Privacy Policy

18twenty8® is an award-winning, women-led Non-Profit Organisation that empowers young women by developing strategies for their educational and personal development. We encourage young women, between the ages of 18 and 28, to pursue higher education as an attractive and necessary tool for their empowerment. Our approach is empathetic, skillsenhancing and relevant to the young women we serve since we have experienced some of their challenges first-hand. Our vision is of a South Africa in which girls and young women are educated and empowered to lead. This vision is brought to life through four programmes:
  • Life-skills Workshops
  • Financial Assistance Programme
  • Big Sister Network
  • Leadership Camp

We recognise that in the pursuit of our vision we will be processing the Personal Information of employees and any other person, or entity, contracting or partnering with us which includes but is not limited to: strategic partners, donors, beneficiaries, Little Sisters, Big Sisters, programme participants, interns, volunteers, consultants, contractors and suppliers. “Personal Information”, for the purposes herein, shall refer to information relating to an identified or identifiable natural person, whether the identification is by direct or indirect means.

We have, therefore, adopted a data protection policy in line with our values and industry best practice. We recognise the significant threat of, among other things, cybercrime, and identity theft and to that end, we prioritise our security safeguards to protect your Personal Information and to ensure that we process your Personal Information in an appropriate manner and for legitimate purposes.

The purpose of this privacy statement is to outline the governing principles and our practices regarding the processing and protection of your Personal Information. By using the website, you are accepting the terms of this Privacy Policy.

18twenty8® is committed to protecting and respecting your privacy in accordance with the local data protection laws applicable to the jurisdictions in which we operate. As such, we have chosen to adopt a global approach to data protection compliance. The relevant local law applicable to the activities and programmes of 18twenty8® is the Protection of Personal Information Act, 4 Of 2013. We update this privacy notice from time to time in response to changes in applicable laws and regulations and/or changes to our processing practices and to the nature and scope of our activities

Please pay special attention to the clauses in bold as they may (a) limit the liability of 18twenty8® or a third party; (b) create risk or liability for you; (c) require you to release 18twenty8® or a third party from liability; (d) require you to acknowledge a fact.

1. Acceptance

Acceptance Required

You must accept all the terms of this Privacy Policy when entering into any agreement or partnership with 18twenty8®. If there is anything in this Privacy Policy that you do not agree with, then you may not contract with us. By accepting this Privacy Policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.

Legal capacity

You may access our website if you are younger than 18 years old. You may not contract with us if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts, unless you have the consent of a competent person or person holding parental responsibility over you. If you are under 18 years of age, you should only review this Privacy Policy with a person with parental responsibility over you to ensure your understanding of it. If you are younger than 18 years old, and we discover that we have collected Personal Information from you without the requisite parental consent, we will delete that Personal Information.

Your obligations

You may only voluntarily send us your own Personal Information, or the information of another person, where you have their demonstrable permission to do so.

2. How do we collect your Personal Information?

Directly from you

We ordinarily collect your Personal Information from you via our website or through correspondence in person, via email or telephone when you:

  • search and browse for content;
  • register for events;
  • contact us for further information;
  • apply for the Financial Assistance Programme
  • visit our Website while logged into a social media platform; and/or
  • participate in our online surveys.


There are, however, instances where Personal Information is not retrieved directly from you when you navigate our website and other online channels. This is done using “cookies”.

Third party sources

We may collect additional information from you from third parties, such as:

  • Agents or representatives who are duly authorised to disclose your Personal Information;
  • Verification agencies for the purposes of general background checking and/or
  • Educational and other institutions which you have authorised to disclose your Personal Information

3. Lawful grounds for processing your Personal Information

18twenty8® will only collect, process and store your Personal Information, with your consent, for legitimate purposes or in situations where it is in our legitimate interest and which will not cause you undue prejudice. In summary, this includes the following:

  • Procurement of your consent. This is where you have consented to the processing of the Personal Information as part of onboarding. We may be required by law to collect certain Personal Information. Should you voluntarily withhold or withdraw consent, this may restrict your ability to participate in programmes or projects and, depending on the Personal Information which you are not consenting to being processed, your overall ability to participate in such programmes or projects
  • Fulfilment of our contract with you. This is where the processing of your Personal Information is necessary for participation in our activities and programmes, which includes communicating to you about any changes to programmes or funding arrangements, dealing with complaints or disputes, and the recovery of any money owing to us.
  • Compliance with legal obligations. This is where we need to process your Personal Information to comply with any binding legal obligations imposed on us by the relevant governmental or regulatory authority.
  • It is in our legitimate interests. This includes adhering to local and international best practice guidelines in respect of our philanthropic activities or performing the relevant IT due diligence testing to detect malicious data and cyber threats.

4. Examples of how we use Personal Information

The following non-exhaustive list gives an indication as to how we may use, disclose and share your Personal Information:

  • to identify you;
  • to administer and manage the Website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site, premium content, or other services limited to Registered Users;
  • to understand how people, use the features and functions of our Website in order to improve the user experience;
  • to develop our businesses and services;
  • to invite you to attend events, participate in forums;
  • by disclosing your Personal Information to third party service providers appointed by us in order to enable us to provide the website and goods to you, and who are bound by these same privacy restrictions;

In addition, we may disclose Personal Information to law enforcement, other government officials, or other third parties as we, in our sole discretion, believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose us to legal liability, or in connection with a merger, consolidation, or sale of our assets.

5. The sharing of your Personal Information

Employees or independent contractors

We may need to disclose Personal Information to our employees or independent contractors who require the Personal Information to perform their roles.

Change of ownership

If we undergo a change in ownership, or a merger with, another entity, we may assign our rights to the Personal Information we process to a successor, purchaser or separate entity. We will disclose the transfer on our website. If you are concerned about your Personal Information migrating to a new owner, you may request us to delete your Personal Information.

Third parties

We will protect your Personal Information and will not sell, rent or trade your Personal Information to any person. There will, however, be instances where we will have an obligation to share your Personal Information, which includes the following:

  • Should it be requested by any regulatory authority exercising its statutory duties;
  • Should such disclosure be in the public interest or for a legitimate purpose;
  • By an order of court;
  • In order to protect the legitimate interests of 18twenty8® in exercising its rights or the protection of its reputation and property;
  • To fulfil our legal and regulatory obligations in terms of any applicable law;

You further acknowledge that we may disclose your Personal Information to advance the programmes and activities of 18twenty8®, and you expressly consent to this.

6. Storage and destruction of your Personal Information

We will retain your Personal Information for the duration that you are a beneficiary, participant or partner or service provider in respect of our programmes or activities, or otherwise contracted with us. After such agreements or arrangements cease, we may keep your data up to a maximum period of five years:

  • To comply with retention requirements imposed by any law; and
  • For prudent record-keeping for our various programmes and activities.

We may be required to retain your Personal Information for longer than five years, should it be the subject of any litigation or for other legal reasons. We may also keep your information for research or statistical purposes with the necessary security controls in place.

7. Security

We take reasonable technical, administrative and physical steps to protect against unauthorised access to and disclosure of Personal Information. We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect our systems from unauthorised access.

Our databases are protected from general personnel access both physically and logically. We encrypt your password so that your password cannot be recovered, even by us. All backup drives and tapes are also encrypted.

8. Accurate and up-to-date information

We try to keep the Personal Information we collect as accurate, complete and up to date as possible. From time to time, we may request you to update your Personal Information. You are able to review or update any Personal Information that we have on record for you by emailing or phoning us, or in person at our office.

Please note that to better protect you and safeguard your Personal Information, we take steps to verify your identity before making any corrections to your Personal Information.

9. Your rights

You have the right to have your Personal Information processed according to the conditions for lawful processing of Personal Information which includes the rights of:

  • Notification – the right to be notified that Personal Information about you is being collected or that it has been accessed or acquired by an unauthorised person.
  • Access – the right to establish where we hold your Personal Information and to request access to such Personal Information.
  • Rectification and erasure – the right to request, where necessary, the correction, destruction or deletion of your Personal Information.
  • Objection – the right to object, on reasonable grounds in relation to your particular situation, to the processing of your Personal Information. This includes the right to object to the processing of your Personal Information for direct marketing.
  • Profiling – the right not to be subject, under certain circumstances, to a decision which is made solely on the basis of the automated processing of your Personal Information intended to provide a profile of you.
  • Personal data portability – the right to request for your personal data to be sent to you in a structured and readable format, and the right to request for it to be transmitted to another data controller, where technically feasible, without hindrance.
  • Right to restriction of data processing – the right to restrict the processing of your personal data for a period where: you object to its accuracy and while its accuracy is being verified; you object to its processing pending the verification of whether the legitimate grounds given override your rights, freedoms or legitimate interests.
  • Right to representation – the right to representation where: you are under 18 years; you have a physical or medically determinable mental impairment and are unable to represent yourself or; for any other reason in which case you are represented by another person authorised in writing by yourself in accordance with relevant law.
  • Complaints – the right to submit a complaint to the Information Regulator regarding alleged interference with the protection of your Personal Information.
  • Civil proceedings – the right to institute civil proceedings regarding alleged interference with the protection of your Personal Information.

Please keep in mind that these rights are not unlimited. We are required by any relevant law to limit your right to exercise some of these rights. Examples of such instances include (among others) where required by:

  • Tax laws;
  • Anti-money laundering and fraud-prevention laws;
  • Pension fund laws; and
  • Insurance laws.

10. Limitation

We are not responsible for, give no warranties, nor make any representations regarding the privacy policies or practices of linked or any third-party websites.

11. Enquiries

If you have any questions or concerns based on this Privacy Policy or regarding the way in which we handle Personal Information, please email 

12. Proof of Date of Publication and Version of The Privacy Policy

A certificate signed by our Website Administrator will, unless the contrary is proven, be sufficient evidence of the date of publication and the content of the Privacy Policy and the content of earlier versions of the Privacy Policy and the date and content of any communication and notifications sent in terms of the Privacy Policy.