Privacy & POPIA Policy

At SmartEnd Business Solutions ("we", "us", or "our"), we understand that you trust us with your most sensitive corporate information, including company registration details, SARS tax data, and financial records. We respect your privacy and are committed to protecting your personal data in strict alignment with the Protection of Personal Information Act (POPIA) of South Africa.

This privacy policy informs you how we handle your personal data when you visit our website (smartend.co.za), engage our consulting services, or communicate with our team.

1. The Data We Collect About You

In order to perform our high-end business interventions, we may collect, use, store, and transfer different kinds of personal and corporate data, grouped as follows:

• Identity & Corporate Data: First name, last name, ID numbers, CIPC Enterprise numbers, Director details, and Beneficial Ownership documentation.
• Contact Data: Email address, physical business address, and telephone/WhatsApp numbers.
• Financial & Compliance Data: CIPC login credentials, SARS eFiling credentials, bank account confirmation letters, and historical tax returns.
• Technical Data: IP address, browser type and version, time zone setting, and device details when utilizing our website.

2. Strict Handling of CIPC & SARS Credentials

Because our core services include Compliance Rescues and Tax Cleanups, you may be required to share government portal login credentials with us. We treat this data with extreme caution:

• Ephemeral Access: Login credentials provided to us are strictly used only for the duration of the requested intervention (e.g., catching up Annual Returns or filing Beneficial Ownership).
• Restricted Visibility: Only the specific dedicated finance professional or compliance officer assigned to your file will have access to these credentials.
• Post-Project Protocol: Once your compliance is restored and the handover is complete, we strongly advise all clients to immediately change their CIPC and SARS passwords. We actively destroy temporary records of these passwords from our working files.

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:

• Contract Performance: Where we need to perform the service we are about to enter into or have entered into with you (e.g., executing a CIPC rescue, registering a domain, or building your digital infrastructure).
• Legitimate Interests: Where it is necessary for our legitimate interests (such as recovering outstanding debts or preventing fraud), provided your fundamental rights do not override those interests.
• Legal Obligation: Where we need to comply with a legal or regulatory obligation dictated by the Companies Act or Tax Administration Act.

4. Data Security & Storage

We have implemented robust security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Our digital infrastructure relies on top-tier encryption, secure cloud vaults, and strict internal access controls.

We will notify you and the Information Regulator of a suspected personal data breach where we are legally required to do so.

5. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for. By law, we may have to keep basic information about our customers (including Contact, Identity, and Financial Data) for a minimum of five (5) years for tax and legal purposes.

6. Your Legal Rights Under POPIA

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

• Request access to your personal data (a "data subject access request").
• Request correction of any incomplete or inaccurate data we hold about you.
• Request erasure of your personal data where there is no good reason for us continuing to process it.
• Object to processing of your personal data where we are relying on a legitimate interest.
• Withdraw consent at any time where we are relying on consent to process your personal data.

7. Contacting Our Information Officer

We have appointed an internal Information Officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions, including requests to exercise your legal rights, please contact:

You also have the right to make a complaint at any time to the Information Regulator of South Africa, though we would appreciate the chance to deal with your concerns before you approach them.