A3 Architects Johannesburg (Pty) Ltd

(Updated June 2025 to Incorporate New POPIA Regulations and Operational Adaptations)

PLEASE READ THESE TERMS AND CONDITIONS OF OUR PRIVACY POLICY CAREFULLY. IT EXPLAINS THE RIGHTS, OBLIGATIONS AND ACKNOWLEDGEMENTS OF BOTH THE COMPANY AND YOU AS THE DATA SUBJECT/CLIENT/SERVICE PROVIDER. IF YOU ARE UNCERTAIN AS TO THE MEANING OF ANY OF THE PROVISIONS OF THESE TERMS, YOU ARE TO DISCONTINUE USE OF ANY SERVICES OFFERED BY THE COMPANY UNTIL SUCH TIME THAT YOU ARE ABLE TO CONFIRM YOUR UNDERSTANDING OF AND AGREEMENT HERETO.

Introduction

A3 Architects Johannesburg (Pty) Ltd values your rights and the protection of your private information. We are committed to protecting your privacy and this Privacy Policy explains how we collect, use, disclose and protect your Personal Information through the rendering of our services.

Changes to This Privacy Notice
This Privacy Notice was updated on 23 June 2025. This document is a notice to you and not a contract between us. We may occasionally modify or amend it from time to time. When we make changes to this Privacy Notice, we will update the revision date at the top of this Privacy Notice. Where those changes are material, we will take steps to let you know. The new modified or amended Privacy Notice will apply from that revision date. Please always verify whether you have consulted the latest version of the Privacy Notice.

 

Interplay Between POPI and PAIA
We respect and promote the protection of privacy, and in particular the rights afforded to you under the Protection of Personal Information Act, 2014 (as amended) ("POPIA"), where we refer to "personal information", "information" as per the Promotion of Access to Information Act, as amended ("PAIA") and "personal data" as per the General Data Protection Regulation 2016/679 ("the GDPR").

PAIA (Promotion of Access to Information Act) and POPIA (Protection of Personal Information Act) serve distinct but interconnected purposes in South Africa's legal framework. While PAIA governs access to information held by public and private bodies, POPIA specifically regulates the processing of personal information and protects the privacy rights of data subjects. Both acts work together to ensure transparency while protecting individual privacy rights.

In this Privacy Notice "we", "us" and "our" refers to the business of A3 Architects Johannesburg (Pty) Ltd.

Your Personal Information is controlled by Ms. Kerry Marais, with contact details as follows:

• Email: Kerry@a3architects.co.za

• Contact number: 011 615 6742.

For more information about us, our services, and our presence in your jurisdiction, please visit: https://www.a3architects.co.za/

Definitions
"Personal Information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

• Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

• Information relating to the education or the medical, financial, criminal or employment history of the person;

• Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

• The biometric information of the person;

• The personal opinions, views or preferences of the person;

• Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

• The views or opinions of another individual about the person; and

• The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

"Sensitive Personal Information" (also referred to as "special categories of data") means any Personal Information relating to an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data processed for the purpose of uniquely identifying that individual, data concerning health, or data concerning an individual's sex life or sexual orientation. It also includes information about an individual's criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws.
"Consent" means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
"Data" means information in electronic form.

Operational Adaptations to New POPIA Regulations
To comply with the April 2025 amendments and enhance data subject rights, A3 has implemented the following operational changes:

Expanded Access Channels
We accept and facilitate data subject requests (objections, corrections, deletions) via multiple accessible channels including email and telephone with minimal delay. Data subjects may submit requests through any of these channels at any time during our office hours without cost.

Recording Telephone Objections and Consents
All objections to processing or direct marketing consents are recorded and securely stored and can be made available to data subjects upon request at no cost.

​

Compliance Framework Improvements
In line with the removal of the PAIA manual obligation from POPIA regulations, we have strengthened our internal POPIA compliance framework with continuous monitoring, regular audits, and staff training to ensure ongoing adherence to data protection standards. Our Information Officer now ensures that compliance frameworks are "continually improved.”

Data Breach Reporting
We have integrated mandatory reporting of security compromises via the Information Regulator's e-Portal, ensuring timely notification and response to any personal data breaches as elaborated upon under the Security clause of this Policy. As of 1 April 2025, all security compromise reports must be submitted through the eservices portal rather than via email.

Information Officer Responsibilities
Our Information Officer, Ms. Kerry Marais, oversees these adaptations and ensures all POPIA obligations are met, including handling complaints and maintaining transparency.

Fair and Lawful Processing
We process your Personal Information for the listed purposes below on the basis of your consent, unless stated otherwise. In some cases, where required by POPIA, we may ask for your explicit consent for processing your Personal Information for a specific purpose.

We only collect, use, disclose or otherwise process your Personal Information where it is fair and lawful to do so. In many cases providing your Personal Information to us is necessary for the performance of your contract with us; if you do not wish to provide your Personal Information to us, we may not be able to provide you with the services you have requested from us.

How Do We Obtain Your Personal Information?

Direct Collection
Firstly, we may obtain your Personal Information from you directly, e.g., when you request our services, sign up for our newsletters, register on our Sites, solicit our services, fill out a survey, make a comment or enquiry, post something on our social media pages, subscribe to direct marketing etc.

Personal Information collected this way may include: 

• Name;

• Address;

• E-mail address;

• Username;

• Telephone number (and recordings when you call our consumer line);

• Credit card or other payment information;

• Age;

• Date of birth;

• Gender;

• Product purchase and usage information;

• Household information;

• Information, feedback, or content you provide regarding your marketing preferences;

• User-generated content, posts, and other content you submit to our Sites;

• In limited circumstances, information about your family or other individuals that you have provided to us (in such cases, we assume that you have the authority to share any personal information you provide to us about them);

• In limited circumstances based on your explicit consent or for carrying out our legal obligations or if necessary, for reasons of substantial public interest, Sensitive Personal Information such as information relating to your image, health (including information related to product usage and medical history), sexual life (and related behaviour) and biometrics collected during volunteer consumer research studies (such as facial expression recognition, heart rate and skin condition);

• Demographic information; or

• Any other Personal Information you voluntarily provide us with directly.

​

Automatic Collection

• Personal Information may be collected automatically when you visit or use our Sites (and those of our third-party service providers acting on our behalf), such as information collected by cookies and other technologies (such as web analytic tools and pixel tags) on our websites.

• Please consult our Cookies Policy for more information on how we make use of cookies and other automated means of data collection.

• Personal Information collected this way may include:

• Information about your (mobile) device or your type of browser;

• Your IP address;

• The hyperlinks you have clicked;

• Information you choose to share by using social media tools incorporated in our websites or using your social media log-in details to access certain of our product sites or applications;

• Information you share with us about your location;

• Your username, profile picture, gender, networks, and any other information you choose to share when using third party sites (such as when you use the "Like" functionality on Facebook or the +1 functionality on Google+);

• Whether you have opened e-mails sent by us to you.

• Where we are required to do so under POPIA, we will only use that information where you have agreed that we can.

​

Personal Information Obtained from Other Sources
We may also collect Personal Information about you from other sources. These other sources may include:

• Our trusted business partners;

• Social media sites;

• Consumer research organisations;

• Credit reference agencies;

• Intermediaries that facilitate data portability; and

• Other members of our group.

Personal Information collected this way may include your interests such as hobbies and pets, consumer and market research data, purchase behaviour, publicly observed data or activities such as blogs, videos, internet postings and user generated content.

For Which Purposes May We Use Your Personal Information
We use your Personal Information for our following business purposes:

• Based on your contract with us, handling and managing your project, for instance to communicate to you with respect to your project, to process your payments, execute the services, and to offer you the necessary customer service;

• Responding to your requests or enquiries;

• Meeting legal and regulatory requirements and responding to your queries emailed to us;•    Onboarding you as a client and verifying your identity (as required by law);

• Providing you with our services;

• Referring you to other service providers with your consent;

• Improving our services by analysing certain information collected, including cookies and other related information;

• Sending you information (in the form of our newsletter) and inviting you to events; and/or

• Complying with our regulatory or other obligations.

​

This Privacy Notice sets out the legal grounds on which we rely in order to process your Personal Information. In such cases, our use of your Personal Information is permitted by law because:

• It is necessary for lawful processing in the effective delivery of information and services to you and in the effective and lawful operation of our business (in each case provided such interests are not overridden by your rights);

• It is necessary to take steps to enter a contract with you for the services you solicit, or for carrying out our obligations under such a contract;

• It is required to satisfy any legal or regulatory obligations that we are subject to; and

• In limited circumstances and if required under POPIA, you have voluntarily agreed and herewith further consent, to us processing your Personal Information.

We may create anonymous data records from Personal Information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyse our services. We reserve the right to use such anonymous data for any purpose and disclose anonymous data to third parties, including but not limited to our research partners, in our sole discretion.

To Whom We May Disclose Your Personal Information

Intra-group Sharing
Your Personal Information may be shared between the different companies and brands of our group, for the purposes set out in this Privacy Notice. As we have stated above, this Privacy Notice applies to all these companies' and brands' use of your Personal Information. For more information about us, our companies, our brands, and our presence in your jurisdiction, please visit https://www.a3architects.co.za/

Third Party Service Providers

We may share your Personal Information with trusted third-party service providers who work on our behalf, such as marketing agencies, market research companies, e-commerce fulfilment partners, software, data hosting and other IT service providers, payment processors, etc. These third-party service providers are required not to use your Personal Information other than to provide the services requested by us or otherwise in accordance with our instructions.

Other Trusted Third Parties
We may also share your Personal Information with other trusted third parties, such as our business partners, advertisers (where we are permitted to do so) and data exchanges, so that we can offer you tailored content, including more relevant advertising for services which may be of interest to you. These third parties may set and access their own cookies, web beacons and similar tracking technologies on your device in order to deliver customized content and advertising to you.

Our applications may also allow you to log in using a social network or other third-party account. An example of a third-party login is "Log in with Facebook". Logging into one of our sites with your social network or other third-party account may allow us to gather information that you give us permission to access from that social network or third party. The login feature may also transfer information to the social network or third party, such as your username and password, to authenticate you. The social network or third party may also automatically collect information such as your IP address, information about your browser and device, and the address of the web page you are visiting on our site. The login feature may also place and read cookies from that third party that may contain a unique identifier the social network or other third party assigns to you. The functionality of, and your use of, the login is governed by the privacy policy and terms of the party that provided the login functionality, rather than this Privacy Notice.

Acquisitions
If another company acquires (part of) our company, business, or our assets, that company may acquire all or part of the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Notice. In the unlikely event of an insolvency, bankruptcy or receivership, your Personal Information may also be transferred as a business asset, subject to applicable law.

Disclosures
We may disclose your Personal Information if we believe in good faith that such disclosure is necessary for our legitimate interest or prudent in light of our obligations under applicable law:

• In connection with any legal investigation;

• To comply with relevant laws or to respond to court or authority orders, subpoenas or warrants served on us;

• To protect or defend our rights in legal procedures; or

• To investigate or assist in preventing any violation or potential violation of the law, this Privacy Notice, or any applicable Terms of Use.

​

Your Rights
You have various rights in relation to your Personal Information under the enhanced 2025 POPIA regulations. In particular, you may have the right to:

Access Rights

• Request a copy of Personal Information we hold about you;

• Establish whether we hold personal information about you and request access to that information.

Correction and Deletion Rights

Ask that we update the Personal Information we hold about you, or correct any Personal Information that you think is incorrect or incomplete;

• Ask that we delete personal data that we hold about you (the "right to be forgotten");

• Request correction or deletion of personal information at any time and free of charge if the personal information is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully;

• Request destruction or deletion of a record of personal information if we are no longer authorised to retain it.

• We will only retain your Personal Information as long as reasonably required for the purposes as set out in this Privacy Notice or otherwise to comply with legal or regulatory requirements applicable to us.

• When your Personal Information is processed:

  • For the performance of your contract with us, we retain your Personal Information for a period of 7 years following completion of a contractual order;

  • For meeting legal and regulatory requirements, we retain your Personal Information as it is set out by the applicable law; and

  • In all other cases, we process your Personal Information, depending on the type, for up to 2 years from the date of our last interaction with you.

​

Objection Rights

• Ask that we restrict the way in which we use your Personal Information;

• Object to our processing of your Personal Information (including for direct marketing purposes);

• Object on reasonable grounds relating to your particular situation to the processing of your personal information;

• Object to the processing of your personal information at any time for purposes of direct marketing.

• Your Choices Regarding Direct Marketing

  • When you become a client, you will be added to our mailing list. We use this mailing list to send you important information about our business, the services we offer, news and event invitations. You can also add yourself to our mailing list.

  • You can unsubscribe from our mailing list at any time which will result in us no longer marketing to you. We include a link in every marketing communication allowing you to unsubscribe from marketing communication and you can email us to ask us to remove you from our mailing list.

  • If you unsubscribe from our mailing list, we may still contact you in other instances, such as in the course of providing you with services or to collect outstanding fees. In these instances, the relevant practitioner will contact you directly and not through the mailing list.

​

Consent Withdrawal

• Withdraw consent at any time for the future to our processing of your Personal Information (to the extent such processing is based on consent).

​

How to Exercise Your Rights
Under the 2025 POPIA regulations, you may exercise these rights through multiple accessible channels:

• Hand delivery to our offices

• Post to our postal address

• Email to Kerry@a3architects.co.za

• Telephone 011 615 6742

• Any other manner that is expedient to you 

​

All requests must be submitted free of charge and we will respond within thirty (30) days of receipt. We must notify you of our right to object when collecting your personal information.

If you would like to exercise these rights or understand if they apply to you, please get in touch using the details set out at "how to contact us" below.

Children
We do not intentionally collect or use personal information of children (persons under the age of 18 years), unless with the express consent of a parent or guardian or if the law otherwise allows or requires us to process such personal information.

Transfers to Other Countries

Will We Send Your Personal Information Trans-border?
We may transfer your information cross border for our legitimate business purposes, such as for cloud storage and for our billing practices. All information transfers will comply with the applicable laws.

In such cases, where required by POPIA we will ensure that there are adequate safeguards in place to protect your Personal Information. Depending on the location of the relevant entity exporting the relevant Personal Information, this adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission. Where we are legally required to do so, further details of these transfers and copies of these agreements are available from us on request.

To the extent required and valid under POPIA, you consent to your Personal Information being transferred and processed this way.

Security Safeguards
We value the trust you place in us. We have implemented appropriate technical and organisational measures to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access and against all other unlawful forms of processing.

​

When collecting or transferring Sensitive Personal Information we use a variety of additional security technologies and procedures to help protect your information. The Personal Information you provide us with is stored on computer systems located in controlled facilities which can only be accessed by a limited number of persons who have a need to know in order to carry out their tasks and any services requested by you.

When we process highly confidential information (such as credit card numbers) over the Internet, we protect it through the use of encryption.

We will take all reasonable steps to ensure that your personal information is protected. We protect and manage personal information that we hold about you by using electronic and computer safeguards like firewalls, data encryption, and physical and electronic access control to our buildings. We only authorise access to personal information to those employees who require it to fulfil their designated responsibilities.

Security Breach
We will report any security breach to the Information Regulator and to the individuals or companies involved. Under section 22 of POPIA, if we have reasonable grounds to believe that personal information has been accessed or acquired by any unauthorised person, we must notify both the Information Regulator and affected data subjects as soon as reasonably possible.

Mandatory Reporting Requirements: As of 1 April 2025, all security compromise notifications must be reported through the Information Regulator's eservices portal rather than via email. We must submit breach reports without undue delay using the prescribed online platform.

Notification to Data Subjects: When notifying affected data subjects of a security compromise, we will provide:

• A description of the possible consequences of the breach

• A description of the measures taken or to be taken to address the breach.

• Recommendations on how data subjects can mitigate potential adverse effects.

• If known, the identity of the unauthorised person who may have accessed or acquired personal information.

 

Notification Methods: We will notify data subjects in writing using one of the following ways:

• By post to the last known physical or postal address of the data subject

• By email to the last known e-mail address of the data subject

​

If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, kindly notify us by sending an email to Kerry@a3architects.co.za.

​

Complaints
If you are unhappy with the way we have handled your Personal Information or any privacy query or request that you have raised with us, you have a right to complain to the Information Regulator.

If you believe we are using your personal information unlawfully, please let us know first:

• The Information Officer: Ms. Kerry Marais

• Contact number: 011 615 6742

• Email: Kerry@a3architects.co.za

• Website: https://www.a3architects.co.za/

You may lodge a complaint to the Information Regulator (South Africa) with the following contact details:

• Website: https://www.justice.gov.za/inforeg/index.html

• Address: SALU Building, 316 Thabo Sehume Street, Pretoria

• Contact number: 012 406 4818.

• Fax number: 086 500 3351

• Email: inforeg@justice.gov.za

​

If you are in the European Union or the United Kingdom, the following details may be used for the relevant regulatory authority.

How to Contact Us
We welcome your feedback. If you have any comments, questions or complaints regarding this Privacy Notice or our processing of your Personal Information, or would like to exercise any of the rights set out at "your rights" above that are applicable in your location, you can contact us by sending an e-mail to Kerry@a3architects.co.za.