RIAHSAH Co. Last updated: May 2026
RIAHSAH Co. is a consulting, research, and systems advisory organisation operating in South Africa and the Democratic Republic of Congo. We are committed to protecting your privacy and handling your personal information with care and integrity.
We collect personal information that you provide to us directly, including your name, email address, and contact details when you engage with our services, participate in research activities, or communicate with our team.
For research engagements involving interviews or consultations, we may also collect notes, responses, and other information you choose to share with us in that context.
We use your information to deliver our consulting and advisory services, respond to your enquiries, carry out research projects you have agreed to participate in, and fulfil our legal and contractual obligations.
We do not use your personal information for unsolicited marketing, and we do not sell your data to any third party.
We process your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). Depending on the context, we rely on your consent, the performance of a contract, or our legitimate business interests as our lawful basis for processing.
Your information is stored securely on Google Drive, accessible only to authorised RIAHSAH team members. We apply access controls, two-factor authentication, and device security measures to protect your data from unauthorised access or disclosure.
Research data, including interview recordings and transcripts, is pseudonymised and stored in restricted folders accessible only to the relevant project team.
We do not share your personal information with third parties except where necessary to deliver our services, where required by law, or where you have given explicit consent. Any third-party service providers we work with are bound by confidentiality and data protection obligations.
Cross-border transfers
As we operate across South Africa and the DRC, your information may be processed or accessed across both countries. Where this occurs, we ensure appropriate safeguards are in place to protect your information.
We retain your personal information only for as long as necessary for the purpose it was collected, or as required by law. Client and engagement records are generally retained for five years after the conclusion of an engagement. Research data is managed in line with our internal retention policy and applicable research ethics requirements.
You have the right to access the personal information we hold about you, request corrections, withdraw consent where processing is based on consent, and request deletion of your information where it is no longer needed.
To exercise any of these rights, please contact our Information Officer at info@riahsah.com
If you believe your privacy rights have been violated, you may lodge a complaint with the Information Regulator of South Africa at inforeg@justice.gov.za.
For any questions about this Privacy Policy or how we handle your information, please reach out to:
RIAHSAH Co. Communications Officer on email address info@riahsah.com
This Privacy Policy is reviewed annually and updated as required to reflect changes in our operations or applicable law.