Naughty Bean Consulting logo
Naughty Bean
Consulting
Privacy policy

Your information should be handled with care, not guesswork.

Last updated: March 28, 2026. This policy is a general privacy policy drafted with the South African Protection of Personal Information Act, 2013, commonly called POPIA, in mind.

1. Who we are

Naughty Bean Consulting is a consulting business focused on coffee shop advisory, software engineering, and related digital and operational services. In this policy, “we”, “us”, and “our” refer to Naughty Bean Consulting.

2. Contact details

If you have questions about this policy or about how we process personal information, contact us at hello@naughtybean.consulting.

3. What personal information we may collect

Depending on how you interact with us, we may collect:

  • Identity and contact details, such as your name, email address, phone number, company name, and job title
  • Communication content, such as messages, enquiries, project briefs, and correspondence you send to us
  • Technical and usage information, such as IP address, browser type, device information, pages visited, referral sources, and similar website analytics data
  • Commercial information relevant to a proposed or active engagement, such as project requirements, billing information, and transaction records
  • Any other information you choose to provide to us

4. How we collect information

We may collect personal information directly from you, automatically through our website, from your organisation, from service providers acting on our behalf, or from publicly available sources where lawful and appropriate.

5. Why we process personal information

We process personal information only where we have a lawful justification under applicable law, including where processing is necessary:

  • To respond to enquiries and communicate with you
  • To assess, propose, deliver, and support consulting or software engineering services
  • To manage our business operations, records, accounts, and legal obligations
  • To improve our website, services, and customer experience
  • To protect our rights, systems, staff, clients, and users
  • Where you have given consent, if consent is the appropriate lawful basis

6. POPIA principles we aim to follow

We aim to process personal information in a manner that is accountable, limited to what is relevant, specific to a clear purpose, transparent, accurate where reasonably possible, protected by appropriate safeguards, and respectful of data subject participation rights.

7. Sharing personal information

We may share personal information with trusted operators, contractors, hosting providers, analytics providers, advisors, payment or invoicing platforms, or other service providers where reasonably necessary for our operations or for delivering services. We may also disclose information where required by law, court order, regulatory obligation, or to protect legitimate rights and interests.

8. Cross-border transfers

Some of our service providers or technology platforms may process personal information outside South Africa. Where this happens, we aim to take reasonable steps to ensure that personal information receives an adequate level of protection and is handled in a manner consistent with applicable law.

9. Security safeguards

We take reasonable technical and organisational steps to secure personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction. No method of transmission or storage is perfectly secure, but we work to reduce risk appropriately.

10. Retention

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, to meet legal, accounting, operational, or reporting obligations, or to resolve disputes and enforce agreements.

11. Your rights

Subject to applicable law, you may have the right to:

  • Ask whether we hold personal information about you
  • Request access to your personal information
  • Request correction, updating, or deletion of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained information
  • Object, on reasonable grounds, to certain processing
  • Withdraw consent where processing depends on consent
  • Lodge a complaint with the South African Information Regulator

12. Children’s information

Our website and services are not intended for children where consent from a competent person would be required. We do not knowingly collect children’s personal information in a way that would contravene applicable law.

13. Cookies and website analytics

We may use cookies or similar technologies to help our website function, understand usage patterns, and improve performance. You can usually manage cookies through your browser settings, although disabling them may affect functionality.

14. Complaints

If you are unhappy with how we handle personal information, please contact us first so we can try to resolve the issue. You may also lodge a complaint with the Information Regulator of South Africa.

15. Changes to this policy

We may update this policy from time to time. Updated versions will be posted on this page with a revised effective date.

16. Important note

This policy is a general-purpose website privacy policy and does not constitute legal advice. If you need a fully tailored POPIA compliance review, legal review is recommended.