Privacy Policy

1. INTRODUCTION

J29 (Pty) Ltd (referred to as “J29”, “we”, “us”, or “our”) is committed to protecting the privacy and personal information of all individuals who interact with our services. This Privacy Policy is designed to comply with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”) and outlines how we collect, use, process, disclose, and protect your personal information.

By accessing our website, using our services, or providing us with your personal information, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services or provide us with any personal information.

Updated January 2025

2. DEFINITIONS

For purposes of this Privacy Policy:

  • Personal Information means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including but not limited to name, contact details, identification numbers, location data, and online identifiers;
  • Processing means any operation or activity concerning personal information, including collection, receipt, recording, organization, collation, storage, updating, retrieval, alteration, consultation, use, dissemination, merging, linking, restriction, degradation, erasure, or destruction;
  • Data Subject means the person to whom personal information relates;
  • Responsible Party means J29 (Pty) Ltd, which determines the purpose of and means for processing personal information;
  • Operator means a person who processes personal information on behalf of the Responsible Party;
  • Consent means voluntary, specific, and informed expression of will by which a Data Subject agrees to the processing of their personal information.

3. RESPONSIBLE PARTY DETAILS

Company Name: J29 Business Development

Physical Address: South Africa

Email: info@j29.co.za

Telephone: 010 157 2640

Website: www.j29.co.za

Information Officer: E Middleton

4. PERSONAL INFORMATION WE COLLECT

4.1 Information You Provide Directly

We may collect the following personal information when you voluntarily provide it to us:

  • Contact Information: Name, surname, email address, phone number, WhatsApp number, physical address, postal address;
  • Business Information: Business name, business type, industry sector, registration status, company registration details, tax information, business stage, years in operation, revenue information, employee count;
  • Demographic Information: Age range, gender, education level, business experience;
  • Service-Related Information: Products or services offered, target customer information, business challenges, development needs, program preferences, learning format preferences;
  • Financial Information: Payment details, billing information, bank account details for payment processing;
  • Account Information: Username, password, security questions and answers;
  • Communications: Content of emails, messages, inquiries, feedback, and other communications with J29;
  • Content Uploads: Documents, images, videos, and other materials uploaded to our platforms or shared with us for service delivery purposes.

4.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect:

  • Technical Information: IP address, browser type and version, operating system, device type and identifiers, screen resolution;
  • Usage Information: Pages viewed, time spent on pages, links clicked, navigation paths, date and time of visits, referring website addresses;
  • Location Information: Geographic location data derived from IP address or provided by device settings;
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 11 for details).

4.3 Information from Third Parties

We may receive personal information about you from:

  • Corporate partners, clients, and referral sources;
  • Government agencies, industry bodies, and accreditation organizations (e.g., MICT SETA, SEDA);
  • Social media platforms when you interact with our social media pages or use social login features;
  • Public databases and directories where information is lawfully available.

5. PURPOSE OF PROCESSING PERSONAL INFORMATION

We process your personal information for the following lawful purposes:

5.1 Service Delivery

  • To provide our Learn, Grow, and Get Online services, including training programs, mentorship, web development, digital marketing, and AI implementation;
  • To assess your eligibility for programs and services;
  • To customize and deliver services tailored to your business needs;
  • To facilitate communication between you, our team, and corporate partners or funders.

5.2 Account Management and Administration

  • To create, maintain, and manage your account;
  • To verify your identity and authenticate access;
  • To provide customer support and respond to inquiries.

5.3 Payment Processing and Financial Transactions

  • To process payments for services rendered;
  • To issue invoices, receipts, and financial statements;
  • To manage billing inquiries and disputes.

5.4 Communication and Marketing

  • To send service-related announcements, updates, and administrative messages;
  • To provide information about new services, programs, workshops, and opportunities;
  • To send marketing communications, newsletters, and promotional materials (with your consent, where required);
  • To conduct surveys and request feedback on our services.

5.5 Program Development and Improvement

  • To analyze usage patterns and service effectiveness;
  • To develop new services and improve existing offerings;
  • To conduct research and generate aggregated, anonymized statistics for internal analysis and reporting.

5.6 Reporting and Compliance

  • To generate reports for corporate partners, funders, government agencies, and accreditation bodies;
  • To demonstrate program impact and outcomes;
  • To comply with legal and regulatory obligations, including tax, labor, and business regulations.

5.7 Legal and Security Purposes

  • To enforce our Terms and Conditions;
  • To protect our rights, property, and safety, and that of our users and the public;
  • To detect, prevent, and respond to fraud, security breaches, and illegal activities;
  • To establish, exercise, or defend legal claims.

6. ARTIFICIAL INTELLIGENCE (AI) AND AUTOMATED PROCESSING

6.1 Use of AI Technologies

J29 utilises artificial intelligence technologies, which may include services provided by Anthropic OpenAI, Google, Microsoft, and other AI service providers, to enhance our service delivery and improve user experience. AI technologies are employed in the following areas:

  • Content Creation and Enhancement: AI-assisted generation of marketing materials, business documentation, website content, social media posts, and other digital assets for clients;
  • Business Analysis: AI-powered analysis of business data, market trends, and performance metrics to provide insights and recommendations;
  • Customer Support: AI chatbots and virtual assistants to provide initial support, answer frequently asked questions, and route inquiries;
  • Training and Education: AI-enhanced learning experiences, personalized training recommendations, and adaptive learning pathways;
  • Workflow Automation: AI-powered tools to streamline business processes, automate repetitive tasks, and increase operational efficiency;
  • Data Processing and Insights: AI algorithms to process large datasets, identify patterns, and generate actionable business intelligence.

6.2 Data Processing by AI Systems

When you use our AI-powered services or when we process your information using AI technologies:

  • Your personal information may be transmitted to and processed by AI service providers (Operators) acting on our behalf;
  • AI systems may process your inputs, queries, uploaded documents, business information, and other data you provide;
  • AI-generated outputs may incorporate or be derived from your personal information;
  • Processing may occur on servers located in South Africa or internationally, subject to appropriate safeguards (see Section 8).

6.3 AI Provider Relationships and Safeguards

We implement the following safeguards when using AI service providers:

  • We enter into written agreements with AI providers that require them to protect personal information in accordance with POPIA;
  • We select AI providers with robust data protection policies and security measures;
  • We limit the personal information shared with AI systems to what is necessary for the specific purpose;
  • We configure AI services to prevent unauthorized retention, use, or disclosure of your personal information where technically feasible;
  • We regularly review AI provider policies and practices to ensure continued compliance with data protection standards.

6.4 Your Rights Regarding AI Processing

You have the right to:

  • Request information about which AI systems process your personal information;
  • Object to automated decision-making that significantly affects you;
  • Request human review of decisions made by AI systems;
  • Opt out of certain AI-powered features where alternative services are available.

6.5 AI Training and Model Improvement

We do not authorize AI service providers to use your personal information to train their general AI models unless:

  • You have provided explicit consent for such use;
  • The information has been fully anonymized such that you cannot be identified; or
  • Such use is permitted under our agreement with the AI provider and complies with POPIA.

We may use aggregated, anonymized data derived from AI interactions to improve our own services and develop new offerings.

7. LAWFUL BASIS FOR PROCESSING

We process personal information only where we have a lawful basis to do so. The lawful bases for our processing activities include:

  • Consent: Where you have given specific, informed consent for the processing;
  • Contractual Necessity: Where processing is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract;
  • Legal Obligation: Where processing is required to comply with a legal obligation to which we are subject;
  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and freedoms;
  • Protection of Rights: Where processing is necessary to protect your vital interests or those of another person.

8. DISCLOSURE AND SHARING OF PERSONAL INFORMATION

8.1 Internal Sharing

Personal information may be shared internally within J29 among authorized employees, contractors, and consultants who require access to perform their duties and deliver services to you.

8.2 Third-Party Service Providers (Operators)

We may share personal information with third-party service providers who assist us in operating our business and delivering services, including:

  • Cloud hosting and data storage providers;
  • Payment processors and financial service providers;
  • Email marketing and communication platforms;
  • AI and machine learning service providers (including Anthropic, OpenAI, and others);
  • Web analytics and performance monitoring tools;
  • Customer relationship management (CRM) systems;
  • IT support and cybersecurity service providers.

These service providers are contractually obligated to process personal information only in accordance with our instructions and to implement appropriate security measures.

8.3 Corporate Partners and Funders

We may share personal information with corporate partners, clients, funders, and other entities that:

  • Sponsor or fund programs and services you participate in;
  • Are considering you for supplier development programs, procurement opportunities, or business partnerships;
  • Require reporting on program outcomes and participant progress.

Such sharing is typically limited to business information and aggregated performance data, though individual identifiable information may be shared where necessary for program administration or with your explicit consent.

8.4 Government Agencies and Regulatory Bodies

We may disclose personal information to:

  • Government departments and agencies for compliance, reporting, and program participation purposes;
  • Accreditation bodies such as MICT SETA for training and certification purposes;
  • Tax authorities, labor departments, and other regulatory bodies as required by law;
  • The Information Regulator in response to lawful requests or as required by POPIA.

8.5 Legal Requirements and Protection of Rights

We may disclose personal information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental requests;
  • Enforce our Terms and Conditions, including investigation of potential violations;
  • Detect, prevent, or address fraud, security, or technical issues;
  • Protect against harm to the rights, property, or safety of J29, our users, or the public;
  • Establish, exercise, or defend legal claims.

8.6 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred to the acquiring or successor entity. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

8.7 With Your Consent

We may share personal information with third parties when we have your explicit consent to do so for purposes not covered in this Privacy Policy.

9. TRANSBORDER INFORMATION FLOWS

Some of our service providers, including AI technology providers, cloud hosting companies, and other third-party services, may be located outside of South Africa or may process personal information on servers located in foreign jurisdictions. This may include processing in countries such as the United States, the European Union, and other regions.

When we transfer personal information outside South Africa, we ensure that:

  • The recipient country has adequate data protection laws substantially similar to POPIA; or
  • We have entered into agreements with the recipient requiring them to provide an adequate level of protection similar to that required under POPIA; or
  • You have consented to the transfer after being informed of the possible risks; or
  • The transfer is necessary for the performance of a contract between you and J29, or for your benefit.

By using our services and providing personal information, you acknowledge and consent to such international transfers, subject to the safeguards described above.

10. SECURITY OF PERSONAL INFORMATION

We are committed to protecting the security of your personal information and have implemented appropriate technical and organizational measures to safeguard it against loss, unauthorized access, disclosure, alteration, and destruction.

10.1 Security Measures

Our security measures include:

  • Encryption of data in transit using SSL/TLS protocols;
  • Encryption of sensitive data at rest;
  • Secure authentication mechanisms and access controls;
  • Regular security assessments, vulnerability testing, and penetration testing;
  • Firewall protection and intrusion detection systems;
  • Secure backup and disaster recovery procedures;
  • Staff training on data protection and security best practices;
  • Limitation of access to personal information on a need-to-know basis.

10.2 Security Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible;
  • Notify affected Data Subjects if the breach is likely to cause harm;
  • Take immediate steps to contain and remedy the breach;
  • Provide information about the breach, its potential impact, and remedial measures taken.

10.3 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials;
  • Not sharing your password with others;
  • Notifying us immediately if you suspect unauthorized access to your account;
  • Using secure networks when accessing our services.

10.4 Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of personal information. You acknowledge and accept the inherent security risks of providing information and transacting online.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They allow us to recognize your device and store information about your preferences and usage patterns.

11.2 Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality, security, and service delivery;
  • Performance Cookies: Collect information about how visitors use our website to improve performance;
  • Functionality Cookies: Remember your preferences and provide enhanced features;
  • Marketing Cookies: Track visitors across websites to display relevant advertisements and measure campaign effectiveness.

11.3 Third-Party Cookies

We use third-party analytics and advertising services (such as Google Analytics, Facebook Pixel, and others) that may place cookies on your device. These services have their own privacy policies governing their use of information.

11.4 Managing Cookies

You can control and manage cookies through:

  • Browser settings to block or delete cookies;
  • Our cookie consent banner when you first visit our website;
  • Opt-out mechanisms provided by third-party services.

Note that blocking or deleting cookies may impact website functionality and your user experience.

12. RETENTION OF PERSONAL INFORMATION

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

12.1 Retention Periods

Typical retention periods include:

  • Active Client Information: Retained for the duration of the business relationship plus 5 years after termination or last interaction;
  • Financial Records: Retained for 5 years as required by South African tax and accounting regulations;
  • Training Records: Retained for 5 years for accreditation and compliance purposes;
  • Marketing Communications: Retained until you unsubscribe or withdraw consent;
  • Legal or Regulatory Requirements: Retained as required by applicable laws and regulations.

12.2 Deletion and Anonymization

When personal information is no longer required:

  • We securely delete or destroy it in accordance with industry standards;
  • We may anonymize it such that you can no longer be identified;
  • We may retain anonymized, aggregated data indefinitely for statistical and research purposes.

13. YOUR RIGHTS AS A DATA SUBJECT

Under POPIA, you have the following rights regarding your personal information:

13.1 Right to Access

You have the right to request confirmation of whether we hold personal information about you and to access that information. You may also request a description of the information, its purposes, recipients, and retention periods.

13.2 Right to Correction

You have the right to request correction, updating, or completion of your personal information if it is inaccurate, incomplete, misleading, or out of date.

13.3 Right to Deletion (Erasure)

You have the right to request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, where consent has been withdrawn, or where processing is unlawful. This right is subject to legal obligations that may require retention.

13.4 Right to Object

You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing. You may also object at any time to processing for direct marketing purposes.

13.5 Right to Restriction

You have the right to request restriction of processing where you contest the accuracy of the information, where processing is unlawful but you oppose deletion, or where we no longer need the information but you require it for legal claims.

13.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another responsible party where technically feasible.

13.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

13.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed or that we have not complied with POPIA.

13.9 Exercising Your Rights

To exercise any of these rights, please contact our Information Officer at:

Email: info@j29.co.za

Telephone: 010 157 2640

We will respond to your request within a reasonable time and in accordance with POPIA requirements. We may require proof of identity before processing requests. In some cases, we may charge a reasonable fee for providing access to information.

If we refuse a request, we will provide reasons for the refusal and inform you of your right to lodge a complaint with the Information Regulator.

14. CHILDREN’S PRIVACY

Our services are intended for adults and businesses. We do not knowingly collect personal information from children under the age of 18 without verifiable parental or guardian consent. Where we provide services to youth entrepreneurship programs:

  • We require consent from a parent, guardian, or competent person before collecting personal information from minors;
  • We limit collection to information necessary for program participation;
  • We implement additional safeguards to protect children’s information.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately so we can delete the information.

15. THIRD-PARTY WEBSITES AND SERVICES

Our website and services may contain links to third-party websites, applications, or services that are not operated by J29. This Privacy Policy does not apply to those third-party sites.

We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

When we integrate third-party services (such as social media widgets, payment processors, or analytics tools) into our platforms, we take reasonable steps to ensure they respect your privacy, but their use of your information is governed by their own privacy policies.

16. MARKETING COMMUNICATIONS

We may send you marketing communications about our services, programs, workshops, and opportunities if:

  • You have consented to receive such communications; or
  • We have a legitimate interest in marketing to you and you have not opted out.

16.1 Opting Out

You may opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email;
  • Contacting us at info@j29.co.za;
  • Updating your communication preferences in your account settings.

Please note that opting out of marketing communications does not affect service-related communications, such as account notifications, transactional emails, or communications regarding services you have requested.

17. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or for other operational reasons.

When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy;
  • Notify you by email or through a prominent notice on our website;
  • Where required by law, obtain your consent to the changes.

Your continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

18. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our processing of your personal information, please contact:

Information Officer

J29 Business Development

Email: info@j29.co.za

Telephone: 010 157 2640

Website: www.j29.co.za

Physical Address: Johannesburg, South Africa

19. INFORMATION REGULATOR CONTACT DETAILS

If you have a complaint about how we process your personal information or wish to report a suspected data breach, you may contact the Information Regulator:

Information Regulator (South Africa)

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

Telephone: 012 406 4818

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

***

By using J29’s services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.