Privacy Policy
Last updated: March 4, 2026
1. Introduction
Active Accounting is fully compliant with the Protection of Personal Information Act 4 of 2013 (POPIA). We are committed to protecting your privacy and handling your personal information responsibly, lawfully, and transparently.
Active Accounting (Pty) Ltd (“Active Accounting”, “we”, “us”, or “our”) takes your privacy seriously. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and your rights in relation to that information.
This policy applies to all personal information collected through our website (activeaccounting.co.za), our client portal, and in the course of providing professional accounting and tax services to you.
2. Information We Collect
We collect different types of information depending on how you interact with us:
Personal Information
- Full name, identity number, and date of birth
- Contact details: email address, phone number, and physical address
- Tax reference number and VAT registration number
- Employment details, income sources, and financial circumstances
- Banking details for payments and refunds
Financial Information
- Bank statements, invoices, and receipts
- Payroll records and salary information
- Annual financial statements and management accounts
- SARS assessment notices and correspondence
- Investment and asset information
Technical Information
- IP address and browser type when visiting our website
- Pages visited, time spent on pages, and referral sources
- Device type and operating system
- Cookies and similar tracking technologies (see Section 9)
3. How We Use Your Information
We use your personal information only for legitimate business purposes directly related to providing our services. Specifically, we use your information to:
- Provide accounting, tax, payroll, and advisory services as agreed in your engagement letter
- Prepare and submit tax returns, VAT returns, and other regulatory filings on your behalf
- Communicate with SARS, CIPC, and other regulatory bodies on your behalf
- Send you invoices and process payments for our services
- Respond to your enquiries, support requests, and feedback
- Send you relevant tax deadline reminders and regulatory updates (with your consent)
- Improve our website, services, and client experience
- Comply with our own legal and regulatory obligations
4. Legal Basis for Processing (POPIA)
Under POPIA, we may only process your personal information if we have a lawful basis for doing so. Our processing is based on one or more of the following grounds:
- 1Contract performance: Processing is necessary to perform the services you have engaged us for.
- 2Legal obligation: Processing is required to comply with our obligations under the Income Tax Act, Companies Act, POPIA, and other applicable South African legislation.
- 3Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our services and preventing fraud, provided these are not overridden by your rights.
- 4Consent: Where required, we obtain your explicit consent before processing your information for specific purposes, such as sending marketing communications.
5. Information Sharing and Disclosure
We share your information only where necessary to provide our services or as required by law. Recipients of your information may include:
- SARS (South African Revenue Service) — for tax return submissions, VAT filings, and PAYE submissions
- CIPC (Companies and Intellectual Property Commission) — for annual returns and company filings
- Financial institutions — for payroll processing and EFT payments on your behalf
- Cloud accounting software providers (e.g. Xero, QuickBooks, Sage) — who process data under their own privacy policies
- Our professional advisors — subject to strict confidentiality obligations
We NEVER:
- ✕Sell your personal information to third parties
- ✕Share your information with marketers or advertisers
- ✕Use your financial information for any purpose other than providing our agreed services
6. Data Security Measures
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction.
- End-to-end encryption for all data transmitted between our systems and third-party platforms
- Secure, password-protected cloud storage with multi-factor authentication (MFA)
- Role-based access controls — only staff who need your data to perform their duties can access it
- Regular security audits and software updates to address vulnerabilities
- Staff training on data protection and POPIA compliance
- Secure document shredding for physical documents containing personal information
- Incident response procedures for reporting and managing data breaches
7. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:
| Record Type | Retention Period |
|---|---|
| Tax returns and supporting documents | 5 years from date of assessment (SARS requirement) |
| Annual financial statements | 7 years (Companies Act requirement) |
| Payroll records (IRP5, EMP501) | 5 years from year of assessment |
| VAT records and tax invoices | 5 years from the last day of the relevant tax period |
| Client contracts and engagement letters | Duration of engagement + 5 years |
| Website and marketing data | 24 months from collection |
| SARS correspondence and assessments | 5 years from date of assessment |
8. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right to access: request a copy of the personal information we hold about you
- Right to correction: request that we correct any inaccurate or incomplete information
- Right to deletion: request that we delete your information where we no longer have a lawful basis to retain it
- Right to object: object to the processing of your information for direct marketing purposes at any time
- Right to lodge a complaint: complain to the Information Regulator if you believe we have processed your information unlawfully
- Right to withdraw consent: where processing is based on consent, withdraw that consent at any time (without affecting the lawfulness of processing prior to withdrawal)
To exercise any of these rights, please contact our Information Officer at enquiries@activeaccounting.co.za. We will respond within 30 days of receiving your request.
9. Cookies and Tracking
Our website uses cookies and similar tracking technologies to improve user experience and analyse site traffic. We use the following types of cookies:
- Essential cookies: required for the website to function correctly (e.g. session management)
- Analytics cookies: help us understand how visitors interact with our website (e.g. Google Analytics — anonymised)
- Preference cookies: remember your settings and preferences for future visits
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.
10. Third-Party Links
Our website may contain links to third-party websites, including SARS eFiling, CIPC, and our accounting software partners. These websites have their own privacy policies, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party website before providing your personal information.
11. Children's Privacy
Our services are intended for adults (18 years and older) and are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at enquiries@activeaccounting.co.za and we will delete that information promptly.
12. International Data Transfers
Some of our cloud-based service providers (such as accounting software platforms and email services) may process data in data centres outside South Africa. Where this occurs, we ensure that appropriate safeguards are in place in compliance with POPIA Section 72, including:
- Selecting only providers who maintain ISO 27001 certification or equivalent data security standards
- Ensuring data processing agreements that require equivalent protection to POPIA are in place
- Reviewing the privacy practices and data protection commitments of all international service providers
13. Changes to Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email and/or by posting a notice on our website. The “Last updated” date at the top of this page will be revised accordingly. We encourage you to review this policy periodically.
14. Contact & Complaints
If you have any questions about this Privacy Policy or wish to exercise your rights under POPIA, please contact our Information Officer:
Active Accounting — Information Officer
Email: enquiries@activeaccounting.co.za
Phone: +27 82 400 5618
Address: Cedar Road, Fourways, Sandton, Gauteng, South Africa
Information Regulator (South Africa)
If you are not satisfied with our response to a complaint, you have the right to lodge a complaint with the Information Regulator:
Our Data Protection Commitment
Active Accounting is committed to protecting your personal information and upholding your rights under POPIA. We treat your financial data with the same care and confidentiality that we apply to your tax returns — with professionalism, discretion, and respect.