Privacy Policy

This Privacy Policy explains how Growth Bridge Capital (Pty) Ltd (“Growth Bridge Capital”, “the Company”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Promotion of Access to Information Act 2 of 2000 (“PAIA”), and other applicable South African privacy and consumer protection legislation.

1. Introduction

Growth Bridge Capital is committed to protecting the privacy and confidentiality of all personal information in our care.

This policy applies to all clients, employees, suppliers, and visitors to our digital platforms and premises. It must be read together with our PAIA Manual and POPIA Policy, which provide additional details on information access and data-processing procedures.

2. Personal Information We Collect

We collect and process personal information necessary for legitimate business and compliance purposes, which may include:

• Identity information: name, ID number, passport details, gender, date of birth.
• Contact information: address, phone number, email.
• Financial and transactional data: bank details, payment history, invoices.
• Employment information: qualifications, CVs, performance records.
• Technical information: device identifiers, IP address, browser type, cookies, usage logs.
• Correspondence and feedback: inquiries, complaints, support requests.
• Health and biometric data (where required by law or based on consent).

Where lawful, information is collected directly from the data subject or through authorised third parties such as regulatory databases or credit bureaus.

3. How We Collect Information

Personal information is collected through:

• Direct interactions (forms, contracts, correspondence, onboarding).
• Website and online interactions, including cookies and analytics tools.
• Service providers or regulatory bodies, where lawful.
• Publicly available sources and referrals.

4. Purpose of Processing

Growth Bridge Capital processes personal information for the following purposes:

• Providing and managing financial and capital-management services.
• Complying with FICA, FAIS, FSCA, and other legal or regulatory requirements.
• Managing client relationships, billing, and payments.
• Administering employment and HR functions.
• Conducting due diligence and preventing fraud.
• Improving products, services, and digital experiences.
• Conducting marketing or customer communication (with consent).

5. Direct Marketing and Consent

Marketing communications are sent only where lawful consent has been obtained.

Consent may be withdrawn at any time by using the unsubscribe link in our communications or contacting us at info@gbcapital.co.za.

6. Cookies and Tracking Technologies

Cookies and similar technologies are used to improve website functionality, measure performance, and personalise user experience.

Cookies may be disabled through browser settings, although certain website features may not function optimally. Details are provided in our Cookies Notice.

7. Sharing of Personal Information

Personal information may be shared only where necessary and lawful, including with:

• Regulatory authorities (FSCA, SARS, FIC) for compliance.
• Cloud service providers and IT operators under confidentiality obligations.
• Professional advisors (legal, accounting, audit).
• Marketing service providers acting under our instruction (where consent is obtained).
• Law enforcement or courts where required by law.

We do not sell, rent, or trade personal information to third parties.

8. Cross-Border Data Transfers

Where data is transferred outside South Africa, we ensure that the receiving country or organisation provides an adequate level of protection under POPIA or that binding agreements are in place.

9. Security Safeguards

We implement technical and organisational measures to protect personal information from loss, misuse, unauthorised access, or disclosure, including:

• Data and device encryption.
• Multi-factor authentication and access-control systems.
• Regular data backups and secure off-site storage.
• Firewalls and intrusion-detection systems.
• Employee security-awareness training.
• Secure destruction of data when no longer required.

10. Data Retention

Personal information is retained only as long as necessary for the purpose for which it was collected or as required by relevant legislation (e.g., Companies Act, FICA, Tax Acts).

After the retention period expires, data is securely destroyed or de-identified.

11. Rights of Data Subjects

Under POPIA, you have the right to:

1. Request access to your personal information.
2. Request correction or deletion of inaccurate or obsolete data.
3. Object to processing for specific purposes, including direct marketing.
4. Withdraw consent at any time (where processing is based on consent).
5. Lodge a complaint with the Information Regulator.

Requests must be submitted in writing to the Information Officer at info@gbcapital.co.za using PAIA Form C.

12. Information Regulator Contact Details

Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Postal: P.O. Box 31533, Braamfontein, 2017 Email: PAIA.IR@justice.gov.za | complaints.IR@justice.gov.za | infoIR@justice.gov.za Website: https://www.justice.gov.za/inforeg/

13. Complaints Procedure

If you believe your personal information has been misused or unlawfully processed, you may lodge a written complaint with the Information Officer.

The Company will acknowledge receipt within two business days and investigate the complaint within 21 business days.

If you are not satisfied with the outcome, you may escalate the complaint to the Information Regulator.

14. Updates to This Policy

This Privacy Policy may be updated periodically to reflect legislative or operational changes.

Updated versions will be posted on our website, and material changes will be communicated where appropriate.

Continued use of our website or services after updates constitutes acceptance of the revised policy.