Privacy Policy

Last updated: 29 May 2026

1. Introduction

Digiholix (referred to in this policy as "we", "us", or "our") is a digital services company registered in South Africa, operating under the domain digiholic.co.za. Our registered address is 5 Allegro Cl, Langeberg Ridge, Durbanville, 7550, South Africa.

We are committed to protecting your personal information and handling it responsibly. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and what rights you have in respect of your personal information — all in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA).

This policy applies to all personal information we process in connection with our website, services, client engagements, and any other interactions you have with Digiholix. By using our website or engaging our services, you acknowledge that you have read and understood this policy.

2. Information We Collect

We may collect and process the following categories of personal information:

2.1 Information You Provide Directly

  • Your full name and/or trading name
  • Email address
  • Phone number
  • Business name and website URL
  • The content of messages you send us via contact forms, email, or other channels
  • Any other information you voluntarily submit when booking a consultation or engaging our services

2.2 Information Collected Automatically

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages visited, time spent on pages, and navigation paths
  • Referring URLs and search terms used to find our website
  • Cookies and similar tracking technologies (see Section 8)

2.3 Information from Third Parties

We may receive limited information about you from third-party platforms such as scheduling tools, advertising platforms, or social media, only where you have authorised such sharing.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Service delivery: To provide, manage, and deliver the digital services you have engaged us for, including project communication, invoicing, and deliverables.
  • Client communication: To respond to your enquiries, schedule consultations, send project updates, and provide customer support.
  • Website improvement: To analyse how visitors use our website and improve its performance, content, and usability.
  • Marketing and outreach: To send you information about our services, case studies, or industry insights — only where you have given us your consent to do so, or where we have a legitimate interest.
  • Legal and compliance: To meet our legal obligations, resolve disputes, and enforce our agreements.
  • Security: To detect, prevent, and respond to fraud, abuse, and other harmful activity.

We will not use your personal information for purposes incompatible with those listed above without first notifying you and obtaining your consent where required.

4. Legal Basis for Processing (POPIA)

Under POPIA, we are required to have a lawful basis for processing your personal information. We rely on the following grounds:

  • Consent (Section 11(1)(a) POPIA): Where you have given us clear, voluntary, and specific consent — for example, opting in to receive marketing communications or submitting a contact form.
  • Contractual necessity (Section 11(1)(b) POPIA): Where processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract — for example, providing a project quote or delivering agreed services.
  • Legitimate interest (Section 11(1)(f) POPIA): Where we have a legitimate business interest in processing your information, provided this interest is not overridden by your rights and interests. This includes improving our services, maintaining website security, and following up with prospective clients who have shown interest in our services.
  • Legal obligation (Section 11(1)(c) POPIA): Where processing is necessary to comply with a legal obligation to which we are subject, such as tax record-keeping requirements.

5. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

  • Service providers: We work with trusted third-party providers who assist us in running our business — including website hosting, cloud storage, analytics, email communication tools, and payment processors. These providers only access your information to the extent necessary to perform their services and are required to handle it in accordance with applicable law.
  • Professional advisors: We may share information with legal, financial, or compliance advisors where necessary and bound by confidentiality.
  • Legal requirements: We may disclose your information if required to do so by law, court order, or a request from a competent authority.
  • Business transfers: In the event of a merger, acquisition, or sale of business assets, your information may be transferred to the relevant party, subject to equivalent privacy protections.

International transfers: Some of our third-party providers are based outside South Africa (for example, cloud hosting or analytics services). Where your personal information is transferred internationally, we take reasonable steps to ensure an adequate level of protection is applied, consistent with POPIA's requirements for cross-border transfers.

6. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this policy, or as required by law. Specifically:

  • Client project records and communications are retained for a minimum of 5 years after project completion, as required for tax and legal compliance purposes.
  • Enquiry and contact form data from non-clients is retained for up to 12 months, after which it is securely deleted unless a client relationship has commenced.
  • Website analytics data is typically retained in aggregated, anonymised form and does not persist as identifiable personal information beyond 24 months.
  • Marketing contact lists are maintained until you withdraw consent or unsubscribe, after which your details are removed promptly.

You may request the deletion of your personal information at any time (subject to any legal retention obligations we are required to meet) by contacting us at the details in Section 11.

7. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of your personal information:

  • Right of access: You have the right to request a copy of the personal information we hold about you and to receive information about how we process it.
  • Right to correction: You have the right to request that we correct or update any personal information that is inaccurate, incomplete, or out of date.
  • Right to deletion: You have the right to request that we delete your personal information where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent (subject to legal retention requirements).
  • Right to object: You have the right to object to the processing of your personal information where we rely on legitimate interest as our legal basis, including objecting to direct marketing at any time.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: If you believe your personal information rights have been violated, you have the right to lodge a complaint with South Africa's Information Regulator.

Information Regulator (South Africa)
Website: www.inforegulator.org.za
Email: inforeg@justice.gov.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

To exercise any of your rights, please contact our Information Officer at hello@digiholic.co.za. We will respond to your request within a reasonable timeframe and in any event within 30 days.

8. Cookies

Our website uses cookies and similar tracking technologies to improve your browsing experience and to help us understand how visitors use our site.

Cookies are small text files stored on your device when you visit a website. We use the following types of cookies:

  • Essential cookies: These are necessary for the website to function properly. They cannot be disabled without affecting core functionality.
  • Analytics cookies: These help us understand how visitors interact with our website by collecting information in an aggregated, anonymised form. We may use tools such as Google Analytics for this purpose.
  • Preference cookies: These remember your settings and preferences to improve your experience on return visits.

You can manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect your experience on our website. Most browsers provide instructions for managing cookies in their help or settings menus.

Where consent is required for non-essential cookies, we will request this separately at the point of collection.

9. Security

We take the security of your personal information seriously and implement reasonable technical and organisational measures to protect it against unauthorised access, loss, alteration, disclosure, or destruction. These measures include:

  • Secure encrypted connections (HTTPS/TLS) for all data transmission via our website
  • Access controls limiting who within our team can access personal information
  • Use of reputable, security-conscious third-party platforms and services
  • Regular review of our data handling practices

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and the Information Regulator as required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last updated" date at the top of this page. Where required by law or where changes are significant, we will notify you by email or by posting a prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your personal information. Your continued use of our website or services after any changes constitutes your acknowledgement of the updated policy.

11. Contact the Information Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact our Information Officer:

Digiholix — Information Officer
Email: hello@digiholic.co.za
Postal Address: 5 Allegro Cl, Langeberg Ridge, Durbanville, 7550, South Africa

We are committed to resolving any concerns promptly and fairly. If you are unsatisfied with our response, you retain the right to escalate your concern to the Information Regulator as described in Section 7.