Legal
Andisa Advisory (Pty) Ltd ("Andisa", "we", "our") operates this website and the CPD workshops, short courses, and seminars listed on it. We are the responsible party for your personal information under the Protection of Personal Information Act 4 of 2013 (POPIA).
| Entity | Andisa Advisory (Pty) Ltd |
| Directors | Duncan Pringle (Managin), Justin Pringle (Pr Eng) |
| Address | Cluster Box 6871 Le Domain KZN 3610 |
| admin@andisa-advisory.com |
Our designated Information Officer under POPIA is Justin Pringle. You may contact the Information Officer at the email address above for any privacy-related request or complaint. We are in the process of registering our Information Officer with the Information Regulator as required by POPIA.
We collect only the information we need to operate our CPD programmes. This includes:
We do not knowingly collect special personal information (health data, race, political views, biometric data, etc.) unless you volunteer it in correspondence. If we receive it, we delete it unless it is strictly necessary and you have consented.
We process personal information on the following lawful grounds:
We do not sell personal information. We do not share it with third parties for their own marketing purposes.
We share information only where necessary:
All third parties we engage are required to handle your information in accordance with POPIA.
Where we use cloud services whose servers are located outside South Africa (for example, email or analytics platforms), we take steps to confirm that the recipient country or service provider offers an adequate level of protection, or we rely on contractual safeguards consistent with POPIA section 72. We will update this policy if the specifics change.
You have the right to:
To exercise any of these rights, email info@andisaadvisory.co.za with the subject line "POPIA Request". We will respond within 30 days.
| CPD attendance & certificates | 7 years (ECSA audit requirement; aligns with standard 3-year CPD cycle plus buffer) |
| Financial records / invoices | 5 years (Companies Act and SARS requirement) |
| Marketing email list | Until you unsubscribe, or 3 years of inactivity, whichever is sooner |
| General correspondence | 3 years |
| Website analytics (anonymised) | 24 months rolling |
When retention periods expire, we securely delete or anonymise the data.
We apply reasonable technical and organisational measures appropriate to the size of our operation: access-controlled cloud storage, encrypted email transmission, and limiting access to personal data to people who need it to do their jobs. In the event of a data breach that is likely to harm you, we will notify you and the Information Regulator as required by POPIA.
If you believe we have processed your information unlawfully, you may submit a complaint to the Information Regulator of South Africa:
| Website | inforegulator.org.za |
| Email (general) | inforeg@justice.gov.za |
| Email (complaints) | POPIAComplaints@inforegulator.org.za |
| Address | JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 |
We may update this policy when our practices change or when legislation requires it. The effective date at the top of this page shows the current version. Material changes will be announced on this page for at least 30 days before they take effect.
Questions? Email admin@andisa-advisory.com — we will reply within five working days.