top of page
_edited.jpg

PRIVACY NOTICE

1. Introduction​

 

Izala Verificators respects your privacy and is committed to protecting personal information in accordance with the Protection of Personal Information Act, 4 of 2013, commonly known as POPIA, and other applicable South African laws.

This Privacy Notice explains how we collect, use, store, share, protect, and otherwise process personal information when you visit our website, contact us, request a quote, use our services, apply for employment, subscribe to marketing communications, or interact with us in any other way.

By using our website or services, you acknowledge that you have read and understood this Privacy Notice. Where the law requires your consent for a specific activity, we will request that consent separately.

2. Who this Privacy Notice applies to

 

This Privacy Notice applies to personal information relating to:

  • website visitors;

  • clients and prospective clients;

  • representatives, employees, directors, members, partners, agents, and authorised users of our clients;

  • individuals who contact us through our website, email, telephone, WhatsApp, social media, or other communication channels;

  • individuals who are the subject of lawful verification, screening, due diligence, background, identity, reference, qualification, employment, business, or related checks;

  • candidates who apply to work with us;

  • suppliers, service providers, business partners, and their representatives;

  • recipients of our lawful marketing communications.

3. Important notice about verification and screening services

 

Where we provide verification, screening, due diligence, background-check, identity-verification, reference-check, qualification-check, employment-check, business-verification, or related services, we will only process personal information where there is a lawful basis to do so.

Where a client asks us to conduct a check about another person, the client must ensure that:

  • it has a lawful basis to request the check;

  • the check is necessary, relevant, and proportionate for the stated purpose;

  • the person has been informed about the check where required by law;

  • the person’s consent has been obtained where consent is required;

  • the information provided to us is accurate and lawfully obtained;

  • the check does not unfairly discriminate against the person.

We may refuse to conduct a check where we reasonably believe that the request is unlawful, excessive, irrelevant, discriminatory, unethical, or not properly authorised.

4. Personal information we collect

 

We only collect personal information that is reasonably necessary for a specific, lawful, and legitimate purpose.

Depending on your relationship with us and the service requested, we may process the following categories of personal information.

4.1 Identity and contact information

 

This may include your name, surname, initials, title, identity number, passport number, date of birth, nationality, contact number, email address, physical address, postal address, job title, employer, and company details.

4.2 Client and service information

 

This may include quote requests, service requests, instructions, client account details, authorised-user details, contract details, correspondence, service history, and records needed to provide or administer our services.

4.3 Verification and screening information

 

Where relevant, lawful, and necessary for the specific service requested, this may include:

  • identity-verification information;

  • qualification information;

  • employment-history information;

  • reference information;

  • address-verification information;

  • professional-registration or membership information;

  • licence or permit information;

  • company, directorship, ownership, or business-registration information;

  • fraud-prevention or risk-screening information;

  • sanctions, watchlist, or public-record information;

  • other information required for a specific lawful verification service.

We do not process high-risk information such as criminal-record information, credit information, biometric information, children’s information, or special personal information unless this is lawful, necessary, proportionate, and subject to the safeguards described in this Privacy Notice.

4.4 Website and technical information

 

When you visit our website, we may collect limited technical information such as your IP address, browser type, device information, operating system, pages viewed, date and time of access, referring website, approximate location, cookie identifiers, and website-usage information.

4.5 Communication information

 

We may process information contained in emails, website forms, telephone calls, WhatsApp messages, social media messages, meeting notes, enquiries, complaints, support requests, and other communications with us.
 

4.6 Billing and administration information

 

Where applicable, we may process quotation details, service orders, invoices, payment references, billing information, purchase history, tax information, and related financial-administration records.

4.7 Marketing information

 

This may include your marketing preferences, consent records, communication history, newsletter subscriptions, campaign engagement, and opt-out or unsubscribe requests.

4.8 Recruitment information

 

If you apply for a position with us, we may process your CV, employment history, qualifications, references, interview notes, identity information, and other information relevant to the recruitment process.

We will only conduct recruitment-related background screening where it is lawful, relevant to the role, proportionate, and properly authorised.

5. Special personal information and high-risk checks

 

Some information requires extra protection under South African law. We will apply additional safeguards before processing this type of information.

5.1 Criminal-record information

 

We will only process criminal-record information where it is lawful, relevant, necessary, proportionate, and properly authorised.

Where consent is required, we will obtain appropriate consent before conducting the check. We will not conduct a criminal-record check merely because it is convenient or generally useful. The check must be linked to a lawful and relevant purpose.

5.2 Credit-related information

We will only conduct credit-related checks where legally permitted, relevant to the specific purpose, and supported by the required consent or other lawful basis.

We will not conduct credit checks for unrelated purposes or where the check would be excessive or unfair.

5.3 Biometric information

 

We will only process biometric information, such as fingerprints, facial images used for identity verification, or liveness-verification data, where this is necessary, lawful, and subject to appropriate security safeguards.

Where consent or specific authorisation is required, we will obtain it before processing biometric information.

5.4 Children’s information

 

We do not intentionally collect or process personal information of children unless this is necessary for a lawful purpose and we have appropriate consent from a competent person, or another lawful basis applies.
 

5.5 Other special personal information


We will not process information relating to race or ethnicity, health, trade-union membership, religious or philosophical beliefs, political persuasion, sex life, or similar special categories unless it is lawful, necessary, and appropriate for the specific purpose.
 

6. How we collect personal information

 

We may collect personal information directly from you when you:

  • complete a form on our website;

  • request a quote or service;

  • communicate with us;

  • sign an agreement with us;

  • provide information for a verification or screening process;

  • give consent for a specific check;

  • subscribe to marketing communications;

  • apply for employment;

  • attend meetings or engage with us online or in person.

We may also collect personal information from third parties where lawful and appropriate, including:

  • clients who request verification or screening services;

  • employers, former employers, educational institutions, professional bodies, references, and licensing authorities;

  • public registers, public databases, and publicly available sources;

  • authorised verification providers;

  • credit bureaus, where legally permitted;

  • fraud-prevention databases, sanctions or watchlist providers, and similar lawful data sources;

  • government departments, regulators, courts, tribunals, or law-enforcement bodies where permitted or required by law;

  • service providers, operators, business partners, and authorised representatives.

Where possible and appropriate, we collect personal information directly from the person concerned. Where we collect information from another source, we will do so only where the law allows this.

7. Why we process personal information

 

We process personal information for lawful, specific, and legitimate purposes, including to:

  • respond to enquiries and quote requests;

  • provide verification, screening, due diligence, identity-verification, background-check, reference-check, qualification-check, employment-check, business-verification, or related services;

  • confirm identity, qualifications, employment history, references, addresses, business details, directorships, ownership, professional status, or other relevant information;

  • manage client requests, service orders, contracts, and accounts;

  • communicate with clients, prospective clients, candidates, suppliers, and other relevant persons;

  • prevent fraud and manage risk;

  • comply with legal, regulatory, accounting, tax, audit, and reporting obligations;

  • protect our rights, property, systems, staff, clients, and third parties;

  • improve our website, services, systems, security, and user experience;

  • manage complaints, disputes, investigations, and legal claims;

  • send direct marketing communications where permitted by law;

  • recruit staff, contractors, or service providers;

  • manage our business operations, records, and administration.

8. Lawful basis for processing

 

We will only process personal information where we have a lawful basis to do so. Depending on the circumstances, this may include:

  • your consent;

  • performance of a contract with you;

  • steps taken at your request before entering into a contract;

  • compliance with a legal obligation;

  • protection of your legitimate interests;

  • pursuit of our legitimate interests or the legitimate interests of a third party, where permitted by law;

  • processing authorised or required by another law.

Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect processing that took place before withdrawal. In some cases, we may still need to retain or process certain information where the law allows or requires us to do so.

We will not rely on consent where another lawful basis is more appropriate, and we will not treat general use of our website as consent for high-risk checks.

9. Direct marketing

 

We may use your personal information to send you information about our services, updates, offers, events, newsletters, or other marketing communications.

We will only send electronic direct marketing communications, such as email, SMS, WhatsApp, or similar messages, where permitted by POPIA.

For prospective customers, we will generally obtain prior consent before sending unsolicited electronic direct marketing. For existing customers, we may market similar products or services where allowed by law, provided that you are given a reasonable opportunity to opt out.

Every marketing communication will include a clear way to unsubscribe or opt out. You may also opt out at any time by contacting us at marketing@izala.co.za.

If you opt out, we may retain limited information necessary to record and respect your opt-out request.

10. Cookies and website tracking

 

Our website may use cookies and similar technologies to operate the website, remember your preferences, improve functionality, analyse website traffic, measure performance, and support marketing or advertising activities.

Cookies may include:

  • strictly necessary cookies required for the website to function;

  • analytics cookies that help us understand how visitors use the website;

  • functionality cookies that remember choices you make;

  • marketing or advertising cookies used to deliver or measure relevant content.

Where required, we will request your consent before using non-essential cookies.

You can manage or disable cookies through your browser settings. Some website features may not function properly if cookies are disabled.

11. Sharing personal information

 

We may share personal information only where necessary and lawful, including with:

  • our clients, where we lawfully provide verification or screening results;

  • verification sources, data providers, public registries, educational institutions, employers, references, professional bodies, licensing authorities, and other relevant sources;

  • authorised credit bureaus or verification providers, where legally permitted;

  • IT, hosting, cloud, cybersecurity, analytics, communication, payment, accounting, legal, audit, and administrative service providers;

  • marketing and customer-relationship-management service providers;

  • insurers, professional advisers, consultants, and auditors;

  • regulators, government bodies, courts, law-enforcement agencies, or other authorities where required or permitted by law;

  • potential purchasers, investors, or successors in the event of a business restructure, merger, acquisition, or sale, subject to appropriate confidentiality safeguards.

Where we use third-party service providers to process personal information on our behalf, we will take reasonable steps to ensure that they process the information only according to our instructions and subject to appropriate confidentiality and security obligations.

12. Cross-border transfers

 

Some of our service providers, systems, or data-storage facilities may be located outside South Africa.

Where personal information is transferred outside South Africa, we will take reasonable steps to ensure that the transfer is lawful and protected by appropriate safeguards. These safeguards may include contractual protections, equivalent data-protection laws, binding corporate rules, consent where appropriate, or another lawful basis for the transfer.

13. Security safeguards

 

We take reasonable, appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, unlawful processing, disclosure, alteration, or destruction.

These measures may include:

  • access controls;

  • password protection;

  • encryption where appropriate;

  • secure storage;

  • confidentiality obligations;

  • staff awareness and training;

  • system monitoring;

  • backups;

  • incident-response procedures;

  • service-provider due diligence.

No method of transmission or storage is completely secure. However, we take reasonable steps to protect personal information in line with the nature of the information and the risks involved.

14. Security compromises

 

If we become aware of a security compromise involving personal information, we will assess the incident and take appropriate steps.

Where required by POPIA, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, unless a public body responsible for the prevention, detection, or investigation of offences requires a delay.

15. Retention of personal information

 

We will not retain personal information for longer than necessary for the purpose for which it was collected, unless:

  • retention is required or authorised by law;

  • we reasonably require the information for lawful purposes related to our functions or activities;

  • retention is required by a contract;

  • you have consented to longer retention;

  • retention is necessary for legal, audit, accounting, reporting, dispute, complaint, or enforcement purposes.

Our retention periods may differ depending on the type of information and the purpose for which it was collected.

For example:

  • enquiry records may be kept for as long as necessary to respond to the enquiry and maintain reasonable business records;

  • client and service records may be kept for the duration of the client relationship and for a reasonable period afterwards;

  • verification records may be kept only for as long as necessary for the verification purpose, quality assurance, legal compliance, dispute handling, or audit requirements;

  • marketing consent and opt-out records may be kept for as long as necessary to prove and respect your preferences;

  • financial and tax records may be kept for periods required by applicable law;

  • recruitment records may be kept for the recruitment process and a reasonable period afterwards, unless longer retention is lawful and justified.

When personal information is no longer required, we will delete, destroy, de-identify, or securely archive it where appropriate.

16. Accuracy of information

 

We take reasonable steps to ensure that personal information is accurate, complete, and up to date where necessary for the purpose for which it is processed.

You are responsible for providing accurate information and notifying us of any changes.

If you believe that personal information we hold about you is inaccurate, incomplete, misleading, excessive, outdated, or unlawfully obtained, you may ask us to correct or delete it.

17. Your rights

 

Subject to POPIA and applicable law, you have the right to:

  • ask whether we hold personal information about you;

  • request access to your personal information;

  • request correction, deletion, or destruction of personal information that is inaccurate, irrelevant, excessive, outdated, incomplete, misleading, unlawfully obtained, or no longer authorised to be retained;

  • object to the processing of your personal information in certain circumstances;

  • withdraw consent where processing is based on consent;

  • object to direct marketing;

  • not be subject, in certain circumstances, to a decision based solely on automated processing that has legal or similarly significant effects;

  • lodge a complaint with the Information Regulator.

The Information Regulator provides resources and forms relating to POPIA and PAIA compliance, including guidance on direct marketing, special personal information, and children’s information.

18. How to exercise your rights

 

To exercise your privacy rights, please contact our Information Officer:
Telephone: 010 493 5545
 

We may need to verify your identity before responding to a request. We will respond within a reasonable time and in accordance with applicable law.

We may refuse a request where permitted by law, including where disclosure would affect the rights of others, breach legal privilege, prejudice an investigation, or conflict with a legal obligation.

19. Complaints

 

If you believe that we have processed your personal information unlawfully or contrary to this Privacy Notice, please contact us first so that we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Regulator.

Information Regulator South Africa
Website: www.inforegulator.org.za
Email: complaints.IR@inforegulator.org.za
General enquiries: enquiries@inforegulator.org.za
Telephone: 010 023 5200

20. PAIA manual and access to records

 

Where required, we will maintain a PAIA manual explaining the types of records we hold and how access requests may be submitted.

The Information Regulator states that a PAIA manual is a guide explaining information available from public and private bodies and the procedures for requesting access to information.

Our PAIA manual is available upon request at admin@izala.co.za

21. Third-party websites

 

Our website may contain links to third-party websites, platforms, or services.

We are not responsible for the privacy practices, security, or content of those third parties. You should read their privacy notices before providing personal information to them.

22. Automated processing and profiling

 

We may use automated tools or systems to support verification, fraud prevention, risk assessment, screening, analytics, or service delivery.

We will not make a decision based solely on automated processing that has legal or similarly significant effects for you unless this is permitted by law and appropriate safeguards are in place.

Where required by law, we will provide a way for you to request human intervention, express your view, or challenge the decision.

23. Changes to this Privacy Notice

 

We may update this Privacy Notice from time to time to reflect changes in our business, services, legal obligations, technology, or privacy practices.

The latest version will be published on our website. The effective date at the top of this Privacy Notice will indicate when it was last updated.

24. Contact us

 

For questions about this Privacy Notice or how we process personal information, please contact:

Izala Verificators


Email: complaints@izala.co.za
Telephone: 010 493 5545

Izala White logo.png

Privacy Policy

Home

About Us

Service's 

Contact Us

Practical Ethical Verification 
©2017 by Izala Verificators Pty Ltd

54 Wierda Rd W, Inanda Greens Office Park Wierda Valley, Building 9, First Floor, Sandton, 2196

Email: admin@izala.co.za

Phone: 010 493 5545

Five At Dolorite 5 Dolorite Crescent, Regus Office No 130, Middelburg, Mpumalanga, 1055

bottom of page