privacy policy

Last updated: 09 March 2026

1. Purpose of this Privacy Policy

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit or interact with our Website or contact us about our services. It is intended to serve as our privacy notice to the extent required by the Protection of Personal Information Act, 2013 (“POPIA”).

2. Responsible Party (Who we are)

The responsible party for the processing of personal information described in this Privacy Policy is:

• A2O Applications (Pty) Ltd (Registration No. 2024 / 255828 / 07)

• Email: info@a2o.co.za

• Address: A2O Applications (Pty) Ltd, c/o The Centurion Hotel[16], 1001 Lenchen Avenue North, Centurion, 0046, South Africa[17].

3. Information Officer

POPIA requires each organisation to designate an Information Officer responsible for, among other things, encouraging compliance and dealing with POPIA-related requests.

• Information Officer: Adriaan Izak Odendaal (Director)

• Email: directors@a2o.co.za

4. What personal information we collect

We aim to limit our collection of personal information to what is adequate and relevant for the purposes described below. Depending on how you use the Website, we may process the following categories:

Information you provide voluntarily If you contact us (for example by email), you may provide: Name and surname; job title; company/organization name; email address; phone number; and the contents of your message (which may include other information you choose to share).

Information collected automatically when you browse When you visit the Website, we (and/or our hosting and technology providers) may automatically collect: Device and browser information; IP address and approximate location (derived from IP); date/time of access; pages viewed; referring/exit pages; and diagnostic/security logs.

Cookies and similar technologies We may use cookies or similar technologies that are: (a) necessary for the Website to function; and/or

(b) used for analytics and performance measurement.

You can manage cookies through your browser settings and, if implemented, our cookie banner/preferences controls (see “Cookies” below).

5. Information not intended to be collected

We do not intentionally collect: Special personal information (such as health, biometrics, religion, or criminal behavior) through the Website; or personal information of children. Please do not send such information to us via the Website or by email unless we specifically request it for a lawful purpose and provide you with an appropriate notice.

6. Why we process personal information (purposes)

We process personal information for the following purposes:

• Responding to enquiries and providing information

• To respond to questions, requests, proposals, and enquiries you send to us; and to communicate with you about our services.

• Website operation and improvement

• To operate, maintain, troubleshoot, and improve the Website and our content; to understand which pages and services are most useful; and to measure performance.

• Security and fraud prevention: To maintain the security of the Website, prevent and detect malicious activity, and protect our systems, people, and visitors.

• Compliance and legal protection: To comply with applicable laws and lawful requests, and to establish, exercise, or defend legal rights where necessary.

7. Lawful grounds for processing

We only process personal information where one or more lawful grounds apply. Depending on the context, these may include:

• Consent: Where you give us specific, informed, voluntary consent (for example, where we implement optional analytics cookies, or where you request marketing updates).

• Contract / pre-contract steps: Where processing is necessary to take steps at your request before entering into a contract, or to perform obligations under a contract (for example, when you request a proposal or software development engagement).

• Legal obligation: Where processing is required to comply with applicable law.

• Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party), provided your interests and rights do not override those interests (for example, basic security monitoring and limited logging to protect the Website).

• Your legitimate interests: Where processing is necessary to protect your legitimate interests (for example, responding to a security or privacy concern you raise).

If you object to processing based on legitimate interests, we will evaluate your request and stop processing unless we have compelling grounds to continue or another lawful basis applies.

8. Direct marketing

We will not send you unsolicited electronic direct marketing (such as marketing emails) unless allowed by law. Where we do send marketing communications, we will provide a simple method to opt out (unsubscribe) and will respect opt-out requests.

9. Sharing and disclosure of personal information

We may share personal information only where necessary for the purposes above, and subject to appropriate safeguards. Categories of recipients may include:

• Our staff and contractors

• Employees and authorized representatives who need the information to perform their duties.

• Operators / service providers

• Third-party service providers that host, maintain, secure, or support the Website and our business communications and tooling (for example, website hosting, email systems, IT support, and security providers). These providers process personal information only on our instructions and are required to implement appropriate security measures.

• Professional advisors (such as accountants, auditors, or attorneys) where necessary and subject to confidentiality obligations.

• Legal and regulatory disclosures: Where required by law, court order, or lawful authority, or where necessary to protect rights and safety.

10. Third-party links

The Website may include links to third-party sites or platforms (for example LinkedIn[18]). If you follow a third-party link, that third party’s privacy practices apply.

11. Cross-border transfers

Some of our service providers (including website hosting, security, or analytics providers such as Google[19]) may store or process personal information outside South Africa. Where personal information is transferred outside South Africa, we will only do so where permitted and protected under applicable law, including by ensuring an appropriate lawful transfer mechanism and adequate protection.

12. Security safeguards

We implement and maintain reasonable technical and organizational safeguards to protect personal information against loss, damage, unauthorized destruction, and unlawful access or processing.

Depending on the risk profile of the information and systems involved, these safeguards may include access controls; least-privilege permissions; authentication controls; encryption in transit; secure configuration and patching; activity logging; backups; and staff confidentiality obligations.

13. Security compromise (data breach) notification

If we have reasonable grounds to believe that personal information has been accessed or acquired by an unauthorized person, we will take steps to investigate, contain, and remediate the incident. Where notification is required, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, taking into account law enforcement needs and other permissible factors.

Notifications may be provided by email, website notice, and/or other methods appropriate to the circumstances.

14. Retention and deletion

We do not retain personal information longer than is necessary for the purposes described in this Privacy Policy, unless retention is required or permitted by law, required to perform a contract, or reasonably required for lawful purposes.

Unless a longer period is required for a specific lawful purpose, we apply the following typical retention approach for Website-related information:

• Enquiry communications (emails): retained for up to 3 years after last correspondence, then deleted or archived with restricted access (unless needed for an active engagement, dispute, or legal requirement).

• Security and access logs: typically retained for up to 12 months, then deleted or aggregated/de-identified where feasible.

• Cookie data: retained for durations set by the relevant cookie, and manageable via your browser and (if implemented) our cookie controls.

• When we delete personal information, we take reasonable steps to do so securely and in a manner that prevents reconstruction where applicable.

15. Your rights and how to exercise them

Subject to applicable law, you may have rights to:

• Request confirmation whether we hold personal information about you;

• Request access to records or a description of your personal information;

• Request correction, deletion, or destruction of inaccurate, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal information;

• Object to certain processing on reasonable grounds; and

• Object to direct marketing.

To submit a request, contact our Information Officer using the details above with the subject line: “POPIA Request”. Please include sufficient information for us to verify your identity and understand your request. We may request additional proof of identity and will respond within a reasonable time.

16. Cookies

We use (or may use) cookies and similar technologies to support the operation, security, and performance of the Website.

If and when we use non-essential cookies (such as analytics cookies), we will where appropriate provide notice and request your consent via a cookie banner or preference tool. If you do not consent, non-essential cookies should not be placed.

You can also control cookies via your browser settings (including blocking or deleting cookies). Please note that blocking essential cookies may affect Website functionality.

17. Complaints

If you have concerns about how we process personal information, please contact our Information Officer first so we can try to resolve the matter.

You may also lodge a complaint with the Information Regulator.

• General enquiries: enquiries@inforegulator.org.za | 010 023 5200 | Toll free: 0800 017 160.

• POPIA complaints: POPIAComplaints@inforegulator.org.za.

18. Limitations to Liability

A2O shall process all your information in the strictest confidence in accordance with the Protection of Personal Information Act 4 of 2013 and shall not use your Information for any other purpose than its use in the course of using the application/software or system.

A2O commits to take all reasonable measures possible to protect all your confidential information (“Information”), both technically (ensuring the standard security and data protection technology is used and up to date) and through standard operating procedures (the way the information is handled). In particular, A2O undertakes to:

• protect your Information from disclosure to anyone other than its employees, representatives, consultants, partners and/or agents who have a strict need to know the Information, or any part thereof. A2O shall ensure that such employees, representatives, consultants and/or advisers shall maintain the Information in strict confidence and secrecy;

• use the same degree of care as it uses with its own valuable proprietary information, however, in no case below the due diligence of a reasonable businessman; 

• not use the Information for any purpose other than the performance of its obligations. In no event may A2O reveal any Information to any third party;  

• notify the Client immediately upon becoming aware of any unauthorised disclosure or use of the Information;

A2O, however, does not accept any liability for the loss or leakage of any information due to events beyond A2O's reasonable control.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when changes were last made. Where appropriate, we will post a prominent notice on the Website if changes are material.