Privacy Policy

Fica Friendly (Pty) Ltd ("Fica Friendly", "we", "us", or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and any applicable regulations promulgated thereunder. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (fica-friendly.co.za), contact us, or engage our services. By using our website or submitting your information to us, you acknowledge that you have read and understood this policy.

Fica Friendly (Pty) Ltd is a FICA compliance consultancy registered in South Africa. We assist accountable institutions — including law firms, estate agents, financial services providers, and other entities listed under Schedule 1 of the Financial Intelligence Centre Act 38 of 2001 ("FICA") — with compliance audits, RMCP development, training, and inspection preparation. For the purposes of POPIA, Fica Friendly is the responsible party in respect of the personal information we collect and process. Contact details: Email: [email protected] WhatsApp: +27 72 881 5095 Website: fica-friendly.co.za

We may collect the following categories of personal information: Contact and identity information: your full name, email address, telephone number, and WhatsApp number. Professional information: your firm or organisation name, your role or title, and the type of institution you represent. Communication content: the content of messages, enquiries, or requests you submit via our contact form, email, or WhatsApp. Website usage data: IP address, browser type, pages visited, and session duration, collected automatically via standard web analytics tools. We do not intentionally collect special personal information (as defined in section 26 of POPIA) such as race, health information, or financial account details. If you voluntarily disclose such information in a message, we will treat it with heightened confidentiality.

We process your personal information for the following lawful purposes: To respond to enquiries and provide the services you have requested, including compliance checks, RMCP development, training, and inspection preparation. To communicate with you about your engagement, including scheduling sessions, sending documents, and following up on matters related to your compliance programme. To send you relevant compliance updates, regulatory alerts, or insights where you have consented to receive such communications or where we have a legitimate interest in doing so. To improve our website and services based on aggregated, anonymised usage data. To comply with our own legal and regulatory obligations, including record-keeping requirements under applicable South African law. We will not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Under POPIA, we process your personal information on one or more of the following grounds: Contractual necessity: processing is required to perform a contract with you or to take steps at your request prior to entering into a contract. Legitimate interest: we have a legitimate business interest in responding to enquiries and maintaining client relationships, which does not override your rights and freedoms. Legal obligation: processing is necessary to comply with a legal obligation applicable to us. Consent: where we rely on your consent (for example, for marketing communications), you may withdraw that consent at any time by contacting us at [email protected].

We may share your personal information with: Service providers and operators: third-party technology providers (such as hosting, email, and analytics services) who process personal information on our behalf under written agreements that require them to maintain appropriate security and confidentiality measures. Professional advisors: attorneys, accountants, or auditors where disclosure is necessary for legitimate business or legal purposes. Regulatory authorities: the Financial Intelligence Centre (FIC), the Information Regulator, or other competent authorities where we are required by law to disclose information. We do not transfer personal information outside South Africa unless the recipient country provides an adequate level of protection, or we have obtained your consent, or the transfer is necessary for the performance of a contract with you.

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Client records related to FICA compliance engagements are retained for a minimum of five (5) years in accordance with FICA record-keeping obligations. Enquiry and contact records are retained for a reasonable period to allow us to respond to follow-up queries and to maintain a record of our communications. When personal information is no longer required, we will delete or de-identify it in a secure manner.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include: Secure transmission of data via HTTPS encryption on our website. Access controls limiting who within our organisation can access personal information. Regular review of our information security practices. While we take reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we will notify you and the Information Regulator in the event of a security compromise as required by section 22 of POPIA.

As a data subject, you have the following rights under POPIA: Right of access: you may request confirmation of whether we hold your personal information and request a copy of that information. Right to correction: you may request that we correct or update inaccurate or incomplete personal information. Right to deletion: you may request that we delete your personal information where there is no longer a lawful basis for processing it, subject to our legal retention obligations. Right to object: you may object to the processing of your personal information on grounds relating to your particular situation, or object to direct marketing at any time. Right to lodge a complaint: if you believe we have not handled your personal information in accordance with POPIA, you may lodge a complaint with the Information Regulator of South Africa at inforeg.org.za. To exercise any of these rights, please contact us at [email protected]. We will respond within a reasonable time and in any event within 30 days.

Our website uses standard web analytics tools that collect anonymised data about how visitors interact with our site (such as pages visited, time on site, and referral sources). This data is used solely to improve the performance and content of our website. We do not use tracking cookies for advertising or profiling purposes. You may disable cookies in your browser settings; however, this may affect the functionality of certain features of our website.

Our website contains links to third-party websites, including our LinkedIn company page. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before submitting any personal information to them.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated policy will be posted on this page with a revised effective date. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us: Fica Friendly (Pty) Ltd Email: [email protected] WhatsApp: +27 72 881 5095 Website: fica-friendly.co.za Information Regulator of South Africa (for complaints): Website: inforeg.org.za Email: [email protected]