Last Updated: May 2026
Luma Consulting (Pty) Ltd (“the Company”, “we”, “us”, or “our”) is committed to safeguarding the privacy of our website visitors and clients (“you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, lumace.co.za, or engage our professional services.
We process personal information in strict accordance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR) (EU) 2016/679.
We may collect and process the following categories of personal information:
Identity Data: Full names, maiden names (where applicable), usernames, and professional titles.
Contact Data: Email addresses, telephone numbers, and physical/postal addresses.
Technical Data: Internet Protocol (IP) addresses, browser type and version, time zone settings, browser plug-in types, operating systems, and platform information.
Usage Data: Information regarding how you navigate and interact with our website and services.
Professional/Financial Data: Information required for CIPC, SARS, and B-BBEE compliance or contractual billing.
We collect data through the following channels:
Direct Interactions: You provide information by completing online forms, subscribing to newsletters, or communicating with us via email (e.g., info@lumace.co.za).
Automated Technologies: As you interact with our website, we may automatically collect Technical Data using cookies, server logs, and similar technologies.
Third Parties: We may receive information from public sources such as the CIPC or professional regulatory bodies for compliance purposes.
We will only use your personal information when the law allows us to. Most commonly, we use your data in the following circumstances:
| Purpose/Activity | Lawful Basis for Processing |
| Service Delivery | Performance of a contract with you. |
| Enquiry Management | Legitimate interest (responding to your requests). |
| Statutory Compliance | Compliance with South African law (SARS, B-BBEE, CIPC). |
| Marketing | Explicit consent (Opt-in) for newsletters and updates. |
| Website Optimization | Legitimate interest (improving our digital interface). |
We have implemented stringent technical and organisational security measures to protect your personal information from accidental loss, unauthorised access, alteration, or disclosure. Access to your personal data is strictly limited to employees and third-party service providers who have a business “need to know” and are subject to a duty of confidentiality.
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements (typically 5 to 7 years for statutory South African records).
We may share your information with:
Regulatory Authorities: SARS, CIPC, and B-BBEE verification agencies as required by law.
Service Providers: Professional advisors, IT service providers, and administrative platforms.
Cross-Border Transfers: If data is transferred outside of South Africa or the EEA, we ensure that the recipient is subject to a law or binding agreement that provides an adequate level of protection similar to POPIA and GDPR.
Under POPIA and GDPR, you have the following rights:
Right of Access: Request a copy of the personal information we hold about you.
Right to Rectification: Request that we correct inaccurate or incomplete data.
Right to Erasure: Request the deletion of your data where there is no lawful reason for us to continue processing it.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time.
Our website may include links to third-party websites (e.g., Government portals or CSD). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
If you have any questions regarding this policy or wish to exercise your legal rights, please contact our Information Officer:
Entity Name: Luma Consulting (Pty) Ltd
Information Officer: [Insert Name of Officer]
Email: info@lumace.co.za
Website: lumace.co.za
Complaints:
You have the right to lodge a complaint with the South African Information Regulator:
Website: https://inforegulator.org.za/
Email: enquiries@inforegulator.org.za / POPIAComplaints@inforegulator.org.za
