Privacy Policy
XM Design Consulting Website: xmdesignconsulting.co.za Last updated: 16/07/2026
1. Introduction
XM Design Consulting ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and, where applicable, other relevant South African law.
This policy applies to visitors of xmdesignconsulting.co.za and to individuals who engage with us as clients, prospective clients, or collaborators.
2. Who We Are
XM Design Consulting is a UX design consultancy operated by Xolani Mokhoebane, based in Johannesburg, South Africa.
Information Officer: Xolani Mokhoebane Contact email: xolanimokhoebane@gmail.com
3. What Personal Information We Collect
Depending on how you interact with us, we may collect:
Contact details: name, email address, phone number, company name.
Enquiry and project information: details you share via a contact form, email, or during project discussions (e.g. project brief, budget, timeline).
Communication records: correspondence between you and us (email threads, meeting notes).
Technical data: IP address, browser type, device information, and pages visited, collected automatically via analytics or cookies (see Section 7).
Payment-related information: invoicing details, such as billing address and banking reference (we do not store full payment card details).
We do not knowingly collect special personal information (such as health, biometric, or religious information) through the Website, unless voluntarily and specifically shared by you in the course of a project (for example, accessibility-related project requirements).
4. How We Collect Information
We collect personal information:
directly from you, when you fill in a contact or enquiry form, email us, or engage us for Services;
automatically, through cookies and website analytics tools when you browse the Website;
from publicly available professional sources (e.g. LinkedIn), where relevant to a business enquiry.
5. Purpose of Processing
We process personal information to:
respond to enquiries and communicate with prospective and current clients;
prepare proposals, quotes, and invoices;
deliver contracted design and consulting Services;
maintain business records for accounting, tax, and legal compliance purposes;
improve the Website and understand how visitors use it (via aggregated analytics);
comply with legal obligations.
6. Legal Basis for Processing
We process personal information on one or more of the following bases, as required by POPIA:
Consent, where you have given permission (e.g. submitting a contact form);
Performance of a contract, where processing is necessary to deliver agreed Services;
Legitimate interest, where processing is necessary for reasonable business purposes (e.g. responding to enquiries) and does not unreasonably intrude on your privacy;
Legal obligation, where we are required to retain records (e.g. financial/tax records under South African law).
7. Cookies and Analytics
The Website may use cookies or similar technologies to:
remember basic preferences;
understand website traffic and usage patterns through analytics tools (e.g. Google Analytics or similar).
You can disable cookies through your browser settings. Doing so may affect some functionality of the Website. We do not use cookies for third-party advertising or ad targeting.
8. Sharing of Personal Information
We do not sell personal information. We may share personal information with:
Service providers who support our business operations (e.g. website hosting, email providers, accounting software), under confidentiality obligations;
Professional advisors (e.g. accountant, legal counsel), where necessary;
Law enforcement or regulators, where required by law.
Any third party we share information with is expected to apply appropriate safeguards consistent with POPIA.
9. Cross-Border Transfers
Some service providers we use (e.g. cloud hosting, email, or analytics platforms) may store or process data outside South Africa. Where this occurs, we take reasonable steps to ensure such providers apply a level of data protection consistent with POPIA, such as relying on providers with appropriate security certifications and data processing agreements.
10. Data Security
We implement reasonable technical and organisational measures to protect personal information against loss, unauthorised access, alteration, or disclosure, including access controls and secure storage of business records. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
11. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, including to meet legal, accounting, or reporting requirements (for example, South African tax record retention periods). Enquiry data from individuals who do not become clients may be deleted after a reasonable period of inactivity.
12. Your Rights
Under POPIA, you have the right to:
request confirmation of whether we hold personal information about you;
request access to the personal information we hold about you;
request correction or updating of inaccurate or outdated information;
request deletion or destruction of personal information we no longer have a lawful basis to retain;
object to the processing of your personal information, on reasonable grounds;
withdraw consent, where processing is based on consent, without affecting processing carried out before withdrawal;
lodge a complaint with the Information Regulator of South Africa if you believe your personal information has been processed unlawfully.
To exercise any of these rights, contact our Information Officer using the details in Section 2.
Information Regulator (South Africa) Website: justice.gov.za/inforeg Email: complaints.IR@justice.gov.za
13. Children's Privacy
Our Website and Services are intended for business and professional audiences and are not directed at children. We do not knowingly collect personal information from children without appropriate consent as required by POPIA.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page will indicate the most recent revision.
15. Contact Us
For any questions about this Privacy Policy or how your personal information is handled, please contact:
XM Design Consulting Attention: Information Officer Email: xolanimokhoebane@gmail.com Website: xmdesignconsulting.co.za



