Start a conversation

Privacy Policy

How Exaze collects, uses, and protects your personal information.

Exaze is committed to protecting your privacy and processing personal information responsibly in accordance with POPIA and applicable data protection laws.

Last updated: June 2026

1. About the Exaze Group

This Privacy Policy applies to the Exaze Group, which comprises the following legal entities operating collectively under the Exaze brand:

  • Exaze Solutions (Pty) Ltd — registered in South Africa (Registration No: 2020/150704/07), head office at Unit N101B, North Block, Bradenham Hall, 7 Mellis Avenue, Rivonia, Sandton — 2128, South Africa
  • Exaze Private Limited — registered in India, with delivery centres in Hyderabad, Pune, and Bhopal
  • Exaze UK Private Limited — registered in England and Wales, with a sales office at Unit 11, Diddenham Court, Grazeley, Reading, Berkshire — RG7 1JQ

Where this policy refers to "Exaze", "we", "our", or "us", it refers to the Exaze Group collectively, or the specific Exaze entity with which you have or are seeking a relationship. The entity acting as data controller or data fiduciary in respect of your personal information is identified in Section 3.

2. Scope of This Policy

This policy covers personal information collected through:

  • Our website at www.exazeit.com, which is operated by Exaze Solutions (Pty) Ltd on behalf of the Exaze Group
  • Pre-engagement, proposal, and business development activities
  • Active service delivery engagements across any Exaze Group entity
  • Recruitment and talent acquisition processes
  • Marketing and event communications where you have engaged with us

3. Data Controllers and Applicable Law

The Exaze Group operates across three jurisdictions and is subject to the data protection laws of each. The applicable entity and legal framework depend on where you are located and the nature of your relationship with us:

South Africa — Exaze Solutions (Pty) Ltd

Exaze Solutions (Pty) Ltd is the responsible party for personal information processed in South Africa, subject to the Protection of Personal Information Act, 2013 (POPIA). The Information Regulator of South Africa oversees compliance. Contact: contact@exazeit.com

India — Exaze Private Limited

Exaze Private Limited is the data fiduciary for personal information processed in India, subject to the Digital Personal Data Protection Act, 2023 (DPDP Act) and, where applicable, the Information Technology Act, 2000 and rules made thereunder. The Data Protection Board of India, once constituted, will oversee enforcement. Contact: contact@exazeit.com

United Kingdom — Exaze UK Private Limited

Exaze UK Private Limited is the data controller for personal information processed in the United Kingdom, subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The Information Commissioner's Office (ICO) oversees compliance. Contact: contact@exazeit.com

4. Personal Information We Collect

We may collect the following categories of personal information depending on your relationship with us:

  • Identity data: name, job title, company name, professional profile
  • Contact data: email address, phone number, postal address
  • Communication data: enquiries, messages, and correspondence submitted to us
  • Technical data: IP address, browser type, pages visited, device information, and usage data collected via cookies and analytics
  • Business and commercial data: information shared during engagement, proposals, contracts, and project delivery
  • Recruitment data: CV, qualifications, employment history, and references where you apply for a role

5. How We Collect Personal Information

  • Directly from you via our website contact form, email, or phone
  • During pre-engagement or service delivery discussions
  • Through recruitment and onboarding processes
  • Automatically via cookies and website analytics when you browse our site
  • From publicly available professional sources (such as LinkedIn) in a business context

6. Purposes and Legal Bases for Processing

We process personal information for the following purposes and under the following legal bases:

  • Responding to enquiries and managing client relationships — legitimate interest / contractual necessity
  • Delivering IT consulting and solutions services — performance of a contract
  • Fulfilling legal, regulatory, and tax obligations — legal obligation (applicable in each jurisdiction)
  • Improving our website and services — legitimate interest
  • Sending relevant service communications and updates — consent or legitimate interest where a prior relationship exists
  • Recruitment and talent pipeline management — consent / legitimate interest / pre-contractual steps

Under India's DPDP Act 2023, processing is based on consent or legitimate uses as defined in the Act. Under POPIA, processing is based on a lawful ground as defined in section 11. Under UK GDPR, processing is based on one of the six lawful bases in Article 6.

7. Intra-Group Data Sharing

The Exaze Group entities may share personal information with each other to facilitate global service delivery, operational management, and business development. Such intra-group transfers are governed by internal data sharing agreements and appropriate safeguards consistent with the requirements of POPIA, the DPDP Act, and UK GDPR. Each entity receiving personal information is obligated to process it only for authorised purposes and in accordance with applicable law.

8. International Data Transfers

As Exaze operates globally, personal information may be transferred between South Africa, India, and the United Kingdom. We apply appropriate transfer mechanisms where required, including:

  • From South Africa: transfers are subject to POPIA's cross-border transfer conditions, including that the recipient country or organisation provides adequate protection
  • From India: transfers are subject to restrictions and permitted country designations under the DPDP Act 2023, as notified by the Central Government from time to time
  • From the UK: transfers rely on UK adequacy regulations or appropriate safeguards such as standard contractual clauses recognised under UK GDPR

9. Sharing with Third Parties

We do not sell personal information. We may share it with:

  • Service providers: hosting, analytics, email, and CRM providers acting under strict data processing agreements
  • Professional advisers: legal, financial, and audit professionals, bound by confidentiality
  • Regulatory authorities: as required by applicable law in South Africa, India, or the UK
  • Business successors: in the event of a merger, acquisition, or restructuring, subject to appropriate confidentiality

10. Data Retention

Personal information is retained only as long as necessary for the purpose for which it was collected or as required by law. In general:

  • Website enquiry data: up to 12 months
  • Client engagement data: duration of the engagement plus applicable statutory retention periods (which vary by jurisdiction)
  • Recruitment data for unsuccessful applicants: up to 6 months unless consent is given for longer retention

11. Your Rights

Depending on your location and applicable law, you may have the following rights:

South Africa (POPIA)

  • Right to access your personal information (section 23)
  • Right to request correction or deletion (section 24)
  • Right to object to processing on reasonable grounds (section 11(3))
  • Right to lodge a complaint with the Information Regulator (inforegulator.org.za)

India (DPDP Act 2023)

  • Right to access a summary of personal data processed and processing activities (section 11)
  • Right to correction and erasure of personal data (section 12)
  • Right to grievance redressal (section 13)
  • Right to nominate another person to exercise rights in the event of death or incapacity (section 14)
  • Right to lodge a complaint with the Data Protection Board of India once constituted

United Kingdom (UK GDPR)

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, contact us at contact@exazeit.com. We will respond within the timeframes required under applicable law (generally 30 days).

12. Cookies

Our website uses cookies and similar tracking technologies to improve user experience and analyse site usage. You can manage cookie preferences through your browser settings. By continuing to use the site, you acknowledge the use of cookies in accordance with this policy.

13. Security

The Exaze Group implements appropriate technical and organisational security measures across all entities to protect personal information against unauthorised access, disclosure, alteration, or loss. Employees with access to personal information are subject to confidentiality obligations.

14. Changes to This Policy

We may update this policy periodically to reflect changes in law, our practices, or the structure of the Exaze Group. The "Last updated" date above indicates the most recent revision. Material changes will be communicated where required by applicable law.

15. Contact and Data Rights Requests

For any questions, concerns, or data rights requests, please contact the Exaze Group at:

Exaze Group — Data & Privacy
contact@exazeit.com
+27 010 448 0730
c/o Exaze Solutions (Pty) Ltd, 7 Mellis Avenue, Rivonia, Sandton — 2128, South Africa