Privacy Policy

Amani Path - Privacy Policy (POPIA)

This Privacy Policy explains how we collect, use, disclose and protect personal information when you interact with Amani Path’s website, digital products and professional immigration consulting services. It is drafted to comply with the Protection of Personal Information Act, 4 of 2013 ("POPIA"). Nothing in this Policy

limits your rights under POPIA.

1) Who we are

Legal name: Amani Path (Pty) Ltd

Registration number: 2025/683143/07

Physical & service address: No 1, 8th Avenue, Edenburg, Sandton, 2196

Website: www.amanipath.com

Primary email: hello@amanipath.com

Alternate email: cade@amanipath.com

Information Officer

Name: Cade Elijah

Contact: cade@amanipath.com

2) What this Policy covers

This Policy applies to personal information processed in connection with our website, consultations, document preparation, case coordination with authorities (e.g., Department of Home Affairs (DHA) and VFS Global), payments and support channels. It should be read together with our terms and conditions, Refund Policy, ECTA s43 Disclosures and PAIA Manual.

3) POPIA Section 18 notice — when we collect your information

When we collect personal information, we take reasonably practicable steps to make you aware of the following:

3.1 What we collect and sources

We collect personal information directly from you (e.g., through online forms, consultations and document uploads) and from authorised third‑party sources where lawful and relevant to your mandate (e.g., police clearance channels, medicals, public registries). Typical categories include: identifying data (name,ID/passport, date of birth), contact details, biographical and family information, immigration history, travel history, employment/study details, financial information relevant to visa categories, and documents you submit. We also process device/usage data (cookies, log data) when you use our website. We avoid collecting special personal information save where necessary and lawful (e.g., health certificates for immigration requirements) and subject to safeguards.

3.2 Purpose of collection and lawful basis

We process personal information to: (a) provide immigration consulting and case facilitation; (b) prepare and lodge submissions with DHA/VFS and other authorities; (c) manage client accounts and payments; (d) verify identity and prevent fraud; (e) comply with laws (tax, anti‑corruption, records); (f) provide support and communicate case updates; and (g) with consent or as permitted, send service notices and limited marketing. Lawful bases include consent, performance of a contract or pre‑contractual steps at your request, compliance with legal obligations, and our or a third party’s legitimate interests that are not overridden by your rights.

3.3 Voluntary/mandatory and consequences

Where information is required by law or needed to assess eligibility or submit an application, it is mandatory. If you refuse to provide it, we may be unable to render services or submit your application. Other information is voluntary but may improve service quality.

3.4 Our identity and contact details

We provide the client with all our relevant information and any additional information that they request that is reasonable and appropriate to the circumstances of their case.

3.5 Particular laws that may authorise/require collection

Examples include immigration laws and regulations administered by the Department of Home Affairs, the Identification Act (identity verification), anti‑corruption laws, tax laws and record‑keeping obligations.

3.6 Recipients or categories of recipients

We share personal information with: (i) competent authorities (e.g., DHA, VFS Global and other foreign missions/authorities) as required; (ii) our vetted operators (service providers) under written contracts meeting POPIA s20–s21 (e.g., payment gateway, email/SMS providers, document storage and IT support); (iii) professional advisers (e.g., attorneys/advocates) where you instruct us; and (iv) as required by law or to protect rights, safety and security.

3.7 Cross‑border transfers

Where we or our operators transfer personal information outside South Africa (for example, to cloud services or foreign authorities involved in your matter), we rely on one or more of POPIA s72 mechanisms: adequate protection by law or binding agreement; your consent; performance of a contract or pre‑contractual steps at your request; conclusion or performance of a contract in your interest; or where the transfer is for your benefit and consent cannot reasonably be obtained but would likely be given.

3.8 Your rights

You have the right to: access your personal information; request correction, deletion or destruction of inaccurate, irrelevant, excessive, out‑of‑date, incomplete or unlawfully obtained data; object to processing (including direct marketing); and complain to the Information Regulator. See Section 10 for how to exercise these rights.

4) Direct marketing

We only send electronic direct marketing where POPIA permits: (a) with your prior opt‑in consent; or (b) to our existing customers about our own similar services, provided you were given a free, simple opportunity to opt‑out at collection and in every message. You can withdraw consent or opt‑out at any time via the unsubscribe link or by emailing us.

5) Operators (service providers) and confidentiality

Our operators process personal information only on our instructions, must keep it confidential, implement appropriate security, and notify us of any suspected breaches so that we can comply with POPIA s22. We conclude written operator agreements as required.

6) Security measures

We take appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of personal information, including access controls, encryption in transit, MFA where available, secure configuration, staff training, vendor due diligence, and regular review and improvement of safeguards.

7) Security compromises (data breaches)

If there are reasonable grounds to believe personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, unless delayed to avoid impeding a criminal investigation. Notifications will include information to help you take protective measures, and we will take remediation steps.

8) Retention

We retain records only for as long as necessary for lawful purposes, including rendering services, defending or establishing legal claims, complying with legal retention duties and as otherwise allowed by law. Thereafter we delete or de‑identify records in a manner that prevents re‑identification.

9) Cookies and analytics

Our site uses necessary cookies and may use analytics cookies to improve performance. Where required, we will ask for your consent and provide controls to withdraw consent. You can adjust browser settings to manage cookies, but some features may not function.

10) Exercising your rights (Forms and timelines)

To object to processing, use a form substantially similar to POPIA Form 1. To request correction, deletion or destruction, use a form substantially similar to POPIA Form 2. You may submit requests free of charge via email to hello@amanipath.com. We will respond in writing within 30 days. If you request access to records, we may provide an estimate of any prescribed fee before providing the service.

11) Complaints

Please contact us first so we can try to resolve your concern. You may also lodge a complaint with the Information Regulator of South Africa via its eService Portal or in writing. Contact details (as published by the Regulator at the time of drafting): JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001; P.O. Box 31533, Braamfontein, 2017; enquiries@inforegulator.org.za.

12) Children and special personal information

We avoid processing special personal information or children’s information unless permitted by law, justified by the immigration purpose, or with the required consent/authorisation and safeguards, or as otherwise authorised by the Information Regulator.

13) Automated decision‑making

We do not rely on solely automated decision‑making that produces legal or similarly significant effects about you. If we ever use such processes, we will implement appropriate safeguards and provide you with information and the right to request human intervention.

14) Payments via PayFast 

We use PayFast (by Network International) to process card payments.Card data is captured on PayFast’s PCI DSS Level 1 platform; we do not store full card numbers or CVV codes on our systems. See our ECTAs43 Payment Security statement for details.

15) Updates to this Policy

We may update this Policy from time to time. The latest version will apply from the Effective Date posted above. Material changes will be highlighted on our website.

Document control

Version: 1.0

Prepared by: Amani Path Management

Effective date: 25 January 2026

Contact: hello@amanipath.com