Privacy Policy

1. Introduction

ISR (the “Institute”, “we”, “us”) is committed to protecting your privacy. This policy explains how we collect, use, store, and share your personal information when you visit our website or interact with us.

2. Who this applies to

This applies to all visitors, donors, volunteers, event participants, and anyone who provides personal information to ISR through our website or other channels.

3. Information we collect

We may collect:

  • Contact information (e.g. name, email, phone number, postal address)
  • Professional details (e.g. organisation, role, expertise)
  • Payment details (when you make donations or pay event fees)
  • Technical data (e.g. IP address, browser type, cookies) via website analytics tools

We collect data when you sign up for newsletters, make donations, register for events, submit a contact enquiry, or use our website features (forms, cookies, logs).

4. Why we collect it

We use your data to:

  • Communicate with you (e.g. updates, invitations, newsletters)
  • Process donations or event registrations
  • Provide support or respond to your questions
  • Improve and secure our website and services
  • Fulfil legal or regulatory obligations

We only collect information that is necessary for these purposes (“data minimisation”)

5. Legal grounds

We process your data based on:

  • Your consent (e.g. when signing up for newsletters)
  • Performance of a service you requested (e.g. event registration)
  • Compliance with legal duties (e.g. tax reporting)
  • Legitimate interest (e.g. website security, internal administration) under POPIA/GDPR-style principles

6. How we share data

We may share your information with:

  • Service providers who support us (e.g. payment processors, email platforms, web hosting)
  • Legal or regulatory authorities if required by law
  • Marketing or research partners (only with your consent)

All third parties are contractually required to protect your data in line with applicable laws

7. Data storage and retention

We securely store personal information digitally and/or on paper. Your data is kept only for as long as needed for the purpose or as required by law (e.g. accounting or regulatory records).
When data is no longer required, we securely delete or anonymise it.

8. Data security

We take reasonable technical and organisational steps to protect your information—such as encrypted connections (SSL), secure servers, access controls, and staff training. While we strive for high security, no system is completely risk‑free.

9. Your rights

Under South Africa's POPIA and international principles, you have the right to:

  • Access information we hold about you
  • Request corrections or deletion of inaccurate or outdated information
  • Object to or withdraw consent to certain processing
  • Unsubscribe from marketing messages
  • Lodge a complaint with our Information Officer or with the Information Regulator.

To exercise these rights, please contact us at the details below.

10. Cookies and tracking

We use cookies and similar technology to improve your experience, analyse site usage, and for marketing. You can choose to disable cookies in your browser, but some features may not work.

11. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will post the new version on our website and indicate the date it became effective.

12. Contact information

If you have questions or want to exercise your rights, contact:
Information Officer, ISR
Email: [andries@stakeholderinstitute.org]