Last Updated 7 April 2026

Privacy Policy

1. Introduction

Isambane Mining (Pty) Ltd (“Isambane”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, disclose, store and otherwise process personal information through the Isambane Mining Group ERP website and related public-facing services, including:

  • general website access
  • user account registration and login
  • job applications and recruitment submissions
  • anonymous or identified whistleblowing reports
  • supplier registration and supplier portal access
  • requests for quotations (RFQs), quotations and other procurement-related interactions
  • communications submitted through our website or ERP platform

We process personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), and, where applicable, other South African laws.

By using our website or submitting your information to us, you acknowledge that your personal information may be processed as described in this Privacy Policy.

2. Responsible Party

For purposes of POPIA, the responsible party is:

Isambane Mining (Pty) Ltd
Plot 22, Vaalbank, Middelburg
South Africa
Website: https://www.isambane.co.za/

3. Information Officer

Our Information Officer is:

Eben van Deventer
Information Officer
Email: eben@isambane.co.za

You may contact the Information Officer for any privacy-related queries, requests for access, correction or deletion, objections to processing, or complaints relating to the processing of your personal information.

4. What Personal Information We Collect

Depending on how you use the website or ERP platform, we may collect the following categories of personal information:

4.1 Information you provide directly

We may collect:

  • full name
  • identity or passport number, where required
  • date of birth, where relevant to recruitment or compliance
  • email address
  • telephone number
  • physical or postal address
  • company name and business details
  • job title or role
  • login credentials and account-related information
  • CVs, employment history, qualifications, references and other recruitment information
  • supplier registration documents, tax information, banking details, contact details and procurement records
  • correspondence, enquiries or support requests
  • whistleblowing report content, supporting documents and any personal information voluntarily included in a report

4.2 Information collected automatically

When you use our website or ERP, we may collect:

  • IP address
  • browser type and version
  • device type and operating system
  • date and time of access
  • pages viewed and actions taken on the platform
  • log-in and account activity
  • session identifiers
  • cookie and similar technology data

4.3 Information received from third parties

We may receive personal information from:

  • recruitment agencies or referees
  • suppliers or customer representatives
  • service providers assisting with hosting, support, security, analytics or communications
  • lawful whistleblowing channels or investigators
  • public registers or verification providers where permitted by law

5. Special Platform Functions

5.1 Job applications and recruitment

Where you submit a job application, we may process your personal information to:

  • assess your suitability for a role
  • verify your qualifications, experience and references
  • communicate with you about your application
  • comply with employment, labour, tax, health and safety, or other legal obligations
  • keep your information on file for future suitable opportunities, where lawful or with your consent

Recruitment-related information may include CVs, qualifications, work history, identity information, contact details and any other information you choose to provide.

5.2 Whistleblowing reports

Our platform may allow the submission of whistleblowing reports on an anonymous or identified basis.

Where a report is submitted:

  • we will process the information only for the purpose of receiving, investigating, managing and resolving the report, and for legal, governance, risk, ethics and compliance purposes
  • access to whistleblowing reports will be restricted to authorised persons who need access for investigation, remediation, legal advice, compliance or reporting purposes
  • we will take reasonable measures to preserve confidentiality
  • if you choose to remain anonymous, we will not knowingly attempt to identify you unless required by law, necessary for security or fraud prevention, or unavoidable due to the information you provide
  • information in a whistleblowing report may include allegations about individuals and may, depending on the content, include sensitive or special personal information voluntarily disclosed by the reporter

You should avoid including unnecessary personal information in a whistleblowing report and provide only information relevant to the concern being raised.

5.3 Supplier registration, RFQs and quotations

If you register as a supplier or use the supplier portal, we may process:

  • supplier and representative contact details
  • company registration information
  • tax, compliance and verification information
  • banking or payment-related information
  • RFQ responses, submitted quotations and procurement correspondence

We use reasonable access controls so that a logged-in supplier can access its own account information, RFQs made available to that supplier, and quotations or submissions made by that supplier. Suppliers must keep their login credentials secure and must not share access unlawfully.

6. How We Use Personal Information

We may process personal information for one or more of the following purposes:

  • to provide, operate, maintain and secure the website, ERP and related services
  • to create and manage user accounts
  • to authenticate users and manage access permissions
  • to enable supplier participation in procurement processes
  • to receive, evaluate and manage quotations, tenders and supplier submissions
  • to process job applications and recruitment activities
  • to receive, assess, investigate and resolve whistleblowing reports
  • to communicate with users, applicants, suppliers and other stakeholders
  • to respond to queries, requests or complaints
  • to comply with legal, regulatory, governance, risk and audit obligations
  • to detect, prevent and investigate fraud, misconduct, cybersecurity incidents or unlawful activity
  • to maintain records and internal administration
  • to improve our systems, services, usability and security
  • to enforce our legal rights, website terms and internal policies

We will process personal information only where we have a lawful basis to do so.

7. Lawful Grounds for Processing

We may process personal information where:

  • you have given consent
  • processing is necessary to conclude or perform a contract with you
  • processing is required to comply with a legal obligation
  • processing protects a legitimate interest of yours
  • processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests
  • processing is otherwise permitted under POPIA

Where consent is required by law, you may withdraw it at any time, subject to legal and contractual limitations.

8. Cookies and Similar Technologies

We may use cookies and similar technologies to:

  • keep users logged in securely
  • remember preferences
  • improve website functionality
  • analyse traffic and usage patterns
  • support security and fraud prevention

Cookies may include:

  • essential cookies required for the website or ERP to function
  • functional cookies that remember preferences
  • analytics or diagnostic cookies where used to understand usage and improve performance

You can usually control cookies through your browser settings, but disabling certain cookies may affect website functionality.

9. Direct Marketing

We will only send direct marketing communications where permitted by law.

Where required, we will obtain your consent before sending electronic direct marketing. You may opt out of marketing communications at any time by using the unsubscribe mechanism provided or by contacting us at info@isambane.co.za.

Operational communications, security notices, procurement-related notices, recruitment updates and responses to your requests are not direct marketing.

10. Sharing and Disclosure of Personal Information

We may share personal information with:

  • our employees, contractors and authorised representatives who need access for legitimate business purposes
  • hosting providers, IT support providers, ERP support providers, cloud service providers, email or communication providers, and other operators or service providers who process information on our behalf under appropriate confidentiality and security obligations
  • recruitment stakeholders, referees, verification agencies or hiring managers in relation to job applications
  • procurement, finance, legal, audit and compliance personnel in relation to supplier onboarding, RFQs, quotations and payment administration
  • authorised investigators, legal advisers, forensic specialists, ethics officers or regulators in relation to whistleblowing matters
  • courts, regulators, law enforcement agencies or public authorities where required by law or where necessary to protect rights or investigate unlawful conduct
  • successors-in-title or counterparties in connection with a merger, sale, restructuring or similar transaction, subject to lawful safeguards

We do not sell personal information.

11. Cross-Border Transfers

Some of our operators, service providers or systems may be located outside South Africa, or may store or process information in other countries.

Where personal information is transferred outside South Africa, we will do so only in accordance with POPIA and only where:

  • the recipient is subject to a law, binding corporate rules or binding agreement that provides an adequate level of protection
  • the data subject consents to the transfer
  • the transfer is necessary for the performance of a contract
  • the transfer benefits the data subject and it is not reasonably practicable to obtain consent
  • the transfer is otherwise permitted by law

12. Security Safeguards

We take appropriate, reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration or destruction.

These measures may include:

  • access control and authentication
  • user permissions and role-based access
  • encryption where appropriate
  • secure hosting and network protections
  • logging and monitoring
  • secure backup procedures
  • staff confidentiality obligations
  • incident management procedures

Although we take reasonable steps to secure personal information, no system can be guaranteed to be completely secure.

13. Data Retention

We retain personal information only for as long as reasonably necessary to fulfil the purpose for which it was collected, to comply with legal or regulatory obligations, to resolve disputes, to enforce agreements, or to maintain appropriate business records.

Retention periods may differ depending on the type of information and purpose of processing. For example:

  • account and supplier records may be retained for the duration of the relationship and for a lawful retention period thereafter
  • recruitment records may be retained for a limited period after the recruitment process, unless longer retention is required by law or you consent to being considered for future opportunities
  • whistleblowing records may be retained for as long as necessary for investigation, remediation, legal proceedings, audit, governance or legal compliance
  • technical logs may be retained for security, troubleshooting and audit purposes for an appropriate limited period

When personal information is no longer required, we will delete, de-identify or destroy it securely, unless we are legally required or otherwise permitted to retain it.

14. Your Rights Under POPIA

Subject to POPIA and any other applicable law, you have the right to:

  • request confirmation of whether we hold personal information about you
  • request access to your personal information
  • request correction, updating or deletion of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading or unlawfully obtained personal information
  • object, on reasonable grounds, to the processing of your personal information
  • object to the processing of your personal information for direct marketing
  • withdraw consent where processing is based on consent
  • lodge a complaint with the Information Regulator

Requests may be sent to our Information Officer at info@isambane.co.za.

We may require proof of identity before giving effect to a request.

15. Mandatory and Voluntary Information

Where we ask you to provide personal information, we will indicate where possible whether that information is mandatory or voluntary.

If you do not provide information that is necessary for a specific function, we may be unable to:

  • create or maintain your account
  • process a job application
  • allow supplier onboarding or participation in procurement processes
  • investigate or respond effectively to a whistleblowing report
  • comply with legal or contractual obligations

16. Personal Information of Children

Our website and ERP services are generally not directed at children.

We do not knowingly collect personal information from children under the age of 18 years unless such processing is permitted by law or consent has been obtained from a competent person where required.

If you believe that a child has provided personal information to us unlawfully, please contact us so that we can take appropriate steps.

17. Third-Party Websites and Services

Our website or ERP may contain links to third-party websites or services. We are not responsible for the privacy practices, content or security of third-party websites or services. You should review their privacy notices before providing them with personal information.

18. Security Compromises

If there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will investigate and, where required by law, notify affected persons and the Information Regulator as soon as reasonably possible.

19. Complaints

If you believe that we have processed your personal information unlawfully or in a manner that infringes your rights, please first contact our Information Officer at:

Eben van Deventer
Email: eben@isambane.co.za

You also have the right to lodge a complaint with the Information Regulator (South Africa). The Regulator’s official site provides POPIA complaint channels and forms, including complaint guidance, objection forms and correction/deletion request forms. Official contact channels published by the Regulator include complaint pages and support contacts such as 010 023 5200, helpdesk@inforegulator.org.za, and enquiries@inforegulator.org.za.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. Where appropriate, we may also notify users through the website, ERP platform, email or other reasonable means.

21. Contact Us

If you have any questions about this Privacy Policy or how we process personal information, please contact:

Eben van Deventer
Information Officer
Email: eben@isambane.co.za