Privacy Policy

Privacy Policy (POPIA/GDPR)

Owner/Controller: IBC Solutions cc
Registration No.: 2007/197072/23
Registered Address: 1782 Plantation Drive, Dainfern, 2055
Information Officer (POPIA): Colin Steyn, +27 (82) 450-5171, [email protected]
PAIA Manual: Available on request

Last updated: 18 September 2025

Purpose & Scope
This Privacy Policy explains how IBC Solutions (“IBC”, “we”, “us”, “our”) collects, uses, shares, stores, and safeguards personal information when you (a) visit our website, (b) use our consulting services, (c) participate in recruitment/headhunting processes, or (d) engage us to facilitate funding access (introductions, investor readiness).
It applies to website visitors, clients, candidates, suppliers, and prospective funding applicants and complements our Terms & Conditions, Cookie Policy, and Disclaimer.
We process personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and, where applicable, the EU/UK GDPR.

What We Collect
2.1 Information you provide directly
• Identity & contact: name, email, phone, company, role, address.
• Business context: project briefs, proposals, statements of work, documents you upload.
• Recruitment (candidates): CV/resume, qualifications, work history, skills, references, interview notes, results of checks you authorise (e.g., credit/criminal where lawful), right-to-work evidence.
• Funding access: financial summaries, pitch decks, cap tables and documents you supply for investor readiness.
• Preferences & consents: marketing and cookie choices.
2.2 Collected automatically (website/analytics)
Device, browser, IP address, pages viewed, timestamps, referral URLs, approximate location, and similar diagnostic data via cookies, pixels, and tags. See our Cookie Policy for details.

2.3 From third parties (where lawful)
• Referees/previous employers (with your permission).
• Background screening providers (where lawful and authorised).
• Public/professional sources (e.g., LinkedIn, company registers).
• Service partners that help deliver our services (scheduling, video conferencing, analytics, CRM/ATS).

3. Special Personal Information, Children & Sensitive Data
• Our site and services are for persons 18+; we do not knowingly collect children’s data.
• We avoid processing special personal information unless lawful, necessary, and with explicit consent or another valid ground.
• Criminal/credit checks occur only where lawful, necessary for recruitment, and with prior, informed consent.

4. How & Why We Use Personal Information (Purposes & Legal Bases)
We use personal information for the following purposes. For each, we list typical examples and the legal basis under POPIA/GDPR.
• Provide and improve services
– Examples: consulting delivery; project scoping; client support; performance reporting.
– Legal basis: contract; legitimate interests.
• Recruitment / headhunting
– Examples: sourcing, screening, interviews, reference checks (with consent), client shortlists.
– Legal basis: contract; consent; legitimate interests; legal obligation (where applicable).
• Funding access facilitation
– Examples: introductions to investors; investor-readiness support; assembling data rooms (you control what is shared).
– Legal basis: contract; legitimate interests; consent (where needed).
• Communications and marketing
– Examples: responding to enquiries; newsletters; event invites; thought leadership.
– Legal basis: consent; legitimate interests (you can opt out at any time).
• Website operation and analytics
– Examples: security, load balancing, usage insights, troubleshooting.
– Legal basis: legitimate interests; consent (for non-essential cookies).
• Compliance and security
– Examples: record-keeping; PAIA/POPIA requests; fraud prevention; enforcing terms.
– Legal basis: legal obligation; legitimate interests.
Note: We do not provide regulated financial advice and are not a financial services provider. Financing decisions are made solely by third-party funders.

5. Sharing & Disclosures
We may share personal information with:
• Operators/service providers (hosting/Durable, email suites, cloud storage, scheduling, video, CRM/ATS, analytics, security) acting under contract.
• Recruitment clients and referees (with your authorisation).
• Funding partners/investors when you instruct us to facilitate introductions.
• Professional advisers (legal, compliance, accountants) under confidentiality.
• Authorities/regulators where required by law or to protect rights and safety.
We require operators to implement appropriate safeguards and not use your data for their own purposes. We do not sell personal information.

6. International Transfers
Where data is processed outside South Africa, we use appropriate safeguards (contractual protections/standard clauses, adequacy where applicable, and technical/organisational measures).

7. Security
We apply reasonable administrative, technical, and organisational measures (role-based access, encryption in transit where feasible, least-privilege permissions, backups, MFA where supported, operator due diligence). No system is 100% secure.

8. Retention
We retain personal information only as long as necessary for the purposes above and to meet legal, accounting, or reporting requirements. Indicative periods (adjust to your practice):
• Client files: up to 7 years after last activity.
• Candidate data: 24 months from last interaction (unless you consent to longer, or law requires otherwise).
• Funding files: engagement lifecycle + 5–7 years.
• Analytics/cookies: per our Cookie Policy and provider defaults.
We securely delete or de-identify data when no longer required.

9. Your Rights
Under POPIA (South Africa), you may:
• Access your personal information we hold.
• Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or obtained unlawfully.
• Object to processing on reasonable grounds and withdraw consent where applicable.
• Lodge a complaint with the Information Regulator (South Africa).
Under GDPR (EU/UK, where applicable), you may also:
• Restrict processing in certain circumstances.
• Request data portability.
• Object to processing based on legitimate interests or for direct marketing.
• Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects (we do not perform such decision-making).
We respond to verified requests within reasonable timeframes and in line with the law. We may request proof of identity and clarify the scope.

10. Marketing Communications
We send marketing only where lawful (consent or legitimate interest). You can opt out at any time via the email footer or by contacting [[email protected]]. Transactional or service messages may still be sent as needed.

11. Cookies & Similar Technologies
We use cookies, pixels, and similar technologies to operate the Website, measure performance, and improve user experience. Non-essential cookies run only with your consent. For details and how to manage preferences, see our Cookie Policy.

12. Recruitment Fair Processing Notice
• We process CV and related data to assess suitability, interview, and present shortlists to clients.
• Reference/background checks occur only with prior consent and where lawful/necessary for the role.
• Unsuccessful applications may be retained for future roles for up to 24 months (or your chosen period). You can request deletion sooner unless we must retain for legal reasons.
• We are an equal-opportunity service provider and support fair hiring practices under SA labour laws.

13. Funding Access Fair Processing Notice
• You decide what information to share for investor readiness.
• We introduce potential funders/investors and share documents at your instruction.
• IBC is not a financial services provider and does not guarantee approvals, terms, or timing.
• We keep records of submissions/introductions per the retention periods above.

14. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date reflects the current version. Material changes may be highlighted on the Website or via email where appropriate.

15. Contact & Complaints
Information Officer (POPIA): Colin Steyn, +27 (82) 450-5171, [email protected]
General privacy contact: [email protected]
Postal/Physical: 1782 Plantation Drive, Dainfern, 2055, South Africa
If we cannot resolve your concern, you may contact the Information Regulator (South Africa): https://inforegulator.org.za.

16. Definitions (summary)
• Personal information / personal data: information that identifies or can identify a natural person (and, under POPIA, may include certain juristic-person information).
• Operator/processor: a third party that processes personal information for us under contract.
• Special personal information: sensitive categories defined by law (e.g., health, biometrics).
• Processing: any operation performed on personal information (collection, storage, use, disclosure, etc.).