1. Who we are
Datalab ("Datalab", "we", "us", "our") is a data analytics and artificial intelligence consultancy headquartered in Cape Town, South Africa. We operate the website www.datalabsolutions.ai (the "Website") and provide data strategy, engineering, and AI services to organisations across South Africa and internationally.
For the purposes of the EU General Data Protection Regulation (GDPR) and the South African Protection of Personal Information Act 4 of 2013 (POPIA), Datalab is the responsible party / data controller in respect of the personal information processed through this Website.
Registered address: Workshop 17, 32 Kloof Street, Gardens, Cape Town, 8001, South Africa
Email: contact@datalabsolutions.ai
2. Information we collect
2.1 Information you give us directly
When you submit an enquiry through our contact form or communicate with us by email or phone, we collect:
- Your name
- Email address
- Phone number (if provided)
- Company or organisation name (if provided)
- The content of your message
- Any other information you choose to include
2.2 Information we collect automatically
When you visit the Website, we and our third-party service providers automatically collect certain technical information, including:
- IP address and approximate geolocation (country/city level)
- Browser type, version, and language settings
- Operating system and device type
- Pages visited, time spent on pages, and navigation paths
- Referring website or search query that brought you to our site
- Date and time of your visit
This information is collected via cookies and similar technologies (see Section 4).
2.3 Information we do not collect
We do not collect special categories of personal information (such as racial or ethnic origin, health data, biometric data, or religious beliefs) through this Website. We do not collect payment card details — any commercial transactions are handled through separate secure channels.
3. How and why we use your information
We use personal information for the following purposes:
| Purpose | Legal basis (GDPR Art. 6) | POPIA ground (s.11) |
|---|---|---|
| Responding to your enquiries and providing requested information | Art. 6(1)(b) — necessary for steps prior to entering a contract | s.11(1)(b) — contract performance |
| Delivering consulting services and managing client relationships | Art. 6(1)(b) — contract performance | s.11(1)(b) — contract performance |
| Website analytics — understanding how visitors use the Website to improve it | Art. 6(1)(f) — legitimate interests (improving our services) | s.11(1)(f) — legitimate interests |
| Marketing communications (newsletters, service updates) | Art. 6(1)(a) — your consent | s.11(1)(a) — consent |
| Compliance with legal obligations (tax, regulatory) | Art. 6(1)(c) — legal obligation | s.11(1)(c) — legal obligation |
Where we rely on legitimate interests, we have balanced these against your interests and rights. You may object to processing based on legitimate interests at any time (see Section 8).
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing that occurred before withdrawal.
4. Cookies and tracking technologies
We use cookies and similar technologies on the Website. A cookie is a small text file stored on your device. You can control cookies through your browser settings, although disabling certain cookies may affect the functionality of the Website.
4.1 Cookies we use
| Category | Cookie / technology | Purpose |
|---|---|---|
| Essential / functional | localStorage (theme) | Remembers your light/dark mode preference. Not a cookie; stored locally in your browser only. |
| Analytics | _ga, _gid, _gat (Google Analytics) | Measures website traffic and user behaviour (pages visited, session duration). Data is aggregated and anonymised. Provided by Google LLC. |
| Marketing / CRM | hubspotutk, __hstc, __hssc, __hssrc (HubSpot) | Tracks visitor journeys to help us understand which content interests you and to personalise follow-up communications. Provided by HubSpot, Inc. |
4.2 Managing cookies
You can refuse or delete cookies at any time by adjusting your browser settings. Links to instructions for major browsers:
Disabling analytics or marketing cookies will not affect the core functionality of the Website.
5. Who we share your information with
We do not sell, rent, or trade your personal information. We share it only with the following categories of recipients, and only to the extent necessary:
5.1 Service providers (data processors)
- HubSpot, Inc. — CRM and marketing automation platform used to manage enquiries and communications. HubSpot processes data on our behalf under a Data Processing Agreement. HubSpot Privacy Policy
- Google LLC — Google Analytics (website analytics) and Google Fonts (web typography). Google Privacy Policy
- EmailJS — Processes contact form submissions and routes them to our email inbox. EmailJS Privacy Policy
- YouTube (Google LLC) — We embed YouTube videos on the Website. If you interact with an embedded video, YouTube may set cookies and collect data in accordance with Google's privacy policy.
5.2 Legal and regulatory disclosures
We may disclose personal information where we are required to do so by applicable law, court order, or government authority, including the South African Information Regulator.
5.3 Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal information held by us may be transferred to the acquiring entity, subject to equivalent privacy protections.
6. International data transfers
Some of our service providers are based outside South Africa and the European Economic Area (EEA), primarily in the United States. When we transfer personal information internationally, we ensure appropriate safeguards are in place:
- For transfers from the EEA/UK: we rely on the European Commission's Standard Contractual Clauses (SCCs) or an applicable adequacy decision.
- For transfers from South Africa: we ensure that the recipient country or organisation provides an adequate level of protection, or that the recipient is bound by binding contractual obligations consistent with POPIA's conditions for cross-border transfers (POPIA s.72).
You may request a copy of the relevant transfer safeguards by contacting us at the details in Section 13.
7. How long we keep your information
We retain personal information only for as long as is necessary for the purposes described in this policy, or as required by law.
- Enquiry and contact data: Retained for up to 3 years after last contact, unless you become a client (in which case we retain data for the duration of the relationship plus 5 years for legal compliance).
- Analytics data: Retained in accordance with Google Analytics' default retention settings (26 months) unless you opt out.
- Marketing communications: Retained until you unsubscribe or withdraw consent.
- Legal and accounting records: Retained for 5 years as required by South African tax and corporate law.
When retention periods expire, or upon a valid erasure request, we securely delete or anonymise your personal information.
8. Your rights
8.1 Rights under GDPR (EU, EEA, and UK residents)
If you are located in the EU, EEA, or UK, you have the following rights under the GDPR:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.
- Right to restriction (Art. 18): Ask us to restrict processing in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller, where technically feasible.
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing at any time.
- Rights related to automated decision-making (Art. 22): We do not make decisions based solely on automated processing that produce legal or similarly significant effects.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
You also have the right to lodge a complaint with a supervisory authority. If you are in the EU/EEA, this is the data protection authority in your country of residence. If you are in the UK, this is the Information Commissioner's Office (ICO): ico.org.uk.
8.2 Rights under POPIA (South African residents)
If you are located in South Africa, you have the following rights under POPIA:
- Right of access (s.23): Request confirmation of whether we hold personal information about you, and a description of that information.
- Right to correction or deletion (s.24): Ask us to correct, destroy, or delete inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal information.
- Right to object (s.11(3)): Object to the processing of personal information at any time, on reasonable grounds, unless legislation provides for such processing.
- Right to object to direct marketing (s.69): Opt out of direct marketing communications at any time by contacting us or using the unsubscribe link in any marketing email.
- Right to submit a complaint (s.74): Lodge a complaint with the Information Regulator of South Africa.
Information Regulator of South Africa
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
8.3 How to exercise your rights
To exercise any of the above rights, please contact us using the details in Section 13. We will respond to all verifiable requests within 30 days. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.
9. Information Officer (POPIA)
In accordance with section 55 of POPIA, Datalab has designated an Information Officer responsible for ensuring compliance with POPIA and handling data subject requests.
Information Officer
Name: Douglas Day
Organisation: Datalab
Address: Workshop 17, 32 Kloof Street, Gardens, Cape Town, 8001
Email: douglas@datalabsolutions.ai
10. Children's privacy
The Website is not directed at children under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.
11. Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. These measures include HTTPS encryption for all data in transit, access controls limiting who can access personal data, and regular review of our security practices.
While we take data security seriously, no method of internet transmission or electronic storage is completely secure. If you believe your personal information has been compromised, please contact us immediately. We will notify you and the relevant authorities of any confirmed personal information breach as required by applicable law.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Website after the revised policy is posted constitutes your acceptance of the changes.
13. Contact us
If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us:
Datalab
Workshop 17, 32 Kloof Street, Gardens, Cape Town, 8001, South Africa
Email: contact@datalabsolutions.ai
Privacy enquiries: douglas@datalabsolutions.ai
This policy was last updated on 23 May 2026 and is effective from that date.