Privacy Policy

1 Introduction

J29 is committed to protecting the privacy and personal information of all individuals who interact with our services. This Privacy Policy is designed to comply with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA") and outlines how we collect, use, process, disclose, and protect your personal information.

By accessing our website, using our services, or providing us with your personal information, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services or provide us with any personal information.

2 Definitions

For purposes of this Privacy Policy:

• Personal Information means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, including but not limited to name, contact details, identification numbers, location data, and online identifiers.
• Processing means any operation or activity concerning personal information, including collection, receipt, recording, organization, storage, updating, retrieval, alteration, consultation, use, dissemination, merging, linking, restriction, erasure, or destruction.
• Data Subject means the person to whom personal information relates.
• Responsible Party means J29, which determines the purpose of and means for processing personal information.
• Operator means a person who processes personal information on behalf of the Responsible Party.
• Consent means voluntary, specific, and informed expression of will by which a Data Subject agrees to the processing of their personal information.

3 Responsible Party Details

4 Personal Information We Collect

4.1 Information You Provide Directly

We may collect the following personal information when you voluntarily provide it to us:

• Contact Information: Name, surname, email address, phone number, WhatsApp number, physical and postal address.
• Business Information: Business name, type, industry sector, registration status, registration details, tax information, stage, years in operation, revenue information, employee count.
• Demographic Information: Age range, gender, education level, business experience.
• Service-Related Information: Products or services offered, target customer information, business challenges, development needs, program preferences.
• Financial Information: Payment details, billing information, bank account details for payment processing.
• Account Information: Username, password, security questions and answers.
• Communications: Content of emails, messages, inquiries, feedback, and other communications with J29.
• Content Uploads: Documents, images, videos, and other materials uploaded to our platforms or shared with us.

4.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect:

• Technical Information: IP address, browser type and version, operating system, device type and identifiers, screen resolution.
• Usage Information: Pages viewed, time spent, links clicked, navigation paths, date and time of visits, referring website addresses.
• Location Information: Geographic location data derived from IP address or provided by device settings.
• Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 11).

4.3 Information from Third Parties

We may receive personal information about you from corporate partners, government agencies, industry bodies, social media platforms, and public databases where information is lawfully available.

5 Purpose of Processing Personal Information

We process your personal information for the following lawful purposes:

5.1 Service Delivery

• To provide our Learn, Grow, and Get Online services, including training programs, mentorship, web development, digital marketing, and AI implementation.
• To assess your eligibility for programs and services.
• To customize and deliver services tailored to your business needs.
• To facilitate communication between you, our team, and corporate partners or funders.

5.2 Account Management and Administration

• To create, maintain, and manage your account.
• To verify your identity and authenticate access.
• To provide customer support and respond to inquiries.

5.3 Payment Processing and Financial Transactions

• To process payments for services rendered.
• To issue invoices, receipts, and financial statements.
• To manage billing inquiries and disputes.

5.4 Communication and Marketing

• To send service-related announcements, updates, and administrative messages.
• To send marketing communications, newsletters, and promotional materials (with your consent, where required).
• To conduct surveys and request feedback on our services.

5.5 Reporting and Compliance

• To generate reports for corporate partners, funders, government agencies, and accreditation bodies.
• To comply with legal and regulatory obligations, including tax, labor, and business regulations.

5.6 Legal and Security Purposes

• To enforce our Terms and Conditions.
• To detect, prevent, and respond to fraud, security breaches, and illegal activities.
• To establish, exercise, or defend legal claims.

6 Artificial Intelligence (AI) & Automated Processing

6.1 Use of AI Technologies

J29 utilizes artificial intelligence technologies — which may include services provided by established AI technology providers — to enhance our service delivery. AI technologies are employed in content creation, business analysis, customer support, training, workflow automation, and data processing.

6.2 Data Processing by AI Systems

When you use our AI-powered services, your personal information may be transmitted to and processed by AI service providers (Operators) acting on our behalf. AI-generated outputs may incorporate or be derived from your personal information. Processing may occur on servers located in South Africa or internationally, subject to appropriate safeguards (see Section 9).

6.3 AI Provider Relationships and Safeguards

• We enter into written agreements with AI providers requiring them to protect personal information in accordance with POPIA.
• We limit the personal information shared with AI systems to what is necessary for the specific purpose.
• We configure AI services to prevent unauthorized retention or disclosure of your personal information where technically feasible.
• We regularly review AI provider policies to ensure continued compliance with data protection standards.

6.4 Your Rights Regarding AI Processing

• Request information about which AI systems process your personal information.
• Object to automated decision-making that significantly affects you.
• Request human review of decisions made by AI systems.
• Opt out of certain AI-powered features where alternative services are available.

6.5 AI Training and Model Improvement

We do not authorize AI service providers to use your personal information to train their general AI models unless you have provided explicit consent, the information has been fully anonymized, or such use is permitted under our agreement with the AI provider and complies with POPIA.

Ask J29 AI Chat Service

J29 operates an AI-powered chat service ("Ask J29") on our website that provides business guidance to MSMEs. When you use Ask J29:

• Your messages and any personal or business information you share during the conversation are processed by our AI service provider to generate responses.
• Conversation transcripts and any contact details you voluntarily provide (such as your name, business name, phone number, email address, and province) may be stored for service improvement, follow-up, and reporting purposes.
• Conversation data is stored in our secure database and retained in accordance with Section 12 of this Privacy Policy.
• You are not required to share any personal information to use Ask J29. The service is available anonymously.
• If you choose to share contact details, a member of the J29 team may follow up with you within 24 hours.

Your rights under Section 13 of this Privacy Policy apply fully to any information collected through Ask J29, including your right to request access, correction, or deletion of your data.

7 Lawful Basis for Processing

We process personal information only where we have a lawful basis to do so:

• Consent: Where you have given specific, informed consent for the processing.
• Contractual Necessity: Where processing is necessary to fulfill our contractual obligations to you.
• Legal Obligation: Where processing is required to comply with a legal obligation to which we are subject.
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and freedoms.
• Protection of Rights: Where processing is necessary to protect your vital interests or those of another person.

8 Disclosure and Sharing of Personal Information

8.1 Internal Sharing

Personal information may be shared internally within J29 among authorized employees, contractors, and consultants who require access to perform their duties.

8.2 Third-Party Service Providers (Operators)

We may share personal information with third-party service providers, including cloud hosting providers, payment processors, email marketing platforms, AI and machine learning providers, analytics tools, CRM systems, and IT support providers. These providers are contractually obligated to process personal information only in accordance with our instructions.

8.3 Corporate Partners and Funders

We may share personal information with corporate partners, clients, funders, and other entities that sponsor or fund programs you participate in, or that require reporting on program outcomes. Such sharing is typically limited to business information and aggregated performance data.

8.4 Government Agencies and Regulatory Bodies

We may disclose personal information to government departments, accreditation bodies such as MICT SETA, tax authorities, and other regulatory bodies as required by law, and to the Information Regulator as required by POPIA.

8.5 Legal Requirements and Protection of Rights

We may disclose personal information when necessary to comply with applicable laws, enforce our Terms and Conditions, detect or prevent fraud, protect against harm to J29 or our users, or establish, exercise, or defend legal claims.

8.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

8.7 With Your Consent

We may share personal information with third parties when we have your explicit consent to do so for purposes not otherwise covered in this Privacy Policy.

9 Transborder Information Flows

Some of our service providers, including AI technology providers and cloud hosting companies, may be located outside South Africa or may process personal information on servers in foreign jurisdictions, including countries such as the United States and the European Union.

When we transfer personal information outside South Africa, we ensure that:

• The recipient country has adequate data protection laws substantially similar to POPIA; or
• We have entered into agreements with the recipient requiring an adequate level of protection similar to that required under POPIA; or
• You have consented to the transfer after being informed of the possible risks; or
• The transfer is necessary for the performance of a contract between you and J29, or for your benefit.

By using our services and providing personal information, you acknowledge and consent to such international transfers, subject to the safeguards described above.

10 Security of Personal Information

We have implemented appropriate technical and organizational measures to safeguard your personal information against loss, unauthorized access, disclosure, alteration, and destruction.

10.1 Security Measures

• Encryption of data in transit using SSL/TLS protocols.
• Encryption of sensitive data at rest.
• Secure authentication mechanisms and access controls.
• Regular security assessments, vulnerability testing, and penetration testing.
• Firewall protection and intrusion detection systems.
• Secure backup and disaster recovery procedures.
• Staff training on data protection and security best practices.
• Limitation of access to personal information on a need-to-know basis.

10.2 Security Breach Notification

In the event of a data breach, we will notify the Information Regulator and affected Data Subjects as required by POPIA, take immediate steps to contain and remedy the breach, and provide information about the breach, its potential impact, and remedial measures taken.

10.3 Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of personal information. You acknowledge and accept the inherent security risks of providing information and transacting online.

11 Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit our website, allowing us to recognize your device and store information about your preferences and usage patterns.

11.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality, security, and service delivery.
• Performance Cookies: Collect information about how visitors use our website to improve performance.
• Functionality Cookies: Remember your preferences and provide enhanced features.
• Marketing Cookies: Track visitors across websites to display relevant advertisements and measure campaign effectiveness.

11.2 Third-Party Cookies

We use third-party analytics and advertising services (such as Google Analytics, Facebook Pixel, and others) that may place cookies on your device. These services have their own privacy policies governing their use of information.

11.3 Managing Cookies

You can control and manage cookies through your browser settings, our cookie consent banner when you first visit our website, or opt-out mechanisms provided by third-party services. Note that blocking or deleting cookies may impact website functionality and your user experience.

12 Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

12.1 Retention Periods

• Active Client Information: Retained for the duration of the business relationship plus 5 years after termination or last interaction.
• Financial Records: Retained for 5 years as required by South African tax and accounting regulations.
• Training Records: Retained for 5 years for accreditation and compliance purposes.
• Marketing Communications: Retained until you unsubscribe or withdraw consent.
• Legal or Regulatory Requirements: Retained as required by applicable laws and regulations.

12.2 Deletion and Anonymization

When personal information is no longer required, we securely delete or destroy it, or anonymize it such that you can no longer be identified. We may retain anonymized, aggregated data indefinitely for statistical and research purposes.

13 Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

• Right to Access: You may request confirmation of whether we hold personal information about you and access that information.
• Right to Correction: You may request correction, updating, or completion of your personal information if it is inaccurate, incomplete, or out of date.
• Right to Deletion (Erasure): You may request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, subject to legal obligations that may require retention.
• Right to Object: You may object to the processing of your personal information on reasonable grounds, or at any time to processing for direct marketing purposes.
• Right to Restriction: You may request restriction of processing in certain circumstances.
• Right to Data Portability: You may request your personal information in a structured, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator if you believe your rights have been infringed.

14 Children's Privacy

Our services are intended for adults and businesses. We do not knowingly collect personal information from children under the age of 18 without verifiable parental or guardian consent. Where we provide services to youth entrepreneurship programs, we require consent from a parent, guardian, or competent person before collecting personal information from minors, limit collection to information necessary for program participation, and implement additional safeguards to protect children's information.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately so we can delete the information.

15 Third-Party Websites and Services

Our website and services may contain links to third-party websites, applications, or services that are not operated by J29. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

16 Marketing Communications

We may send you marketing communications about our services, programs, workshops, and opportunities if you have consented to receive such communications or we have a legitimate interest in marketing to you and you have not opted out.

16.1 Opting Out

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email, contacting us at [email], or updating your communication preferences in your account settings. Opting out does not affect service-related communications.

17 Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, services, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date, notify you by email or through a prominent notice on our website, and where required by law, obtain your consent.

Your continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

18 Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our processing of your personal information, please contact:

19 Information Regulator Contact Details

If you have a complaint about how we process your personal information or wish to report a suspected data breach, you may contact the Information Regulator: