Policy

This page contains our Privacy Policy, Cookie Policy, and Data Processing Agreement (DPA) for the AgoraFord(TM) platform.

Privacy Policy

1. Introduction

SurveyFiesta (Pty) Ltd ("Company", "we", "us", or "our"), operating the AgoraFord(TM) platform, is committed to protecting personal information and complying with applicable data protection laws.

This Privacy Policy governs the collection, use, processing, storage, and disclosure of personal information when you access or use:

By accessing or using the platform, you acknowledge that you have read and understood this Privacy Policy.

This Policy must be read together with the Terms of Use and Cookie Policy, which form part of a unified legal framework governing your use of the platform.

2. Legal Framework

The Company processes personal information in accordance with applicable laws, including:

  • The Protection of Personal Information Act, 2013 (POPIA)
  • The Electronic Communications and Transactions Act, 2002 (ECT Act)
  • The General Data Protection Regulation (GDPR), where applicable

Processing is conducted in accordance with principles of lawfulness, minimality, purpose limitation, transparency, and security.

Nothing in this Policy shall be interpreted as imposing obligations on the Company beyond those required under applicable law.

3. Categories of Information Collected

3.1 Information Provided by Users

We may collect personal information that you voluntarily provide, including:

  • Name, surname, and contact details
  • Email address and organisational information
  • Job title and role
  • Login credentials and authentication details
  • Information submitted through forms, support requests, or communications

This information is collected solely for defined and lawful purposes related to the provision of services.

3.2 Automatically Collected Information

We may collect certain information automatically, including:

  • IP address and device identifiers
  • Browser type and system configuration
  • Usage data, interaction logs, and access records
  • Cookies and tracking data (as detailed in the Cookie Policy)

Such information is primarily used for system functionality, analytics, and security monitoring.

3.3 Platform and Customer Data

Where the AgoraFord platform is used by organisations:

  • The Company may process data on behalf of customers ("Customer Data")
  • This may include governance, risk, compliance, audit, or operational data
  • The customer remains the responsible party for such data under POPIA
  • The Company acts as an operator/service provider and processes such data only in accordance with instructions from the customer.

4. Purpose of Processing

Personal information is processed for the following purposes:

  • To provide, operate, and maintain the platform
  • To manage user accounts and authentication
  • To deliver support and respond to enquiries
  • To improve platform functionality, performance, and security
  • To communicate service-related information
  • To comply with legal, regulatory, and contractual obligations

Personal information will not be processed for purposes that are incompatible with those stated above.

5. Legal Basis for Processing

We process personal information based on:

  • Consent - where required under applicable law
  • Contractual necessity - to provide services requested by users
  • Legitimate interests - to maintain and improve the platform
  • Legal obligations - to comply with statutory requirements

Where consent is required, users have the right to withdraw such consent at any time.

6. Disclosure of Personal Information

The Company does not sell personal information.

Personal information may be disclosed to:

  • Authorised employees, contractors, and affiliates
  • Service providers involved in hosting, analytics, or support
  • Regulatory or law enforcement authorities where required

All disclosures are limited to what is necessary and subject to appropriate safeguards.

The Company shall not be liable for any processing conducted by third parties outside its control.

7. Cross-Border Transfers

Where personal information is transferred outside South Africa:

  • Transfers are conducted in accordance with POPIA and applicable laws
  • Appropriate safeguards, contractual protections, or security measures are implemented

You acknowledge that cross-border transfers may involve jurisdictions with different data protection standards.

8. Data Retention

Personal information is retained only for as long as necessary to:

  • Fulfil the purposes outlined in this Policy
  • Comply with legal and regulatory requirements
  • Enforce agreements or resolve disputes

The Company reserves the right to retain information where required for legitimate business or legal purposes.

9. Information Security

The Company implements reasonable technical and organisational measures to protect personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Monitoring, logging, and audit controls
  • Regular security assessments

However, you acknowledge that:

  • No system is completely secure
  • The Company does not guarantee absolute security
  • The Company shall not be liable for unauthorised access, data breaches, or cyber incidents

You remain responsible for implementing appropriate safeguards within your own environment.

10. User Responsibilities

You are responsible for:

  • Ensuring that personal information you provide is accurate and lawful
  • Obtaining necessary consents from data subjects where required
  • Ensuring compliance with applicable data protection laws

You acknowledge that the Company relies on the accuracy and legality of information provided by you.

11. Data Subject Rights

Subject to applicable law, you have the right to:

  • Access your personal information
  • Request correction or deletion
  • Object to or restrict processing
  • Withdraw consent
  • Request data portability (where applicable)

Requests may be submitted using the contact details below and will be processed in accordance with applicable law.

12. POPIA Compliance

In accordance with POPIA:

  • The Company processes personal information lawfully and transparently
  • Only necessary information is collected
  • Appropriate safeguards are implemented
  • Data subjects are afforded their rights

You may lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.

13. Third-Party Services

The platform may integrate with third-party systems or services.

You acknowledge that:

  • Such services are governed by their own privacy policies
  • The Company does not control their processing practices
  • The Company shall not be liable for any losses arising from their use

14. Changes to This Policy

The Company reserves the right to update this Privacy Policy at any time. Updated versions will be published on the website and will take effect upon publication. Continued use of the platform constitutes acceptance of the updated Policy.

15. Contact Information

For any queries relating to this Privacy Policy:

  • Company: SurveyFiesta (Pty) Ltd
  • Platform: AgoraFord(TM)
  • Website: https://www.agoraford.co.za/
  • Email: sales[at]surveyfiesta.com
  • Information Regulator (SA): 010 023 5200

Data Processing Agreement (DPA)

1. Parties

This Data Processing Agreement ("Agreement") is entered into between:

  • SurveyFiesta (Pty) Ltd ("Operator", "Processor", "we", "us", or "our"), the provider of the AgoraFord(TM) platform
  • The customer entity ("Responsible Party", "Controller", or "Customer") using the platform

This Agreement forms part of and is incorporated into any applicable:

  • Terms of Use
  • Master Service Agreement (if applicable)
  • Service agreement between the parties

2. Purpose and Scope

This Agreement governs the processing of personal information by the Operator on behalf of the Customer in connection with the provision of the AgoraFord platform.

The Operator shall process personal information only on documented instructions from the Customer and solely for the purpose of providing the agreed services.

The Customer acknowledges that it determines the purpose and means of processing and remains the Responsible Party under POPIA.

3. Definitions

For purposes of this Agreement:

  • "Personal Information" has the meaning assigned under POPIA
  • "Processing" includes collection, storage, use, transmission, and deletion
  • "Data Subject" means the individual to whom personal information relates
  • "Operator" means SurveyFiesta (Pty) Ltd
  • "Responsible Party" means the Customer

All terms shall be interpreted consistently with applicable data protection laws.

4. Roles and Responsibilities

4.1 Customer Responsibilities

The Customer shall:

  • Ensure that all personal information is processed lawfully and fairly
  • Obtain all required consents or legal grounds for processing
  • Ensure that instructions provided to the Operator comply with applicable law
  • Be responsible for the accuracy, quality, and legality of data

The Customer acknowledges that it is solely responsible for determining:

  • What data is processed
  • Why it is processed
  • How it is used within the platform

4.2 Operator Responsibilities

The Operator shall:

  • Process personal information only on documented instructions
  • Implement appropriate technical and organisational security measures
  • Ensure that authorised personnel are subject to confidentiality obligations
  • Assist the Customer where reasonably required for compliance purposes

The Operator shall not be responsible for verifying the legality or accuracy of Customer data.

5. Nature of Processing

The Operator may process personal information as necessary to:

  • Provide and operate the AgoraFord platform
  • Store and manage customer data
  • Facilitate workflows, reporting, and analytics
  • Provide support, maintenance, and system improvements

Processing may include:

  • Storage
  • Access
  • Transmission
  • Deletion

The categories of data subjects and data types are determined by the Customer.

6. Security Measures

The Operator shall implement reasonable and appropriate safeguards, including:

  • Encryption of data in transit and at rest (where applicable)
  • Access control and authentication mechanisms
  • Logging and monitoring of system activity
  • Secure infrastructure and hosting practices

Notwithstanding the above, the Customer acknowledges that:

  • No system is completely secure
  • The Operator does not guarantee absolute security
  • The Customer remains responsible for its own internal security controls

7. Sub-Processors

The Operator may engage third-party service providers ("Sub-processors") to support service delivery.

The Operator shall:

  • Take reasonable steps to ensure sub-processors are subject to appropriate data protection obligations
  • Remain responsible for the performance of sub-processors to the extent required by law

The Customer acknowledges and consents to the use of sub-processors necessary for the provision of the platform.

8. Data Subject Requests

Where the Operator receives a request from a Data Subject:

  • The Operator shall refer the request to the Customer
  • The Customer remains responsible for responding to such requests
  • The Operator shall provide reasonable assistance where required and feasible

9. Data Breach Notification

In the event of a security breach affecting personal information:

  • The Operator shall notify the Customer without undue delay upon becoming aware of the breach
  • The notification will include available information regarding the nature of the breach

The Customer remains responsible for:

  • Regulatory notifications
  • Communication with affected Data Subjects

10. Cross-Border Transfers

The Operator may process or store data outside South Africa where necessary.

The Operator shall:

  • Implement appropriate safeguards
  • Ensure compliance with applicable data protection requirements

The Customer acknowledges and consents to such transfers where required for service delivery.

11. Data Retention and Deletion

The Operator shall:

  • Retain personal information only for the duration of the service or as required by law
  • Delete or return data upon termination of services, subject to legal or operational requirements

The Customer is responsible for requesting deletion where required.

12. Audit and Compliance

The Operator shall make available information reasonably necessary to demonstrate compliance with this Agreement.

Any audits shall:

  • Be conducted on reasonable notice
  • Not disrupt normal business operations
  • Be limited to relevant systems and controls

The Operator reserves the right to:

  • Charge reasonable costs for audit-related activities
  • Refuse audits that are excessive, duplicative, or pose security risks

13. Limitation of Liability

To the maximum extent permitted by law:

  • The Operator shall not be liable for any indirect, incidental, or consequential damages

The Operator shall not be liable for:

  • Customer misuse of the platform
  • Inaccurate or unlawful data provided by the Customer
  • Actions of third parties

The Operator's total liability under this Agreement shall be limited in accordance with the applicable Terms of Use or service agreement.

14. Indemnity

The Customer agrees to indemnify and hold harmless the Operator from any claims arising from:

  • The Customer's failure to comply with data protection laws
  • Unlawful or unauthorised processing of personal information
  • Any breach of this Agreement

This indemnity applies irrespective of fault and survives termination.

15. Term and Termination

This Agreement remains in effect for the duration of the services.

Upon termination:

  • The Operator shall cease processing personal information
  • Data will be returned or deleted in accordance with Section 11

16. Governing Law

This Agreement is governed by the laws of the Republic of South Africa.

Disputes shall be subject to the jurisdiction of South African courts.

Last Updated: March 2026

Effective Date: March 2026