Privacy Policy
Introduction
OIM Group is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, process, and protect information about you when you visit our website, use our services, or interact with our company. As OIM Group operates from South Africa and serves clients internationally, we comply with South Africa's Protection of Personal Information Act (POPIA) and, where applicable, the EU General Data Protection Regulation (GDPR).
Data We Collect
We collect various types of information in connection with the services we provide, including:
- Personal Data: Name, email address, phone number, company, job title, and other contact information you provide directly to us.
- Usage Data: Information about how you interact with our website, including pages visited, time spent, clicks, and referral sources.
- Cookies: We use cookies and similar tracking technologies to enhance your browsing experience and analyze site performance.
How We Use Your Data
We process your personal data for the following purposes:
- To respond to your inquiries and provide customer support
- To deliver services you have requested
- To improve our website and services
- To send marketing communications (with your consent)
- To comply with legal and regulatory obligations
- To protect our rights, privacy, safety, or property
Legal Basis for Processing
We only process your personal data where we have a lawful basis to do so under POPIA and the GDPR. Depending on the purpose, we rely on one or more of the following bases:
- Consent: Where you have given clear, affirmative consent (for example, to receive marketing communications). You may withdraw this consent at any time.
- Contract: Where processing is necessary to provide a service you have requested or to take steps at your request before entering into a contract.
- Legal Obligation: Where we must process data to comply with a legal or regulatory requirement.
- Legitimate Interests: Where processing is necessary for our legitimate business interests (such as improving our services and securing our website), provided these are not overridden by your rights and freedoms.
Data Sharing
We do not sell, trade, or rent your personal data to third parties. However, we may share your information with trusted service providers and processors who assist us in operating our website and conducting our business — for example, customer-relationship management (CRM) platforms, email delivery services, hosting providers, and analytics tools. These providers act on our instructions under data-processing agreements and strict confidentiality obligations, and any sharing is limited to what is necessary to provide the services you have requested. Some of these providers may process data outside South Africa, in which case the safeguards described under "International Data Transfers" apply.
International Data Transfers
OIM Group operates across multiple countries, including locations outside the European Economic Area (EEA) and the United Kingdom. Where we transfer your personal data internationally, we ensure an appropriate level of protection through recognised safeguards, such as the European Commission's Standard Contractual Clauses or transfers to countries deemed adequate by the relevant authorities. You may contact us for more information about the safeguards in place.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Generally, we retain contact information from inquiries for 3 years, unless you have an ongoing business relationship with us, in which case we maintain your data for the duration of that relationship plus 7 years for compliance and audit purposes.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit, secure hosting, and confidentiality agreements with our service providers. While we strive to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your Rights
Under POPIA, the GDPR, and other applicable data protection laws, you have the following rights:
- Right of Access: You have the right to request and access all personal data we hold about you.
- Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
- Right to Erasure: You can request deletion of your personal data under certain circumstances.
- Right to Restrict Processing: You may request that we limit the processing of your personal data.
- Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to certain types of data processing.
- Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact our Data Protection Officer / Information Officer using the details provided below.
Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects concerning you.
Contact Us
For data protection inquiries, privacy concerns, or to exercise your rights, please contact our Data Protection Officer / Information Officer:
OIM GROUP
Email: info@oim-services.com
The data controller responsible for your personal data is OIM Group. For postal correspondence, please use the relevant office address listed on our Contact page.
We are committed to working with you to resolve any concerns regarding your privacy. If you have additional questions or complaints about our privacy practices, you also have the right to lodge a complaint with the relevant supervisory authority — in South Africa, the Information Regulator (www.inforegulator.org.za), or for EU/EEA residents, your local data protection authority.
Last updated: March 2026

