third-party service providers are subject to Data Processing Agreements and are selected for their commitment to data protection:
- Yoco: payment processing (PCI-DSS compliant)
- Shopify: e-commerce platform (GDPR/POPIA compliant)
- Calendly: appointment scheduling
- Google Analytics 4: website analytics (consent-gated)
- Email service providers: communication delivery
7. Your Rights (POPIA Section 11 / GDPR Articles 15–22)
As a data subject, you have the following rights with respect to your personal information:
To exercise any of these rights, email admin@kaymercx.tech with the subject line: DATA SUBJECT REQUEST
We will acknowledge your request within 3 business days and respond within 30 calendar days.
8. Cookies and Analytics
We use Google Analytics 4 with a consent management framework. Analytics cookies are only placed after you have provided consent via our cookie banner.
You may withdraw analytics consent at any time by adjusting your browser settings or contacting us directly. Essential cookies required for session management and website functionality cannot be disabled as they are necessary for the site to operate.
9. Cross-Border Data Transfers
Some of our third-party service providers (including Shopify, Calendly, and Google) process data in jurisdictions outside South Africa. All international transfers are governed by appropriate safeguards including standard contractual clauses and, where applicable, adequacy decisions.
We ensure that all cross-border transfers comply with Section 72 of POPIA and applicable GDPR transfer mechanisms.
10. Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. Our security measures include:
- Access controls and role-based permissions
- Encryption in transit (TLS/HTTPS)
- Secure cloud storage with reputable providers
- Regular security assessments and reviews
- Staff awareness and confidentiality obligations
11. Children
Our services are intended for persons 18 years of age and older. We do not knowingly collect, process, or store personal information from persons under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated by email to active clients and posted on this page with an updated "Last updated" date.
Continued use of our services after the effective date of any update constitutes acceptance of the revised policy.
13. Contact and Complaints
For any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices:
You also have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator of South Africa
Website: www.inforeg.org.za