Goya XD (Pty) Ltd ("we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

This policy applies to all information collected through our website, as well as any related services, including bookings, assessments, and direct communications with us.

We are a South African business and this policy is governed by the Protection of Personal Information Act, No. 4 of 2013 (POPIA) and the Promotion of Access to Information Act, No. 2 of 2000 (PAIA).

Information Officer

As required by POPIA, our Information Officer is:

Name: Tess Gouws
Email: privacy@goyaxd.com

If you have any questions about this policy or wish to exercise any of your rights, please contact the Information Officer using the details above.

What Information We Collect

We collect personal information that you voluntarily provide to us. We do not use cookies or tracking technologies on this website.

The personal information we collect depends on how you interact with us:

• Enquiries: When you contact us, we collect your name, email address, and any information you include in your message.
• Bookings: When you schedule a session, we collect your name, email address, and scheduling preferences.
• Assessments: When you complete an online assessment, we collect your name, email address, and your responses.
• Service engagements: We may additionally collect your telephone number, job title, company name, and billing details as necessary.

We do not collect any special categories of personal information (such as information about your health, race, religion, political views, or sexual orientation).

Why We Collect Your Information

We process your personal information only where we have a lawful basis to do so. We use your information for the following purposes:

• To respond to your enquiries
• To schedule and manage appointments
• To provide assessment results and related insights
• To deliver facilitation, coaching, and consulting services
• To issue invoices and process payments
• To comply with legal and regulatory obligations
• To communicate with you about services you have engaged us for
• To send you marketing communications, but only where you have given your prior consent

How We Store and Protect Your Information

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it. These include access controls, encryption, two-factor authentication, and regular backups. Access to personal information is restricted to authorised personnel on a need-to-know basis.

Third-Party Service Providers and Transborder Data Flows

We use trusted third-party service providers to support our business operations, including scheduling, video conferencing, project management, invoicing, file storage, communication, and assessments.

Some of these providers store or process data outside of South Africa, including in the United Kingdom, European Union, Switzerland, and the United States.

We take reasonable steps to ensure that all third-party providers are subject to appropriate safeguards, including contractual obligations and industry-standard security measures.

Who We Share Your Information With

We do not sell your personal information. We may share your information with:

• Our financial services provider, for accounting and tax preparation purposes
• The South African Revenue Service (SARS), as required by law
• Third-party service providers, for operational purposes
• Email marketing platforms, for distributing communications you have consented to receive

How Long We Keep Your Information

• Enquiries are retained for a reasonable period and then deleted if no ongoing relationship is established
• Client records are retained for the duration of our engagement and for five years thereafter
• Financial and tax records are retained for the periods required by applicable legislation
• Assessment data is retained for as long as necessary to provide you with results and related services

Your Rights

Under POPIA, you have the following rights:

• The right to be informed about what personal information we hold about you
• The right to access your personal information
• The right to correction of inaccurate or incomplete personal information
• The right to deletion of your personal information where no longer necessary
• The right to object to processing in certain circumstances
• The right to withdraw consent where processing is based on your consent
• The right to lodge a complaint with the Information Regulator

To exercise any of these rights, please contact our Information Officer. We will respond within 30 days.

Data Breaches

In the event of a breach, we will notify the Information Regulator and affected individuals as soon as reasonably possible, in accordance with Section 22 of POPIA.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Complaints

If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint with:

The Information Regulator (South Africa)
Email: PAIAComplaints@inforegulator.org.za
Website: https://inforegulator.org.za/

PAIA Manual

Our PAIA Manual, compiled in terms of Section 51 of the Promotion of Access to Information Act, is available upon request from the Information Officer.