Privacy Policy

INSPIRED Business Design (Pty) Ltd

Last Updated: 9 April 2026
Version: 2.0 (Consolidated)

INTRODUCTION

Thank you for visiting our website and for showing your interest in the products and services our organisation offers. Your privacy is of the utmost importance to us and for this reason we comply with all relevant statutory regulations on the protection of personal data.

INSPIRED Business Design (Pty) Ltd, Registration No. 2012/211432/07 (hereinafter referred to as “INSPIRED“, “we“, “us” or “our“) owns and operates:

• INSPIRED Business Design (inspiredbusinessdesign.com)
• INSPIRED Marketing (inspiredmarketing.co.za)
• INSPIRED Publications (inspiredpublications.co.za)

(collectively, the “Websites“)

INSPIRED is committed to ensuring the protection of the privacy of all visitors (“Visitors“) to our Websites, as well as all persons (“Customers” or “Clients“) who have registered for an account with us (“Account“).

This Privacy Policy (“this Policy“) describes the ways in which we collect, store, use, and protect your personal information in accordance with:

• South African Law: Protection of Personal Information Act, 2013 (POPIA)
• European Union & United Kingdom Law: General Data Protection Regulation (GDPR) and UK GDPR
• Other Applicable Laws: Where relevant, including laws of jurisdictions where our Clients are located

By using our Websites and/or our Services, you acknowledge and consent to the collection, use, and processing of your Personal Data in accordance with this Policy. If you do not agree with anything in this Policy, then you may not use the Websites or any of the Services available therefrom.

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to:

1. All Personal Data processed by INSPIRED as a Controller (i.e., where we determine the purposes and means of processing).
2. Personal Data processed by INSPIRED as a Processor (i.e., where we process Personal Data on behalf of our Clients).
3. All personal information collected through our Websites, marketing platforms, email communications, and client services.

This Privacy Policy does NOT apply to:

• Websites of third-party service providers to which our Websites merely provide a link. We are not responsible for the privacy policies of such third parties, and you are advised to familiarise yourself with their policies.
• Personal Data processed by our Clients using our platform services (where the Client is the Controller and INSPIRED is the Processor).

1. DEFINITIONS

The following expressions shall bear the meanings assigned to them below:

1.1 “Controller” (or “Responsible Party” under POPIA) shall mean the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

1.2 “Data Protection Laws” shall mean the applicable laws and regulations protecting the fundamental rights and freedoms of individuals in respect of their right to privacy with respect to the processing of Personal Data, including:

• Protection of Personal Information Act, 2013 (POPIA) – South Africa
• General Data Protection Regulation (GDPR) – European Union
• UK GDPR – United Kingdom
• Other applicable data protection and privacy laws

1.3 “Data Protection Supervisory Authority” (or “Information Regulator” under POPIA) shall mean the relevant supervisory authority or regulator responsible for overseeing compliance with applicable Data Protection Laws:

• South Africa: Information Regulator (South Africa)
• UK: Information Commissioner’s Office (ICO)
• EU: Relevant national Data Protection Authority

1.4 “Data Processing Register” shall mean a register of all systems or contexts in which Personal Data is processed by us.

1.5 “Data Subject” shall mean you, being an identified or identifiable natural person. Where you are using or engaging with our Services in South Africa, the term Data Subject shall extend to an identified or identifiable juristic person (legal entity).

1.6 “Personal Data” (or “Personal Information” under POPIA) shall mean any information relating to a Data Subject, including but not limited to:

• Name, surname, identity number, passport number
• Physical and postal addresses
• Email address, telephone number, mobile number
• IP address, device identifiers, online identifiers
• Website usage data, browsing history, preferences
• Company name, job title, business information
• Financial information (where applicable)
• Any other information that can be used to identify you directly or indirectly

Non-Personal Data is data that cannot be used to determine your actual identity, such as aggregated or anonymised data (e.g., general statistics about website traffic, browser types, preferred industries).

1.7 “Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.

1.8 “Process/Processed/Processing” shall mean any operation or set of operations performed on Personal Data, whether or not by automated means, such as:

• Collection, recording, organisation, structuring, storage
• Adaptation, alteration, retrieval, consultation, use
• Disclosure by transmission, dissemination, or otherwise making available
• Alignment, combination, restriction, erasure, or destruction

1.9 “Processor” (or “Operator” under POPIA) shall mean a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.

1.10 “Services” shall mean any marketing services, platform services, consulting, publications, and other services that we provide to our Clients.

1.11 “Third-Party” shall mean any other natural or juristic person that is not you (the Data Subject), or us (INSPIRED).

2. DATA PROTECTION PRINCIPLES

We are committed to processing Personal Data in accordance with Data Protection Laws. In accordance with GDPR, UK GDPR, and POPIA, we ensure that your Personal Data shall be:

2.1 Processed lawfully, fairly, and transparently in relation to Data Subjects.

2.2 Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes.

2.3 Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimisation).

2.4 Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

2.5 Kept in a form which permits identification of Data Subjects for no longer than necessary for the purposes for which the Personal Data is processed. Personal Data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of appropriate technical and organisational measures.

2.6 Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organisational measures (integrity and confidentiality).

3. WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of Personal Data:

3.1 Information You Provide Directly

When you interact with our Websites or Services, you may voluntarily provide us with Personal Data, including:

Contact Information:

• First and last name
• Email address
• Telephone number / mobile number
• Physical address (street address, city, state/province, postal code, country)
• Company name / organisation name
• Job title / position
• Website URL

Account Information:

• Username and password (encrypted)
• Account preferences and settings
• Communication preferences (e.g., newsletter subscriptions, marketing opt-ins)

Inquiry and Communication Data:

• Content of inquiries, support requests, feedback, or correspondence
• Information provided in forms, surveys, webinars, or events

Marketing and Sales Data:

• Information about your business, industry, and marketing needs
• Product or service preferences
• Purchase history and transaction records (where applicable)

3.2 Information We Collect Automatically

When you visit our Websites or use our Services, we automatically collect certain technical and usage information:

Technical Data:

• IP address (anonymised where possible)
• Browser type and version
• Device type, manufacturer, and operating system
• Screen resolution and display settings
• Time zone and language preferences

Usage Data (Log Data):

• Pages visited, URLs accessed, time spent on pages
• Date and time of visits
• Referral source (website or link that directed you to us)
• Clickstream data (navigation paths, clicks, scrolls)
• Search queries made on our Websites
• Files and content downloaded

Location Data:

• Coarse geographic location derived from IP address (country, region, city level)
• Precise location data (only if you explicitly grant permission via your device)

3.3 Information from Third-Party Sources

We may receive Personal Data about you from third-party sources, including:

• Social Media Platforms: If you connect your social media accounts or interact with our social media pages (e.g., LinkedIn, Facebook, Twitter).
• Business Partners and Affiliates: Information shared by our business partners with your consent.
• Publicly Available Sources: Information available in public directories, business registries, or professional networks.
• Marketing and Analytics Platforms: Data collected by third-party services we use (e.g., Google Analytics, Constant Contact LG\&CRM).

3.4 Special Categories of Personal Data

We do not intentionally collect “special categories” of Personal Data (also known as “sensitive personal information”), such as:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic or biometric data
• Health data
• Data concerning sex life or sexual orientation

If you provide such information voluntarily (e.g., in a free-text field), we will handle it with the highest level of protection and seek your explicit consent where required by law.

4. HOW WE USE YOUR PERSONAL DATA

We process your Personal Data for the following purposes:

4.1 To Provide and Improve Our Services

• Operate and maintain our Websites and platform services
• Respond to your inquiries, requests, and support tickets
• Create and manage your Account
• Process transactions and deliver products or services you have requested
• Provide customer support and technical assistance
• Improve our Websites, services, and user experience

Legal Basis:

• Performance of a contract (GDPR Art. 6(1)(b); POPIA Section 11(1)(b))
• Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))

4.2 Marketing and Communications

• Send you newsletters, promotional materials, and updates about our products and services
• Conduct market research, surveys, and customer feedback initiatives
• Inform you about events, webinars, and training opportunities
• Personalise marketing messages based on your interests and preferences

Legal Basis:

• Your consent (GDPR Art. 6(1)(a); POPIA Section 11(1)(a) and Section 69)
• Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f)) – for existing customers

Your Rights:

• You can opt out of marketing communications at any time by:
• Clicking the “unsubscribe” link in any marketing email
• Updating your preferences in your Account settings
• Contacting us at support@inspiredmarketing.co.za

4.3 Analytics and Website Improvement

• Analyse how visitors use our Websites (pages visited, time spent, navigation patterns)
• Generate aggregated statistics and reports on website traffic and user behaviour
• Identify and fix technical issues, bugs, and errors
• Test new features and improvements

Legal Basis:

• Your consent (GDPR Art. 6(1)(a); POPIA Section 69) – via cookie consent
• Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))

4.4 Security and Fraud Prevention

• Detect, prevent, and respond to fraud, security incidents, and abuse
• Protect the security and integrity of our Websites, systems, and data
• Verify identity and authenticate users
• Investigate and resolve disputes or violations of our Terms and Conditions

Legal Basis:

• Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))
• Compliance with legal obligations (GDPR Art. 6(1)(c); POPIA Section 11(1)(c))

4.5 Legal and Regulatory Compliance

• Comply with applicable laws, regulations, court orders, and legal processes
• Respond to lawful requests from public authorities (e.g., law enforcement, regulators)
• Establish, exercise, or defend legal claims
• Maintain records required by law (e.g., accounting, tax, PAIA Manual)

Legal Basis:

• Compliance with legal obligations (GDPR Art. 6(1)(c); POPIA Section 11(1)(c))
• Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))

5. LAWFUL BASIS FOR PROCESSING (GDPR & POPIA)

Under GDPR and POPIA, we must have a lawful basis for processing your Personal Data. We rely on the following legal bases:

5.1 Consent (GDPR Art. 6(1)(a); POPIA Section 11(1)(a))

Where you have given clear, informed, and voluntary consent to the processing of your Personal Data for one or more specific purposes (e.g., marketing communications, cookies, newsletters).

Your Right to Withdraw Consent:

• You may withdraw your consent at any time.
• Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
• To withdraw consent, contact us at support@inspiredmarketing.co.za or use the opt-out mechanisms provided (e.g., unsubscribe links, cookie settings).

5.2 Performance of a Contract (GDPR Art. 6(1)(b); POPIA Section 11(1)(b))

Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract (e.g., providing Services, managing your Account).

5.3 Legal Obligation (GDPR Art. 6(1)(c); POPIA Section 11(1)(c))

Where processing is necessary to comply with a legal obligation to which INSPIRED is subject (e.g., tax laws, accounting regulations, court orders, PAIA requests).

5.4 Legitimate Interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))

Where processing is necessary for the purposes of the legitimate interests pursued by INSPIRED or a third party, except where such interests are overridden by your fundamental rights and freedoms.

Examples of Legitimate Interests:

• Improving our Websites and Services
• Fraud prevention and security
• Network and information security
• Internal administration and business analytics
• Direct marketing to existing customers (with opt-out)

Balancing Test: We conduct a balancing test to ensure that our legitimate interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 12).

6. HOW WE SHARE YOUR PERSONAL DATA

We do not sell, rent, or trade your Personal Data to third parties. However, we may share your Personal Data in the following circumstances:

6.1 Service Providers and Processors

We engage trusted third-party service providers to assist us in delivering our Services. These providers process Personal Data on our behalf as Processors under written contracts that ensure GDPR/POPIA compliance.

Examples of Service Providers:

• Constant Contact LG\&CRM: Marketing automation, CRM, email marketing, lead tracking
• Google LLC (Google Analytics, Google Tag Manager, Google Maps): Web analytics, tag management, maps services
• Hosting Providers: Website hosting and cloud infrastructure
• Payment Processors: Payment gateway and transaction processing (where applicable)
• IT and Security Providers: Cybersecurity, backup, and disaster recovery

Data Processing Agreements: We have Data Processing Agreements (DPAs) in place with all Processors to ensure they handle your Personal Data securely and in accordance with Data Protection Laws.

6.2 Business Transfers

In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your Personal Data may be transferred to the acquiring or successor entity. We will notify you of any such change and provide you with choices regarding your Personal Data.

6.3 Legal Requirements and Protection of Rights

We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, law enforcement requests). We may also disclose your Personal Data to:

• Protect the rights, property, or safety of INSPIRED, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms and Conditions or other agreements

6.4 With Your Consent

We may share your Personal Data with third parties when you have given explicit consent to do so (e.g., sharing information with a specific business partner at your request).

7. INTERNATIONAL DATA TRANSFERS (CROSS-BORDER TRANSFERS)

7.1 Transfer Outside South Africa, UK, and EU

INSPIRED is based in South Africa. However, some of our service providers and partners may be located in other countries, including the United States and other jurisdictions.

When we transfer your Personal Data outside South Africa, the UK, or the EU, we ensure that appropriate safeguards are in place to protect your data in accordance with GDPR, UK GDPR, and POPIA.

7.2 Safeguards for International Transfers

We use the following mechanisms to ensure lawful cross-border transfers:

a) Adequacy Decisions

We transfer data to countries that have been recognised by the European Commission or the South African Information Regulator as providing an adequate level of data protection.

b) Standard Contractual Clauses (SCCs)

We use Standard Contractual Clauses approved by the European Commission or equivalent contractual clauses under POPIA to govern data transfers to countries without adequacy decisions.

c) Data Processing Agreements (DPAs)

We enter into Data Processing Agreements with all Processors that include appropriate data protection clauses.

d) Privacy Shield / UK Extension (Historical Note)

Note: The EU-US Privacy Shield was invalidated in 2020 (Schrems II decision). We no longer rely on Privacy Shield and instead use Standard Contractual Clauses for transfers to the United States.

7.3 Specific Third-Party Processors and Data Transfers

Constant Contact LG\&CRM (USA)

• Provider: Constant Contact, Inc. (United States)
• Purpose: Marketing automation, CRM, email marketing, lead tracking
• Data Transferred: Contact information, email engagement data, website behaviour
• Safeguards: Standard Contractual Clauses (SCCs), Data Processing Agreement
• Privacy Policy: https://www.constantcontact.com/legal/privacy-notice

Google LLC (USA)

• Services: Google Analytics, Google Tag Manager, Google Maps
• Purpose: Web analytics, tag management, maps and location services
• Data Transferred: Anonymised IP address, usage data, location data
• Safeguards: Standard Contractual Clauses (SCCs), Data Processing Agreement, IP Anonymization
• Privacy Policy: https://policies.google.com/privacy
• Opt-Out: Google Analytics Opt-out Browser Add-on

7.4 Your Rights Regarding International Transfers

You have the right to:

• Request information about the safeguards we use for international data transfers
• Object to data transfers if you believe they do not comply with Data Protection Laws
• Lodge a complaint with your local Data Protection Supervisory Authority

To exercise these rights, contact our Data Protection Officer at support@inspiredmarketing.co.za.

8. DATA RETENTION (HOW LONG WE KEEP YOUR DATA)

8.1 Retention Principles

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

8.2 Retention Periods

The retention period depends on the type of data and the purpose for which it is processed:

Account and Customer Data:

• Active Accounts: Retained for the duration of your relationship with us and for a reasonable period thereafter (typically 12 months after account closure) to handle queries, disputes, or legal obligations.
• Closed Accounts: Deleted or anonymised 12 months after account closure, unless retention is required by law.

Marketing and Communication Data:

• Newsletter Subscribers: Retained until you unsubscribe, then deleted within 30 days.
• Marketing Leads: Retained for up to 3 years from the last interaction, then anonymised or deleted.

Website Usage and Analytics Data:

• Log Data and Analytics: Retained for up to 26 months (Google Analytics default), then automatically deleted or anonymised.
• Cookies: Retention periods vary by cookie type (see our Cookies Policy).

Legal and Compliance Data:

• Tax and Accounting Records: Retained for a minimum of 5 years as required by South African tax law.
• Legal Claims and Disputes: Retained for the duration of the legal matter and for up to 7 years thereafter (statute of limitations).

Security and Fraud Prevention:

• Security Logs: Retained for up to 12 months for incident investigation and compliance audits.

8.3 Deletion and Anonymisation

When Personal Data is no longer needed, we will:

• Delete the data securely and irreversibly, or
• Anonymise the data so that it can no longer identify you, allowing us to retain it for statistical and analytical purposes.

8.4 Exceptions to Deletion

We may retain Personal Data beyond the standard retention periods if:

• Required by law (e.g., legal hold, regulatory investigation)
• Necessary to establish, exercise, or defend legal claims
• You have requested that we retain your data (e.g., for future services)

9. DATA SECURITY

9.1 Security Measures

We take appropriate technical and organisational measures to protect your Personal Data from:

• Unauthorised access, use, disclosure, alteration, or destruction
• Accidental loss, damage, or theft
• Unlawful or unauthorised processing

Technical Measures:

• Encryption: Personal Data is encrypted during transmission using Secure Socket Layer (SSL) / Transport Layer Security (TLS) technology. Sensitive data at rest is also encrypted.
• Access Controls: Access to Personal Data is restricted to authorised personnel on a need-to-know basis. Strong authentication mechanisms (passwords, multi-factor authentication) are enforced.
• Firewalls and Intrusion Detection: Our systems are protected by firewalls, intrusion detection/prevention systems (IDS/IPS), and regular security monitoring.
• Regular Security Updates: We apply security patches and updates to our systems and software promptly.

Organisational Measures:

• Confidentiality Obligations: All personnel with access to Personal Data are subject to confidentiality and non-disclosure obligations.
• Data Protection Training: Staff receive regular training on data protection principles and security best practices.
• Incident Response Plan: We have procedures in place to detect, respond to, and mitigate Personal Data Breaches.
• Third-Party Security Assessments: We assess the security practices of our Processors and require them to implement appropriate security measures.

9.2 Secure Operating Environment

Your Personal Data is stored in a secure operating environment that is not publicly accessible. Our servers and databases are hosted in secure data centres with physical security controls (e.g., access logs, surveillance, environmental controls).

9.3 Limitations of Security

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your Personal Data.

Recommendations for Users:

• Use strong, unique passwords for your Account
• Enable multi-factor authentication where available
• Do not share your login credentials with others
• Be cautious of phishing emails and suspicious links
• Keep your devices and software up to date with security patches

9.4 Email Security Notice

If you contact us by email, please note that we cannot guarantee the confidentiality of information transmitted via email. Like a postcard, the content of emails can potentially be viewed by third parties during transmission. We recommend only sending confidential information by secure channels (e.g., encrypted email, secure portal) or by post.

10. PERSONAL DATA BREACH NOTIFICATION

10.1 Breach Detection and Response

In the event of a Personal Data Breach, we will promptly assess the risk to your rights and freedoms. If the breach is likely to result in a risk to your rights and freedoms, we will:

1. Notify the Data Protection Supervisory Authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach (as required by GDPR Article 33 and POPIA Section 22).

2. Notify Affected Data Subjects without undue delay if the breach is likely to result in a high risk to your rights and freedoms (as required by GDPR Article 34 and POPIA Section 22).

10.2 Notification to Data Subjects

If we are required to notify you of a breach, we will provide the following information:

• Nature of the Personal Data Breach
• Categories and approximate number of Data Subjects affected
• Categories and approximate number of Personal Data records concerned
• Likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate its adverse effects
• Contact details of our Data Protection Officer for further information

10.3 Processor Obligations

Where we act as a Processor on behalf of a Client (Controller), we will notify the Client without undue delay after becoming aware of a Personal Data Breach involving their data.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and provide information to website owners.

For detailed information about the cookies we use and how to manage them, please see our Cookies Policy.

11.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary):

• Required for the operation of our Websites (e.g., session management, security)
• Do not require consent under GDPR/POPIA

Performance and Analytics Cookies:

• Help us understand how visitors use our Websites (e.g., Google Analytics)
• Require consent under GDPR and POPIA

Functionality Cookies:

• Enable enhanced functionality and personalisation (e.g., language preferences, Google Maps)
• Require consent under GDPR and POPIA

Marketing and Targeting Cookies:

• Used to deliver relevant advertisements (currently not used on our public Websites)
• Require explicit consent under GDPR and POPIA

11.3 Third-Party Cookies and Tracking

Our Websites use cookies and tracking technologies from third-party service providers, including:

Google Analytics:

• Purpose: Web analytics and website usage statistics
• Provider: Google LLC
• Privacy Policy: https://policies.google.com/privacy
• Opt-Out: Google Analytics Opt-out Browser Add-on
• Note: We use Google Analytics with IP anonymization enabled, which means your full IP address is not stored.

Google Tag Manager:

• Purpose: Tag management system to deploy tracking codes
• Provider: Google LLC
• Privacy Policy: https://policies.google.com/privacy
• Note: Google Tag Manager itself does not collect Personal Data, but it may deploy other tags (like Google Analytics) that do.

Google Maps:

• Purpose: Display interactive maps and enable location-based features
• Provider: Google LLC
• Privacy Policy: https://policies.google.com/privacy
• Terms of Service: https://www.google.com/help/terms_maps/

Constant Contact LG\&CRM Platform:

• Purpose: Marketing automation, CRM, and lead tracking (primarily within client platform environment, not public Websites)
• Provider: Constant Contact, Inc.
• Privacy Policy: https://www.constantcontact.com/legal/privacy-notice

11.4 How to Control Cookies

Cookie Consent Banner:

When you first visit our Websites, you will see a cookie consent banner that allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customise your cookie preferences by category

Change Cookie Preferences:

You can change your cookie preferences at any time by:

• Clicking the “Cookie Settings” link in the footer of our Websites
• Clearing your browser cookies and revisiting our Websites

Browser Settings:

Most web browsers allow you to control cookies through their settings. You can:

• Block all cookies
• Block third-party cookies only
• Delete cookies when you close your browser
• Receive alerts when a cookie is being set

Please note: If you disable or refuse cookies, some parts of our Websites may become inaccessible or not function properly.

For detailed instructions, see our Cookies Policy.

11.5 Do Not Track Signals

Some browsers have a “Do Not Track” (DNT) feature that lets you tell websites you do not want to have your online activities tracked. Currently, there is no universal standard for how DNT signals should be interpreted. Our Websites do not respond to DNT signals at this time. However, you can use the cookie controls described above to manage tracking.

12. YOUR DATA PROTECTION RIGHTS

Under GDPR, UK GDPR, and POPIA, you have the following rights regarding your Personal Data:

12.1 Right of Access (GDPR Art. 15; POPIA Section 23)

You have the right to request a copy of the Personal Data we hold about you. This is also known as a “Data Subject Access Request” or “PAIA Request” in South Africa.

What You Can Request:

• Confirmation of whether we process your Personal Data
• A copy of your Personal Data
• Information about the purposes of processing, categories of data, recipients, retention periods, and your rights

How to Request:

Contact our Data Protection Officer at support@inspiredmarketing.co.za or submit a PAIA request (see Section 13.4).

Response Time: Within 1 month (GDPR) or as soon as reasonably practicable (POPIA), extendable by 2 months if the request is complex.

Fees: Generally free of charge. We may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive.

12.2 Right to Rectification (GDPR Art. 16; POPIA Section 16)

You have the right to request correction of inaccurate or incomplete Personal Data.

How to Request:

Contact us at support@inspiredmarketing.co.za or update your information in your Account settings.

Response Time: Without undue delay, and within 1 month.

12.3 Right to Erasure (“Right to be Forgotten”) (GDPR Art. 17; POPIA Section 24)

You have the right to request deletion of your Personal Data under certain circumstances:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where consent is the lawful basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Exceptions:

We may not be able to delete your data if retention is necessary for:

• Compliance with legal obligations (e.g., tax records, accounting)
• Establishment, exercise, or defence of legal claims
• Archiving purposes in the public interest, scientific or historical research, or statistical purposes

How to Request:

Contact us at support@inspiredmarketing.co.za.

Response Time: Without undue delay, and within 1 month.

12.4 Right to Restriction of Processing (GDPR Art. 18; POPIA Section 25)

You have the right to request that we restrict (limit) the processing of your Personal Data in certain situations:

• You contest the accuracy of the data (restriction applies while we verify accuracy)
• Processing is unlawful, but you oppose erasure and request restriction instead
• We no longer need the data, but you need it for legal claims
• You have objected to processing based on legitimate interests (restriction applies while we verify whether our legitimate grounds override yours)

How to Request:

Contact us at support@inspiredmarketing.co.za.

Response Time: Without undue delay, and within 1 month.

12.5 Right to Data Portability (GDPR Art. 20)

Note: This right applies under GDPR and UK GDPR, but not under POPIA.

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON, XML) and to transmit that data to another controller, where:

• Processing is based on consent or contract
• Processing is carried out by automated means

What You Can Request:

• A copy of your Personal Data in a portable format
• Direct transmission of your data to another service provider (where technically feasible)

How to Request:

Contact us at support@inspiredmarketing.co.za. Please specify the format you prefer.

Response Time: Without undue delay, and within 1 month.

Limitations:

This right does not apply to Personal Data processed for public interest tasks or in the exercise of official authority. It also does not adversely affect the rights and freedoms of others.

12.6 Right to Object (GDPR Art. 21; POPIA Section 11(3))

You have the right to object to processing of your Personal Data in certain circumstances:

a) Object to Processing Based on Legitimate Interests:

You have the right to object to processing based on legitimate interests (GDPR Art. 6(1)(f)) on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

b) Object to Direct Marketing:

You have an absolute right to object to processing for direct marketing purposes (including profiling related to direct marketing). If you object, we will stop processing your Personal Data for direct marketing.

How to Object:

• Direct Marketing: Click the “unsubscribe” link in any marketing email, update your preferences in your Account settings, or contact us at support@inspiredmarketing.co.za.
• Other Processing: Contact us at support@inspiredmarketing.co.za and explain your objection.

Response Time: Without undue delay.

12.7 Right to Withdraw Consent (GDPR Art. 7(3); POPIA Section 11(2))

Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

How to Withdraw Consent:

• Marketing Emails: Click “unsubscribe” or update preferences in your Account.
• Cookies: Adjust your cookie preferences via the “Cookie Settings” link or browser settings.
• Other Consent: Contact us at support@inspiredmarketing.co.za.

Response Time: We will process your withdrawal without undue delay.

12.8 Right Not to be Subject to Automated Decision-Making (GDPR Art. 22)

Note: This right applies under GDPR and UK GDPR, but not under POPIA.

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you.

Exceptions:

Automated decision-making is permitted if:

• It is necessary for entering into or performing a contract
• It is authorised by law
• It is based on your explicit consent

Current Practice:

INSPIRED does not currently engage in fully automated decision-making that produces legal effects or similarly significantly affects individuals. If this changes, we will update this Policy and provide appropriate safeguards (e.g., right to human intervention, right to contest the decision).

12.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a Data Protection Supervisory Authority if you believe that the processing of your Personal Data violates Data Protection Laws.

South Africa:

• Authority: Information Regulator (South Africa)
• Website: https://www.justice.gov.za/inforeg/
• Email: inforeg@justice.gov.za
• Phone: +27 (0)10 023 5200

United Kingdom:

• Authority: Information Commissioner’s Office (ICO)
• Website: https://ico.org.uk/
• Phone: 0303 123 1113

European Union:

• Authority: Your local Data Protection Authority
• Directory: https://edpb.europa.eu/about-edpb/board/members_en

Note: We encourage you to contact us first at support@inspiredmarketing.co.za to resolve any concerns before lodging a formal complaint.

13. HOW TO EXERCISE YOUR RIGHTS

13.1 Contact Our Data Protection Officer

To exercise any of your data protection rights, please contact our Data Protection Officer / Information Officer:

Data Protection Officer / Information Officer:
Deon Van Rensburg

Email: support@inspiredmarketing.co.za
Phone: +27 83 396 4771

Physical Address:
Cube WorkSpace
Corner Portswood Road and Dock Road
Victoria & Alfred Waterfront
Cape Town, 8001
South Africa

Postal Address:
P.O. Box 50833
Waterfront, 8002
Cape Town
South Africa

13.2 What to Include in Your Request

When submitting a request to exercise your rights, please include:

1. Your Full Name and Contact Information (email, phone, postal address)
2. Description of Your Request (e.g., access request, rectification, erasure, objection)
3. Specific Details (e.g., which Personal Data you want to access, which marketing communications you want to opt out of)
4. Proof of Identity (to verify that you are the Data Subject) – e.g., copy of ID, passport, or driver’s license

Identity Verification:

To protect your privacy and security, we may ask you to verify your identity before processing your request. This may involve providing identification documents or answering security questions.

13.3 Response Time

We will respond to your request:

• GDPR/UK GDPR: Within 1 month of receipt. This may be extended by a further 2 months if the request is complex or we receive multiple requests. We will inform you of any extension within 1 month, along with the reasons.
• POPIA: As soon as reasonably practicable, taking into account the complexity of the request.

13.4 PAIA Requests (South Africa)

Under the Promotion of Access to Information Act, 2000 (PAIA), you have the right to request access to records held by INSPIRED.

How to Submit a PAIA Request:

1. Complete the PAIA Request Form (Form A or Form C) available on the website of the South African Department of Justice: https://www.justice.gov.za/
2. Submit the completed form to our Information Officer at the address above.
3. Pay the applicable request fee (if any) as prescribed by PAIA regulations.

PAIA Manual:

Our PAIA Manual is available on our website: https://inspiredmarketing.co.za/paia-manual/

Response Time: Within 30 days of receipt of the request (extendable by a further 30 days if the request is complex).

13.5 Fees

Most requests to exercise your rights are free of charge. However, we may charge a reasonable fee if:

• Your request is manifestly unfounded or excessive (e.g., repetitive requests)
• You request additional copies of data already provided
• PAIA request fees apply (South Africa)

We will inform you of any applicable fees before processing your request.

14. CHILDREN’S PRIVACY

14.1 Age Restrictions

Our Websites and Services are not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect Personal Data from children.

14.2 Parental Consent

If we become aware that we have collected Personal Data from a child under 18 without verification of parental consent, we will take steps to delete such information as soon as possible.

14.3 Parents and Guardians

If you are a parent or guardian and believe that your child has provided us with Personal Data without your consent, please contact us at support@inspiredmarketing.co.za, and we will take appropriate action.

15. THIRD-PARTY WEBSITES AND SERVICES

15.1 Links to Third-Party Websites

Our Websites may contain links to third-party websites, services, or applications that are not operated by INSPIRED. This Privacy Policy does not apply to those third-party websites.

Your Responsibility:

When you click on a third-party link, you will leave our Website and be directed to the third party’s site. We strongly advise you to review the privacy policy and terms of service of every site you visit.

No Responsibility:

We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

15.2 Third-Party Processors

We use third-party service providers to process Personal Data on our behalf (see Section 6.1). While we carefully select our Processors and require them to comply with Data Protection Laws, we are not responsible for their independent privacy practices outside of our contractual relationship.

16. CONSTANT CONTACT LG\&CRM PLATFORM

16.1 Use of Constant Contact LG\&CRM Software

INSPIRED is a Platinum Partner Reseller of Constant Contact LG\&CRM (formerly “SharpSpring”), a marketing automation and CRM platform. We use the Constant Contact LG\&CRM software database platform to collect, process, and store information submitted via forms on our Websites and other online portals.

Purpose:

This information is used to operate our business, and for the legitimate interest of our business, including for marketing purposes, to the extent permitted by applicable law.

Types of Data Collected:

• User Data: First and last name, name of the business/organisation, email address, street address, city, state, province, country, telephone number, website URL, mobile number
• Log Data: IP address, browser information, device information, preferences and settings, coarse geographic location
• Traffic Data: Pages viewed, time spent on pages, clickstream data, search history, interaction with webpages

Data Processing Agreement:

We have a Data Processing Agreement in place with Constant Contact, Inc. to ensure compliance with GDPR and POPIA.

Privacy Policy:

To view the Constant Contact Privacy Policy, please visit: https://www.constantcontact.com/legal/privacy-notice

16.2 Client Use of Constant Contact LG\&CRM

When INSPIRED provides Services to Clients using the Constant Contact LG\&CRM platform, we act as a Processor on behalf of the Client (Controller). In such cases:

• The Client is responsible for the protection of Personal Data of their end-users.
• The Client’s privacy policy applies to the processing of their end-users’ Personal Data.
• INSPIRED processes Personal Data only in accordance with the Client’s instructions and our Data Processing Agreement.

If you are an end-user of one of our Clients, please refer to the Client’s privacy policy for information about how your Personal Data is processed.

17. DATA MINIMISATION AND ACCURACY

17.1 Data Minimisation

We ensure that Personal Data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We do not collect or retain more Personal Data than is required.

What This Means:

• We only ask for the information we need to provide our Services.
• We regularly review the Personal Data we hold and delete or anonymise data that is no longer necessary.

17.2 Accuracy of Personal Data

Your Responsibility:

When sharing Personal Data with us, you undertake to ensure that it is accurate and up to date. If your information changes (e.g., email address, phone number), please update your Account settings or contact us.

Our Responsibility:

Where necessary for the lawful basis on which Personal Data is processed, we will put measures in place to ensure that Personal Data is kept up to date and is accurate. If we become aware that Personal Data is inaccurate, we will rectify or delete it without undue delay.

18. CHANGES TO THIS PRIVACY POLICY

18.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

18.2 Notification of Changes

When we make significant changes to this Policy, we will notify you by:

1. Updating the “Last Updated” date at the top of this Policy.
2. Displaying a prominent notice on our Websites.
3. Sending you an email notification (if you are a registered user or subscriber).

18.3 Acceptance of Changes

Your continued use of our Websites and Services after the updated Policy becomes effective constitutes your acceptance of the changes. If you do not agree with the updated Policy, please discontinue use of our Websites and Services and contact us to close your Account.

18.4 Review This Policy Regularly

We encourage you to review this Policy periodically to stay informed about how we are protecting your Personal Data.

19. LAWFUL, FAIR, AND TRANSPARENT PROCESSING

19.1 Data Processing Register

To ensure our processing of Personal Data is lawful, fair, and transparent, we maintain a Data Processing Register that documents:

• Categories of Personal Data processed
• Purposes of processing
• Legal bases for processing
• Categories of Data Subjects
• Categories of recipients (third parties to whom data is disclosed)
• International data transfers and safeguards
• Retention periods
• Security measures

19.2 Records of Data Subject Requests

We maintain records of all Data Subject requests (e.g., access requests, erasure requests, objections) and our responses to such requests.

20. CONSENT MANAGEMENT

20.1 When We Rely on Consent

Where we process your Personal Data based on your consent, we ensure that:

• Consent is Freely Given: You have a genuine choice and are not coerced or pressured into giving consent.
• Consent is Specific: Consent is obtained for specific purposes, not bundled together.
• Consent is Informed: We provide clear information about what you are consenting to.
• Consent is Unambiguous: Consent is indicated by a clear affirmative action (e.g., ticking a checkbox, clicking “I agree”).
• Consent is Granular: Where we process Personal Data for multiple purposes, we obtain separate consent for each purpose.

20.2 Pre-Ticked Boxes and Silence

We do not rely on pre-ticked boxes, silence, or inactivity as consent. You must take an active step to give consent.

20.3 Right to Withdraw Consent

You can withdraw your consent at any time (see Section 12.7). Withdrawal is as easy as giving consent (e.g., clicking “unsubscribe”).

20.4 Records of Consent

We maintain records of when and how you gave consent, what you were told at the time, and when you withdrew consent (if applicable).

21. MARKETING COMMUNICATIONS

21.1 Types of Marketing Communications

We may send you marketing communications, including:

• Newsletters and email updates
• Promotional offers and special deals
• Information about new products, services, or features
• Invitations to events, webinars, or training sessions
• Surveys and market research requests

21.2 Legal Basis for Marketing

• New Customers (No Prior Relationship): We will only send marketing communications if you have given explicit consent (e.g., by subscribing to our newsletter or ticking a consent box).
• Existing Customers (Soft Opt-In): We may send marketing communications about similar products or services if you are an existing customer and we gave you the opportunity to opt out at the time of initial collection and in every subsequent communication.

21.3 Opt-Out / Unsubscribe

You can opt out of receiving marketing communications at any time by:

• Clicking the “Unsubscribe” link at the bottom of any marketing email
• Updating your communication preferences in your Account settings
• Contacting us at support@inspiredmarketing.co.za

Response Time: We will process your opt-out request within 5 business days. You may still receive transactional or service-related emails (e.g., order confirmations, account notifications, security alerts).

21.4 Granular Unsubscribe Categories

Where possible, we offer granular unsubscribe options, allowing you to choose which types of marketing communications you wish to receive (e.g., newsletters, event invitations, promotional offers).

22. AUTOMATED COLLECTION OF PERSONAL DATA

22.1 Web Server Logs

When you visit our Websites, our web servers automatically collect and log certain information:

• Pages visited and files accessed
• Date and time of your visit
• Referral source (website or link that directed you to us)
• Browser type and version
• Operating system and device type
• IP address (anonymised where possible)

Purpose: This information is used to:

• Operate and maintain our Websites
• Analyse website traffic and usage patterns
• Improve our Websites and user experience
• Detect and prevent security incidents and fraud

Legal Basis: Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f))

Anonymisation: This information is stored in an anonymised form and is not used to identify individual users. No individual user profiles are created. The information is not passed on to third parties except to our Processors (e.g., hosting providers, analytics services) under appropriate contractual protections.

22.2 IP Address Anonymisation

Where technically feasible, we anonymise IP addresses to prevent direct identification of individuals. For example, Google Analytics is configured to use IP anonymization (anonymizeIP), which truncates the last octet of IPv4 addresses or the last 80 bits of IPv6 addresses.

23. SPECIAL SITUATIONS

23.1 Job Applicants

If you apply for a job at INSPIRED, we will process your Personal Data (e.g., CV, cover letter, interview notes) for recruitment purposes.

Legal Basis: Legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f)) or consent.

Retention: We will retain your application for a reasonable period (typically 12 months) in case a suitable position becomes available. After that, we will delete or anonymise your data unless you have consented to us keeping it for future opportunities.

23.2 Business Partners and Suppliers

If you represent a business partner, supplier, or service provider, we will process your business contact information (e.g., name, email, phone, company) for the purpose of managing our business relationship.

Legal Basis: Performance of a contract (GDPR Art. 6(1)(b); POPIA Section 11(1)(b)) or legitimate interests (GDPR Art. 6(1)(f); POPIA Section 11(1)(f)).

24. COMPLIANCE AND ACCOUNTABILITY

24.1 Accountability Principle

INSPIRED is committed to the principle of accountability under GDPR and POPIA. This means we are responsible for, and must be able to demonstrate, compliance with Data Protection Laws.

Measures We Take:

• Maintain comprehensive records of processing activities (Data Processing Register)
• Implement appropriate technical and organisational measures (see Section 9)
• Conduct Data Protection Impact Assessments (DPIAs) where required
• Appoint a Data Protection Officer / Information Officer
• Provide regular data protection training to staff
• Review and update policies and procedures regularly
• Maintain Data Processing Agreements with all Processors
• Conduct audits and compliance reviews

24.2 Data Protection Impact Assessments (DPIAs)

Where processing is likely to result in a high risk to the rights and freedoms of Data Subjects, we conduct a Data Protection Impact Assessment (DPIA) before commencing processing. This includes processing involving:

• Large-scale systematic monitoring of publicly accessible areas
• Large-scale processing of special categories of data
• Systematic evaluation or scoring (profiling)
• Automated decision-making with legal or similarly significant effects
• Processing of vulnerable individuals’ data
• Innovative use of new technologies

24.3 Registration with Supervisory Authorities

Where required by law, INSPIRED is registered with the appropriate Data Protection Supervisory Authorities, including:

• South Africa: Information Regulator (POPIA registration)
• UK/EU: If required, registration with the ICO or relevant EU Data Protection Authority

25. CONTACT US

If you have any questions about this Privacy Policy, our data protection practices, or how we handle your Personal Data, please contact us:

INSPIRED Business Design (Pty) Ltd
Registration No.: 2012/211432/07

Data Protection Officer / Information Officer:
Deon Van Rensburg

Email: support@inspiredmarketing.co.za
Phone: +27 83 396 4771

Physical Address:
Cube WorkSpace
Corner Portswood Road and Dock Road
Victoria & Alfred Waterfront
Cape Town, 8001
South Africa

Postal Address:
P.O. Box 50833
Waterfront, 8002
Cape Town
South Africa

Websites:

• inspiredmarketing.co.za
• inspiredpublications.co.za
• inspiredbusinessdesign.com

26. RELATED POLICIES AND DOCUMENTS

This Privacy Policy should be read together with our:

• Cookies Policy – How we use cookies and similar tracking technologies
• Terms and Conditions – Terms governing your use of our Websites and Services
• Disclaimer – Disclaimers regarding website content and communications
• PAIA Manual – Information about accessing records under the Promotion of Access to Information Act (South Africa)

27. GLOSSARY OF TERMS

For your convenience, here is a summary of key terms used in this Privacy Policy:

For questions or to request this document in an alternative format, please contact:

support@inspiredmarketing.co.za