Add The Post as a preferred source on Google

Privacy Policy

PRIVACY POLICY – INDEPENDENT MEDIA GROUP

  1. INTRODUCTION 

Independent Media Group (“the Company”, “we”, “us”, or “our”) is committed to upholding the constitutional right to privacy and ensuring lawful, reasonable, and transparent processing of personal information of all data subjects, including readers, subscribers, employees, contractors, clients, service providers, stakeholders and users of our print, digital and online platforms.

This Privacy Policy outlines how personal information is collected, processed, stored, disseminated, and protected in compliance with South African data protection legislation, including the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Promotion of Access to Information Act 2 of 2000 (“PAIA”), and other applicable laws.

By accessing or using our platforms, services, or publications, you acknowledge that you have read, understood and accepted this Privacy Policy. Your continued use constitutes informed consent, where required, to the collection and processing of your personal information in accordance with this Policy and applicable legislation.

  • SCOPE 

This Policy applies to all processing of personal information undertaken by the Company, including:

  • Websites, digital platforms, applications and electronic systems operated by the Company.
  • Print and digital publications.
  • Subscriber, customer and user databases.
  • Marketing and communication platforms
  • Employee, contractor and recruitment records.
  • Third-party service providers and operators processing personal information on behalf of the Company.

This Policy governs all forms of personal information, whether stored electronically, manually or in hybrid form.

  • DEFINITIONS
  • Personal Information: Any information relating to an identifiable, living natural person or, where applicable, an identifiable juristic person.
  • Processing: Any operation relating to personal information, including collection, storage, updating, dissemination or deletion.
  • Data Subject: The natural or juristic person to whom personal information relates.
  • Operator: A third-party processing personal information on behalf of the Company under contract or mandate.
  1. PERSONAL INFORMATION COLLECTED

4.1.  Directly from Data Subjects

  • Names, contact details, identity numbers (where legally required)
  • Subscription, account and payment information
  • Employment-related information
  • Correspondence and communications
  1. Collected Automatically 
  • IP addresses, device and browser information 
  • Cookies, tracking, and usage analytics 
  • Log files, security, and system data

4.3 Special Personal Information 

Processed only where lawful (e.g., explicit consent or legal requirement) 

  • Includes religious beliefs, race, health information, or biometric data 
  • Strict safeguards and access controls are applied
  1. PURPOSE OF PROCESSING

Personal information is processed lawfully, reasonably, and transparently for:

  • Provision and administration of media, publishing and digital services
  • Managing subscriptions, user accounts, payment  and invoicing
  • Customer support and enquiry management
  • Marketing, newsletters, and promotional communications (subject to consent)
  • Compliance with legal and regulatory obligations
  • Recruitment, human resources and organisational management
  • Internal reporting, governance and risk management
  • Security, fraud prevention and cybersecurity
  • LAWFUL BASIS FOR PROCESSING
  • Consent: Voluntary, informed and withdrawable
  • Contractual necessity: For the performance of a contract
  • Legal obligations: Required by law or regulation
  • Legitimate interests: Pursuit of legitimate business interests not overridden by data subject rights
  • Protection of legitimate interests: For the data subject, third parties, or the Company
  1. DISCLOSURE 

Personal information may be disclosed to:

  • Authorised employees and management
  • Regulatory authorities and law enforcement agencies (where required by law)
  • Third-party service providers and operators
  • Professional advisors (legal, financial, compliance)
  • Payment processors and IT service providers

All recipients are contractually bound to comply with POPIA and maintain confidentiality, integrity and security.

  1. CROSS-BORDER TRANSFERS 

Transfers outside South Africa are only allowed:

  • To jurisdictions with adequate data protection laws;
  • Under binding agreements or standard contractual clauses ensuring POPIA-compliant safeguards.
  • With explicit, informed consent of the data subject.

Recipients must maintain safeguards equivalent to South African legal standards.

  • DATA RETENTION 

Personal information is retained only as long as necessary for:

  • Legal and regulatory obligations
  • Operational and business purposes
  • Dispute resolution and enforcement of agreements

Upon expiry, data is securely deleted, anonymised, or de-identified. Retention records and deletion protocols are maintained.

  1. INFORMATION SECURITY 

Measures include:

  • Access controls and confidentiality undertakings
  • Encryption and secure servers
  • Risk assessments and cybersecurity monitoring
  • Measures to prevent loss, damage, unauthorised access, or unlawful processing
  • DATA SUBJECT RIGHTS 

Under POPIA, data subjects have the right to:

  • Access personal information
  • Request corrections or deletion
  • Object to processing
  • Withdraw consent (where applicable)
  • Lodge complaints with the Information Regulator
  • Request restriction of processing

Requests must be submitted in writing using prescribed forms.

  • COOKIES AND TRACKING
  • Used to enhance user experience, analyse performance, and provide tailored content
  • Users may disable cookies via browser settings (may affect functionality)
  • DIRECT MARKETING
  • Communications only sent with consent or to existing customers who have not opted out
  • All communications include an unsubscribe option
  • CHILDREN’S PRIVACY
  • Personal information of minors is collected only with lawful consent from a competent person
  1. DATA BREACH MANAGEMENT 

In case of a breach:

  • Investigate and contain the breach
  • Notify the Information Regulator if required
  • Inform affected data subjects if there is a risk of harm
  • Implement remedial security measures
  • POLICY UPDATES
  • May be amended to reflect legal, operational, or regulatory changes
  • The latest version is available on the company platforms
  1. CONTACT DETAILS

 [email protected]

Complaints may also be lodged with the Information Regulator of South Africa.

  1. ACCEPTANCE 

By using our services, platforms, and publications, you consent to the collection and processing of your personal information in accordance with this Privacy Policy and applicable South African data protection legislation.