Last updated: April 15, 2026
This Privacy Policy describes how Referral Trail (Pty) Ltd (“the Company”, “We”, “Us”, “Our”) collects, uses, discloses, and protects Your information when You use our website and referral platform (“Service”).
Referral Trail is a South African company and complies with the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Promotion of Access to Information Act 2 of 2000 (“PAIA”), and other applicable South African laws. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
Words with capitalized initials have meanings defined under the following conditions. These definitions apply whether they appear in singular or plural.
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by, or is under common control with a party.
Company refers to Referral Trail (Pty) Ltd, Dainfern, Midrand, South Africa.
Cookies are small files placed on Your device by a website.
Country refers to South Africa.
Device means any device capable of accessing the Service.
Information Officer means the person appointed by the Company in terms of POPIA and PAIA to oversee compliance with data protection obligations.
Personal Information / Personal Data means information relating to an identified or identifiable natural person (and, where applicable, juristic person), including but not limited to identity number, contact details, financial information, and any other information as defined in POPIA.
Service refers to the Referral Trail website and referral platform.
Service Provider means any natural or legal person who processes data on behalf of the Company.
Usage Data refers to data collected automatically through the use of the Service.
Website refers to Referral Trail, accessible from https://www.referraltrail.com/
You means the individual or entity using the Service, including users submitting leads, businesses purchasing leads, and visitors to the Website.
The Company operates a digital platform that provides users the opportunity to insert prospective customer information for businesses to purchase this information for the intention of generating income. This digital service is conducted for a fee which is derived from the payment made by the business for the customer information after costs are extracted.
The Company has appointed an Information Officer in terms of POPIA and PAIA. The Information Officer is responsible for overseeing compliance with this Privacy Policy and applicable data protection laws.
Information Officer: MN Maharaj
Telephone: 082 603 0174
Email: maharajd1980@outlook.com
We may collect personally identifiable information including, but not limited to:
Title, full name, initials
Identity number or passport number (for natural persons)
Company or business name and registration number (for juristic persons)
Tax numbers (where required by law)
Email address
Phone number
Address, Province, Postal Code, City
Banking or payout details for referral earnings
Information relating to insurable assets, business industry, business type, or other commercial information where relevant to the Service
Any other information You voluntarily provide to us when using the Service or communicating with us
Usage Data (as described below)
Usage Data is collected automatically when using the Service.
Usage Data may include Your IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, device identifiers, and diagnostic data.
When accessing the Service via mobile device, additional data may include device type, operating system, mobile browser type, and device identifiers.
We do not intentionally collect special categories of Personal Information (such as health, religious, or biometric data) unless required by law or explicitly provided by You for a specific purpose. We do not knowingly process the Personal Information of children under 18 without the consent of a legal guardian, as required by POPIA.
We use Cookies, web beacons, tags, and scripts to track activity and improve the Service.
Cookies may be “Persistent” or “Session” Cookies.
Necessary / Essential Cookies
Type: Session Cookies
Purpose: Authentication, security, and platform functionality.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Purpose: Track cookie consent.
Functionality Cookies
Type: Persistent Cookies
Purpose: Store preferences such as login details or language.
Analytics / Performance Cookies
Type: Persistent Cookies
Purpose: Help us understand how users interact with the Service so we can improve performance and user experience.
You can instruct Your browser to refuse Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, some parts of the Service may not function properly.
Under POPIA, Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive. Personal information may only be processed if it is adequate, relevant and necessary for the purpose for which it is processed, with the consent of the data subject, necessary for a contract, required by law, or necessary to pursue a legitimate interest.
The Company may use Personal Data for the following purposes:
To provide and maintain our Service including operating the referral platform, enabling lead submissions, and enabling businesses to purchase leads.
To manage Your Account as a registered user, referrer, or business client.
To verify referrals and process payouts including validating lead quality, tracking conversions, and paying referral earnings.
To contact You regarding account activity, platform updates, security alerts, or support queries.
To provide You with marketing communications about our services, features, or promotions, unless You opt out.
To manage Your requests including support tickets, data subject requests, and general enquiries.
For analytics and service improvement including monitoring usage, improving functionality, and developing new features.
For business operations and record keeping including audit, compliance, and financial administration.
For legal and regulatory compliance including compliance with POPIA, PAIA, tax laws, anti‑fraud obligations, and other applicable legislation.
For business transfers including mergers, acquisitions, or sale of assets, where Your data may form part of the transferred assets.
We may share Your personal information in the following situations:
With Service Providers: We may share Your information with third‑party service providers who perform services on our behalf (such as hosting, payment processing, analytics, communication tools, and security services). These parties are bound by confidentiality and data protection obligations.
With businesses purchasing leads: Where You submit prospective customer information (leads) through the platform, that information will be shared with the relevant business that purchases the lead for the purpose of contacting the prospective customer.
With Affiliates: We may share Your information with our Affiliates, in which case we will require those Affiliates to honour this Privacy Policy.
With business partners: We may share Your information with business partners to offer You certain products, services, or joint offerings.
With other users: Certain information You choose to make public (for example, profile details or public reviews) may be visible to other users in public areas of the Service.
For business transfers: Your data may be transferred during mergers, acquisitions, or other corporate transactions.
With Your consent: We may disclose Your personal information for any other purpose with Your explicit consent.
Law enforcement and legal requirements: We may disclose Your data when required to do so by law, regulation, court order, or governmental request, or where necessary to protect our rights, investigate wrongdoing, or defend against legal claims.
We retain Personal Data only as long as necessary for the purposes set out in this Privacy Policy, including legal, contractual, and operational purposes. We also comply with statutory retention periods under South African law, including those in the Electronic Communications and Transactions Act and other sector‑specific legislation.
Personal information and the purpose for which the data was collected must be kept by the person who electronically requests, collects, collates, processes or stores the information and a record of any third party to whom the information was disclosed must be retained for a period required by law or for as long as the information is used. Personal information which has become obsolete will be destroyed or de‑identified in a secure manner.
Your data may be transferred to and stored on servers located outside South Africa. By using the Service, You consent to this transfer, subject to the following safeguards:
The recipient country or organisation provides an adequate level of protection substantially similar to POPIA; or
You have consented to the transfer; or
The transfer is necessary for the performance of a contract between You and the Company or between the Company and a third party in Your interest; or
The transfer is otherwise permitted by POPIA.
Under POPIA, You have the following rights in relation to Your Personal Information:
Right of access: You may request access to the Personal Information we hold about You.
Right to correction: You may request that we correct or update Your Personal Information if it is inaccurate, incomplete, or outdated.
Right to deletion: You may request deletion of Your Personal Information, subject to legal and contractual retention requirements.
Right to object to processing: You may object to certain types of processing, including direct marketing.
Right to withdraw consent: Where processing is based on Your consent, You may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
Clients have the right to access the personal information the Organisation holds about them. Clients also have the right to ask the Organisation to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, the Organisation may no longer process said personal information, subject to legal obligations.
You may exercise Your rights by contacting us using the details in the “Contact Us” section below. We may require You to verify Your identity before responding to Your request. Requests for access to information may also be made in terms of PAIA, using the prescribed forms and procedures.
We use commercially reasonable technical and organisational measures to protect Your Personal Information and to secure the integrity and confidentiality of personal information in our possession. We take appropriate steps to prevent loss of, damage to, or unauthorised access to personal information.
The Organisation will continuously review its security controls and processes to ensure that personal information is properly safeguarded. We identify reasonably foreseeable internal and external risks, implement safeguards, monitor their effectiveness, and update them as needed. Where there are reasonable grounds for suspecting a breach of data security, we will notify the relevant Regulator and affected data subjects where required by law.
We do not knowingly collect data from children under 13. If we become aware that we have collected Personal Information from a child without the required consent, we will take steps to delete such information.
Our Service may contain links to third‑party websites or services that are not operated by us. We are not responsible for the content, privacy policies, or practices of any third‑party sites or services. We encourage You to review the privacy policies of every site You visit.
Requests for access to information held by the Company may be made in terms of the Promotion of Access to Information Act, 2 of 2000 (“PAIA”). PAIA gives effect to the constitutional right of access to information held by the State or any person that is required for the exercise or protection of rights.
Requests must be made in writing to the Information Officer using the prescribed forms and may be subject to a prescribed fee. The Company’s PAIA manual, which contains the prescribed forms and details of prescribed fees, is available at the Company’s registered address or, where applicable, on our Website.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage You to review this Privacy Policy periodically to stay informed about how we process Your Personal Information. Where material changes take place, we may notify You directly or highlight the changes on our Website.
The information contained in our emails and any attachments is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed. If You have received an email in error, please notify the sender immediately, delete it from Your system, and do not copy, distribute, or disclose its contents to any other person.
If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise your POPIA or PAIA rights, you can contact us:
By email: enquiry@referraltrail.com
By visiting this page on our website: https://referraltrail.com/contact
enquiry@referraltrail.com
