Privacy Policy

Effective Date: January 1, 2025 | Last Updated: July 3, 2025

Table of Contents

  • 1. Introduction
  • 2. Information We Collect
  • 3. How We Use Your Information
  • 4. Legal Basis for Processing
  • 5. Data Sharing & Disclosure
  • 6. Data Security
  • 7. Data Retention
  • 8. Your Data Rights
  • 9. Cookies & Tracking
  • 10. International Transfers
  • 11. Children's Privacy
  • 12. Policy Updates
  • 13. Contact Us
  • 14. Privacy FAQs

1. Introduction

Champs Group (Pty) Ltd ("we," "our," or "us") is committed to protecting your privacy and securing your personal information. This comprehensive Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website champsafrica.co.za, use our services, or interact with us.

Our Commitment: We adhere to South Africa's Protection of Personal Information Act (POPIA) and align with global standards including the EU's General Data Protection Regulation (GDPR). We view data protection as a fundamental aspect of our relationship with clients, employees, and partners.

POPIA Compliant

South Africa's data protection law

GDPR Aligned

European data protection standard

ISO 27001 Certified

Information security standard

2. Information We Collect

We collect various types of information to provide and improve our services:

Data Category Examples Collection Method
Personal Identification Name, email, phone number, ID number Account registration, contact forms
Business Information Company name, job title, department Service agreements, business inquiries
Financial Data Payment details, billing address, transaction history Payment processing, invoicing
Technical Data IP address, device type, browser, cookies Website analytics, security systems
Usage Data Pages visited, service usage patterns, feature interactions Analytics tools, service monitoring
Marketing Data Communication preferences, newsletter subscriptions Marketing campaigns, preference centers

We collect this information through direct interactions (when you provide it to us), automated technologies (cookies and analytics tools), and third-party sources (business partners and public databases).

3. How We Use Your Information

We use your information for legitimate business purposes:

  • Service Delivery: To provide, operate, and maintain our services
  • Account Management: To create and manage your account
  • Customer Support: To respond to inquiries and provide technical assistance
  • Billing & Payments: To process transactions and send invoices
  • Service Improvement: To analyze usage patterns and enhance our services
  • Marketing & Communication: To send service updates, newsletters, and promotional offers (with consent)
  • Security & Fraud Prevention: To protect our services and users
  • Legal Compliance: To meet regulatory obligations and respond to legal requests
  • Business Operations: For internal research, analytics, and business development

Data Minimization: We collect only the information necessary for the purposes outlined in this policy. We do not sell your personal information to third parties.

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing required to fulfill our service agreement with you
  • Legal Obligation: Processing necessary to comply with South African laws
  • Legitimate Interests: Processing for our legitimate business interests that don't override your rights
  • Consent: Processing based on your explicit consent, which you can withdraw at any time

For sensitive personal information, we obtain explicit consent or rely on specific legal exceptions under POPIA.

5. Data Sharing & Disclosure

We may share your information in the following circumstances:

  • Service Providers: With trusted partners who assist in delivering our services (payment processors, cloud hosting providers, IT support)
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Legal Requirements: When required by law, court order, or government request
  • Protection of Rights: To protect the rights, property, or safety of Champs Group, our users, or others
  • With Your Consent: For specific purposes with your explicit permission

Third-Party Processors: All third-party processors sign strict data processing agreements that require them to protect your information in accordance with POPIA and our privacy standards. We regularly audit their compliance.

6. Data Security Measures

We implement robust technical and organizational security measures:

  • Encryption: End-to-end encryption for sensitive data in transit and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Physical Security: Secure data centers with biometric access controls
  • Security Audits: Regular vulnerability scanning and penetration testing
  • Employee Training: Comprehensive data protection training for all staff
  • Incident Response: Formal data breach response plan

While we implement these advanced security measures, no system is completely impenetrable. We continually update our security practices to address emerging threats.

7. Data Retention Policy

We retain personal information only as long as necessary:

  • Active Customers: For the duration of our business relationship
  • Inactive Customers: Up to 3 years after last contact for business development purposes
  • Financial Records: 5 years as required by tax laws
  • Marketing Data: Until consent is withdrawn or 2 years after last interaction
  • Technical Logs: 12 months for security monitoring

After retention periods expire, we securely delete or anonymize your information. Archived data may be retained for legal claims or regulatory requirements.

8. Your Data Protection Rights

Under POPIA and other data protection laws, you have important rights:

  • Right to Access: Request a copy of your personal information
  • Right to Correction: Request correction of inaccurate information
  • Right to Deletion: Request deletion of your information (subject to legal limitations)
  • Right to Object: Object to certain processing activities
  • Right to Restrict Processing: Request restriction of processing in specific circumstances
  • Right to Data Portability: Receive your information in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw previously given consent
  • Right to Complain: Lodge a complaint with the Information Regulator

Exercise Your Rights

To exercise any of your privacy rights, please contact our Data Protection Officer using the details below. We respond to all valid requests within 21 days as required by POPIA.

Contact Our Privacy Team

9. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Cookie Type Purpose Duration
Essential Cookies Required for site functionality and security Session
Performance Cookies Analyze site usage to improve services 1-2 years
Functional Cookies Remember preferences and settings 1 year
Marketing Cookies Deliver relevant advertising (opt-in required) 1 year

You can manage cookie preferences through our cookie consent banner or browser settings. Disabling cookies may affect website functionality.

10. International Data Transfers

We may transfer your information outside South Africa in specific circumstances:

  • To countries with adequate data protection laws
  • Using POPIA-compliant transfer mechanisms (standard contractual clauses)
  • With your explicit consent
  • When necessary for service delivery (e.g., cloud services hosted internationally)

All international transfers undergo rigorous risk assessments and include appropriate safeguards as required by POPIA.

11. Children's Privacy

Our services are not directed to individuals under 18:

  • We do not knowingly collect personal information from children
  • If we become aware of such collection, we will delete it immediately
  • Parents or guardians who believe we may have collected a child's information should contact us

12. Policy Updates & Notifications

We may update this Privacy Policy periodically:

  • Significant changes will be notified via email or service notifications
  • The "Last Updated" date at the top indicates the latest revision
  • Continued use of our services after changes constitutes acceptance

We encourage you to review this policy regularly to stay informed about our data practices.

13. Contact Us

For privacy-related inquiries or to exercise your rights:

Data Protection Officer

Name: Sarah Johnson

Email: dpo@champsafrica.com

Phone: 021 879 3035

Hours: 8:30 AM - 4:30 PM (Monday-Friday)

Postal Address: Data Protection Office, Champs Group, Van Riebeeck Rd, Kuilsriver, Cape Town, 8000, South Africa

Email Our Privacy Team

14. Privacy FAQs

How do I update my personal information? +

You can update your account information through our customer portal or by contacting our support team. For other personal information, please contact our Data Protection Officer.

Can I opt-out of marketing communications? +

Yes, you can unsubscribe from marketing emails using the link in each email or by updating your preferences in your account settings. Service-related communications will continue to be sent as necessary.

How do you protect my financial information? +

We use PCI-DSS compliant payment processors and never store full credit card numbers. All payment transactions are encrypted using industry-standard SSL/TLS encryption.

What should I do if I suspect a data breach? +

If you suspect unauthorized access to your account or personal information, please contact our security team immediately at security@champsafrica.com or call 021 879 3035.

Do you sell my personal information? +

No, we do not sell, trade, or rent your personal information to third parties. We only share information as described in this Privacy Policy.

© 2025 Champs Group (Pty) Ltd. All rights reserved. | Privacy Policy v3.2