Step Advisory (Pty) Ltd services, including (without limitation) our website and other interactive properties through which the services are delivered (collectively, the “Service”) are owned, operated and distributed by Step Advisory (Pty) Ltd (referred to in this Privacy Notice as “Step” or “we” and through similar words such as “us,” “our,” etc.). This Privacy Notice outlines the Personal Information that Step may collect, how Step uses and safeguards that information, and with whom we may share it. Through this Privacy Notice we aim to inform you about the types of personal data we collect from you, the purposes for which we use the data and the ways in which the data is handled. We also aim to satisfy the obligation of transparency under the Protection of Personal Information Act, 2013 and national laws implementing it.

Step encourages our clients, visitors, business associates, and other interested parties to read this Privacy Notice, which applies to all users. By using our Services or submitting Personal Information to Step by any other means, you acknowledge that you understand and agree to be bound by this Privacy Notice, and agree that Step may collect, process, transfer, use, and disclose your Personal Information as described in this Notice. Further, by accessing any part of the Service, you are agreeing to our terms and conditions. If you do not agree with any part of this privacy notice or our terms and conditions, please do not use any of the services.

What personal information do we collect about you?

Personal Information (also commonly known as personally identifiable information (PII) or personal data) is information that can be used to identify you, or any other individual to whom the information may relate.

The Personal Information that we collect directly from those using our services, includes the following categories:

  • Name and contact information (e.g. contact numbers; email)
  • Survey responses that are included in project activities
  • Billing Information (e.g. bank account, billing contact information)
  • Order Information (e.g. current order/purchase information, purchase history, shipping details)
  • Information contained in posts you make on the public forums and interactive features of the Service
  • Other information that may be exchanged in the course of engaging with us, such as company policies, opinions and insights.
  • Details of your visits to our Website (including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise) and the resources that you access.

What are the sources of personal information collected by Step?

When providing Personal Information to Step as described in this Notice, that Personal Information is collected from research on public sites, interviews, company data, or working references that you have put us in contact with and you will know the precise Personal Information being collected by us. Step does not collect Personal Information from any other sources, except where it may automatically be collected as described in the section titled “Cookies, Device Data, and How it is Used”, if the information in that section is considered Personal Information.

Why does Step collect your personal information?

Subject to the terms of this Notice, Step uses the above described categories of Personal Information in several ways. Unless otherwise stated specifically, the above information may be used for any of the following purposes:

  • to administer our services to you
  • to respond to your requests
  • to distribute communications relevant to your use of our services, such as system updates or information about your use of our services
  • as may be necessary to support the operation of our services, such as for billing, account maintenance, and record-keeping purposes
  • to send to you Step solicitations, product announcements, and the like that we feel may be of interest to you. Please note that you may “opt out” of receiving these marketing materials
  • in other manners after subsequent notice is provided to you and/or your consent is obtained, if necessary.

How do we share your Personal Information with third parties?

We may provide any of the described categories of Personal Information to Step employees, consultants, affiliates or other businesses or persons for the purpose of processing such information on our behalf in order to provide our services to you. In such circumstances, we require that these parties agree to protect the confidentiality of such information consistent with the terms of this Privacy Notice.

We may share your Personal Information and, where necessary, your special Personal Information with trusted third parties where we have retained them to provide services that you have requested, such as:

  • billing;
  • file management.

We will also share your Personal Information with third parties who perform functions on our behalf and provide services to us such as:

  • professional advisors;
  • data analytics providers;
  • IT consultants working on our business technology systems;
  • auditors;
  • research and mailing houses; and/or
  • function co-ordinators.

We require specific standards of confidentiality and data protection from such third parties.

To the extent that any Personal Information is provided to third parties outside of South Africa, or who will access the information from outside South Africa, we will ensure that approved safeguards are in place.

We will not share your Personal Information with other, third party companies for their commercial or marketing use without your consent or except as part of a specific program or feature which you will specifically be able to opt-out of.

In addition, we may release Personal Information: (i) to the extent we have a good-faith belief that such action is necessary to comply with any applicable law; (ii) to enforce any provision of the Terms and Conditions, protect ourselves against any liability, defend ourselves against any claims, protect the rights, property and personal safety of any user, or protect the public welfare; (iii) when disclosure is required to maintain the security and integrity of the Service, or to protect any user’s security or the security of other persons, consistent with applicable laws (iv) to respond to a court order, subpoena, search warrant, or other legal process, to the extent permitted and as restricted by law; or (v) in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of our assets.

Direct marketing communications

We may communicate with you using email, SMS, and other channels (sometimes through automated means) as part of our effort to market our products or services, administer or improve our products or services, or for other reasons stated in this Privacy Notice. You have an opportunity to withdraw consent to receive such direct marketing communications, as permitted by law.

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by submitting a request through the following address popia@stepadvisory.com, or by using the UNSUBSCRIBE link in any email communication you may have received. Further, you may express your communication preferences by:

  • Noting your preferences at the time you engage with our site;
  • Contacting us using the contact information provided below.

Please note that you may continue to receive non-marketing communications as may be required to maintain your relationship with Step.

In addition to the communication described here, you may receive third party marketing communications from providers we have engaged to market or promote our products and services. These third party providers may be using communications lists they have acquired on their own, and you may have opted-in to those lists through other channels.  If you no longer wish to receive emails, SMSs, or other communications from such third parties, you may need to contact that third party directly.

Retention of data

The length of time we will hold or store your Personal Information for will depend on the services we perform for you and for how long you require these. Step will retain your Personal Information only for as long as is necessary for the purposes set out in this Notice. We will retain and use Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. We may also store your Personal Information for historical, statistical or research purposes, as well as maintaining our accountancy records or otherwise maintaining the safety and security of Step.

Step will also retain usage data for internal analysis purposes. This data is used to strengthen the security or to improve the functionality of our Sites and/or Portals, or we are legally obligated to retain this data for longer periods.

Cookies, device data, and how it is used

When you use our services, we may record unique identifiers associated with your device (such as the device ID and IP address), your activity within the site, and your network location. Step uses aggregated information (such as anonymous user usage information, cookies, IP addresses, browser type, clickstream information, etc.) to improve the quality and design of our services and to create new features, promotions, functionality, and services by storing, tracking, and analysing user preferences and trends. Specifically, we may automatically collect the following information about your use of our services through cookies, web beacons, and other technologies:

  • domain name
  • browser type and operating system
  • web pages you view
  • links you click
  • IP address
  • the length of time you visit the Sites, Portals, and/or Services
  • the referring URL or the webpage that led you to the Sites

We may also collect information regarding application-level events, such as crashes, and link that temporarily with your account to provide customer service. In some circumstances, we may combine this information with Personal Information collected from you (and third party service providers may do so on our behalf).

In addition, we may use “cookies,” clear gifs, and log file information that help us determine the type of content and pages to which you link, the length of time you spend at any particular area of the site, and the portion of the services you choose to use. A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited information, usually a unique identifier and the name of the site. Your browser has options to accept, reject or provide you with notice when a cookie is sent. Our cookies can only be read by Step; they do not execute any code or virus; and they do not contain any Personal Information. Cookies allow Step to serve you better and more efficiently, and to personalise your experience with our services. We may use cookies for many purposes, including (without limitation) to save your password so you don’t have to re-enter it each time you visit the site, and to deliver content (which may include third party advertisements) specific to your interests.

We may use third party service providers to help us analyse certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyse visitor activity on the site. We may permit these service providers to use cookies and other technologies to perform these services for Step. We do not share any Personal Information about our customers with these third party service providers, and these service providers do not collect such Personal Information on our behalf. Our third party service providers are required to comply fully with this Privacy Notice.

International data transfer

We may use third party service providers to help us deliver certain services, and it may result in the processing of Personal Information in data centres and locations outside of South Africa. For example, these service providers may provide us with essential information technology or tools we use to run our business. We may permit these service providers to process our business information and/or your Personal Information. We do not permit these service providers to process any Personal Information outside of a contract, and these service providers may collect Personal Information on our behalf. Our third party service providers are required to comply fully with this Privacy Notice.

We are based in Johannesburg South Africa. Your Personal Information may be transferred from the location in which you reside to our physical location and it may also be transferred to third parties, as described above. The risks of transferring data outside of your jurisdiction include the possibility of data breaches and loss. We will continue to process your Personal Information in the manner described herein, and if we change anything about how we handle your Personal Information, including the international transfer of your Personal Information, we will seek your explicit consent again.

For individuals located outside South Africa, in particular in Switzerland, the United Kingdom and the European Economic Area (EEA), please note that Step is a South African based company. If you use our services, all information, including Personal Information, will be transferred to Step in South Africa. By using our services, you unambiguously consent to the transfer of your Personal Information and other information to South Africa and elsewhere for the purposes and uses described in this Notice. Further, you acknowledge that Step is not subject to the GDPR or similar international privacy laws, and, therefore, you will be unable to claim the privacy rights provided in those laws.

South African privacy rights

If you are a South African resident, South African law may provide you with certain rights with regard to your Personal Information under the Protection of Personal Information Act (“POPIA”) and Promotion of Access to Information Act (“PAIA”) as well the Consumer Protection Act. Throughout this Privacy Notice you will find information required by POPIA regarding the categories of Personal Information collected from you; the purposes for which we use Personal Information, and the categories of third parties your data may be shared with.  This information is current as of the date of the Notice and is applicable in the 12 months preceding the effective date of the Notice.

As a South African resident, the POPIA and PAIA provide you the ability to make inquiries regarding your Personal Information. Specifically, the degree to which the information is not already provided in this Privacy Notice, you have the right to request disclosure or action your Personal Information, including:

  • If your Personal Information is collected by us.
  • The specific pieces of Personal Information collected about you.
  • The ability to correct or delete certain Personal Information collected about you.
  • The ability to delete all the Personal Information collected about you, subject to certain exceptions.
  • To opt-in or opt-out of direct marketing to you.
  • To object to processing of your Personal Information, or
  • Appeal any rejection of access to your Personal Information

You may submit a request regarding your rights under POPIA or PAIA by submitting a request through the following form or by contacting us at popia@stepadvisory.com

If we receive a POPIA request from you, we will first make a determination regarding the applicability of the law, and we will then take steps to verify your identity prior to responding. The steps to verify your identity may vary based on our relationship with you, but, at a minimum, it will take the form of confirming and matching the information submitted in the request with information already held by Step and/or contacting you through previously used channels to confirm that you submitted the request (i.e. confirming identity through contact information that we have on file, and/or the contact information submitted to make the request).

If you have a comment, question, or complaint about how we are processing your Personal Information, please contact us at popia@stepadvisory.com in order to allow us to resolve the matter. In addition, if you are located in the Republic of South Africa, you may submit a complaint regarding the processing of your Personal Information to the Information Regulator at the following link: https://www.justice.gov.za/inforeg/contact.html.

Information storage and security

We employ industry-standard and/or generally accepted security measures designed to secure the integrity and confidentiality of all information submitted through our services. However, the security of information transmitted through the internet or via a mobile device can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data.

Step has security procedures in place to protect the personal data it holds from misuse, loss, unauthorised access, modification or disclosure.

Step uses a number of processes to protect your personal data including:

  • physical security systems;
  • computer passwords and limited access to shared network drives to authorised staff;
  • virus checking;
  • recording of file movements;
  • security classification to identify data needing special protection.

Step will keep your personal data no longer than necessary. We will appropriately dispose of your personal data when it is no longer required or if you ask to be removed from our systems so that it is protected from unauthorised use or disclosure. Users of our services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of our services. In order to protect you and your information, we may suspend your use of any of our services, without notice, pending an investigation, if any breach of security is suspected.

In the event of a breach

In the event of a confirmed breach of security, leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information, we shall promptly assess the risk to people’s rights and freedoms and without undue delay report this breach to the appropriate authorities, controllers, responsible parties, and subjects as required by law.

We will cooperate with you and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such data breach.

External links

Our services may contain links to other websites maintained by third parties. Please be aware that we exercise no control over linked sites and Step is not responsible for the privacy practices or the content of such sites. Each linked site maintains its own independent privacy and data collection policies and procedures, and you are encouraged to view the privacy policies of these other sites before providing any Personal Information.

You hereby acknowledge and agree that Step is not responsible for the privacy practices, data collection policies and procedures, or the content of such third party sites, and you hereby release Step from any and all claims arising out of or related to the privacy practices, data collection policies and procedures, and/or the content of such third party sites.

Children’s privacy

Our services are not intended for children under the age of 18, and Step does not knowingly collect the Personal Information of children under the age of 18.

Changes to this Privacy Notice

Step reserves the right to modify this Privacy Notice from time to time in order that it accurately reflects the regulatory environment and our data collection principles. When material changes are made to this Privacy Policy, Step will post the revised Notice on our website. This Privacy Notice was last modified as of June 2021.

Contact us

If you have any questions or comments about this Privacy Notice or the Service provided by Step, please contact us at: popia@stepadvisory.com; The Reserve 2nd Floor North Block 54 Melville Road Illovo, Johannesburg 2196; +27 11 215 8360