LEGAL — PRIVACY POLICY

Privacy policy.

How we collect, use and protect your personal information.

LAST UPDATED: JULY 2026

1. Introduction

Zolabix(Pty) Ltd ("we", "us", or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable South African legislation. This Privacy Policy explains how we collect, use, store and protect your personal information when you use our website and services.

2. Information We Collect

We may collect the following categories of personal information:

  • Contact information: Name, email address, phone number, company name, physical address
  • Business information: Company registration details, industry sector, number of employees, vehicle fleet details
  • Certification information: Audit findings, certification status, compliance documentation
  • Technical information: IP address, browser type, pages visited (collected automatically)

Information provided about you by your employer. Where your company applies for certification, it may provide us with the names and contact details of key personnel (for example the CEO, Managing Director or head of Human Resources) as required by the certification scheme. If your details were provided to us in this way, this policy applies to that information, and you may exercise any of the rights in this policy by contacting our Information Officer.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing auditing, certification and training services
  • Processing certification applications and renewals
  • Communicating about audit schedules and results
  • Sending certificate expiry notifications and compliance updates
  • Responding to enquiries and requests for information
  • Improving our website and services
  • Complying with legal and regulatory obligations

4. Legal Basis for Processing

We process your personal information based on one or more of the following grounds as permitted under POPIA: your consent; the performance of a contract; compliance with a legal obligation; or our legitimate interest in providing certification services.

5. Data Retention

We retain personal information only for as long as necessary for the purposes for which it was collected, or as required by law or our accreditation obligations. In particular: certification records (applications, audit reports, agreements and related documents) are retained for the duration of the current certification cycle plus one full certification cycle, as required of accredited certification bodies under ISO/IEC 17021-1; prospect and enquiry information is retained for a limited period after our last contact with you; and technical logs are retained for a limited security-accountability window. When a retention period expires, the information is deleted or de-identified in a manner that prevents its reconstruction.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure or destruction. All uploaded documentation and generated reports are stored using encryption, and all administrative actions are logged with timestamps and user identification for audit trail purposes.

7. Third-Party Sharing

We do not sell your personal information. We may share your information with: SANAS and other accreditation bodies as required for certification purposes; government authorities when required by law; and service providers who assist us in delivering our services (subject to appropriate data processing agreements).

8. Where Your Information Is Stored (Cross-Border Transfers)

Your personal information is stored on secure servers located in the European Union, operated by our hosting and database providers under the EU General Data Protection Regulation (GDPR) and written data-processing agreements. Transfers of personal information outside South Africa take place under section 72(1)(a) of POPIA, which permits such transfers where the recipient is bound to a substantially similar level of protection to that provided by POPIA.

9. Your Rights

Under POPIA, you have the right to: access your personal information; request correction of inaccurate information; request deletion of your information (subject to legal retention requirements); object to the processing of your information; and lodge a complaint with the Information Regulator (inforegulator.org.za).

How to make a request: email our registered Information Officer at alan@zolabix.co.za stating what you are requesting (access, correction, deletion or objection). We will verify your identity before disclosing any information and aim to respond within 30 days. Where the law or our accreditation obligations require us to retain a record you have asked us to delete, we will tell you why and, where possible, restrict further processing of it instead.

10. PAIA — Promotion of Access to Information Act

In compliance with the Promotion of Access to Information Act 2 of 2000, Zolabix (Pty) Ltd maintains a PAIA Manual — see our PAIA Manual page. To request access to records held by the company, please contact our Information Officer at alan@zolabix.co.za.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at alan@zolabix.co.za or call +27 82 821 1646.