Cape Global (Pty) Ltd ("Cape Global", "we", "us" or "our") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, use our services, or communicate with us. This policy is drafted in compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and applicable South African data protection law.
1. Who We Are
Cape Global (Pty) Ltd is a private company registered in South Africa (Reg. No: 2025/565549/07), with its principal place of business in Cape Town, Western Cape. We are a Responsible Party as defined in POPIA.
Information Officer: The Information Officer of Cape Global is responsible for ensuring compliance with POPIA. You may contact our Information Officer at privacy@capeglobalbpo.com.
2. Information We Collect
We collect personal information only to the extent necessary for the purposes described in this policy. The categories of personal information we may collect include:
2.1 Information You Provide to Us
- Identity information: Full name, identity number (where required for SARS compliance), date of birth
- Contact information: Email address, telephone number, postal and physical address
- Business information: Company name, registration number, VAT number, industry, number of employees
- Financial information: Bank account details, payroll data, financial records, tax reference numbers, collected strictly for the purposes of providing our services
- Employment information: Employee records, salary information, leave records, and related HR data, only when we provide HR or payroll services on your behalf
- Communication records: Enquiries, complaints, and correspondence submitted via our website, email, or WhatsApp
2.2 Information Collected Automatically
- Technical data: IP address, browser type and version, device type, operating system
- Usage data: Pages visited, time spent on pages, links clicked, referring URLs
- Cookie data: Session identifiers and preference cookies (see Section 9)
3. How We Use Your Information
We use your personal information for the following purposes:
- To provide, manage, and improve our accounting, payroll, and HR services
- To comply with our legal and regulatory obligations, including SARS, CIPC, Department of Labour requirements, and applicable tax legislation
- To communicate with you about your account, services, and any changes to our offerings
- To respond to your enquiries and provide client support
- To process payments and manage billing
- To send you service updates, newsletters, and marketing communications, only with your consent and with a clear opt-out option in every communication
- To detect, prevent, or investigate fraud, security breaches, or other unlawful activity
- To improve our website and services through anonymised analytics
4. Legal Basis for Processing
Under POPIA, we process personal information on the following grounds:
- Consent: Where you have given us express consent to process your information for a specific purpose (e.g., marketing communications)
- Contractual necessity: Where processing is necessary to fulfil a contract with you or to take steps at your request prior to entering into a contract
- Legal obligation: Where we are required to process your information to comply with applicable South African law, including tax and employment law
- Legitimate interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests
5. Sharing Your Information
We do not sell, rent, or trade your personal information. We may share your information with trusted third parties only as follows:
- Service providers and operators: Cloud storage providers, accounting software platforms, and IT service providers who process data on our behalf under strict confidentiality agreements
- Regulatory authorities: SARS, CIPC, the Department of Labour, and other government bodies where required by law
- Professional advisors: Legal, audit, or compliance advisors bound by professional confidentiality obligations
- Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity
All third parties are required to maintain the confidentiality and security of your personal information and to use it only for the purposes for which it was shared.
6. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. In general:
- Client financial records are retained for a minimum of 5 years after the end of the relevant tax year, in accordance with the Tax Administration Act
- Employee and payroll records are retained for a minimum of 3 years after the termination of the employment relationship, as required by the Basic Conditions of Employment Act
- Website usage data is retained for up to 12 months
- Marketing consent records are retained until you withdraw consent
7. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right of access: You may request a copy of the personal information we hold about you
- Right to correction: You may request correction of inaccurate, incomplete, or outdated information
- Right to deletion: You may request deletion of your personal information, subject to our legal retention obligations
- Right to object: You may object to the processing of your personal information for direct marketing purposes at any time
- Right to complain: You have the right to lodge a complaint with the Information Regulator if you believe we have violated your data protection rights
To exercise any of these rights, please contact our Information Officer at privacy@capeglobalbpo.com. We will respond within 30 days of receiving your request.
8. Data Security
We implement appropriate technical and organisational security measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These measures include:
- SSL/TLS encryption for all data transmitted via our website
- Role-based access controls and multi-factor authentication for staff systems
- Encrypted storage of sensitive financial data
- Regular security audits and vulnerability assessments
- Staff training on data protection and information security
Despite these measures, no method of transmission over the internet is 100% secure. If you have reason to believe that your information has been compromised, please contact us immediately.
9. Cookies
Our website uses cookies, small text files stored on your device, to improve your browsing experience and analyse website traffic. We use the following types of cookies:
- Strictly necessary cookies: Required for the website to function properly. These cannot be disabled.
- Analytics cookies: Allow us to measure and analyse how visitors interact with our website. These are anonymised and do not identify individual users.
- Preference cookies: Remember your settings and preferences to improve your experience on return visits.
You can control or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal information. The inclusion of a link on our website does not constitute our endorsement of the linked site.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. If changes are significant, we will also notify active clients by email. Your continued use of our services following the posting of any changes constitutes your acceptance of the revised policy.
12. Contact & Complaints
For questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:
If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa):