Andisa Advisory

Legal

Privacy Policy

Effective date: 01 June 2026 Version: 1.0 Review due: 31 May 2027

1. Who we are

Andisa Advisory (Pty) Ltd ("Andisa", "we", "our") operates this website and the CPD workshops, short courses, and seminars listed on it. We are the responsible party for your personal information under the Protection of Personal Information Act 4 of 2013 (POPIA).

EntityAndisa Advisory (Pty) Ltd
DirectorsDuncan Pringle (Managin), Justin Pringle (Pr Eng)
AddressCluster Box 6871
Le Domain
KZN
3610
Emailadmin@andisa-advisory.com

2. Information officer

Our designated Information Officer under POPIA is Justin Pringle. You may contact the Information Officer at the email address above for any privacy-related request or complaint. We are in the process of registering our Information Officer with the Information Regulator as required by POPIA.

3. What personal information we collect

We collect only the information we need to operate our CPD programmes. This includes:

We do not knowingly collect special personal information (health data, race, political views, biometric data, etc.) unless you volunteer it in correspondence. If we receive it, we delete it unless it is strictly necessary and you have consented.

4. Why we process your information

We process personal information on the following lawful grounds:

  1. Performance of a contract — registering you for a workshop, issuing a tax invoice, and delivering the CPD certificate you paid for.
  2. Legal obligation — issuing ECSA-compliant CPD certificates requires us to record your name, registration number, and attendance. ECSA and IMESA audit records may need to be retained for the duration of the relevant 3-year CPD validation cycle.
  3. Legitimate interest — informing past attendees of related upcoming workshops. You may opt out at any time (section 8).
  4. Consent — where we ask for consent (e.g. photographing sessions for marketing), we record the consent and honour withdrawal of it.

5. Who we share your information with

We do not sell personal information. We do not share it with third parties for their own marketing purposes.

We share information only where necessary:

All third parties we engage are required to handle your information in accordance with POPIA.

6. Cross-border transfers

Where we use cloud services whose servers are located outside South Africa (for example, email or analytics platforms), we take steps to confirm that the recipient country or service provider offers an adequate level of protection, or we rely on contractual safeguards consistent with POPIA section 72. We will update this policy if the specifics change.

7. Cookies and analytics

8. Your rights under POPIA

You have the right to:

To exercise any of these rights, email info@andisaadvisory.co.za with the subject line "POPIA Request". We will respond within 30 days.

9. How long we keep your information

CPD attendance & certificates7 years (ECSA audit requirement; aligns with standard 3-year CPD cycle plus buffer)
Financial records / invoices5 years (Companies Act and SARS requirement)
Marketing email listUntil you unsubscribe, or 3 years of inactivity, whichever is sooner
General correspondence3 years
Website analytics (anonymised)24 months rolling

When retention periods expire, we securely delete or anonymise the data.

10. How we protect your information

We apply reasonable technical and organisational measures appropriate to the size of our operation: access-controlled cloud storage, encrypted email transmission, and limiting access to personal data to people who need it to do their jobs. In the event of a data breach that is likely to harm you, we will notify you and the Information Regulator as required by POPIA.

11. The Information Regulator

If you believe we have processed your information unlawfully, you may submit a complaint to the Information Regulator of South Africa:

Websiteinforegulator.org.za
Email (general)inforeg@justice.gov.za
Email (complaints)POPIAComplaints@inforegulator.org.za
AddressJD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

12. Changes to this policy

We may update this policy when our practices change or when legislation requires it. The effective date at the top of this page shows the current version. Material changes will be announced on this page for at least 30 days before they take effect.

Questions? Email admin@andisa-advisory.com — we will reply within five working days.