Introduction.
iXperience (Pty) Ltd (“iXperience,” “we,” “us,” or “our”) is a private limited liability company incorporated in the Republic of South Africa (Registration No. 2013/159509/07), with its principal place of business at Darter Studios, Longkloof Precinct, Darters Rd, Gardens, Cape Town, 8001.
We are committed to protecting your personal data in compliance with:
- EU General Data Protection Regulation (GDPR)
- UK GDPR (Data Protection Act 2018)
- South African Protection of Personal Information Act (POPIA)
- California Consumer Privacy Act (CCPA) as amended by CPRA
This Privacy Policy explains:
- What personal data do we collect?
- How do we use and protect it?
- Your legal rights.
- How to contact us.
By accessing our website, participating in our programs, or using our services, you agree to this Privacy Policy.
Who We Are and Contact Details.
- Role: Data Controller (and, in some cases, Data Processor for third-party partners)
- Data Protection Contact: Legal Associate
- Email: finance@ixperience.co
- Postal Address: Darter Studios, Longkloof Precinct, Darters Rd, Gardens, Cape Town, 8001
You may lodge a complaint with your local data protection authority, such as:
- The Information Regulator (South Africa)
- The Information Commissioner’s Office (UK)
- Your relevant EU Member State authority
How We Obtain Personal Data.
We collect personal data from:
- Direct interactions such as applications, enrolment forms, and surveys.
- Automated means such as cookies, analytics, and server logs.
- Third parties such as partner universities, internship hosts, payment processors, and marketing platforms.
Personal Data We Process.
We may process:
- Identity Data – name, preferred name, date of birth, gender.
- Contact Data – address, phone number, email, social media handles.
- Financial Data – bank account details, payment card data, billing history.
- Transaction Data – enrolment details, contracts, purchases.
- Technical Data – IP address, browser type, device identifiers, location data.
- Profile Data – usernames, passwords, preferences, survey responses.
- Biometric Data – passport scans, photographs, physical characteristics.
- Special Category Data – health, race/ethnicity (where legally required).
- Usage Data – website activity, learning platform usage.
- Marketing Data – event participation, communication preferences.
We do not knowingly collect personal data from children under 13 without verified parental consent.
Lawful Bases for Processing.
We process your personal data when:
- It is necessary for the performance of a contract with you.
- You have given consent (e.g., for marketing or special category data).
- We have a legitimate business interest that does not override your rights.
- We are complying with a legal obligation.
- It is necessary to protect someone’s vital interests.
Special Category & Sensitive Data.
- We only collect sensitive data where necessary and permitted by law.
- This data is safeguarded with encryption, access controls, and need-to-know restrictions.
- For minors, parental consent will be verified through signed consent forms, proof of identity, and confirmation calls.
Cookies and Tracking Technologies.
We use:
- Strictly necessary cookies for website functionality.
- Performance cookies are used to analyse site usage.
- Functionality cookies are used to remember preferences.
- Targeting cookies for personalised advertising.
We present a cookie consent banner on first visit, allowing you to manage preferences in line with GDPR and POPIA.
International Data Transfers.
We may transfer your data internationally. Safeguards include:
- Transfers to countries with an adequacy decision from the European Commission or the UK authorities.
- Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendums.
- Participation in the EU-US Data Privacy Framework, where applicable.
Data Retention.
We keep personal data only as long as necessary for its purpose or to comply with legal obligations:
- Identity and contact data – retained for the duration of your relationship plus three years.
- Financial and transaction data – retained for five years for legal compliance.
- Special category data – deleted within 30 days of program completion unless required by law.
- Marketing preferences – retained until you opt out.
Anonymised data may be kept indefinitely.
Data Security.
We implement:
- Encryption in transit and at rest.
- Strict access controls.
- Regular security audits.
- Confidentiality agreements for all staff and contractors.
In case of a data breach:
- Regulators will be notified within 72 hours.
- Affected individuals will be informed without undue delay if the breach poses a high risk.
Your Legal Rights.
You have the right to:
- Access your personal data.
- Correct or delete it.
- Restrict or object to processing.
- Withdraw consent at any time.
- Request a copy of your data in portable format.
- Opt out of marketing.
- Opt out of automated decision-making and profiling.
Requests can be sent to finance@ixperience.co. We aim to respond within one month.
Third-Party Processing.
We share personal data with trusted service providers for:
- IT hosting and support.
- Payment processing.
- Travel and accommodation arrangements.
- Marketing and analytics.
- Partner universities and internship hosts.
All third parties are bound by written agreements requiring them to protect your data.
Dispute Resolution & Governing Law.
- We encourage you to contact us first to resolve any concerns.
- This Privacy Policy is governed by South African law, without prejudice to mandatory protections under other applicable laws depending on your location.
Changes to This Policy.
We may update this Privacy Policy from time to time. Updates will be posted on our website with the revised effective date. Where changes are significant, we will notify you directly by email or platform notice.
