Our Privacy Notice is based on the prescripts of POPIA, which requires our documentation to be understandable to our data subjects. To ensure this, we have set out terminology used herein for your ease of reference. In this Notice, we use, inter alia, the following terms:

 “We” and “Us” shall mean: Gravit8 Information Technology (Pty) Ltd 
Registration Number: 2003/028053/07

of 9th Floor, 47 Strand Street, Cape Town.

‘’POPIA’’ shall mean: Protection of Personal Information Act 4 of 2013

‘’You’’ and “Your” shall mean: the person to whom personal information relates

‘’Personal’’ Information shall mean:  Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –

  1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. Information relating to the education or the medical, financial, criminal or employment history of the person;
  3. Any identifying number, symbol, e-mail address, telephone number, location information, online identifier or other particular assignment to the person;
  4. The biometric information of the person;
  5. The personal opinions, views or preferences of the person;
  6. Correspondence sent by the person that would reveal the contents of the original correspondence;
  7. The views or opinions of another individual about the person; and
  8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“Data subject” shall mean: the person to whom personal information relates and includes any identifiable, living, natural person, and an identifiable, existing juristic person.

“Processing” shall mean: any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 “Consent” shall mean” Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal information relating to him or her.


We are committed to respecting concerns regarding privacy and will process all personal information in alignment with the prescripts of POPIA and any further prevailing privacy legislation.
All personal information furnished collected and processed by us regardless of form or medium shall be processed in accordance with the provisions set out hereunder.

Collecting Personal Information:

We endeavour to collect and process information, which has been collected directly from data subjects.
Generally, the processing of your personal information is necessary for purposes set out below and we will therefore only request information that is relevant and necessary for such processing. Failure to provide this personal information could prevent or cause a delay in the fulfillment of these obligations.

We collect and process the following information:

Data Subject

Types of Information Collected



Name, registration number, VAT registration number, director/member name, identity number, contact details, addresses, bank details.



Name, company registration number, VAT registration number, contact details, addresses and bank details.


Visitors to Website

Name, contact details, email address, location data and information collected via cookies.


*This policy excludes personal information collected from employees, which shall be subject to a separate agreement.

Legal basis for the processing

We, and service providers we engage, process data subjects’ personal information exclusively for the following purposes:


We will process your personal information where you have expressly consented to the processing thereof. For example:

  • in the form of specific consent; or
  • if you contact us using our contact form.
To Comply with Contractual Obligations:

We will carry out administrative activities which includes but is not limited to liaising with data subjects (telephonically or via email) for invoicing, collecting payments and delivery of services or for any other purposes related to the our contractual obligations to the data subject.

To Comply with Legal Obligations:

Personal information is also collected and processed in order to comply with any legal obligation imposed on us, which includes but is not limited to our duty to monitor and provide notification.

In Pursuit of our legitimate interests or that of any third parties:

We may process your data where necessary to pursue our legitimate interests or the legitimate interests of third parties. This includes but is not limited to:

  • Enforcement of legal claims and defence in legal disputes;
  • Prevention and investigation of criminal acts;
  • Preservation of IT security and IT operations.
Retention of Records

The criteria used to determine the period of storage of personal information is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

Collection of Information by “Cookies”:

You are aware that information and data is automatically collected through the standard operation of the Internet servers and through the use of “cookies.” “Cookies” are small text files a Website can use to recognise repeat users, facilitate the user’s ongoing access to and use of the Website and allow a Website to track usage behaviour and compile aggregate data that will allow content improvements and targeted advertising. Cookies are not programs that come onto your system and damage files. Generally, cookies work by assigning a unique number to you that has no meaning outside the assigning site. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature; however, you should note that cookies may be necessary to provide you with certain features (e.g., customized delivery of information) available on our Websites.

Security Safeguards:

We will:

  1. treat your personal information as strictly confidential;
  2. take appropriate technical and organisational measures to ensure that your personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access;
  3. promptly notify you if we become aware of any unauthorised use, disclosure or processing of your personal information;
  4. provide you with reasonable evidence of our compliance with our obligations under this policy on reasonable request; and
  5. We will not retain your personal information longer than the period for which it was originally required, unless we are required by law to do so, or you consent to us retaining such information for a longer period.



We do not process the information of minor children.

Transborder Flow of Information:

We may transfer your information outside South African borders for retention purposes and/or if our service provider/s are cross border or uses cross boarder systems. We will only share your information with service providers who have comparable privacy policies in place. 


Your rights:

Right of Access

Each data subject has the right to obtain from us confirmation as to whether personal information concerning him/her is being processed by it as well as a record of said personal information. Should the data subject require copies of any/all of the records held, a request must be submitted in the format and manner as prescribed detailed in our PAIA Manual, available via our website,

Right to Rectification

Each data subject has the right to obtain from us, without undue delay, the rectification of inaccurate personal information concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement.

Right to Erasure

A data subject, may at any time, request the deletion or destruction of its personal information held by us. We, however reserve the right to refuse such request in light of any other laws, regulations and/or contractual obligations restricting us from complying with the data subject’s request.

Right to Object

Each data subject has the right to object, on grounds, to the processing of his/her personal information. We will refrain from processing the personal information in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

In order to comply with any request received, we may require proof of identity.


Existence of automated decision-making

As a Responsible Party, we do not use automatic decision-making or profiling.

Promotion of Access to Information Act:

In compliance with the provisions of the Promotion of Access to Information 2 of 2000 (PAIA), all requests for access to information must comply with the prescribed procedure set out in our PAIA manual, available upon written request or our website,

Contact Us:

All enquiries, concerns or complaints relating to the processing of personal information must be directed to Gary Fouché in writing, at

If you are not satisfied with our response to your query, you may approach the following regulatory body for further assistance: