Privacy Policy

Last updated: April 2026

Goya XD (Pty) Ltd (“we”, “us”, or “our”) is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

This policy applies to all information collected through our website, as well as any related services, including bookings, assessments, and direct communications with us.

We are a South African business and this policy is governed by the Protection of Personal Information Act, No. 4 of 2013 (POPIA) and the Promotion of Access to Information Act, No. 2 of 2000 (PAIA).

Information Officer

As required by POPIA, our Information Officer is:

Name: Tess Gouws Email: privacy@goyaxd.com

If you have any questions about this policy or wish to exercise any of your rights, please contact the Information Officer using the details above.

What Information We Collect

We collect personal information that you voluntarily provide to us. We do not use cookies or tracking technologies on this website.

The personal information we collect depends on how you interact with us:

Enquiries: When you contact us through our website, we collect your name, email address, and any information you include in your message.

Bookings: When you schedule a session with us, we collect your name, email address, and scheduling preferences.

Assessments: When you complete an online assessment, we collect your name, email address, and your responses.

Service engagements: When you engage us for services, we may additionally collect your telephone number, job title, company name, and billing details as necessary to deliver our services and manage our business relationship.

We do not collect any special categories of personal information (such as information about your health, race, religion, political views, or sexual orientation).

Why We Collect Your Information

We process your personal information only where we have a lawful basis to do so. We use your information for the following purposes:

  • To respond to your enquiries
  • To schedule and manage appointments
  • To provide assessment results and related insights
  • To deliver facilitation, coaching, and consulting services
  • To issue invoices and process payments
  • To comply with legal and regulatory obligations, including tax reporting
  • To communicate with you about services you have engaged us for
  • To send you marketing communications, but only where you have given your prior consent (you may withdraw this consent at any time)

How We Store and Protect Your Information

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it. These include access controls, encryption, two-factor authentication, and regular backups. Access to personal information is restricted to authorised personnel on a need-to-know basis.

We review our security measures on an ongoing basis to ensure they remain appropriate to the nature and sensitivity of the information we process.

Third-Party Service Providers and Transborder Data Flows

We use trusted third-party service providers to support our business operations, including scheduling, video conferencing, project management, invoicing, file storage, communication, and assessments.

Some of these providers store or process data outside of South Africa, including in the United Kingdom, European Union, Switzerland, and the United States.

We take reasonable steps to ensure that all third-party providers are subject to appropriate safeguards, including contractual obligations and industry-standard security measures. Non-disclosure agreements are in place with all providers who handle personal information on our behalf.

For a detailed list of service providers and their data locations, please refer to our PAIA Manual, which is available upon request from the Information Officer.

Who We Share Your Information With

We do not sell your personal information. We may share your information with the following categories of recipients, only to the extent necessary:

  • Our financial services provider, for accounting and tax preparation purposes
  • The South African Revenue Service (SARS), as required by law
  • Third-party service providers, for the operational purposes described above
  • Email marketing platforms, for distributing communications you have consented to receive (when applicable)

How Long We Keep Your Information

We retain your personal information only for as long as is necessary for the purposes set out in this policy, or as required by law.

  • Enquiries are retained for a reasonable period and then deleted if no ongoing relationship is established
  • Client records are retained for the duration of our engagement and for five years thereafter, in line with statutory requirements
  • Financial and tax records are retained for the periods required by applicable legislation
  • Assessment data is retained for as long as is necessary to provide you with results and related services

When your information is no longer needed, it will be securely deleted or anonymised.

Your Rights

Under POPIA, you have the following rights in relation to your personal information:

  • The right to be informed about what personal information we hold about you and how it is processed
  • The right to access your personal information
  • The right to correction of inaccurate or incomplete personal information
  • The right to deletion of your personal information, where it is no longer necessary for the purpose for which it was collected
  • The right to object to the processing of your personal information in certain circumstances
  • The right to withdraw consent where processing is based on your consent
  • The right to lodge a complaint with the Information Regulator if you believe your rights have been infringed

To exercise any of these rights, please contact our Information Officer. We will respond to your request within 30 days.

Data Breaches

In the event of a breach that compromises your personal information, we will notify the Information Regulator and affected individuals as soon as reasonably possible, in accordance with Section 22 of POPIA.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

Complaints

If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

The Information Regulator (South Africa) Email: PAIAComplaints@inforegulator.org.za Website: https://inforegulator.org.za/

PAIA Manual

Our PAIA Manual, compiled in terms of Section 51 of the Promotion of Access to Information Act, is available upon request from the Information Officer.