Privacy.
This notice explains how NALORI APPLIED (Pty) Ltd handles personal information received through nalori.co.za, email correspondence, intake conversations, proposals, and paid engagements.
The short version: NALORI APPLIED does not run advertising profiles, does not sell personal information, and does not maintain a public marketing list by default. Information is collected only when someone writes to the firm, requests a document, starts an intake, or enters an engagement.
01Responsible party.
NALORI APPLIED (Pty) Ltd is the responsible party for personal information it collects directly. The company is registered in South Africa under registration number 2026/319604/07. POPIA and PAIA requests route to [email protected] or [email protected].
02Information collected.
NALORI APPLIED may collect names, work contact details, company details, role information, correspondence, brief materials, procurement records, billing details, account records, security information, and technical information needed to assess, contract, deliver, support, or record an engagement. Website hosting may create standard server logs such as IP address, URL, user agent, timestamp, referrer, device information, and error events.
03Source and supply.
Information is usually collected directly from the person or organisation that contacts NALORI APPLIED. It may also be received from a client, employer, procurement office, tender portal, supplier platform, authorised representative, public register, or service provider involved in an engagement. Supplying information is voluntary unless a law, procurement process, contract, security requirement, or accounting obligation requires it. If required information is not supplied, NALORI APPLIED may be unable to respond, assess fit, onboard a supplier relationship, issue an invoice, or perform the relevant work.
04Purpose.
Information is used to respond to correspondence, assess engagement fit, prepare proposals, evaluate procurement or tender opportunities, issue invoices, perform contracted work, maintain statutory records, manage supplier and client records, secure systems, prevent misuse, answer legal or regulator requests, and keep an audit trail of material business decisions. NALORI APPLIED does not sell personal information and does not use it for third-party advertising.
05Legal basis.
Processing may be based on consent, contract preparation or performance, legal obligation, legitimate operational interest, performance of a public-law or procurement process where applicable, or the protection of lawful rights. Relevant laws may include POPIA, PAIA, the Companies Act, tax legislation, labour and procurement rules where applicable, and contract law.
06Cookies and logs.
The public website does not intentionally set tracking, advertising, or marketing cookies. NALORI APPLIED does not use public-site cookies to build marketing profiles. Hosting, security, and performance providers, including Cloudflare, may process standard technical logs, cache records, request metadata, security events, availability signals, and similar operational telemetry needed to deliver the website, secure it, diagnose errors, measure basic performance, and understand availability. If NALORI APPLIED later adds advertising analytics, marketing cookies, product telemetry, or a consent-managed cookie feature, this notice will be updated and any required consent mechanism will be added before that processing starts.
07Operators and service providers.
NALORI APPLIED may use operators and service providers for hosting, domain services, email, cloud infrastructure, document storage, backups, accounting, security, support, procurement administration, delivery tooling, and professional advice. Operators are expected to process information only for the relevant service and to apply appropriate confidentiality and security controls.
08Disclosure.
Information may be disclosed to service providers, client representatives, authorised procurement or tender platforms, professional advisers, financial institutions, regulators, courts, law-enforcement bodies, or other parties where required to perform work, comply with law, protect rights, secure systems, investigate misuse, recover amounts owed, or respond to a lawful request. Where a client engagement requires additional sub-operators, those parties are recorded in the engagement documentation where appropriate.
09Cross-border transfers.
Some providers may process information outside South Africa. NALORI APPLIED uses those providers only where there is a lawful basis for transfer and the processing is connected to correspondence, hosting, security, records, accounting, procurement, or delivery tooling. NALORI APPLIED aims to use providers that maintain appropriate contractual, organisational, and technical safeguards for the information they process.
10Retention.
Intake material that does not become an engagement is retained only as long as needed for correspondence, supplier checks, conflict checks, or a reasonable business record. Engagement, accounting, tax, procurement, and corporate records may be retained for statutory periods, typically up to seven years where South African record-keeping rules require it. Information may be retained for longer where a dispute, investigation, legal duty, security incident, or continuing client relationship requires it.
11Security.
NALORI APPLIED applies reasonable organisational and technical safeguards, including access control, HTTPS, provider-hosted security controls, malware filtering, backup discipline, and written handling procedures for sensitive material. No internet transmission or electronic storage method is completely secure. If a security compromise affects personal information, NALORI APPLIED will assess notification duties under POPIA and communicate with affected parties and the Information Regulator where required.
12Children and external links.
NALORI APPLIED's public website and services are not directed at children. NALORI APPLIED does not knowingly collect personal information from children through the public website. The website may link to third-party sites or services. NALORI APPLIED is not responsible for the privacy practices, security, or content of third-party sites, and visitors should read the privacy notices of those sites before submitting information to them.
13Your rights.
Data subjects may request access, correction, deletion or destruction where lawful, withdrawal of consent, objection to processing, and complaint escalation to the Information Regulator of South Africa. Send requests to [email protected] with the subject line "POPIA Subject Access Request". NALORI APPLIED will respond within a reasonable period and may request information needed to verify the requester. Some requests may be refused or limited where POPIA, PAIA, another law, privilege, confidentiality, security, or third-party rights permit or require refusal.
14Changes to this notice.
NALORI APPLIED may update this notice when the website, products, services, providers, legal duties, or processing activities change. The effective date, last updated date, next review date, public record number, and revision number appear at the top and bottom of this page. Material changes take effect when published unless a later effective date is stated.