PRIVACY POLICY

Privacy Policy

A Modern Gazette for South African Life

Insight Africa Reports — Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how Insight Africa Reports ("we", "us", "our") collects, uses, discloses and protects personal data when you visit insightafricareports.com and interact with our services. It is written with the principles of the EU General Data Protection Regulation (GDPR) in mind and also reflects applicable South African data-protection standards.

Data controller

Insight Africa Reports
Cape Town
For questions or privacy requests, please use our contact form at /contact/ or email: [email protected]

Personal data we collect

We collect only the personal data necessary to operate a regional news service and to deliver content and communications. Examples include: - Account details you provide when registering (name, email address, password). - Newsletter subscription data (email address, preferences). - Comments and content you post publicly. - Technical data (IP address, device and browser information, device identifiers, pages viewed, referrer, timestamps) collected via server logs and analytics tools. - Cookies and similar technologies (see "Cookies" below). - Transaction details where you make payments or donations (payment processor will hold full payment details; we record only confirmation and receipt information).

We do not normally collect special categories of personal data (sensitive data such as health, race, religion) and do not sell personal data.

Lawful bases for processing

We process personal data on one or more of the following lawful bases: - Performance of a contract: to provide services you have requested (e.g., account administration, paid subscriptions). - Consent: where you have freely given consent (e.g., signing up for newsletters, non-essential cookies). You can withdraw consent at any time. - Legitimate interests: to operate, secure and improve the site, to carry out analytics, to detect fraud and abuse, and to send service-related communications. We balance these interests against your privacy rights. - Legal obligation: when required to comply with a court order, tax or regulatory obligation.

We will specify the lawful basis for particular processing where required by law (for example at the point of sign-up or in forms).

Cookies and similar technologies

We use cookies and similar technologies for: - Essential operation and security of the site (session cookies, load-balancing). - Analytics and performance (to understand how the site is used). - Personalisation and advertising (where active, with your consent).

Third-party services such as Google Analytics and social share providers may set their own cookies. You can control and delete cookies through your browser settings and via the cookie consent tool presented on the site. Disabling non-essential cookies may affect functionality and personalization.

How we share data

We may share personal data with: - Service providers who support our operations (hosting providers, email and newsletter services, analytics providers, content-delivery networks, and payment processors). - Legal and regulatory authorities where required to comply with law or to protect rights and safety. - Third parties in the event of a business reorganisation, merger, or sale — subject to appropriate safeguards and notice to affected users.

We require third-party processors to implement appropriate security measures and to process personal data only on our instructions.

International transfers

Some processing takes place outside the European Economic Area (EEA) and outside South Africa. When personal data is transferred internationally we rely on one or more of the following safeguards: - Adequacy decisions issued by the European Commission. - Standard Contractual Clauses (SCCs) approved by the European Commission. - Other appropriate contractual safeguards and technical measures.

We will always seek to ensure adequate protection for data transferred to jurisdictions without an adequacy decision.

Data retention

We retain personal data for no longer than necessary for the purposes set out in this policy: - Account and profile information: retained while the account is active and for up to 2 years after account closure to comply with legal obligations and to resolve disputes. - Newsletter subscriptions: retained while subscribed and for up to 2 years after unsubscribe for recordkeeping. - Analytics and usage logs: aggregated metrics retained indefinitely; raw logs retained for up to 12 months. - Transaction and donation records: retained for 7 years to meet tax and accounting obligations. - Backups and archival copies: retained for up to 90 days for operational resilience.

When personal data is no longer required we will delete it securely or anonymise it so it can no longer be linked to you.

Your rights

Where GDPR applies you have the following rights in relation to your personal data: - Right of access: obtain confirmation and a copy of personal data we hold about you. - Right to rectification: request correction of inaccurate or incomplete data. - Right to erasure ("right to be forgotten"): request deletion where there is no lawful basis for continued processing. - Right to restriction: ask us to restrict processing in certain circumstances. - Right to data portability: obtain a machine-readable copy of data you provided to us. - Right to object: object to processing based on legitimate interests, including profiling, and to direct marketing. - Right to withdraw consent: where processing is based on consent, withdraw that consent. - Right not to be subject to solely automated decision-making: request human review where relevant.

To exercise any right, please contact us via the /contact/ form or at [email protected]. We may request information to verify your identity. We will respond to valid requests within one month; we may extend this by up to two further months for complex requests and will inform you of any extension and the reasons for it. Where permitted, we may refuse manifestly unfounded or excessive requests, in which case we will explain why and advise of your right to lodge a complaint with a supervisory authority.

You also have the right to lodge a complaint with a data-protection regulator in your country.

Security

We implement reasonable organisational, technical and administrative measures to protect personal data from unauthorised access, disclosure, alteration and destruction. Measures include encryption in transit (TLS), access controls, regular security assessments and staff training. However, no system is completely secure; if we become aware of a data breach that poses a risk to your rights, we will notify affected individuals and regulators as required by law.

Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will take steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date.

How to make a privacy request

To exercise your privacy rights or ask questions about this policy, please use our contact form at /contact/ or email [email protected]. We will respond as described in the "Your rights" section above.

Thank you for reading. We aim to handle personal data with care and transparency consistent with the trust placed in us by our readers.