PRIVACY POLICY

Last updated: 27 January 2026

This Privacy Policy explains how Karen Goldberg (“we”, “us”, or “our”) collects, uses, discloses, and protects personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and, where applicable, the General Data Protection Regulation (GDPR).

This policy applies to:

Our website: https://www.karengoldberg.co

Online coaching, courses, programmes, and digital offerings

Communications, marketing, and related interactions

By using our services, you acknowledge that you have read and understood this Privacy Policy.

1. RESPONSIBLE PARTY

For purposes of POPIA and applicable data protection laws, we are the Responsible Party.

Responsible Party: Karen Goldberg
Email: [email protected]
Country: Republic of South Africa

2. PERSONAL INFORMATION WE COLLECT

2.1 Information you provide directly

We may collect personal information that you voluntarily provide, including:

Full name

Email address

Phone number

Billing and postal address

Payment-related information (processed via third-party payment providers)

Information shared in forms, questionnaires, coaching sessions, surveys, or correspondence

2.2 Information collected automatically

When you visit our website or use our services, we may automatically collect limited technical information, including:

IP address

Browser type and device information

Operating system

Pages visited and dates/times of access

Referring URLs

General location data (city or country level)

This information is used for security, analytics, and service improvement.

2.3 Cookies and similar technologies

We use cookies and similar technologies to ensure website functionality, analyse usage patterns, and remember user preferences. You can control cookies through your browser settings. Disabling cookies may affect site functionality.

3. SPECIAL PERSONAL INFORMATION

In the course of coaching or participation in programmes, you may voluntarily disclose special personal information (as defined by POPIA and GDPR), including information related to health, wellbeing, or personal history.

We process such information:

Only with your explicit consent

Only for the purpose of delivering coaching or related services

With appropriate confidentiality and safeguards

Special personal information is not used for marketing purposes.

4. PURPOSES FOR PROCESSING

We process personal information for the following purposes:

To deliver coaching services, courses, programmes, and related offerings

To communicate with you regarding services, enquiries, bookings, and administrative matters

To manage payments, records, and business operations

To improve our services, content, and user experience

To send you marketing communications, including follow-up emails and information about courses, programmes, or offerings, where you have provided consent or where permitted by applicable law

To comply with legal, regulatory, and professional obligations

To protect our legitimate interests, provided these do not override your rights and freedoms

You may opt out of marketing communications at any time by using the unsubscribe link included in our emails or by contacting us directly.

5. LAWFUL BASIS FOR PROCESSING (POPIA & GDPR)

We process personal information only where we have a lawful basis to do so.

Under POPIA, this includes:

Your consent

Performance of a contract

Compliance with a legal obligation

Legitimate interests, provided your rights are not overridden

Where GDPR applies (EEA and UK residents), lawful bases include:

Consent (Article 6(1)(a))

Contractual necessity (Article 6(1)(b))

Legal obligation (Article 6(1)(c))

Legitimate interests (Article 6(1)(f))

You may withdraw consent at any time. Withdrawal does not affect processing carried out before consent was withdrawn.

6. DISCLOSURE OF PERSONAL INFORMATION

We may share personal information with:

Service providers (e.g. website hosting, email platforms, learning platforms, payment processors)

Professional advisors (accountants, legal advisors)

Regulatory or governmental authorities where required by law

All third parties are required to protect personal information and process it only in accordance with our instructions.

We do not sell personal information.

7. INTERNATIONAL DATA TRANSFERS

Some service providers may process personal information outside South Africa.

Where GDPR applies, international transfers are made only where:

The destination country provides an adequate level of protection, or

Appropriate safeguards (such as Standard Contractual Clauses) are in place, or

The transfer is otherwise permitted under GDPR

Where POPIA applies, we ensure appropriate protection or obtain informed consent.

8. DATA RETENTION

We retain personal information only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law (including tax, accounting, or professional obligations).

When no longer required, personal information is securely deleted or anonymised.

9. SECURITY SAFEGUARDS

We implement reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, or misuse.

While no system can be guaranteed to be completely secure, we take data protection seriously and review safeguards regularly.

10. CHILDREN’S INFORMATION

Our services are intended for individuals aged 18 and older. We do not knowingly collect personal information from children.

11. YOUR RIGHTS

You have the right to:

Request access to your personal information

Request correction or deletion

Object to processing in certain circumstances

Withdraw consent

Lodge a complaint with the relevant supervisory authority

Where GDPR applies, you may also have rights to data portability, restriction of processing, and to object to direct marketing.

Requests can be made using the contact details below.

12. COMPLAINTS

If you are dissatisfied with how we handle personal information, you may contact:

The Information Regulator (South Africa)
Email: [email protected]
Complaints: [email protected] / [email protected]

EEA/UK residents may also lodge complaints with their local data protection authority.

13. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. The most current version will always be available on our website.

14. CONTACT DETAILS

For questions or requests regarding this Privacy Policy, please contact:
Email: [email protected]