Legal · Group Policy

Privacy Policy

This Privacy Policy explains how Grateful Integrated Global Concept Ltd and its group companies collect, use, disclose, and protect personal information when you visit our websites or interact with us.

Last updated: 14 June 2026 · Applies to all GIG group websites

Scope. This policy applies to websites and online services operated by Grateful Integrated Global Concept Ltd (“GIG”, “we”, “us”, “our”) and its subsidiaries, including Grateful Heart Property Limited and Grateful Prime Ventures (together, the “Group”). By using any Group website, you acknowledge this Privacy Policy.

1. Who is responsible for your information?

The entity responsible for processing your personal information (the “responsible party” under South Africa’s Protection of Personal Information Act 4 of 2013 (“POPIA”) and the “data controller” under Nigeria’s Data Protection Act 2023 (“NDPA”)) is:

Where a subsidiary processes personal information for its own services (for example, property enquiries through Grateful Heart or supply enquiries through Grateful Prime), that subsidiary may act as a joint or separate controller for those activities. Enquiries are handled through the contact details published on the relevant website.

2. Information Officer and Data Protection Contact

In compliance with POPIA, we have designated an Information Officer. For NDPA-related requests, you may contact our data protection contact at the same address:

We will respond to verified requests within the timeframes required by applicable law.

3. Personal information we collect

Depending on how you interact with us, we may collect:

  • Identity and contact data — name, email address, telephone number, company name, job title
  • Enquiry and communication data — messages, project details, property or product interests, attachments you send
  • Newsletter data — email address and subscription preferences
  • Technical and usage data — IP address, browser type, device information, pages viewed, referral source, and cookie identifiers (see our Cookie Policy)
  • Recruitment data — if you apply for a role, CV and employment-related information you submit

We do not intentionally collect special personal information (such as health, biometric, or religious data) through our websites unless you voluntarily provide it and we have a lawful basis to process it.

4. How we collect information

  • Directly from you — contact forms, newsletter sign-up, email, phone, or in-person meetings
  • Automatically — through cookies and similar technologies when you browse our websites
  • From third parties — such as referral partners, event registrations, or publicly available business directories, where permitted by law

5. Why we process your information and our legal bases

We process personal information only where we have a lawful basis under POPIA and/or the NDPA, including:

  • Consent — for example, marketing communications or non-essential cookies where required
  • Contract — to respond to your enquiry or take steps before entering a contract with you
  • Legal obligation — to comply with applicable laws, regulations, or court orders
  • Legitimate interests — to operate, secure, and improve our websites and business, provided your rights do not override those interests

We will not process your personal information for purposes incompatible with those described in this policy without notifying you where required by law.

6. How we use your information

  • Respond to enquiries and provide information about our services, properties, or products
  • Manage relationships with clients, suppliers, and partners
  • Send newsletters and updates where you have opted in
  • Improve website performance, security, and user experience
  • Comply with legal, regulatory, and governance requirements
  • Establish, exercise, or defend legal claims

7. Sharing and disclosure

We may share personal information with:

  • Group companies — Grateful Heart Property Limited and Grateful Prime Ventures, where relevant to your enquiry
  • Service providers — hosting, email, analytics, CRM, and IT support providers bound by confidentiality and data protection obligations
  • Professional advisers — lawyers, auditors, and insurers where necessary
  • Regulators and authorities — when required by law or to protect our legal rights
  • Business transfers — in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards

We do not sell your personal information.

8. Cross-border transfers

Our group operates in and serves clients across Africa, including South Africa and Nigeria. Personal information may be transferred to, stored in, or accessed from countries other than your own.

Where we transfer personal information across borders, we implement appropriate safeguards as required by POPIA and the NDPA, which may include:

  • Transfers to countries recognised as providing adequate protection
  • Standard contractual clauses or binding corporate rules
  • Your explicit consent, where required

9. Retention

We retain personal information only for as long as necessary for the purposes set out in this policy, including to satisfy legal, accounting, or reporting requirements. Typical retention periods include:

  • Website enquiries — up to 3 years after last contact, unless a longer period is required for an active relationship or legal claim
  • Marketing subscriptions — until you unsubscribe or withdraw consent
  • Technical logs — generally up to 12 months

When information is no longer needed, we securely delete or anonymise it.

10. Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure. These measures include access controls, secure hosting, and staff confidentiality obligations. No method of transmission over the internet is completely secure; we encourage you to use strong passwords and protect your own devices.

11. Your rights in South Africa (POPIA)

If you are in South Africa, you have the right to:

  • Be notified that your personal information is being collected and the purpose of collection
  • Request access to personal information we hold about you
  • Request correction or deletion of inaccurate, irrelevant, excessive, outdated, or unlawfully processed information
  • Object to processing, including direct marketing
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Regulator (South Africa): inforegulator.org.za

12. Your rights in Nigeria (NDPA)

If you are in Nigeria, you have the right to:

  • Be informed about the collection and use of your personal data
  • Access your personal data and obtain information about processing
  • Request rectification of inaccurate or incomplete data
  • Request erasure of data where there is no lawful reason for continued processing
  • Restrict or object to processing in certain circumstances
  • Data portability, where applicable
  • Withdraw consent at any time, without affecting prior lawful processing
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC): ndpc.gov.ng

13. How to exercise your rights

To submit a privacy request, email privacy@gratefulintegratedglobal.com with enough detail for us to verify your identity and locate your records. We may request additional information to confirm your identity before responding. We aim to respond within 30 days, or within the period required by applicable law.

14. Direct marketing

We will send marketing communications only where permitted by law and, where required, with your consent. You may opt out at any time by using the unsubscribe link in our emails or by contacting us at privacy@gratefulintegratedglobal.com.

15. Cookies and similar technologies

We use cookies and similar technologies on our websites. For details on the cookies we use and how to manage your preferences, see our Cookie Policy and Settings.

16. Children

Our websites are not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

17. Third-party websites

Our websites may contain links to third-party sites (for example, social media or partner websites). We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

18. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will indicate when changes were made. Material changes will be posted on this page. Continued use of our websites after changes take effect constitutes acknowledgement of the updated policy, where permitted by law.

19. Contact us

For privacy questions or requests: