1. Who We Are 

 Midvaal Risk Management provides occupational health, safety, and environmental compliance consulting. We conduct baseline assessments, ongoing assurance visits, and annual reviews to help organisations embed safe practices and meet legal requirements. We respect your privacy and are committed to protecting your personal information in line with South Africa’s POPIA and PAIA laws.

2. What Information We Collect 

 We may collect your name, contact details, and project information when you engage our services. This information is used only to deliver and support the services you request.

3. How We Use Your Information

• To communicate with you about your requirements.

• To provide invoices and manage payments.

• To deliver compliance support and consulting services.

• To meet legal and tax requirements.

4. How Long We Keep Your Information

• Financial records (invoices, receipts) are kept for 5 years as required by law.

• Project files and communication records are kept for up to 12 months after completion for consulting purposes.

• After this period, information is securely deleted or anonymized.

5. Your Rights 

 You have the right to:

• Access the information we hold about you.

• Request corrections or updates.

• Ask us to delete your information when it is no longer needed.

• Withdraw consent for marketing at any time.

6. How to Contact Us 

 If you wish to access, correct, or delete your information, please email us at: info@midvaalriskmanagement.co.za 

1. Purpose This policy outlines how Midvaal Risk Management retains and disposes of personal information in compliance with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA).

2. Scope Applies to all personal information collected from clients, suppliers, and partners during the course of business activities.

3. Retention Periods

• Client audits/Risk Assessments: Retained for the duration of the project and up to 12 months after completion for support purposes, unless otherwise agreed.

• Financial records (invoices, receipts, contracts): Retained for 5 years in line with SARS requirements.

• Communication records (emails, correspondence): Retained for 2 years for reference and dispute resolution.

• Marketing consent data: Retained until the client withdraws consent.

• Other personal information: Retained only as long as necessary to fulfill the purpose for which it was collected.

4. Disposal of Data At the end of the retention period, personal information will be:

• Securely deleted from electronic systems.

• Shredded or destroyed if in physical form.

• Anonymized where retention is required for statistical or business analysis.

5. Client Rights Clients may:

• Request access to their personal information.

• Request correction or deletion of their information.

• Withdraw consent for processing at any time.

Requests can be made via email to: info@midvaalriskmanagement.co.za

6. Review This policy will be reviewed annually to ensure compliance with POPIA, PAIA, and other applicable laws.