Protection of Personal Information Act (POPIA) Privacy Policy

for Eksklusief Marketing Agency (Pty) Ltd

Last Updated: 01 June 2026

GENERAL

This is the privacy policy of Eksklusief Marketing Agency (Pty) Ltd, registration number 2020/758120/07.

This policy details how we collect, store, protect, and use Personal Information—that is, information that can be used to identify an individual (natural person) or an established business entity (juristic person)—in connection with the services we may offer through our website https://eksklusief.co.za/ (referred to as the “Site”) and through your interactions with us (referred to as the “Services”).

AUDIENCE

Personal Information submitted to us by using this Site or our Services is governed strictly by this Privacy Policy and the Protection of Personal Information Act, No. 4 of 2013 (POPIA).

Definitions

Words with capitalised initial letters have specific meanings defined in this section under South African law:

Personal Data

Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person (company). This includes, but is not limited to, contact details, identity numbers, online identifiers, and financial histories.

Usage Data

Data collected automatically, either generated by the use of the Service or from the website infrastructure itself (e.g., the duration of a page visit, browser type).

Cookies

Small files stored on your device (computer or mobile device) via your web browser.

Responsible Party

The entity that determines the purposes and means of processing Personal Information (historically referred to internationally as the Data Controller).

Operator

An entity or service provider that processes Personal Information on behalf of a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party.

Data Subject

The voluntary user, client, or visitor whose Personal Information is being processed.

As the Operator

Where we have been contracted by another company (such as your direct provider), please be aware that we act purely as an Operator. We are not responsible for decisions made regarding your data. Please refer directly to the Privacy Policy of the business you are dealing with.

As the Responsible Party

Where you deal with us directly via our Services or our Site, this Privacy Policy applies natively. You are not required to provide us with any Personal Information when simply browsing the Site. However, engaging with us via contact forms, quote requests, or newsletters will require explicit input.

What Personal Information Are We Processing and Why?

We process Personal Information lawfully, minimally, and transparently based on your explicit consent, contractual requirements, or legitimate business interest:

Informed Consent (Opt-In)

When you submit a query via our contact forms, subscribe to digital communication, or allow analytical cookies. You may withdraw your consent at any time.

Contractual Performance

When we process transactional data, registration details, or billing information necessary to execute our commercial service agreements.

Legitimate Interest

To monitor, secure, and patch the performance of our Site to ensure it remains free from systemic risk or digital abuse.

WHO IS PROCESSING YOUR DATA?

In cases where we act as the Responsible Party, data processing is handled by us using the structural controls below:

Company Name: Eksklusief Marketing Agency (Pty) Ltd
Registration Number: 2020/758120/07
Physical Address: 269 Ibis Road, Leeuwfontein Estate, Roodeplaat, Pretoria, 0186
Information Officer: Selwyn Orren
Dedicated Compliance Email: privacy@eksklusief.co.za

Cross-Border Transfers

In some instances, your data may be hosted, processed, or backed up outside of South Africa (for example, on secure cloud infrastructure or downstream international applications like Google or AWS). We take reasonable steps to ensure that any international Operator provides data security baselines that meet or exceed the requirements set out under POPIA.

Third-Party Access (Operators)

We will never sell your information. We only share critical details with trusted technical Operators (e.g., payment gateways, local/international secure hosting infrastructure, or secure CRM software) necessary to deliver our Services. All Operators are contractually bound to process your data with strict confidentiality.

To deliver our services and process your inquiries efficiently, we share data captured on this website with the following third-party platforms, who act as Operators under POPIA:

  • Anti-Spam by CleanTalk: Used as a cloud-based security checkpoint to intercept automated spam submissions across website forms, comments, and registrations. It securely routes user names, email addresses, text payloads, and IP addresses to CleanTalk’s external cloud validation servers to evaluate spam risk without using annoying visual CAPTCHAs.
  • Elementor / Elementor Pro: Used to capture user data natively through built-in contact forms, inquiry blocks, and login overlays. Form entries are stored in the website’s database and routed via email or API endpoints based on the specific form configurations.
  • Site Kit by Google: Used to integrate and monitor Google Search Console, Google Analytics (GA4), and PageSpeed Insights directly within the website dashboard. It injects tracking scripts that collect visitor IP addresses, location metrics, and behavioral cookies globally across Google’s cloud network.
  • UpdraftPlus – Backup/Restore: Used to execute, schedule, and compress full website database backups for disaster recovery. Backups contain all website data—including registered user profiles and historical form entry databases—and are securely transferred to designated external cloud storage locations (such as Google Drive, Dropbox, or AWS).
  • InfiniteWP – Client: Used by our technical support team as a centralized administration panel to manage core updates, security patches, and site maintenance remotely. Technical access logs and system diagnostics are processed through this administrative bridge.

Technical Security Safeguards & Local Data Processing

To safeguard user data integrity, optimize operational performance, and comply with POPIA’s data minimization and security requirements, we employ several internal software utilities locally within our secure web hosting environment. These tools process data directly on our local South African server infrastructure without transferring user database payloads to independent third parties: 

  • Kadence Security Basic / Log Cleaner for Solid Security: Used to actively monitor our hosting environment for malicious behavior, unauthorized login attempts, and software vulnerabilities. It collects and evaluates visitor IP addresses to block potential cyberattacks, automatically purging historical security logs to ensure database minimization and user anonymity.
  • WP-Optimize – Clean, Compress, Cache: Used to clean the database, compress image uploads, and cache pages to keep the site fast and efficient. Data structures and temporary cache files are managed strictly on a local level during routine automated maintenance tasks.
  • Jetpack Boost: Used locally to optimize frontend website speed, cache layout files, and improve core web vitals for optimal performance delivery.
  • Yoast SEO: Used locally to manage on-page search engine optimization properties and automate sitemap metadata generation. No personal user data is collected or transferred externally by this utility.
  • SVG Support: Used purely as a safe administrative design utility to allow the secure upload and inline rendering of scalable vector graphics (SVG) using local CSS/JS. It does not touch or process user personal data.

Security Safeguards & Breach Protocols

We implement robust technical and organisational security measures to protect information against accidental loss, unauthorised destruction, or unlawful access. In the highly unlikely event of a confirmed security compromise or data breach, we will notify the South African Information Regulator and all affected Data Subjects without undue delay via written notification or prominent public publication.

Your Statutory Rights

As a Data Subject in South Africa, you hold the following rights:

  • To confirm whether we hold your Personal Information.
  • To request a record or a description of your Personal Information held by us (subject to the provisions of our PAIA Manual).
  • To request the correction, destruction, or deletion of your Personal Information.
  • To object, on reasonable grounds, to the processing of your data, or to object directly to direct marketing electronic communications.
  • To lodge a complaint with the South African Information Regulator at complaints.IR@inforegulator.org.za.

You may exercise any of these rights seamlessly by contacting our Information Officer directly at privacy@eksklusief.co.za.