Privacy Policy

1. Introduction & Scope

Welcome to www.wagnerconsultancy.com (the “Site”). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store and protect personal information in connection with the Site, our services, communications, and any customer, client, supplier or partner interactions.

By using our Site or providing personal information to us (including by email, form submission, telephone or in person), you acknowledge that you have read, understood and agree to the terms of this Privacy Policy and consent to the collection, use and disclosure of your personal information in accordance with this Policy. Where additional consent is required by law for specific processing activities, we will request it separately.

This Policy applies to:

  • visitors to our Site;

  • clients, prospective clients and business contacts;

  • suppliers, contractors and partners; and

  • any other person whose personal information we collect and process.

2. Definitions

  • Personal information / personal data: any information relating to an identifiable natural person (e.g., name, email, ID number, phone).

  • Special category data / sensitive personal data: e.g., health information, racial or ethnic origin, political opinions (we generally do not collect these; if we do, we will obtain explicit consent and additional safeguards).

  • Processing: any operation performed on personal information (collecting, storing, accessing, using, sharing, erasing).

  • Controller: the entity that determines the purposes and means of processing (that is us).

  • Processor: third parties we appoint to process personal information on our behalf (e.g., hosting, email, payment processors).

3. Information We Collect

We collect only information that is necessary for our legitimate purposes. The categories of personal information we may collect include:

Identity & contact information

  • Full name, title, business name (if applicable), email address, telephone/mobile number, postal address.

Account & interaction data

  • Sign-up/login details (username), account preferences, profile information you provide, communication preferences.

Transactional & payment data

  • Billing address, invoicing information, payment details (e.g., last 4 digits of card), payment confirmations (note: full card data is processed directly by our payment processor and is not stored by us).

Communications & messages

  • Records of communications you send us (emails, form submissions, chat transcripts) and our responses.

Technical & usage data

  • IP address, device and browser type, unique device identifiers, operating system, referrer URL, pages visited, date/time stamps, cookies and analytics data.

Marketing & preferences

  • Newsletter subscription status and any preferences you set.

Other

  • Any other information you voluntarily provide (e.g., CVs, proposals, uploaded documents).

4. How We Collect Personal Information

We collect personal information through:

  • Direct interactions: when you complete forms, register for services, contact us, subscribe to newsletters, or otherwise provide information.

  • Automated technologies: cookies, web beacons, analytics tools and server logs.

  • Third parties: payment processors (e.g., Stripe, PayPal), Google Workspace, Squarespace (site hosting), social networks (when you interact through social login or share content), and other service providers.

  • Publicly available sources: where permitted, we may obtain limited information from public registries or professional directories.

5. Purposes & Legal Bases for Processing

We will only process personal information for legitimate business purposes. Where applicable, we identify the legal basis for processing under GDPR and the corresponding lawful basis under POPIA.

Purpose: Provide services, manage accounts, communicate with you, process payments, deliver invoices and quotes, and administer the Site.
Legal basis (GDPR): Performance of a contract, legitimate interests (e.g., operation and security of our business), consent (where requested), compliance with legal obligations.
POPIA justification: Processing is necessary for the performance of a contract; related to a legitimate interest of the responsible party; consent where required; compliance with legal obligations.

Other purposes include:

  • Marketing & newsletters (consent or legitimate interest where allowed).

  • Fraud detection and security (legitimate interest).

  • Improving the Site and analytics (legitimate interest).

  • Compliance with legal & regulatory obligations (legal obligation).

6. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Site, provide analytics, improve user experience and deliver targeted advertising where you have given consent.

  • Essential cookies: required for basic Site functionality.

  • Performance & analytics cookies: collect anonymous data on site usage (Google Analytics or built-in Squarespace analytics).

  • Functional cookies: remember settings and preferences.

  • Advertising cookies: used by third parties to deliver relevant ads.

You may manage or disable cookies through your browser settings. Disabling certain cookies may limit Site functionality.

7. Disclosure & Sharing of Personal Information

We may share personal information with the following categories of recipients, only as necessary:

  • Service providers & processors: hosting providers (Squarespace), email and productivity providers (Google Workspace), payment processors (e.g., Stripe, PayPal), analytics providers, customer relationship platforms, marketing platforms, scheduling platforms and backup services.

  • Professional advisers: lawyers, accountants, auditors where necessary for professional services.

  • Payment & financial institutions: to process payments and prevent fraud.

  • Law enforcement, regulators, courts or other public authorities: where required by law or to respond to a legal process.

  • Business transfers: in connection with a sale, merger, insolvency, reorganization or asset transfer (we will require confidentiality and an obligation to protect personal information).

Where third-party processors are used, we require contracts that require processors to provide at least the same level of protection afforded by this Policy and applicable law.

8. International Transfers

Your personal information may be transferred to, stored, or processed in countries outside South Africa or the European Economic Area (EEA), including countries that may not have the same level of data protection laws.

Where data is transferred internationally, we will implement appropriate safeguards to protect your personal information (e.g., EU Standard Contractual Clauses, other contractual safeguards, or transfers to countries with an adequacy decision). By using the Site or providing personal information, you consent to such international transfers as described.

9. Data Retention

We keep personal information only as long as necessary for the purposes set out in this Policy, to satisfy legal, regulatory, tax or accounting requirements, resolve disputes and enforce agreements.

Typical retention periods (guideline):

  • Contact form enquiries / leads: retain for up to 3 years after last contact (or as needed for business development).

  • Client/customer records & invoices: retain for 5–10 years for legal and tax compliance (or as required by applicable law).

  • Job applicant data: retained for up to 1 year unless hired (or as required).

  • Analytics and logs: aggregated or anonymized; raw logs retained for a limited period (commonly 6–24 months).

Specific retention will depend on business needs and legal obligations. Please contact us to request deletion or a data retention schedule.

10. Your Rights (Data Subject Rights)

Where local law provides such rights (including under POPIA and GDPR), you may have the following rights in relation to your personal information:

  • Access: request access to personal information we hold about you.

  • Correction / rectification: request correction of inaccurate or incomplete information.

  • Erasure / deletion: request deletion of personal information where there is no lawful reason for us to continue processing.

  • Restriction of processing: ask us to restrict processing in certain circumstances.

  • Data portability: receive your personal information in a structured, commonly used, machine-readable format.

  • Object to processing: object to processing based on legitimate interests or for direct marketing.

  • Withdraw consent: where processing is based on consent, withdraw consent at any time (this does not affect processing that occurred before withdrawal).

  • Complain: lodge a complaint with your local data protection supervisory authority (e.g., Information Regulator in South Africa; supervisory authority in your EU Member State).

To exercise rights, contact us at info@wagnerconsultency.com with sufficient details to identify you and the request. We will respond in accordance with applicable law. We may require verification of identity before fulfilling sensitive requests.

11. Security Measures

We maintain reasonable technical and organisational measures to protect personal information against accidental loss, destruction, damage and unauthorized access, modification or disclosure. Measures include encryption of data in transit (HTTPS), access controls, regular software updates, secure hosting (Squarespace), use of reputable third-party processors, and employee training.

No Internet transmission is completely secure; we cannot guarantee absolute security. If a security breach occurs that may pose a risk to you, we will notify you and relevant authorities as required by applicable law.

12. Children & Minors

Our Site is not intended for use by children under 13 (or higher minimum age under local law). We do not knowingly collect personal information from children. If we learn we have collected data from a child without parental consent, we will take steps to delete it. If you believe we have such data, please contact us.

13. Marketing & Direct Communications

If you have opted in to receive marketing communications, we may contact you with news, offers or promotional information about our services. You may opt out at any time by clicking the unsubscribe link in marketing emails or contacting us at info@wagnerconsultancy. We will process opt-out requests promptly.

14. Third-Party Sites & Links

This Policy applies only to our Site. We may link to other websites or services. We are not responsible for the privacy practices or content of third-party websites. You should review the privacy policies of any site you visit.

15. Automated Decision-Making & Profiling

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects about you without explicit consent. If we introduce such processing in the future, we will notify you and provide necessary information and safeguards.

16. Changes to this Privacy Policy

We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be notified by a prominent notice on the Site, by email (if you are a subscriber), and by updating the “Last updated” date above. Continued use of the Site after changes are posted constitutes acceptance of the revised Policy.

17. Limitation of Liability, Indemnity & Legal Terms

Limitation of liability: To the fullest extent permitted by applicable law, our liability for any claim arising from or related to this Policy, the Site or our processing of personal information is limited to direct damages and shall not exceed the total amount paid by you to us in the 12 months preceding the event giving rise to the claim (or, where no payments were made, an amount equivalent to $100). We are not liable for indirect, incidental, special, punitive or consequential damages, loss of profits, loss of business or loss of goodwill.

Indemnity: You agree to indemnify and hold us harmless from any third-party claims, liabilities, losses or expenses (including reasonable legal fees) arising out of your breach of this Policy, misuse of the Site, or provision of false or misleading information.

No waiver & maximum extent: Nothing in this Policy seeks to exclude or limit liability that cannot be excluded by law. Certain jurisdictions do not allow the exclusion or limitation of certain damages; accordingly some of the above limitations may not apply to you.

Choice of Law & Jurisdiction: This Policy and our privacy practices are governed by the laws of the Republic of South Africa (unless otherwise required by applicable law). Where permitted, any dispute shall be submitted to the non-exclusive jurisdiction of the South African courts. If you are located in the EU or another jurisdiction with mandatory consumer protections, nothing in this Policy will deprive you of rights under local mandatory law.

18. How to Contact Us / Complaints

If you have questions, requests, or complaints about this Policy or our processing of personal information, please contact:

Wagner & Company
Email: info@wagnerconsultancy.com

If you are in South Africa and remain unsatisfied with our response, you may lodge a complaint with the Information Regulator:
Information Regulator (South Africa)https://inforegulator.org.za/ (or contact details as updated).

If you are in the EU, you may lodge a complaint with your national supervisory authority.

19. Data Breach Notification

In the event of a data breach that presents a risk to the rights and freedoms of individuals, we will assess the risk and, where required by law, notify affected individuals and applicable supervisory authorities without undue delay and within any legally required timeframe (e.g., GDPR: 72 hours where feasible).

20. Practical Steps to Manage Your Privacy

  • To update your contact details or preferences, email info@wagnerconsultancy.com.

  • To unsubscribe from marketing: use the unsubscribe link or email us.

  • To request access, correction, deletion, or portability of your personal information: email info@wagnerconsultancy.com with “Data Subject Request” and concise details of your request.

  • We may ask for proof of identity to protect your privacy when processing requests.

21. Acknowledgement & Agreement

By using this Site, submitting information to us, or otherwise interacting with us, you acknowledge that you have read this Privacy Policy and agree to its terms. Where required by law, you also provide the consents described in this Policy.

22. Miscellaneous

  • Severability: If any provision of this Policy is found invalid or unenforceable, the remaining provisions will remain in full force and effect.

  • Assignment: We may assign our rights and obligations under this Policy in connection with a merger, sale or transfer of business, subject to a requirement that the assignee protect personal information consistent with this Policy.

  • Entire agreement: This Policy, together with any other notices on the Site, constitutes the entire agreement relating to privacy and replaces prior privacy statements.

Effective date: 1 October 2025
Last updated: 26 November 2025

Controller / Data Owner:
Wagner & Company (“we”, “us”, “our”)
Contact email: info@wagnerconsultancy.com