black and white bed linen

Privacy Matters

Your data is safe with us — clear and simple privacy practices.

1. INTRODUCTION

ROFT Strategic Workforce & Risk Advisory ("ROFT", "we", "us", or "our") is committed to protecting the privacy and security of all personal information we collect and process. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to your information.

This Policy applies to all individuals who interact with us — including clients, website visitors, prospective clients, and third parties whose information is shared with us in the course of an engagement.

We operate internationally and are committed to compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Protection of Personal Information Act (POPIA), the California Consumer Privacy Act (CCPA), and other relevant national and regional frameworks.

2. DATA WE COLLECT

2.1 Information You Provide Directly

We may collect the following categories of personal information when you contact us, engage our services, or complete our questionnaires:

  • Identity information — full name, job title, and organisation name

  • Contact information — email address, telephone number, and business address

  • Professional background — employment history, qualifications, and industry sector

  • Engagement-related data — responses to our diagnostic and scoping questionnaires

  • Payment and billing information — invoicing details (we do not store payment card data)

  • Communications — emails, meeting notes, and correspondence with our team

2.2 Information Collected Automatically

When you visit our website, we may collect limited technical information, including:

  • Browser type and version

  • Device type and operating system

  • Pages visited and time spent on the site

  • Referring website or search terms

This information is collected via cookies and similar technologies. Please refer to our Cookie Notice for further detail.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

We process personal information only where we have a lawful basis to do so. The block below summarises our primary purposes and the legal grounds that apply:

Delivering contracted advisory services: Contract performance: GDPR Art. 6(1)(b) / POPIA s.11

Responding to enquiries and proposals: Legitimate interest: GDPR Art. 6(1)(f) / POPIA s.11

Sending relevant updates and insights: Consent (where required): GDPR Art. 6(1)(a) / POPIA s.11

Invoicing and financial administration: Legal obligation: GDPR Art. 6(1)(c) / POPIA s.11

Improving our services and website: Legitimate interest: GDPR Art. 6(1)(f) / POPIA s.11
rpoegal Bas
4. HOW WE USE AI IN SERVICE DELIVERY

ROFT uses artificial intelligence tools to assist in analysing the information you provide. This accelerates delivery of insights and ensures consistency. Key safeguards include:

  • All AI-generated outputs are reviewed and validated by a senior ROFT consultant before being shared

  • Your data is processed within secure, private AI environments and is never submitted to public AI platforms such as ChatGPT

  • AI is used as a tool to support human decisions — not to replace them

Where AI-assisted processing may significantly affect you, we will inform you and ensure a human review is conducted in accordance with applicable laws (GDPR Article 22; POPIA Section 71).

5. DATA SHARING AND DISCLOSURE

We do not sell your personal information. We may share data with:

  • Sub-contractors or specialist advisors engaged to support a specific engagement — bound by confidentiality obligations

  • Technology service providers (hosting, analytics, email) — subject to data processing agreements

  • Professional advisors — accountants, lawyers — on a confidential basis

  • Regulatory or law enforcement authorities — where required by applicable law

Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (GDPR), adequacy decisions, or equivalent mechanisms under applicable law.

6. DATA RETENTION

We retain personal information for as long as necessary to fulfil the purposes for which it was collected. Our general retention guidelines are:

  • Active client engagement data — held for the duration of the engagement plus 5 years

  • Financial and invoicing records — 7 years in line with standard accounting obligations

  • Marketing enquiries (where no engagement follows) — 2 years

  • Website analytics — 13 months rolling

Data is securely deleted or anonymised at the end of the applicable retention period.

7. DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption of data in transit and at rest

  • Access controls limiting data access to authorised personnel only

  • Use of private, secured AI processing environments

  • Non-disclosure agreements with all service providers who handle client data

  • Regular review of our security practices

In the event of a data breach that is likely to affect your rights or freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

8. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of access — to request a copy of the personal information we hold about you

  • Right to rectification — to request correction of inaccurate or incomplete data

  • Right to erasure — to request deletion of your data in certain circumstances

  • Right to restrict processing — to limit how we use your data

  • Right to data portability — to receive your data in a structured, machine-readable format

  • Right to object — to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at: roland@roftbusiness.org

9. COOKIES

Our website may use cookies to improve functionality and user experience. You can control cookie preferences through your browser settings. A full Cookie Notice is available on our website.

10. CONTACT AND COMPLAINTS

For any privacy-related enquiries or to exercise your rights, please contact:

Data Controller

ROFT Strategic Workforce & Risk Advisory

Contact Name

Roland A. Jones

Email

roland@roftbusiness.org

Website

roftbusiness.org


If you are located in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority. In South Africa, complaints may be directed to the Information Regulator at www.inforegulator.org.za.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or directly to clients where appropriate. The version date at the top of this document indicates when it was last reviewed.

Effective Date: April 2026 | Version 1.0


Contact

Let's connect and discuss your workforce needs.

Email

Phone

roland@roftbusiness.org

+27714711799

© 2026. All rights reserved.

Keep CONNECTED

Online Booking