INTRODUCTION

At ELEVATE CREW ACADEMY (PTY) LTD (hereinafter referred to as the “Company,” “we,” “us,” or “our”), we are committed to upholding the highest standards of privacy and data protection for all individuals who interact with our digital platforms, services, and affiliated programs.

This Privacy Policy governs how we collect, process, use, share, store, and protect Personal Data belonging to individuals (hereinafter referred to as the “User,” “you,” or “your”) who access, browse, register for, or engage with our website, digital applications, and associated services.

• Compliance with Data Protection Laws

We recognize and respect your fundamental right to privacy and are committed to transparent, fair, and lawful processing of your Personal Data. Accordingly, we ensure compliance with applicable data protection and privacy laws, including but not limited to:

• General Data Protection Regulation (GDPR) (EU Regulation 2016/679) – Governing the collection, processing, and protection of Personal Data of individuals residing in the European Union (EU) and European Economic Area (EEA).
• California Consumer Privacy Act (CCPA) (California Civil Code § 1798.100 et seq.) – Establishing consumer rights for California residents, including the right to access, delete, and opt-out of the sale of Personal Data.
• Protection of Personal Information Act (POPIA) (Act No. 4 of 2013, South Africa) – Setting forth legal requirements for the lawful collection, processing, storage, and protection of Personal Information in South Africa.

This Privacy Policy outlines the Company’s commitment to safeguarding your Personal Data and ensuring compliance with internationally recognized principles of:

✔ Lawfulness – Personal Data is collected and processed only for legitimate and legal purposes.

✔ Fairness – Processing activities are transparent, just, and non-discriminatory.

✔ Transparency – Users are informed how, why, and what Personal Data is processed.

✔ Security – Industry-standard technical and organizational measures are applied to prevent unauthorized access, loss, or misuse of Personal Data.

• Scope of this Privacy Policy

This Privacy Policy applies to:

• The Company’s website, digital learning platform, mobile applications, and any other online services operated by us.
• Users who register for courses, mentorship programs, or other services provided by the Company.
• Data collected online, including website analytics, cookies, tracking technologies, and third-party integrations.

It does not apply to:

• Third-party websites, applications, or services not owned or controlled by the Company.
• Any information shared with external service providers beyond the scope of this policy, unless explicitly stated otherwise.

• Your Acknowledgment & Consent

By accessing, browsing, registering, or using our website, platform, or services, you expressly acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

If you do not agree with any part of this Privacy Policy, you must immediately discontinue use of our website and services. You also have the right to withdraw consent at any time, subject to legal and contractual restrictions.

• Updates & Modifications
  

We reserve the right to modify, amend, or update this Privacy Policy at any time. Changes will be posted on our website, and we may notify Users via email or other communication channels when material updates occur. Continued use of our services after any modifications constitutes your acceptance of the updated Privacy Policy.

• Contact Information

For any questions, concerns, or requests regarding this Privacy Policy, Users may contact us at:

📧 Email: support@elevatecrewacademy.com

📍 Business Address: [Insert Business Address]

🌍 Website: [Insert Website URL]

• DEFINITIONS

For the purposes of this Privacy Policy, the following terms and definitions shall apply:

• “Personal Data”

“Personal Data” shall mean any information relating to an identified or identifiable natural person (“Data Subject“), including but not limited to:

• Identity Data: Full legal name, date of birth, gender, national identification numbers, and passport details.
• Contact Data: Email addresses, residential addresses, telephone numbers, and social media identifiers.
• Financial and Transactional Data: Payment card details, banking information, billing addresses, and financial transaction records (processed through secure third-party payment processors).
• Geolocation Data: IP addresses, real-time location tracking, GPS coordinates, and browsing locations derived from connected devices.
• User-Generated Content: Comments, feedback, survey responses, uploaded materials, and participation in online forums or discussion boards.
  
• Behavioral and Usage Data: Web browsing activity, service interaction records, referral URLs, cookies, and tracking data collected via analytics tools.

Personal Data shall be processed in compliance with GDPR, CCPA, and POPIA, and shall not be used for purposes beyond those outlined in this Privacy Policy without explicit user consent.

• “Processing”

“Processing” shall refer to any operation or set of operations performed on Personal Data, whether or not by automated means, including but not limited to:

• Collection: The acquisition, recording, or reception of Personal Data through online forms, account registrations, or third-party integrations.
• Storage: The archiving, backup, and protection of Personal Data in encrypted servers, databases, or cloud-based repositories.
• Retrieval & Access: Authorized access to Personal Data for service provision, user authentication, and compliance audits.
• Modification & Rectification: Updates, corrections, or alterations made to Personal Data based on user requests or legal requirements.
• Sharing & Transfer: The transmission of Personal Data to third-party service providers, partners, or regulatory authorities (subject to contractual and legal safeguards).
• Deletion & Erasure: The removal, anonymization, or irreversible destruction of Personal Data upon user request or when retention periods expire.

The Processing of Personal Data shall be conducted in strict compliance with data minimization, purpose limitation, and lawful processing principles as mandated by GDPR Article 5, CCPA

§ 1798.100, and POPIA Chapter 3.

• “Data Controller”

“Data Controller” shall mean the entity responsible for determining the purposes and means

of Processing Personal Data.

For the purposes of this Privacy Policy:

• Elevate Crew Academy (PTY) LTD is the Data Controller, as it determines how Personal Data is collected, processed, and stored within the scope of its services.
• The Company shall ensure full compliance with data protection laws, implement necessary safeguards, and remain accountable for the security and lawful processing of all collected Personal Data.

• “Data Processor”

“Data Processor” shall mean any third-party service provider, contractor, or entity that processes Personal Data on behalf of the Data Controller, subject to a binding contractual agreement ensuring confidentiality and data security.

Examples of Data Processors may include, but are not limited to:

• Payment Processors (e.g., Stripe, PayPal) handling financial transactions securely.
• Cloud Hosting & Storage Providers (e.g., AWS, Google Cloud) facilitating data storage and infrastructure.
• Analytics & Marketing Platforms (e.g., Google Analytics, Facebook Pixel) used for service optimization and targeted advertising.

The Company remains fully responsible for ensuring that all Data Processors comply with GDPR, CCPA, and POPIA through legally binding contracts (Data Processing Agreements – DPAs).

• “Third Party”

“Third Party” shall mean any external entity, organization, or individual that interacts with

Personal Data without being directly affiliated with the Data Controller or Data Processor. Examples of Third Parties include:

• Regulatory Authorities (e.g., data protection supervisory bodies, financial regulators).
• Law Enforcement Agencies (e.g., courts, governmental bodies, tax authorities).
  
• External Marketing Affiliates or Business Partners, where consented data-sharing is involved.

No Personal Data shall be disclosed to any unauthorized Third Party without the User’s explicit and informed consent, except as required under lawful and regulatory obligations.

• “Consent”

“Consent” shall mean a freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes, by which they, through a statement or affirmative action, signify their agreement to the Processing of their Personal Data.

• Explicit Consent is required for data processing related to marketing communications, advertising cookies, or data-sharing with Third Parties.
• Users retain the right to withdraw Consent at any time without affecting the lawfulness of prior processing activities.

• CATEGORIES OF PERSONAL DATA COLLECTED

The Company collects, processes, and stores Personal Data from Users in accordance with applicable data protection laws. Personal Data may be collected:

• Directly from the User through voluntary submissions, account registration, purchases, or communications.
• Automatically through tracking technologies and website interactions.
• From Third-Party Sources, where lawful and applicable.

• Personal Data Provided Directly by the User

The following categories of Personal Data may be voluntarily provided by the User:

• Identity & Contact Data: Full name, email address, phone number, postal address, and demographic details.
• Account Credentials: Username, password, security authentication factors.
  
• Financial & Transactional Data: Payment details, billing information, transaction history (processed via secure third-party payment processors; we do not store financial details directly).
• Correspondence & Communications: Support inquiries, feedback forms, survey responses, and service-related interactions.

• Automatically Collected Data

The following Personal Data may be collected automatically through the use of cookies, log files, and analytics tools:

• Device & Technical Data: IP address, browser type, operating system, device type, geolocation data (subject to User consent).
• Usage & Interaction Data: Browsing patterns, page visits, clickstream data, referral URLs, session duration, and interaction timestamps.
• Cookies & Tracking Technologies: First-party and third-party cookies, tracking pixels, analytics scripts (for details, see Section 9: Cookies and Tracking Technologies).

• Data Obtained from Third Parties

The Company may collect Personal Data from third-party sources, including:

• Social Media Integrations: Information shared through third-party platforms when Users choose to link their accounts (e.g., Facebook, Google, LinkedIn).
• Marketing & Advertising Partners: Data related to advertisement interactions, campaign engagement, and affiliate marketing activities.
• Publicly Available Sources: Business directories, public profiles, and industry databases, where permitted by law.

• LEGAL BASIS FOR PROCESSING PERSONAL DATA
  

In compliance with Article 6 of GDPR, Section 1798.100 of CCPA, and Section 11 of POPIA, the Company processes Personal Data under the following lawful bases:

Purpose of Processing	Legal Basis
Service Provision (account creation, customer support, order processing)	Performance of a Contract (GDPR Art. 6(1)(b))
Marketing & Promotional Communications (newsletters, offers, ads)	Explicit Consent (GDPR Art. 6(1)(a), CCPA opt-in requirement)
Website Performance & Analytics (traffic monitoring, feature enhancements)	Legitimate Interest (GDPR Art. 6(1)(f))
Compliance with Legal & Regulatory Obligations (fraud prevention, tax reporting)	Legal Obligation (GDPR Art. 6(1)(c))

 

User Rights & Withdrawal of Consent:

• Where Personal Data is processed based on consent, Users may withdraw consent at any time by contacting support@elevatecrewacademy.com.
• Withdrawal of consent shall not affect the lawfulness of prior processing conducted before the withdrawal.

• DATA SUBJECT RIGHTS

Users are entitled to certain rights regarding the collection and processing of their Personal Data under GDPR, CCPA, and POPIA. These rights include:

• Right to Access (GDPR Art. 15, CCPA § 1798.100)

Users have the right to request a copy of their Personal Data collected and stored by the Company, along with details regarding its purpose and processing.

• Right to Rectification (GDPR Art. 16)
  

Users may request corrections or updates to inaccurate or outdated Personal Data.

• Right to Erasure (“Right to be Forgotten”) (GDPR Art. 17, CCPA § 1798.105)

Users may request deletion of their Personal Data under lawful conditions, except where retention is required by law or legitimate business interest.

• Right to Restrict Processing (GDPR Art. 18)

Users may request that the Company limit processing of their Personal Data under specific circumstances.

• Right to Data Portability (GDPR Art. 20)

Users may obtain and transfer their Personal Data in a structured, machine-readable format.

• Right to Object (GDPR Art. 21, CCPA § 1798.120)

Users have the right to object to the processing of Personal Data for marketing purposes and opt- out of targeted advertising.

• Right to Non-Discrimination (CCPA § 1798.125)

Users exercising their rights under CCPA shall not be discriminated against in terms of service, pricing, or accessibility.

Exercising Data Subject Rights:

• To make a request regarding any of the above rights, Users must submit a formal request

via email to support@elevatecrewacademy.com.

• Identity verification may be required to process such requests in compliance with data security best practices.
  

• DATA SECURITY & RETENTION

The Company employs industry-standard security measures to safeguard Personal Data against

unauthorized access, disclosure, or misuse.

• Security Measures

The following security protocols are implemented:

• Encryption of Sensitive Data: All user transactions and sensitive information are encrypted using SSL/TLS encryption protocols.
• Access Controls & Authentication: Restricted access is granted only to authorized personnel on a need-to-know basis.
• Regular Security Audits: Routine assessments and penetration testing to mitigate

cybersecurity vulnerabilities.

• Data Retention Policy

Personal Data shall be retained only for as long as necessary to fulfill its original purpose, comply with legal obligations, and ensure business continuity.

Data Category	Retention Period	Purpose of Retention
Account & Billing Data	7 years	Regulatory & tax compliance
Marketing & Analytics Data	2 years	Performance tracking & service enhancements
Customer Support Inquiries	1 year	Service improvements & dispute resolution
Transaction & Payment Records	6 years	Fraud prevention & audit compliance

 

• Data Deletion & Anonymization

• Upon expiration of retention periods, Personal Data shall be securely deleted or anonymized, rendering it irrecoverable.
• Users may request early deletion of their Personal Data, subject to applicable legal and contractual obligations.

• THIRD-PARTY DISCLOSURES

• No Sale of Personal Data

The Company does not sell, lease, or trade Users’ Personal Data to third parties for monetary consideration.

• Permitted Disclosures

Personal Data may be shared with third parties under the following conditions:

• Payment Processors: To facilitate transactions, financial data may be processed by third- party payment gateways such as Stripe, PayPal, or other authorized financial institutions.
• Cloud Hosting & Security Providers: To ensure data integrity, hosting services such as Amazon Web Services (AWS), Google Cloud, or equivalent providers may process and store Personal Data.
• Regulatory Authorities & Legal Compliance: Personal Data may be disclosed where required under applicable laws, regulations, legal proceedings, or enforcement requests from competent authorities.

• Third-Party Service Agreements

Where Personal Data is shared with service providers, the Company ensures:

• Such providers are contractually bound to confidentiality obligations and data protection standards.
  
• Data is processed solely for the explicitly defined purpose and not misused for unauthorized activities.

• Opt-Out Rights for Third-Party Sharing

Users may exercise their right to restrict certain data-sharing activities by:

• Adjusting privacy settings within their account dashboard (where applicable).
• Contacting support@elevatecrewacademy.com to request opt-out of marketing and non- essential third-party processing.

• COOKIES & TRACKING TECHNOLOGIES

The Company uses cookies and tracking technologies to enhance website performance, user experience, and security.

• Use of Cookies & Purpose

Cookie Type	Purpose	User Control Options
Essential Cookies	Enable security, fraud prevention, authentication	Cannot be disabled
Functional Cookies	Enhance user experience, remember preferences	Adjustable via settings
Analytics Cookies	Monitor website performance, page interactions	Opt-out via cookie banner
Advertising Cookies	Deliver targeted ads and marketing campaigns	Requires explicit opt-in

• User Rights to Manage Cookies

Users can modify cookie preferences using:

• The Company’s cookie settings dashboard (if applicable).
• Browser-specific settings:
  
  • Google Chrome: Settings → Privacy & Security → Cookies
  • Mozilla Firefox: Preferences → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Cookies & Website Data
  • Microsoft Edge: Settings → Cookies & Permissions

• Third-Party Tracking & Opt-Out Mechanisms

• The Company may use Google Analytics, Facebook Pixel, LinkedIn Insights, and other tracking tools.
• Users can opt out of third-party tracking via:
  • Google Ads Preferences Manager
  • Network Advertising Initiative (NAI) Opt-Out
  • Facebook Ad Preferences

• GOVERNING LAW & DISPUTE RESOLUTION

• Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of South Africa, without regard to conflict-of-law principles.

• Dispute Resolution Mechanism

In the event of a legal dispute, claim, or controversy arising from this Privacy Policy, the following resolution procedures shall apply:

1. Good Faith Negotiations

   • The Parties shall first attempt to resolve the dispute amicably through good-faith discussions.
   • If the dispute is not resolved within 30 days, further legal actions may be pursued.

2. Binding Arbitration

   • If no resolution is achieved, disputes shall be submitted to binding arbitration

under the Arbitration Foundation of Southern Africa (AFSA).

• Arbitration shall be conducted in [City, South Africa], in English, before a single arbitrator.
• The arbitrator’s decision shall be final and binding on both parties.

1. Jurisdiction & Legal Proceedings

   • Users agree that the courts of South Africa shall have exclusive jurisdiction over matters requiring judicial enforcement.
   • Notwithstanding the above, the Company reserves the right to seek injunctive relief or equitable remedies in any competent jurisdiction to prevent unauthorized use or misuse of Personal Data.

• CONTACT INFORMATION

Users with inquiries regarding this Privacy Policy, data protection rights, or opt-out requests may contact the Company at:

Email: support@elevatecrewacademy.com

Physical Address: