Privacy Policy

1. Who We Are

Okhantu (Pty) Ltd is the Responsible Party for the processing of your personal information. We are an SME verification, matching, and enablement platform that helps South African businesses access tenders, funding opportunities, and procurement markets.

2. Information We Collect

We collect personal information that you provide directly to us, including:

Account Information

• Name, email address, phone number
• Company name, registration number, trading name
• Job title and role within your organisation
• Authentication credentials (password hashes, not plain text)

Business Verification Documents

• CIPC registration documents
• B-BBEE certificates and scorecards
• Tax clearance certificates (TCC/TCS PIN)
• CSD registration details
• Director ID documents (for verification purposes only)

Note: We store verification outcomes, not source documents. Original documents are processed and deleted after verification unless legally required.

Usage Data

• Pages visited and features used
• Device and browser information
• IP address and approximate location
• Session duration and interactions

3. How We Use Your Information

We process your personal information for the following purposes:

Verification Services

• Verifying your business credentials and compliance status
• Creating verified company profiles for procurement portals
• Generating compliance documents and certificates

Tender Matching

• Matching your business profile to relevant tender opportunities
• Sending tender alerts based on your industry and capabilities
• Enabling buyer-supplier connections

Platform Improvement

• Analysing usage patterns to improve our services
• Troubleshooting technical issues
• Developing new features based on user needs

Communication

• Service-related notifications and updates
• Responding to your enquiries and support requests
• Marketing communications (with your consent)

4. POPIA Conditions for Lawful Processing

We comply with all eight conditions for lawful processing under POPIA:

1. Accountability: We take responsibility for ensuring compliance with POPIA and have appointed an Information Officer.
2. Processing Limitation: We only collect personal information that is necessary for our stated purposes and with your consent or other lawful basis.
3. Purpose Specification: We collect information for specific, explicitly defined, and lawful purposes and will not process it further in ways incompatible with those purposes.
4. Further Processing Limitation: Any further processing of your information is compatible with the original purpose of collection.
5. Information Quality: We take reasonable steps to ensure your personal information is complete, accurate, not misleading, and updated where necessary.
6. Openness: We maintain documentation about our processing activities and make this privacy policy publicly available.
7. Security Safeguards: We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or destruction.
8. Data Subject Participation: You have the right to access, correct, and request deletion of your personal information.

5. Your Rights Under POPIA

As a data subject, you have the following rights:

Right of Access

You may request confirmation that we hold personal information about you and request a copy of that information.

Right to Correction

You may request that we correct or update any inaccurate, misleading, or incomplete personal information.

Right to Object

You may object to the processing of your personal information on reasonable grounds, including objecting to direct marketing.

Right to Deletion

You may request that we delete your personal information, subject to any legal retention requirements or legitimate business needs.

How to Exercise Your Rights

To exercise any of these rights, please contact our Information Officer at privacy@okhantu.co.za. We will respond to your request within 30 days.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: For the duration of your account and for 7 years thereafter for legal compliance.
• Verification outcomes: For 5 years or as required by procurement regulations.
• Transaction records: For 7 years as required by SARS.
• Marketing consent: Until you withdraw your consent.
• Usage analytics: Aggregated and anonymised after 2 years.

When the retention period expires, we securely delete or anonymise your personal information.

7. Security Measures

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Control: Role-based access with principle of least privilege.
• Row-Level Security: Database-enforced isolation ensures you can only access your own company's data.
• Multi-Factor Authentication: Available for all user accounts.
• Regular Audits: Security assessments and penetration testing.
• Incident Response: Documented procedures for handling security incidents, including breach notification within 72 hours as required by POPIA.

For more details about our security practices, visit our Trust & Security page.

8. Sharing Your Information

We may share your personal information with:

Service Providers

Third-party providers who help us operate our platform (cloud hosting, email delivery, analytics). All providers are bound by data processing agreements and POPIA obligations.

Verification Partners

When you request verification of your documents, we may share information with relevant authorities (CIPC, SARS, BBBEE verification agencies) to confirm your compliance status.

Buyers and Funders

When you opt to share your verified profile with procurement buyers or funding institutions, we share only the information you explicitly consent to.

Legal Requirements

We may disclose your information if required by law, court order, or government request.

9. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for the platform to function (authentication, security).
• Analytics cookies: Help us understand how users interact with our platform.
• Preference cookies: Remember your settings and preferences.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Information Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator:

12. Legal References

• Protection of Personal Information Act 4 of 2013 (POPIA)
• Promotion of Access to Information Act 2 of 2000 (PAIA)
• Electronic Communications and Transactions Act 25 of 2002 (ECTA)

For our PAIA Manual and other legal documents, visit our Legal & Compliance Library.