Privacy Policy

1. Who We Are

This Privacy Policy applies to the website www.elevateidt.com (the 'Website'), operated by ElevateIDT, a learning design and development consultancy founded by Carren Beukes ('we', 'us', or 'our').

Responsible party / Data Controller: Carren Beukes, ElevateIDT

Contact email: hello@elevateidt.com

Website: www.elevateidt.com

Country of operation: South Africa (with clients and visitors served globally)

ElevateIDT is committed to protecting your personal information and being transparent about how we use it. This policy explains what data we collect, why we collect it, how we use it, and what rights you have.

2. Scope of This Policy

This policy applies to all personal information collected through:

The ElevateIDT website (www.elevateidt.com)
Any contact or enquiry forms on the website
Email newsletter or Learning Centre subscription sign-ups
Any direct email communication initiated through the website

It does not apply to personal information collected through separate client engagement agreements, which are governed by individual contracts and data processing agreements.

3. Applicable Laws

ElevateIDT operates from South Africa and serves clients and website visitors globally. Depending on your location, one or more of the following data protection laws may apply to how we handle your personal information:

POPIA (South Africa) — Protection of Personal Information Act 4 of 2013 — our primary legal framework as a South African-based business
GDPR (European Union) — General Data Protection Regulation (EU) 2016/679 — applies when we process data of individuals in EU member states
UK GDPR — UK General Data Protection Regulation, read with the Data Protection Act 2018 — applies when we process data of individuals in the United Kingdom
CalOPPA / US general principles — California Online Privacy Protection Act and general US consumer privacy principles — applies to visitors from the United States

Where these laws differ, we apply the most protective standard relevant to your situation.

4. What Personal Information We Collect

We only collect personal information that is necessary for the purposes described in this policy. We do not collect sensitive personal information (such as health data, financial records, or identity numbers) through our website.

4.1 Information You Provide Directly:

4.2 Information Collected Automatically:

When you visit our website, certain information is collected automatically through Google Analytics (or a similar analytics service). This may include:
IP address (anonymised where technically possible)
Browser type and version
Device type (desktop, mobile, tablet)
Pages visited and time spent on each page
Referring website (how you found us)
Geographic location (country / city level only)

This information is collected in aggregate and is used only to understand how our website is being used so we can improve it. We do not use this data to identify individual visitors.

4.3 Information We Do Not Collect:

We do not collect, and have no intention of collecting, any of the following through our website:
Payment card or financial information
Government-issued identity numbers
Health or medical information
Information from or about children under the age of 18
Biometric data of any kind

5. How We Use Your Personal Information

We use the personal information we collect for the following purposes only:

Responding to enquiries — when you contact us through the website, we use your name and email to respond to your message
Sending the newsletter — if you sign up to the ElevateIDT Learning Centre newsletter, we use your email address to send you updates — you can unsubscribe at any time
Improving the website — anonymised analytics data helps us understand how visitors use the website so we can improve it
Legal compliance — in limited circumstances, we may be required to retain or share personal information to comply with applicable law

We do not use your personal information for automated decision-making, profiling, or any purpose incompatible with the purposes listed above.

6. Legal Basis for Processing

Enquiry form submissions — processed on the basis of your consent and/or the performance of a pre-contractual relationship (responding to a request for services)
Newsletter subscriptions — processed on the basis of your explicit consent — you opt in at the point of sign-up and may withdraw consent at any time
Analytics data — processed on the basis of your consent, provided through our cookie consent banner (for EU/UK visitors), or our legitimate interest in understanding how our website is used (for other visitors)

Under POPIA (South Africa), processing is justified on the grounds of your consent and/or ElevateIDT's legitimate interest in operating and improving its services.

7. Who We Share Your Information With

We do not sell, rent, or trade your personal information to any third party for marketing or commercial purposes. Full stop. We may share limited personal information with the following categories of trusted service providers, solely to operate our website and services:

Email service provider — to send newsletter communications — your email address is shared only to the extent necessary to deliver the newsletter. [INSERT NAME OF EMAIL PLATFORM, e.g. Mailchimp / ConvertKit]
Website hosting provider — the platform on which our website is hosted may process limited technical data. [INSERT HOSTING PROVIDER, e.g. Webflow / WordPress / Squarespace]
Google Analytics — anonymised usage data is shared with Google to provide analytics. See Section 4.2 for details.
Legal obligations — we may disclose personal information to law enforcement, regulators, or courts where required by law in South Africa or any other applicable jurisdiction

Any third-party service providers we use are contractually required to handle personal information securely and in accordance with applicable data protection law.

8. International Data Transfers

ElevateIDT is based in South Africa and serves clients globally. When you interact with our website from outside South Africa, your personal information may be transferred to and processed in South Africa.

Some of our service providers (including Google) are based in or process data in countries outside of South Africa and the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including:

Standard contractual clauses approved by the European Commission or the UK ICO
Adequacy decisions where applicable
The service provider's own GDPR/UK GDPR compliance certifications

Under POPIA, ElevateIDT will only transfer personal information to a third party in a foreign country if that party is subject to a law, binding corporate rules, or a binding agreement that provides an adequate level of protection equivalent to POPIA's requirements.

9. How Long We Keep Your Information

We retain personal information only for as long as is necessary for the purpose for which it was collected, or as required by applicable law.

Enquiry form data — retained for up to 5 years from the date of enquiry, to allow us to follow up and maintain service records, then securely deleted
Newsletter subscriber data — retained for as long as you remain subscribed. When you unsubscribe, your email address is removed from our active list within 30 days. We may retain a suppression record to honour your unsubscribe request.
Analytics data — retained in accordance with Google Analytics' data retention settings, which we have set to a maximum of 14 months

When personal information is no longer needed, it is securely deleted or anonymised.

10. Your Rights

Depending on your location and the applicable law, you may have some or all of the following rights in relation to your personal information:

Rights under GDPR / UK GDPR (EU and UK visitors)
Right of access — you may request a copy of the personal information we hold about you
Right to rectification — you may ask us to correct inaccurate or incomplete information
Right to erasure — you may ask us to delete your personal information in certain circumstances ('the right to be forgotten')
Right to restriction — you may ask us to limit how we process your personal information in certain circumstances
Right to data portability — you may request your data in a structured, commonly used, machine-readable format
Right to object — you may object to processing based on legitimate interests or for direct marketing purposes
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

Rights under POPIA (South African visitors)
Right to access — you may request access to your personal information held by ElevateIDT
Right to correction or deletion — you may request that we correct, update, or delete your personal information
Right to object to processing — you may object to the processing of your personal information on reasonable grounds
Right to complain — you have the right to lodge a complaint with the Information Regulator of South Africa

Rights under US law (United States visitors)
California residents have rights under the California Consumer Privacy Act (CCPA) and CalOPPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. ElevateIDT does not sell personal information.

11. How We Protect Your Information

We take the security of your personal information seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

Secure HTTPS encryption for all data transmitted through the website
Access controls limiting who within ElevateIDT can access personal data
Use of reputable, security-certified third-party service providers
Regular review of data handling practices

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant regulatory authority as required by applicable law.

12. Children's Privacy

Our website is not directed at children under the age of 18, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has submitted personal information to us, please contact us immediately at hello@elevateidt.com and we will delete it promptly.

13. Third-Party Links

Our website may contain links to third-party websites, resources, or platforms (for example, LinkedIn, external course previews, or partner sites). This Privacy Policy applies only to the ElevateIDT website. We are not responsible for the privacy practices of any third-party sites, and we encourage you to read their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the 'Last updated' date at the top of this page.

We encourage you to review this policy periodically. Continued use of the website after a policy update constitutes acceptance of the revised policy.

15. Contact Us and How to Complain

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

ElevateIDT — Carren Beukes

Email: hello@elevateidt.com

Website: www.elevateidt.com

If you are located in the European Union or United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

EU: Your national Data Protection Authority (DPA) — see edpb.europa.eu for a full list
UK: The Information Commissioner's Office (ICO) — ico.org.uk
South Africa: The Information Regulator — inforegulator.org.za