top of page

Privacy Policy

Last updated: October 2025

Introduction

BO-SMART respects the privacy of our candidates, employees, independent contractors, clients and website visitors. We are committed to protecting your personal information and being transparent about how we collect, use and safeguard your data. This Privacy Policy explains how we handle your personal data when you use our website, apply for positions, work with us as an employee or contractor, or engage with our recruitment and business outsourcing services.

Please see our separate Cookie Policy for details on tracking technologies used on our website.

Who We Are

BO-SMART operates through two legal entities:

BO-SMART (Pty) Ltd (referred to as "BO-SMART South Africa", "BO-SMART SA”, "we", "us", or "our"), registered in South Africa with registration number 2022/379563/07 at 424 Coyote Creek Drive, Pearl Valley, Paarl, 7646, South Africa, is the Responsible Party (under POPIA) for personal data of South African residents and job applicants.

  • BO-SMART SA collects and processes data of South Africans: job applicants, candidates, employees and contractors.

  • BO-SMART (Pty) Ltd complies with South Africa's Protection of Personal Information Act (POPIA) to protect your rights as a data subject.

BO-SMART Ltd (referred to as "BO-SMART UK"), registered in England and Wales with registration number 13983835 at 38 Watermill Lane, Hertford, SG14 3LB, United Kingdom, is the Data Controller (under UK GDPR) for personal data processed in relation to our UK operations and UK-based clients. BO-SMART UK is registered with the UK's Information Commissioner's Office (ICO) under number ZB384999.

  • BO-SMART UK collects and processes data of United Kingdom residents and, where applicable, United States residents: clients.

  • BO-SMART Ltd complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 to protect your rights.

Together, we refer to these entities as "BO-SMART", "we", "us", or "our". Both entities are committed to protecting your privacy and complying with applicable data protection laws.

Our Compliance

  • Jana Swart has been appointed as our Information Officer (under POPIA) and is responsible for overseeing data protection compliance for BO-SMART SA.

  • Ben van Rooyen is responsible for overseeing data protection compliance for BO-SMART UK.

  • Transfer of data between BO-SMART SA and BO-SMART UK is one-way. Specifically, BO-SMART SA shall transfer details of employees and contractors to the clients for whom these employees and contractors have been appointed to work, but only to the extent necessary for them to fulfil their work duties. The information contained in the data transfers shall include: name, email, cell number.

  • No information shall be transferred from BO-SMART UK to BO-SMART SA.

Contact Us

You have rights over your data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. You can also revoke consent and object to direct marketing at any time. To exercise your data rights or ask questions about this Privacy Policy, please contact us:

South Africa:

United Kingdom:

We aim to acknowledge your request within 30 days and provide a substantive response within 1 month. For complex requests, this may be extended to 3 months, and we will inform you of any delay.

Our Services

BO-SMART connects UK and US businesses with highly skilled South African professionals for remote work opportunities. Our services include:

Recruitment and Placement 

We source, screen and match qualified South African candidates with roles at UK and US companies. We handle the entire recruitment process from job posting to candidate selection.

Employment and Contractor Management 

We hire employees and independent contractors in South Africa who work remotely for our clients in the UK and US. We act as the employer of record or contracting entity, handling all legal and administrative responsibilities.

Payroll Administration 

We manage payroll processing, tax withholding, and statutory payments for our employees and contractors, ensuring compliance with South African and international regulations.

HR and Compliance Support 

We handle contracts, HR administration, employee benefits, performance management and compliance matters, allowing our clients to focus on their core business.

What Personal Data We Collect and Why

1. Job Applicants and Candidates

If you apply for a position through BO-SMART, we collect and process the following information:

Personal
Data

Contact details (name, email, phone, address, postal code).

Employment history, qualifications, CV, cover letter.

References and background information.

Interview notes and
assessments.

Tax and financial information (ID number, tax reference, bank details).

How We Collect It

When you submit a job application via our website, email, or other recruitment channels.

Submitted with your application.

Provided by you or obtained from references you authorise us to contact.

Created during the recruitment process.

Provided by you upon job offer acceptance.

Why We Collect It

To contact you about job opportunities. To assess your suitability for roles. To conduct interviews and screening.

To evaluate your skills and experience. To match you with suitable roles. To verify your qualifications.

To verify your employment history and suitability. To conduct due diligence before placement.

To evaluate candidates fairly. To make informed hiring decisions. To provide feedback to clients.

To prepare employment contracts. To process payroll and comply with tax obligations.

Lawful
Basis

POPIA: Processing is necessary to take steps at your request prior to entering into an employment contract (Condition 2 - Purpose Specification; Condition 5 - Justification).

UK GDPR: Processing is necessary for taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b)).

Same As Above

Same As Above

Same As Above

POPIA: Processing is necessary to take steps at your request prior to entering into an employment contract (Condition 2 - Purpose Specification; Condition 5 - Justification).

UK GDPR: Processing is necessary for taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b)).

Unsuccessful Candidates: If you are not selected for a role, we retain your information for 7 years to make it easy for you to reapply for future opportunities. If we determine you are not qualified for our typical roles, we will delete your data after 2 years. You may request earlier deletion at any time by contacting us.

2. Employees and Independent Contractors

If you are employed or contracted by BO-SMART to work for one of our clients, we collect and process the following information:

Personal
Data

All applicant information (as above).

Bank details and financial information.

Tax information (ID number, tax reference, SARS registration).

Performance reviews, work product assessments.

Attendance, leave records, timesheets.

Health information (limited to doctor's notes for extended sick leave).

Disciplinary records (if applicable).

Race/ethnicity information (South African employees only).

How We Collect It

From your application and onboarding process.

Provided by you during onboarding.

Provided by you during onboarding and from SARS.

Created during your employment/contract period.
 

Tracked during employment/contract.

Provided by you when taking extended sick leave.

Created if disciplinary action is taken.

Requested during onboarding on a voluntary basis (only after employment offer is accepted).

Why We Collect It

To maintain your employment or contractor file.

To process salary/contractor payments. To comply with payroll and tax obligations.

To comply with tax withholding and reporting obligations in South Africa and, where applicable, the UK.

To manage performance. To provide feedback. To support career development. To fulfil our obligations to clients.

To manage leave and absences. To process payroll accurately. To comply with employment law.

To manage sick leave in accordance with employment law. To determine eligibility for sick pay.

To manage workplace conduct. To protect the interests of BO-SMART and clients. To comply with employment law.

To comply with South Africa's Employment Equity Act requirements for designated employers. This information is used solely for statutory reporting to the Department of Employment and Labour and has no bearing on hiring, promotion, or employment decisions.

Lawful
Basis

POPIA: Processing is necessary for entering into and performing an employment or contractor contract (Condition 5 - Justification).

UK GDPR: Processing is necessary for the performance of a contract (Article 6(1)(b)).

POPIA: Processing is necessary for compliance with legal obligations and contractual performance (Condition 5).

UK GDPR: Processing is necessary for compliance with legal obligations (Article 6(1)(c)) and contract performance (Article 6(1)(b)).

POPIA: Legal obligation (Condition 5).

UK GDPR: Legal obligation (Article 6(1)(c)).

POPIA: Contractual performance and legitimate interests (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

POPIA: Legal obligation and contractual performance (Condition 5).

UK GDPR: Legal obligation (Article 6(1)(c)) and contract performance (Article 6(1)(b)).

POPIA: You provide explicit consent when submitting medical documentation, and processing is necessary for employment law compliance (Condition 5 and Section 32 - Special Personal Information).

UK GDPR: Explicit consent (Article 9(2)(a)) and processing necessary for employment law purposes (Article 9(2)(b)).

POPIA: Legitimate interests and legal obligation (Condition 5).

UK GDPR: Legitimate interests (Article 6(1)(f)) and legal obligation (Article 6(1)(c)).

POPIA: Processing is necessary for compliance with a legal obligation (Employment Equity Act, 1998) (Condition 5 - Justification; Section 32 - Special Personal Information).

UK GDPR: Processing is necessary for compliance with employment law obligations (Article 9(2)(b)) and for compliance with legal obligations (Article 6(1)(c)).

Note: Under POPIA, this is special personal information and requires additional safeguards. Under UK GDPR, this is special category data.
 

Data Sharing with Clients: We share necessary employee/contractor information with the UK or US client for whom you work. This includes your contact information, CV, and work-related communications. We share only the information required for you to perform your role effectively.

Consent for Processing: By signing your employment contract or contractor agreement with BO-SMART, you provide consent for us to process your personal data as outlined in this Privacy Policy and in the data protection clauses contained in your contract. You may withdraw consent at any time, though this may affect our ability to continue the employment or contractor relationship.

Data Retention: After your employment or contract ends, we retain your personal data for 2 years to address any post-employment queries, fulfil legal obligations, and manage potential re-engagement. After this period, your data will be securely deleted unless we are required by law to retain it longer.

3. UK and US Client Representatives

If you represent a UK or US business that engages BO-SMART's services, we collect and process:

Personal
Data

Contact details (name, email, phone, company name, job title).

Company registration information.

Job role requirements and company culture.

Billing and payment information.

Communications and correspondence.

How We Collect It

Provided by you when engaging our services or through business communications.

Provided by you when engaging our services or through business communications.

Provided by you when engaging our services or through business communications.

Provided when entering into service agreements.

Exchanged via email, phone, or meetings.

Why We Collect It

To communicate about our services. To manage our business relationship. To fulfil contracts for recruitment and staff placement.

To manage our business relationship. To fulfil contracts for recruitment and staff placement.

To identify candidates who meet your requirements. To fulfil contracts for recruitment and staff placement.

To process invoices and payments. To maintain financial records.

To provide our services effectively. To address queries and issues. To maintain service records.

Lawful
Basis

POPIA: Legitimate interests (Condition 5).


UK GDPR: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

POPIA: Legitimate interests (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

POPIA: Legitimate interests (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

POPIA: Contractual performance and legal obligation (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legal obligation (Article 6(1)(c)).

POPIA: Legitimate interests (Condition 5).

UK GDPR: Legitimate interests (Article 6(1)(f)).

Data Retention: We retain client data for 2 years after the business relationship ends to handle potential queries, comply with accounting and tax obligations and facilitate future engagement.

4. Website Visitors

When you visit our website, we may collect the following information:

Personal
Data

Device and online activity information (IP address, browser type, device type, pages visited, time spent on pages).

Contact form information (name, email, message).

Job role requirements and company culture.

Billing and payment information.

Communications and correspondence.

How We Collect It

Automatically collected through cookies and similar tracking technologies when you visit our website.

Submitted by you through website contact forms.

Provided by you when engaging our services or through business communications.

Provided when entering into service agreements.

Exchanged via email, phone, or meetings.

Why We Collect It

To understand how visitors use our website. To improve website functionality and user experience. To analyse website traffic and trends.

To respond to your inquiries. To provide information about our services.

To identify candidates who meet your requirements. To fulfil contracts for recruitment and staff placement.

To process invoices and payments. To maintain financial records.

To provide our services effectively. To address queries and issues. To maintain service records.

Lawful
Basis

POPIA: Legitimate interests (Condition 5 - we have a legitimate interest in improving our website).

UK GDPR: Legitimate interests (Article 6(1)(f)) and, for certain cookies, consent.

Note: Please see our separate Cookie Policy for full details on how we use cookies and how you can manage your preferences.

POPIA: Legitimate interests and taking steps prior to contract (Condition 5). 

UK GDPR: Legitimate interests (Article 6(1)(f)) and steps prior to contract (Article 6(1)(b)).

POPIA: Legitimate interests (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

POPIA: Contractual performance and legal obligation (Condition 5).

UK GDPR: Contract performance (Article 6(1)(b)) and legal obligation (Article 6(1)(c)).

POPIA: Legitimate interests (Condition 5).

UK GDPR: Legitimate interests (Article 6(1)(f)).

5. Marketing Communications

We plan to introduce marketing communications in the future. When we do:

Personal
Data

Email address, name, preferences.

How We Collect It

Provided by you when you opt in to receive marketing, or collected during your relationship with us.

Why We Collect It

To send newsletters, updates about our services, job opportunities, and relevant industry information.
 

Lawful
Basis

POPIA: Explicit consent (Condition 1 - Accountability; you may withdraw consent at any time).

UK GDPR: Consent (Article 6(1)(a)) for new contacts, or legitimate interests (Article 6(1)(f)) for existing clients/candidates with opt-out option.

WhatsApp Communications:

We may communicate with you via WhatsApp for business purposes related to your application, employment, or our services. When we contact you via WhatsApp, the platform may collect personal information about you, including phone number, device ID, location, transaction data and user identifiers. By using WhatsApp, users agree to WhatsApp's privacy policy and Meta's data processing practices. You may opt out of WhatsApp communications at any time by informing us via WhatsApp, email, or using the "Stop promotions" button on WhatsApp.

Opting Out: You can opt out of all marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email

  • Replying "STOP" to WhatsApp messages

  • Emailing us at info@bo-smart.com

  • Contacting our Information Officer

Note that opting out of marketing does not affect our processing of your data for other purposes, such as providing recruitment services or fulfilling contractual obligations.

 

Special Personal Information / Sensitive Data

Under POPIA, special personal information includes information about race, ethnic origin, religious or philosophical beliefs, trade union membership, political opinions, health, sex life, biometric information, and criminal behaviour.

Under UK GDPR, special categories of personal data include similar information (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation).

Our Approach: We do not request and do not aim to collect special personal information or sensitive data about you, except in the following limited circumstances:

  • Health Information: We only collect health information where necessary for employment law purposes, specifically when you provide a doctor's note for extended sick leave. This is processed with your explicit consent and in accordance with employment law requirements under both POPIA (Section 32) and UK GDPR (Article 9(2)(b)).

  • Background Checks: We only verify references you voluntarily provide from past employers. We do not conduct criminal background checks or collect information about criminal history unless legally required or with your explicit consent for a specific role.

  • Race: South Africa has laws requiring companies to report employees' race in certain circumstances. While your race has no impact on your application or hiring, we may collect this information (on a voluntary disclosure basis) if South African authorities require us to report it for Employment Equity Act compliance. This information will NOT be shared with clients, will NOT affect your employment or job placement, and is kept strictly confidential within BO-SMART's HR function.
     

We do not aim to collect information about children and cannot provide services to children under 18 years of age.

 

How We Secure Your Information

We take the security of your personal information seriously and have implemented comprehensive technical and organisational measures to protect your data from unauthorised access, accidental loss, alteration, or disclosure.

Our security measures include:

  • Encryption: All data is encrypted during transmission using SSL/TLS protocols (for website and email communications) and when stored in our databases and file storage systems.

  • Access Controls: Role-based access controls ensure only authorised personnel with a legitimate business need can access your data; all users must authenticate with strong passwords and, where applicable, multi-factor authentication.

  • Secure Systems: Our in-house CRM and applicant tracking system employs user role management to control data access based on job function.

  • Staff Training: All employees receive annual data protection and security awareness training.

  • Vendor Management: We maintain data processing agreements with all third parties who process data on our behalf, including KarbonPay (our payroll provider) and our accountants.

  • Physical Security: Secure access controls protect physical locations where data is processed or stored.

  • Backup and Recovery: Regular encrypted backups ensure data can be restored in a timely manner following any physical or technical incident.

  • Security Audits: We conduct regular security assessments to identify and address vulnerabilities.

  • Incident Response: We have documented breach notification procedures to ensure compliance with legal requirements.

Data Breach Notification: If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities (the South African Information Regulator and/or the UK Information Commissioner's Office) within 72 hours of becoming aware of the breach, as required by POPIA and UK GDPR.

We limit access to your personal data to only those employees, agents, contractors, and third parties who have a legitimate business need to access it for delivering our services or supporting our systems. All such individuals and organisations are bound by strict confidentiality obligations.

 

How We Share Your Data

To provide our recruitment and business outsourcing services effectively, we share your data with carefully selected third parties. We only share data necessary for the specified purposes and ensure that all third parties are contractually bound to protect your information.

Categories of Third Parties

UK and US Client Companies

When we place you in a role, we share relevant information with the client company for whom you will work. This includes:

  • Your name, contact details, and CV

  • Information necessary for you to perform your role effectively

  • Payroll-related information, if required by the client for their internal processes

  • Work performance information as needed

We transfer this data securely and only share what is necessary. We do not share sensitive health information with clients unless absolutely required and with your explicit consent.

Payroll Service Providers

We use KarbonPay to process payroll for our employees and contractors. We share necessary information, including names, bank details, salary information and tax details to facilitate accurate and timely payment processing. KarbonPay is bound by strict data processing agreements and security requirements.

Accountants and Professional Advisors

We share relevant financial and payroll data with our accountants for accounting, tax compliance, auditing, and advisory purposes. Our accountants are bound by professional confidentiality obligations.

Tax Authorities

We are legally required to share tax-related information with:

  • South African Revenue Service (SARS) for South African tax compliance

  • HM Revenue & Customs (HMRC) for UK tax obligations, where applicable

Government and Regulatory Bodies

We may be required to share personal information with government regulators, courts, or law enforcement agencies in South Africa, the UK, or other relevant jurisdictions when legally obligated to do so.

Service Providers

We work with service providers who process data on our behalf, including:

  • IT and system administration service providers

  • Cloud storage providers (for secure data storage)

  • Email service providers

  • Website hosting providers

  • Banking and insurance service providers

All service providers are carefully selected and bound by data processing agreements requiring them to protect your data and process it only for specified purposes with our explicit permission.

Business Transfers

If BO-SMART or any part of our business is sold, merged, or transferred to another entity, your personal information may be transferred to the new owner as part of the transaction. We will notify you of any such change and ensure the new owner is bound by obligations equivalent to those in this Privacy Policy.

Safeguards for Third-Party Data Sharing

  • All third parties are required to respect your personal data and keep it secure

  • We maintain written data processing agreements with all third parties

  • Third parties may only process your data for specified purposes and with our explicit permission

  • We conduct due diligence on third parties to ensure they have adequate security measures

  • We regularly review our third-party relationships to ensure ongoing compliance

 

International Data Transfers

Given that BO-SMART operates across South Africa and the UK, and serves clients in the UK and potentially the US, some of your personal information may be transferred internationally.

Transfers from South Africa to the UK

The UK has been recognised by the South African Information Regulator as providing adequate data protection, facilitating data transfers between our South African and UK entities.

Transfers from the UK to South Africa

Under UK GDPR, South Africa does not currently have an adequacy decision from the UK government. However, South Africa's POPIA is recognised as providing strong data protection standards. For transfers from the UK to South Africa, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses or the UK International Data Transfer Agreement (IDTA)

  • Intra-group data processing agreements between BO-SMART (Pty) Ltd and BO-SMART Ltd

  • Ensuring our South African operations maintain security standards equivalent to UK GDPR requirements

Transfers to the United States (If Applicable)

The United States does not have adequacy status under POPIA or UK GDPR. If we engage with US clients in the future, we will only transfer the minimum necessary personal data required for you to perform your role. This will typically include contact information, CV, and work-related communications, but will exclude sensitive health information.

For US transfers, we will implement appropriate safeguards, including:

  • Standard Contractual Clauses or UK International Data Transfer Agreement (IDTA)

  • Contractual commitments from US clients to protect personal data

  • Data encryption for all transfers (DMARC, DKIM, SPF for email; secure digital signature platforms for contracts)

  • Limiting transfers to what is strictly necessary

Data Protection Test: Under the Data (Use and Access) Act 2025, we ensure that the level of protection provided after international transfer is "not materially lower" than the protection under UK law. We conduct assessments of third countries and implement additional safeguards where necessary.

Your Rights Regarding International Transfers

You have the right to:

  • Be informed about international transfers of your data (as set out in this Policy)

  • Object to international transfers in certain circumstances

  • Request information about the safeguards we have in place for international transfers

If you have concerns about international transfers of your data, please contact our Information Officer at info@bo-smart.com.

 

Data Retention - How Long We Keep Your Information

We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Rights Under POPIA (South African Residents)

If you are a South African resident, you have the following rights under POPIA:

Right

Right to be Informed

Right of Access

Right of Correction

Right to Deletion (Erasure)

Right to Object

Right to Restriction

Right to Data Portability

Right to Withdraw Consent

Right Not to be Subject to Automated Decision-Making

What This Means

You have the right to be informed about how we collect and use your personal information, as set out in this Policy

You have the right to request a copy of the personal information we hold about you

If personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you have the right to request correction

You have the right to request deletion of your personal information in certain circumstances, such as when it is no longer necessary for the purpose it was collected, or if you withdraw consent

You have the right to object to the processing of your personal information on reasonable grounds, including objecting to direct marketing

You have the right to request restriction of processing in certain circumstances, such as while we verify the accuracy of your data

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another organisation

Where processing is based on consent, you have the right to withdraw your consent at any time (though this may affect our ability to provide services)

You have the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects

Rights Under UK GDPR (UK and EEA Residents)

If you are a UK or EEA resident, you have the following rights under UK GDPR

Right

Right to be Informed

Right of Access

Right of Rectification

Right to Deletion (Erasure)

Right to Restriction

Right to Data Portability

Right to Object

Right to Withdraw Consent

Rights Related to Automated Decision-Making and Profiling

What This Means

You have the right to be informed about how we collect and use your personal information, as set out in this Policy

You have the right to request a copy of the personal information we hold about you and to check that we are processing it lawfully

If personal information we hold about you is inaccurate or incomplete, you have a right to have it corrected

In certain circumstances, you have the right to request deletion of your personal information (e.g., if it is no longer necessary for the purposes for which it was collected)

In certain circumstances, you have the right to request restriction or suppression of your personal information

In certain circumstances, you have the right to obtain and reuse your personal information in a structured, commonly used, and machine-readable format for your own purposes across different services

You have the right to object to our processing of your personal information, including the right to object to direct marketing and processing based on legitimate interests

Where you have provided consent for processing, you have the right to withdraw consent at any time (though this will not affect the lawfulness of processing before withdrawal)

You have the right not to be subject to decisions based solely on automated processing that have legal or similarly significant effects on you

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

  • Email: info@bo-smart.com

  • Post: 424 Coyote Creek Drive, Pearl Valley, Paarl, 7646, South Africa

  • Attention: Jana Swart, Information Officer

What to Include in Your Request:

  • Your full name and contact details

  • A clear description of what you are requesting (e.g., "I want to access my personal data," "I want to delete my data")

  • Any relevant details to help us locate your information

  • Proof of identity (we may need to verify your identity before processing your request)

Our Response Timeline:

  • We will acknowledge your request within 30 days

  • We will provide a substantive response within 1 month of receiving your request

  • For complex requests, this may be extended to up to 3 months, and we will inform you of the delay and reason

  • Subject access requests (requests for copies of your data) will be responded to within the timeframes required by law, and we will conduct reasonable and proportionate searches to locate your information

Free of Charge: We will process most requests free of charge. However, if your request is manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse to process the request.

 

Data Protection Complaints

We are committed to resolving any concerns you may have about how we handle your personal information. If you believe we have not processed your data in accordance with this Privacy Policy or applicable data protection laws, we encourage you to contact us first so we can address your concerns.

How to Make a Complaint

You can lodge a complaint with us through the following channels:

  • Email: info@bo-smart.com

  • Post: 424 Coyote Creek Drive, Pearl Valley, Paarl, 7646, South Africa

  • Attention: Jana Swart, Information Officer

In Your Complaint, Please Include:

  • Your name and contact details

  • A clear description of your complaint

  • Details of how you believe we have failed to comply with data protection laws

  • Any relevant dates, correspondence, or supporting information

  • What outcome you are seeking

Our Complaints Process

  1. Acknowledgment: We will acknowledge receipt of your complaint within 30 days

  2. Investigation: We will investigate your complaint thoroughly and impartially

  3. Response: We will respond to your complaint without undue delay, typically within 1 month. For complex complaints, this may extend to 3 months, and we will keep you informed

  4. Resolution: We will inform you of the outcome of our investigation and any steps we will take to address your concerns

  5. Escalation: If you are not satisfied with our response, we will inform you of your right to escalate to the relevant supervisory authority

Complaints to Supervisory Authorities

If you are not satisfied with our response to your complaint, or if you prefer to complain directly to a supervisory authority, you have the right to lodge a complaint with:

For South African Residents:

For UK and EEA Residents:

  • Information Commissioner's Office (ICO)

  • Website: www.ico.org.uk

  • Email: casework@ico.org.uk

  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

  • Telephone: 0303 123 1113

You also have the right to lodge a complaint with the supervisory authority in the country where you reside or work, or where you believe a data protection breach has occurred.

 

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand how visitors interact with our site.

What Are Cookies? Cookies are small text files placed on your device when you visit a website. They help the website remember your preferences and improve functionality.

Our Use of Cookies: We use cookies for purposes including:

  • Essential website functionality

  • Analytics and performance monitoring

  • Understanding user behaviour and preferences

For full details on the types of cookies we use, why we use them, and how you can manage your cookie preferences, please see our separate Cookie Policy.

By using our website, you consent to our use of cookies in accordance with our Cookie Policy. You can adjust your cookie preferences at any time through your browser settings or as described in our Cookie Policy.

 

Third-Party Websites

Our website may contain links to third-party websites, including social media platforms, partner sites, or resources we reference. These third-party sites have their own privacy policies and terms of use, which govern how they collect and process personal information.

Important: We are not responsible for the privacy practices or content of third-party websites. When you click a link to leave our website, you are subject to the privacy policy and terms of the destination website.

We encourage you to review the privacy policies of any third-party websites you visit to understand how they collect, use, and protect your personal information.

 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

When We Update This Policy:

  • The "Last updated" date at the top of this Policy will be revised

  • Material changes will be posted prominently on our website

  • For significant changes that affect your rights, we may notify you directly by email (if we have your email address) or through a notice on our website

Your Continued Use: By continuing to use our services after changes to this Privacy Policy, you accept the updated Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Previous Versions: If you would like to review a previous version of this Privacy Policy, please contact us at info@bo-smart.com.

 

Contact Information and Supervisory Authorities

Contact BO-SMART

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact:

BO-SMART (Pty) Ltd / BO-SMART Ltd

  • Email: info@bo-smart.com

  • Post: 424 Coyote Creek Drive, Pearl Valley, Paarl, 7646, South Africa

  • UK Address: 38 Watermill Lane, Hertford, SG14 3LB, United Kingdom

  • Information Officer: Jana Swart

Supervisory Authorities

South African Information Regulator

  • Website: www.inforegulator.org.za

  • Registration: BO-SMART (Pty) Ltd has appointed an Information Officer and is registered with the Information Regulator

UK Information Commissioner's Office

  • Website: www.ico.org.uk

  • Registration: BO-SMART Ltd is registered with the ICO under number ZB384999

 

This Privacy Policy is effective from October 2025 and supersedes any previous versions.

bottom of page