Policy

Cookie Policy

SurveyFiesta (Pty) Ltd ("Company", "we", "us", or "our"), operating the AgoraFord(TM) platform, respects your privacy and is committed to protecting your personal information.

This Cookie Policy explains how we use cookies and similar tracking technologies on our website: https://www.agoraford.co.za/, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA).

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They are widely used to enable website functionality, enhance user experience, and provide analytical insights.

2. Legal Basis for Processing

We process personal information collected via cookies based on the following legal grounds:

• Consent: Non-essential cookies are only activated after you provide explicit consent.
• Legitimate Interests: Certain cookies are necessary for website security, performance, and fraud prevention.
• Contractual Necessity: Some cookies are required to deliver services requested by users (e.g. login functionality).

We process personal information in accordance with the principles of:

• Lawfulness, fairness, and transparency
• Purpose limitation and minimality
• Security and confidentiality
• Accountability and data subject rights

3. Types of Cookies We Use

3.1 Strictly Necessary Cookies

These cookies are essential for the operation and security of our website.

• Enable core functionality such as authentication and session management
• Cannot be disabled without affecting website performance
• Legal basis: Legitimate Interest / Contractual Necessity

3.2 Performance and Analytics Cookies

These cookies help us understand how users interact with our website.

• Provide aggregated and anonymised usage data where possible
• Used to improve performance and usability
• Legal basis: Consent

3.3 Functional Cookies

These cookies enable enhanced functionality and personalisation.

• Remember user preferences (e.g. language settings)
• Improve user experience
• Legal basis: Consent

3.4 Marketing and Advertising Cookies

These cookies track user activity to deliver relevant content and advertisements.

• Used for remarketing and campaign optimisation
• Activated only with explicit consent
• Legal basis: Consent

4. How We Use Cookies

We use cookies to:

• Ensure secure and reliable website operation
• Improve performance and user experience
• Analyse usage patterns and optimise services
• Remember user preferences
• Deliver relevant content and communications

We do not sell personal information collected through cookies.

5. Managing Your Cookie Preferences

You can manage your cookie preferences at any time through:

• Cookie Consent Banner: Accept or reject non-essential cookies
• Browser Settings: Disable or delete cookies
• Third-Party Tools: Opt out of specific providers

Browser Settings:

• Chrome: chrome://settings/cookies
• Firefox: about:preferences#privacy
• Edge: edge://settings/content/cookies
• Safari: Preferences > Privacy

Disabling certain cookies may affect website functionality.

6. Third-Party Cookies

We may use third-party services that place cookies on your device, including:

• Google Analytics - https://policies.google.com/privacy
• Meta (Facebook) Pixel - https://www.facebook.com/policies/cookies/

These providers operate under their own privacy policies. We do not control their data processing practices.

7. Data Retention and Security

• Session cookies: Deleted when you close your browser
• Persistent cookies: Retained for a defined period or until deleted

We implement appropriate technical and organisational measures, including:

• Encryption
• Access controls
• Secure authentication

to protect cookie-related data.

8. Your Rights (GDPR and POPIA)

You have the right to:

• Access your personal information
• Withdraw consent at any time
• Request deletion of your data
• Restrict or object to processing
• Request data portability

To exercise your rights, please contact us using the details below.

9. POPIA Compliance

In accordance with POPIA, we:

• Obtain consent where required
• Process personal information lawfully and transparently
• Allow withdrawal of consent
• Protect data against unauthorised access

You may also contact the Information Regulator of South Africa for assistance.

10. Updates to This Policy

We may update this Cookie Policy from time to time. The latest version will always be published on our website.

11. Contact Information

For any questions regarding this Cookie Policy:

• Company: SurveyFiesta (Pty) Ltd
• Platform: AgoraFord(TM)
• Website: https://www.agoraford.co.za/
• Email: sales[at]surveyfiesta.com
• Information Regulator (SA): 010 023 5200

Data Processing Agreement (DPA)

1. Parties

This Data Processing Agreement ("Agreement") is entered into between:

• SurveyFiesta (Pty) Ltd ("Operator", "Processor", "we", "us", or "our"), the provider of the AgoraFord(TM) platform
• The customer entity ("Responsible Party", "Controller", or "Customer") using the platform

This Agreement forms part of and is incorporated into any applicable:

• Terms of Use
• Master Service Agreement (if applicable)
• Service agreement between the parties

2. Purpose and Scope

This Agreement governs the processing of personal information by the Operator on behalf of the Customer in connection with the provision of the AgoraFord platform.

The Operator shall process personal information only on documented instructions from the Customer and solely for the purpose of providing the agreed services.

The Customer acknowledges that it determines the purpose and means of processing and remains the Responsible Party under POPIA.

3. Definitions

For purposes of this Agreement:

• "Personal Information" has the meaning assigned under POPIA
• "Processing" includes collection, storage, use, transmission, and deletion
• "Data Subject" means the individual to whom personal information relates
• "Operator" means SurveyFiesta (Pty) Ltd
• "Responsible Party" means the Customer

All terms shall be interpreted consistently with applicable data protection laws.

4. Roles and Responsibilities

4.1 Customer Responsibilities

The Customer shall:

• Ensure that all personal information is processed lawfully and fairly
• Obtain all required consents or legal grounds for processing
• Ensure that instructions provided to the Operator comply with applicable law
• Be responsible for the accuracy, quality, and legality of data

The Customer acknowledges that it is solely responsible for determining:

• What data is processed
• Why it is processed
• How it is used within the platform

4.2 Operator Responsibilities

The Operator shall:

• Process personal information only on documented instructions
• Implement appropriate technical and organisational security measures
• Ensure that authorised personnel are subject to confidentiality obligations
• Assist the Customer where reasonably required for compliance purposes

The Operator shall not be responsible for verifying the legality or accuracy of Customer data.

5. Nature of Processing

The Operator may process personal information as necessary to:

• Provide and operate the AgoraFord platform
• Store and manage customer data
• Facilitate workflows, reporting, and analytics
• Provide support, maintenance, and system improvements

Processing may include:

• Storage
• Access
• Transmission
• Deletion

The categories of data subjects and data types are determined by the Customer.

6. Security Measures

The Operator shall implement reasonable and appropriate safeguards, including:

• Encryption of data in transit and at rest (where applicable)
• Access control and authentication mechanisms
• Logging and monitoring of system activity
• Secure infrastructure and hosting practices

Notwithstanding the above, the Customer acknowledges that:

• No system is completely secure
• The Operator does not guarantee absolute security
• The Customer remains responsible for its own internal security controls

7. Sub-Processors

The Operator may engage third-party service providers ("Sub-processors") to support service delivery.

The Operator shall:

• Take reasonable steps to ensure sub-processors are subject to appropriate data protection obligations
• Remain responsible for the performance of sub-processors to the extent required by law

The Customer acknowledges and consents to the use of sub-processors necessary for the provision of the platform.

8. Data Subject Requests

Where the Operator receives a request from a Data Subject:

• The Operator shall refer the request to the Customer
• The Customer remains responsible for responding to such requests
• The Operator shall provide reasonable assistance where required and feasible

9. Data Breach Notification

In the event of a security breach affecting personal information:

• The Operator shall notify the Customer without undue delay upon becoming aware of the breach
• The notification will include available information regarding the nature of the breach

The Customer remains responsible for:

• Regulatory notifications
• Communication with affected Data Subjects

10. Cross-Border Transfers

The Operator may process or store data outside South Africa where necessary.

The Operator shall:

• Implement appropriate safeguards
• Ensure compliance with applicable data protection requirements

The Customer acknowledges and consents to such transfers where required for service delivery.

11. Data Retention and Deletion

The Operator shall:

• Retain personal information only for the duration of the service or as required by law
• Delete or return data upon termination of services, subject to legal or operational requirements

The Customer is responsible for requesting deletion where required.

12. Audit and Compliance

The Operator shall make available information reasonably necessary to demonstrate compliance with this Agreement.

Any audits shall:

• Be conducted on reasonable notice
• Not disrupt normal business operations
• Be limited to relevant systems and controls

The Operator reserves the right to:

• Charge reasonable costs for audit-related activities
• Refuse audits that are excessive, duplicative, or pose security risks

13. Limitation of Liability

To the maximum extent permitted by law:

• The Operator shall not be liable for any indirect, incidental, or consequential damages

The Operator shall not be liable for:

• Customer misuse of the platform
• Inaccurate or unlawful data provided by the Customer
• Actions of third parties

The Operator's total liability under this Agreement shall be limited in accordance with the applicable Terms of Use or service agreement.

14. Indemnity

The Customer agrees to indemnify and hold harmless the Operator from any claims arising from:

• The Customer's failure to comply with data protection laws
• Unlawful or unauthorised processing of personal information
• Any breach of this Agreement

This indemnity applies irrespective of fault and survives termination.

15. Term and Termination

This Agreement remains in effect for the duration of the services.

Upon termination:

• The Operator shall cease processing personal information
• Data will be returned or deleted in accordance with Section 11

16. Governing Law

This Agreement is governed by the laws of the Republic of South Africa.

Disputes shall be subject to the jurisdiction of South African courts.

PAIA Manual

Prepared in accordance with Section 51 of the Promotion of Access to Information Act, 2000 ("PAIA")

1. Introduction

SurveyFiesta (Pty) Ltd ("SurveyFiesta", "the Company", "we", "us", or "our"), operating the AgoraFord platform, is committed to promoting transparency, accountability, and lawful access to information in accordance with the Promotion of Access to Information Act, 2000 ("PAIA").

This Manual has been prepared in terms of Section 51 of PAIA and serves as a guide to the records held by the Company and the process to be followed by any person seeking access to such records.

This Manual must be read together with the Company's Privacy Policy, Cookie Policy, Terms of Use, and Data Processing Agreement, all of which collectively govern the Company's handling, processing, and protection of information.

2. Company Information

SurveyFiesta (Pty) Ltd is a South African technology and services company operating the AgoraFord™ platform and associated services.

• Company Name: SurveyFiesta (Pty) Ltd
• Platform: AgoraFord
• Website: https://www.agoraford.co.za/
• Email: sales[at]surveyfiesta.com

3. Information Officer

In accordance with PAIA and the Protection of Personal Information Act, 2013 ("POPIA"), the Company has appointed an Information Officer responsible for overseeing requests for access to information and matters relating to data protection and privacy compliance.

• Information Officer: Dr. Antonio Pooe
• Email: sales[at]surveyfiesta.com

Any requests for access to records, enquiries relating to this Manual, or concerns relating to personal information may be directed to the Information Officer using the contact details above.

4. Purpose of This Manual

The purpose of this Manual is to provide transparency regarding the categories of information held by the Company and to explain how requests for access to records may be submitted and processed under PAIA.

This Manual is intended to assist:

• members of the public seeking access to records held by the Company;
• customers and users of the AgoraFord platform;
• regulatory authorities; and
• any person exercising rights contemplated under PAIA or POPIA.

Nothing in this Manual shall be interpreted as granting automatic access to records. Access requests will be assessed in accordance with PAIA and any other applicable laws.

5. Applicable Legislation

SurveyFiesta conducts its operations in accordance with applicable South African legislation. Depending on the nature of the request, records may be maintained in terms of various laws, including:

• the Promotion of Access to Information Act, 2000;
• the Protection of Personal Information Act, 2013;
• the Electronic Communications and Transactions Act, 2002;
• the Companies Act, 2008;
• the Labour Relations Act, 1995;
• the Basic Conditions of Employment Act, 1997; and
• taxation, employment, contractual, and regulatory legislation applicable to the Company's operations.

6. Categories of Records Held by the Company

The Company maintains records necessary for the administration and operation of its business, platform, services, legal obligations, and customer relationships.

These records may include corporate and administrative records such as company registration documents, governance records, contracts, internal policies, financial records, and compliance documentation.

Operational records may include platform usage information, technical documentation, support records, audit logs, cybersecurity monitoring information, service agreements, and infrastructure-related records.

The Company may also maintain human resources records relating to employees, consultants, and contractors, including employment contracts, payroll records, performance records, and training information.

Where the AgoraFord platform is used by customers, the Company may process customer-related or operational data on behalf of those customers. In such instances, the customer remains the responsible party under POPIA, while the Company acts as an operator processing such information on documented instructions.

Certain records may contain confidential, proprietary, commercially sensitive, legally privileged, or personal information protected under applicable law.

7. Processing of Personal Information

SurveyFiesta processes personal information in accordance with POPIA and applicable data protection principles, including lawfulness, minimality, purpose limitation, transparency, and security.

The Company implements reasonable technical and organisational safeguards to protect information against unauthorised access, loss, misuse, or disclosure. These measures may include access controls, encryption, authentication mechanisms, monitoring systems, and security assessments.

Further information regarding the Company's processing of personal information is contained in the Company's Privacy Policy and Data Processing Agreement.

8. Requests for Access to Records

Any person requesting access to records held by the Company must submit a written request to the Information Officer.

Requests should contain sufficient detail to enable the Company to identify:

• the record being requested;
• the identity of the requester;
• the form of access requested; and
• the legal basis for the request, where applicable.

The Company may require proof of identity before processing any request and reserves the right to request additional information reasonably necessary to evaluate the request.

Access to records is not automatic and may be subject to payment of prescribed fees where permitted by PAIA.

9. Grounds for Refusal of Access

The Company reserves the right to refuse access to records where permitted under PAIA or any other applicable law.

Access may be refused where disclosure would involve an unreasonable disclosure of personal information, reveal confidential commercial information or trade secrets, prejudice legal proceedings, compromise security measures, breach confidentiality obligations, or infringe the rights of third parties.

The Company may also refuse requests that are manifestly frivolous, vexatious, or operationally unreasonable.

10. Third-Party Information

Where records requested under PAIA contain information relating to third parties, the Company may notify affected third parties where required by law before determining whether access may be granted.

The Company shall not be liable for any delays arising from mandatory third-party notification procedures contemplated under PAIA.

11. Availability of This Manual

This Manual is available on the Company website and may also be requested directly from the Information Officer.

The Company reserves the right to amend this Manual from time to time to reflect changes in legislation, operational practices, or regulatory guidance.

12. Information Regulator

Any person who believes that their rights under PAIA or POPIA have been infringed may lodge a complaint with the Information Regulator of South Africa.

• Information Regulator South Africa
• Website: https://www.justice.gov.za/inforeg/
• Telephone: 010 023 5200
• Email: inforeg@justice.gov.za

13. Request for Access to Record Form

The prescribed Form 2 for requesting access to a record under PAIA is available at: https://inforegulator.org.za/wp-content/uploads/2020/07/InfoRegSA-PAIA-Form02-Reg7.pdf