Privacy Policy
Last updated: July 2026
Draft for review: This policy has been prepared for SwiftCode Innovation (Pty) Ltd and should be reviewed and approved by a legal professional before it is relied upon.
1. Introduction
SwiftCode Innovation (Pty) Ltd ("SwiftCode Innovation", "we", "us" or "our") respects your privacy and is committed to protecting the personal information entrusted to us. This Privacy Policy explains how we collect, use, store, share and safeguard personal information, and the rights available to you, in accordance with the Protection of Personal Information Act, 4 of 2013 ("POPIA") and other applicable law.
It applies to visitors of our website, our clients, prospective clients, suppliers, service providers, job applicants and any other person whose personal information we process.
2. About POPIA
POPIA gives effect to the constitutional right to privacy by setting conditions for the lawful processing of the personal information of natural and juristic persons. It applies to a responsible party that is domiciled in South Africa, or that processes personal information using automated or non-automated means within South Africa. Where we determine the purpose and means of processing, we act as the "responsible party"; where we process information on behalf of a client, we act as an "operator".
3. Information we collect
We collect and process personal information for defined, lawful purposes. This may include:
- Identity and contact details — name, email address, telephone number, company and role;
- Enquiry and project information you provide through our contact form or during an engagement;
- Correspondence and records of our communications with you;
- Supplier and service-provider details for procurement and payment purposes;
- Recruitment information from job applicants (CVs, qualifications, references);
- Technical and usage data collected automatically, such as anonymised analytics, where enabled.
We collect information directly from you, in the course of our relationship or provision of services, from your use of our website, and — where lawful — from third parties and public sources.
4. Lawful basis for processing
We only process personal information where we have a lawful basis to do so, namely where:
- you have consented to the processing;
- the processing is necessary to conclude or perform a contract with you;
- the processing is required to comply with a legal obligation;
- the processing protects your legitimate interests; or
- the processing is necessary for our legitimate interests or those of a third party to whom the information is supplied, balanced against your rights.
We do not process special personal information except in accordance with POPIA. Where we rely on consent, you may withdraw it at any time; this does not affect the lawfulness of processing carried out before withdrawal or processing justified on another lawful basis.
5. Purposes for processing
We generally process personal information to operate our business, including to:
- respond to enquiries and provide, manage and improve our services and products;
- research, design, build, deploy and support software and technology solutions;
- manage our relationships with clients, suppliers and service providers;
- process payments and manage invoicing and accounting;
- recruit and manage staff and contractors;
- monitor and secure our systems and online platforms;
- send you information about our services where permitted (see Direct marketing); and
- comply with applicable law and respond to lawful requests from regulatory or government authorities.
6. Keeping information accurate
We take reasonable steps to keep personal information accurate, complete and up to date for the purpose for which it is processed. Please notify us of any changes so that we can update our records.
7. Storage and third-party service providers
We may store personal information in electronic or hard-copy format on our own secured systems or with trusted third-party providers (such as reputable cloud, hosting and software providers) that support our operations. We require these operators, by written agreement, to process personal information only as instructed and to apply security measures at least as protective as our own.
8. Sharing personal information
We do not sell your personal information. We may share it with third parties who assist us — for example, hosting and infrastructure providers, payment processors, professional advisors, and auditors — and with government or regulatory authorities where required by law. We share information with your consent or where we are otherwise permitted to do so under applicable law.
9. Cross-border transfers
Some of our service providers may process or store personal information outside South Africa. Where we transfer personal information to another country, we do so only where a lawful basis under POPIA exists — for example, where the recipient is subject to laws or agreements that provide an adequate level of protection, or where you have consented. Information processed in another jurisdiction may be subject to the laws of that country.
10. Direct marketing
We may contact you about services that may be of interest to you where permitted by law. You may opt out of marketing communications at any time by contacting us at admin@swiftcode.co.za, and we will stop processing your information for that purpose.
11. Data retention
We do not retain personal information for longer than is necessary to achieve the purpose for which it was collected, unless retention is required or authorised by law, is necessary for our lawful functions or a contract, you have consented to longer retention, or the record is kept for legitimate historical, research, archival or statistical purposes with appropriate safeguards. When no longer required, we securely delete, destroy or de-identify the information.
12. Data minimisation
We limit our processing of personal information to what is adequate, relevant and not excessive for the purpose for which it is collected.
13. Security and data breaches
We apply appropriate, reasonable technical and organisational measures to safeguard personal information against loss, damage, unlawful access and unauthorised destruction. If we have reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, in accordance with POPIA.
14. Cookies and similar technologies
Our website may use cookies and similar technologies to enable core functionality and, where enabled, to collect anonymised usage statistics. You can set your browser to refuse cookies; however, some parts of the website may not function as intended if you do so.
15. Your rights
Subject to applicable law, you have the right to:
- request access to the personal information we hold about you;
- request that we correct, update or delete your personal information on reasonable grounds;
- object, on reasonable grounds, to the processing of your personal information;
- withdraw consent where processing is based on consent; and
- lodge a complaint with the Information Regulator.
To exercise these rights, contact our Information Officer (details below). We may ask you to verify your identity, and will respond within the timeframes required by law. Prescribed fees set out in our PAIA Manual may apply to certain requests.
16. Changes to this policy
We may amend this Privacy Policy from time to time and will publish the current version on our website. Material changes will be communicated where reasonably practicable.
17. Contact us
Questions, requests or complaints regarding this Policy or your personal information may be directed to our Information Officer:
- Information Officer: Atusaye Msiska
- SwiftCode Innovation (Pty) Ltd
- 33 Rolls Royce Street, Impala Park, Boksburg, 1459, South Africa
- Email: admin@swiftcode.co.za
- Phone: +27 74 832 8272
You may also contact the Information Regulator (South Africa) at inforegulator.org.za.
