1. Who we are
Saleleni is a digital and AI consultancy, based in Sandton,
Johannesburg, South Africa. We provide eCommerce strategy, conversion rate optimisation,
paid media, and AI implementation services to businesses across South Africa and globally.
For the purposes of South Africa's Protection of Personal Information Act, 4 of
2013 (POPIA), Saleleni is the responsible party.
For the purposes of the EU/UK General Data Protection Regulation (GDPR/UK GDPR),
Saleleni is the data controller.
Responsible Party / Data Controller
Saleleni (operated by Francis Baloyi)
Sandton, Johannesburg, Gauteng, South Africa
Email: hello@saleleni.com
We do not have a designated Data Protection Officer (DPO), as we are a small business
that does not engage in large-scale or high-risk processing. All data-related queries are
handled directly by Francis Baloyi. You can reach us at
hello@saleleni.com.
2. Data we collect
2.1 Information you give us directly
Contact enquiry form. When you submit an enquiry through our website,
we collect your first name, email address, company name, website URL (optional), your area
of service interest (chosen from a dropdown), and any message you include.
AI Readiness Checklist (lead magnet). When you request our free
resource, we collect your first name and email address only. This form is powered by
WPForms. We use this information to deliver the checklist and to send you relevant
follow-up information about our services. You may unsubscribe at any time.
Discovery call booking. If you book a discovery call through our
Calendly link, Calendly collects your name, email address, and scheduling preferences
directly. We receive a confirmation and your name and email. Calendly's own privacy
policy governs their handling of your data.
2.2 Information collected automatically
Website analytics (Google Analytics 4). We use Google Analytics 4 to
understand how visitors find and use our website. GA4 may collect your IP address
(anonymised by default), browser type, device type, operating system, approximate
geographic location (city/country level), pages visited, time spent on site, and
referral source. We do not use this data to identify you as an individual.
Google Fonts. Our website loads fonts from Google Fonts. This causes
your browser to make a request to Google's servers, which may include your IP address.
We have no control over Google's handling of this data.
Server logs. Our hosting provider may automatically collect server
log data, including your IP address, browser type, and the date and time of your visit.
This data is used for security monitoring and is not linked to your identity.
2.3 Information we do not collect
We do not collect payment card information, government identification numbers, or
any special categories of personal information (as defined under POPIA and GDPR, such
as health data, racial or ethnic origin, religious beliefs, or political opinions).
3. How we use your data
We only process your personal information for specific, legitimate purposes. The
table below sets out each purpose and the legal basis we rely on.
| Purpose |
POPIA ground
(Section 11) |
GDPR legal basis
(Article 6) |
| Responding to your contact enquiry |
Legitimate interest /
Contractual necessity |
Legitimate interests (Art. 6(1)(f)) /
Contract (Art. 6(1)(b)) |
| Delivering the AI Readiness Checklist you requested |
Consent |
Consent (Art. 6(1)(a)) |
| Sending follow-up marketing emails (only where you have opted in) |
Consent |
Consent (Art. 6(1)(a)) |
| Analysing website traffic and improving our content |
Legitimate interest |
Legitimate interests (Art. 6(1)(f)) |
| Communicating with you about a potential or active engagement |
Contractual necessity |
Contract (Art. 6(1)(b)) |
| Complying with legal or regulatory obligations |
Legal obligation |
Legal obligation (Art. 6(1)(c)) |
| Protecting the security of this website and our systems |
Legitimate interest |
Legitimate interests (Art. 6(1)(f)) |
Our legitimate interests. Where we rely on legitimate interests as
our legal basis, we have weighed those interests against your rights and freedoms and
determined that our interests do not override them. You have the right to object to
processing based on legitimate interests — see Section 8.
Marketing communications. We will only send you marketing or
promotional emails where you have explicitly opted in (e.g., by downloading the AI
Readiness Checklist). We will never add you to a marketing list based solely on
submitting a contact enquiry. Every marketing email includes an unsubscribe link.
4. Third parties we share data with
We share your data with the following third-party service providers, strictly for
the purposes described. We do not sell, rent, or trade your personal information.
| Service |
Purpose |
Country |
Safeguard |
| Google Analytics 4 |
Website analytics |
USA |
EU–US Data Privacy Framework; IP anonymisation enabled |
| Google Fonts |
Web typography delivery |
USA |
EU–US Data Privacy Framework |
| WPForms |
Form processing (AI Readiness Checklist sign-up) |
USA |
Standard Contractual Clauses (SCCs) |
| Calendly |
Discovery call booking |
USA |
EU–US Data Privacy Framework; SCCs |
| Google Workspace / Gmail |
Receiving form-submission email notifications |
USA |
EU–US Data Privacy Framework |
| Website hosting provider |
Hosting and serving this website |
South Africa / EU |
Data processing agreement in place |
| Facebook / Meta Pixel (where active) |
Advertising performance measurement |
USA / EU |
EU–US Data Privacy Framework; only active with your cookie consent |
| HubSpot CRM (where active) |
Lead management and follow-up |
USA |
EU–US Data Privacy Framework; SCCs |
Services marked (where active) may not always be in use. When they are
active, they will be disclosed here and, where they require cookies, operated under
your prior consent.
5. Cross-border data transfers
Our third-party service providers operate in countries outside South Africa,
including the United States. We take steps to ensure that any cross-border transfer
of your personal information is lawful.
For South African data subjects (POPIA, Section 72). When we
transfer your personal information outside South Africa, we ensure the recipient
country or organisation provides an adequate level of protection, or that we have
appropriate contractual safeguards in place (such as data processing agreements
incorporating POPIA-equivalent protections).
For EEA/UK data subjects (GDPR, Chapter V). Where we transfer
personal data to countries not deemed adequate by the European Commission or UK ICO,
we rely on appropriate safeguards such as the EU–US Data Privacy Framework (where
applicable) or Standard Contractual Clauses (SCCs) approved by the European Commission.
You can request details of the specific safeguards we rely on for any particular
transfer by contacting us at hello@saleleni.com.
6. How long we keep your data
We only retain your personal information for as long as necessary for the purpose
for which it was collected, or as required by law.
| Data type |
Retention period |
| Contact form enquiries and related correspondence |
3 years from the date of last contact, or until you request deletion |
| Lead magnet subscriber data (checklist downloads) |
Until you unsubscribe, or 3 years of email inactivity, whichever is sooner |
| Client engagement records (where a commercial relationship exists) |
7 years from end of engagement, as required by South African tax and company law |
| Google Analytics data |
Up to 26 months (Google Analytics default), after which it is aggregated or deleted |
| Website server logs |
Up to 90 days |
| Cookie consent records |
12 months from date of consent |
When your data is no longer required, we will securely delete or anonymise it
in accordance with our data handling procedures.
7. Cookies and tracking technologies
Cookies are small text files placed on your device when you visit our website.
We use cookies to make the site function correctly and to understand how it is used.
7.1 Essential cookies
These cookies are strictly necessary for the website to operate and cannot be
disabled. They do not collect personal information for marketing purposes.
- WordPress session cookies — used to maintain your session state
and security (relevant only if you log in to the WordPress admin area).
- Security / CSRF cookies — protect form submissions from
cross-site request forgery attacks.
- Cookie consent preference cookie — remembers your cookie choices
so we do not ask on every visit.
7.2 Analytics cookies
These cookies help us understand how visitors interact with our website so we can
improve it. Analytics cookies are only set with your consent where
required by applicable law.
- Google Analytics 4 (
_ga, _ga_*) —
collects anonymised usage data including page views, scroll depth, and navigation
paths. Your IP address is anonymised. These cookies persist for up to 2 years.
Google Analytics is operated under the EU–US Data Privacy Framework.
7.3 Marketing cookies
Where our Facebook / Meta Pixel is active, it may place cookies to measure the
effectiveness of our advertising and, where permitted, to enable retargeting. Marketing
cookies are only set with your explicit consent. You can withdraw
consent at any time via our cookie settings.
7.4 Managing cookies
You can manage cookie preferences in several ways:
- Our cookie consent tool — shown on your first visit to the site.
You can revisit your choices at any time using the cookie settings link in our footer.
- Browser settings — all modern browsers allow you to block or
delete cookies. Note that disabling essential cookies may affect site functionality.
Find guidance for your browser at allaboutcookies.org.
- Google Analytics opt-out — install the
Google Analytics Opt-out Browser Add-on.
8. Your rights
8.1 Rights under POPIA (South African data subjects)
If you are located in South Africa, you have the following rights under POPIA:
- Right to be notified — to know that we are collecting your
personal information and the purpose for which it is being collected.
- Right of access — to request a copy of the personal information
we hold about you.
- Right to correction — to request that inaccurate, incomplete,
misleading, or out-of-date information be corrected or updated.
- Right to deletion — to request the destruction or deletion of
your personal information in certain circumstances.
- Right to object — to object to the processing of your personal
information on the ground that the processing violates POPIA or applicable law.
- Right to lodge a complaint — to submit a complaint to the
Information Regulator if you believe we have violated your rights under POPIA.
8.2 Rights under GDPR (EEA and UK data subjects)
If you are located in the European Economic Area or the United Kingdom, you have
the following rights under the GDPR / UK GDPR:
- Right of access (Article 15) — to obtain a copy of your personal
data and information about how it is processed.
- Right to rectification (Article 16) — to have inaccurate or
incomplete personal data corrected.
- Right to erasure (Article 17) — to have your personal data
deleted in certain circumstances (the "right to be forgotten").
- Right to restrict processing (Article 18) — to request that we
limit how we process your data while a dispute is resolved.
- Right to data portability (Article 20) — to receive your data
in a structured, machine-readable format and to transmit it to another controller,
where processing is based on consent or contract and is automated.
- Right to object (Article 21) — to object to processing based on
our legitimate interests or for direct marketing purposes. We will cease processing
unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decision-making (Article 22) — not
to be subject to a decision based solely on automated processing that produces legal
or similarly significant effects. We do not carry out such automated decision-making.
- Right to withdraw consent — where we rely on consent as our
legal basis, you may withdraw it at any time. Withdrawal does not affect the
lawfulness of processing that occurred before withdrawal.
- Right to lodge a complaint — with the supervisory authority in
your country of residence or workplace. A directory of EU supervisory authorities is
available at
edpb.europa.eu.
UK residents may contact the
Information Commissioner's Office (ICO)
.
9. How to exercise your rights
To exercise any of the rights described in Section 8, or to ask any question
about this Privacy Policy, please contact us by email:
Email: hello@saleleni.com
Subject line: "Privacy Request" — or specify "POPIA Request" or
"GDPR Request" so we can prioritise correctly.
We will acknowledge your request within 5 business days and
respond substantively within 30 days of receipt. In complex cases we
may extend this by a further 30 days, and we will notify you if this is necessary.
We may need to verify your identity before processing your request. This is to
protect your data from unauthorised access. We will not charge a fee for reasonable
requests, but may charge a reasonable fee or refuse requests that are manifestly
unfounded, repetitive, or excessive.
10. Data security
We implement appropriate technical and organisational measures to protect your
personal information against accidental loss, unauthorised access, disclosure,
alteration, or destruction. These measures include:
- Encrypted data transmission using HTTPS / TLS on all pages of this website.
- Restricted access to personal data — only Francis Baloyi has access to
enquiry data and lead-magnet submissions.
- Security headers applied to all web responses (X-Content-Type-Options,
X-Frame-Options, Referrer-Policy, Permissions-Policy).
- CSRF protection on all form submissions via WordPress nonce verification.
- Regular WordPress core, theme, and plugin updates to address known
vulnerabilities.
- Regular website backups stored in a separate location.
Despite these measures, no method of internet transmission is completely secure.
If you believe your personal information has been compromised, please contact us
immediately at hello@saleleni.com. We will
notify affected individuals and the relevant regulators of any data breach in
accordance with our obligations under POPIA (within 72 hours of becoming aware where
feasible) and GDPR (Article 33).
11. Children's privacy
Our services are designed for and directed at business professionals. We do not
knowingly collect personal information from individuals under the age of 18. If you
are under 18, please do not submit any personal information through this website.
If we become aware that we have inadvertently collected personal information from a
child under 18, we will delete it promptly. If you believe we may have such information,
please contact us at hello@saleleni.com.
12. Changes to this privacy policy
We may update this Privacy Policy from time to time to reflect changes in our
practices, the services we offer, or applicable law. When we make material changes,
we will update the "Last updated" date at the top of this page.
We encourage you to review this page periodically. Where we make significant changes
that affect how we process your data, we will take reasonable steps to notify you
directly (for example, by email if you are a subscriber).
Your continued use of this website after any changes constitutes your acknowledgement
of the updated policy.
13. Contact
For any questions, concerns, or requests relating to this Privacy Policy or your
personal information, please contact:
Saleleni
Responsible Party / Data Controller: Francis Baloyi
Email: hello@saleleni.com
Location: Sandton, Johannesburg, Gauteng, South Africa
Website: saleleni.com
We aim to be transparent and responsive. If you are not satisfied with our response
to any concern, you have the right to escalate the matter to the Information Regulator
(South Africa) or the relevant data protection supervisory authority in your country,
as described in Section 8.
