Risk Management Advisory Logo
Legal

Privacy Policy

Effective Date: 01 December 2024

Introduction

RMA Holdings Pty Ltd t/a Risk Management Advisory ("we," "us," "our") is committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, store, and protect your personal information in alignment with applicable privacy laws, including POPIA and GDPR principles, and with security governance practices aligned to ISO 27001:2022.

1. Information We Collect

We may collect the following types of personal information:

  • Contact details, including your name, email address, telephone number, and postal address.
  • Professional information, such as your job title and company details.
  • Technical information, including your IP address, browser type, and operating system.
  • Any other information you voluntarily provide to us through our website, forms, or communication channels.

2. How We Collect Information

We collect personal information directly from you when you:

  • Complete forms on our website.
  • Contact us via email, phone, or other communication channels.
  • Interact with our website in ways that provide technical connection information.

3. Purpose of Processing

We use your personal information for the following purposes:

  • To provide and manage our services.
  • To communicate with you regarding inquiries, requests, or services.
  • To improve our website and user experience.
  • To comply with legal and regulatory requirements.

4. Lawful Basis and Consent

Where required, we process personal information on one or more lawful bases, including consent, performance of a contract, compliance with legal obligations, and legitimate interests that do not override your rights. Where processing is based on consent, you may withdraw that consent at any time by contacting us.

5. Data Sharing

We may share your personal information with third parties under the following circumstances:

  • To service providers who assist us in delivering our services.
  • To comply with legal obligations or enforce our rights.
  • When you have explicitly agreed to such sharing.

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or misuse. Our security approach is aligned to ISO 27001:2022 information security management practices, including risk-based controls, access management, incident response, supplier oversight, and continuous review. Despite our efforts, no security measures are completely secure, and we cannot guarantee absolute protection.

7. Data Retention

We retain your personal information only as long as necessary for the purposes for which it was collected or to comply with legal and regulatory requirements.

8. Your Rights

Subject to applicable law, you may have the following rights under POPIA and GDPR-related principles:

  • To access the personal information we hold about you.
  • To request the correction or deletion of inaccurate or outdated information.
  • To object to or request restriction of processing in certain circumstances.
  • To request portability of personal data where applicable.
  • To lodge a complaint with the Information Regulator.
  • To lodge a complaint with another competent data protection supervisory authority, where applicable.
  • To submit a Data Subject Access Request (DSAR) to obtain a copy of the personal information we hold about you.

To initiate a DSAR or exercise any privacy right, please contact us using the details provided in the "Contact Us" section. We will respond within applicable legal timeframes.

9. Cross-Border Data Transfers

If we transfer your personal information across borders, we will ensure that appropriate safeguards are in place in accordance with applicable privacy laws, including POPIA and GDPR-related transfer requirements where relevant.

10. Cookies and Tracking Technologies

Our website does not use cookies for analytics, advertising, or profiling. You can read more in our Cookie Policy.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

RMA Holdings Pty Ltd t/a Risk Management Advisory
Email: consulting@riskmanagementadvisory.co.za

This Privacy Policy is intended to support compliance with POPIA, reflect GDPR-aligned privacy principles, and align with ISO 27001:2022 security governance practices relevant to personal information handling.