PRIVACY
POLICY.

At New Narrative, we believe in clarity in everything, including how we handle your personal information. This Privacy Policy outlines our approach to collecting, using, disclosing, and protecting your data, ensuring you understand exactly what happens when you interact with us. It’s about building trust, not just beautiful brands.

The data we collect:
Your information, our purpose.

We only collect information that helps us understand your needs, respond to your inquiries, and ultimately, help you find your brand’s center.

Information you give us directly: When you get in touch via our contact form (coming soon!) or by emailing/calling us, we may collect:

  • Your name
  • Your email address
  • Your phone number
  • Your business name
  • Any information about your business you choose to share with us in your message.

Information we collect automatically (Website Traffic Tracking): Like most websites, we use Google Analytics to understand how our site is performing and how people interact with it. This helps us make your experience better. The data collected by Google Analytics is anonymised and generally includes:

  • The number of visitors to our site.
  • Session statistics, like how long you spend on pages and how many pages you view.
  • Your general location (e.g., city, country), not your precise address.
  • Information about the device and browser you’re using to access our site.
  • How you found our website (e.g., from a search engine, social media).
  • User behaviour data, such as pages viewed and scrolls.
  • We do not collect personally identifiable information (like your name or email) through Google Analytics by default.

How we use your information:
No guesswork, just growth.

The information we collect serves a clear purpose:

  • To communicate with you: When you reach out, we use your contact details to respond to your inquiries, provide quotes, and discuss potential projects. This is all about gathering leads and connecting with potential clients.
  • To understand our website’s performance: The anonymised data from Google Analytics helps us improve our website’s functionality, content, and user experience. It’s about ensuring our online presence effectively serves you.
  • For future marketing and CRM: If we implement a CRM system or mailing software, your contact details may be pushed to these systems for our internal marketing and client relationship management purposes only. This helps us manage our leads and client communication effectively.

Sharing your data:
We keep it close to our core.

We value your trust. We do not sell, rent, or share your personal information with third parties for their direct marketing purposes.

If and when we use third-party service providers (like CRM software or email marketing platforms) to help us operate our business, they will only have access to your information as necessary to perform their functions on our behalf, and they are contractually obligated to protect your data in accordance with our standards and applicable laws. These are tools that help us serve you better, not parties we share your data with indiscriminately.

How we protect your data:
Building secure foundations.

Protecting your information is paramount. While no system is 100% foolproof, we implement robust measures to safeguard your personal data:

  • Secure Communications: Our website uses SSL/HTTPS encryption (you’ll see the padlock in your browser’s address bar) to ensure that any information you submit via a contact form is encrypted during transmission.
  • Secure Storage: We commit to storing your data on secure servers with appropriate security controls, including access limitations and encryption at rest, where applicable.
  • System Updates: We regularly update our website software and plugins to guard against vulnerabilities.
  • Strong Access Controls: Only authorised personnel within our agency have access to your personal information, and only when necessary for their job functions.
  • Data Minimisation: We only collect data that is relevant and necessary for the stated purposes.

How long we keep your data:
Only as long as necessary.

We don’t hold onto your data indefinitely. We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

  • Contact Form Data (Leads): We typically retain personal information collected via our contact form for a period of 24 months after the last meaningful contact. If you become a client, we will retain your data for the duration of our business relationship and for a further 5-7 years thereafter to comply with legal obligations (e.g., tax and accounting regulations).
  • Google Analytics Data: Google Analytics data retention settings are configured to comply with best practices, typically retaining user and event data for a limited period.

Once the retention period expires, your personal information will be securely deleted or de-identified.

Your rights under POPIA:
You're in control.

As a data subject under the Protection of Personal Information Act (POPIA), you have important rights regarding your personal data. We are committed to upholding these rights:

  • Right to be informed: You have the right to know how your personal information is collected and processed. This policy is our way of informing you.
  • Right to access: You can ask us to confirm whether we hold your personal information and request a copy of it.
  • Right to rectification: If you believe any of the personal information we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.
  • Right to deletion/destruction: You can request that we delete or de-identify your personal information, unless we have a legal obligation or legitimate reason to retain it.
  • Right to object: You have the right to object to the processing of your personal information on reasonable grounds, or for direct marketing purposes.
  • Right to complain: If you believe we have not handled your personal information in accordance with POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, please contact us using the details provided below.

Data breach protocol:
Our commitment to transparency.

While we strive for robust security, no online transmission or storage method is entirely secure. In the unlikely event of a data breach where there are reasonable grounds to believe personal information has been accessed or acquired by an unauthorised party, we commit to:

  • Notify the Information Regulator: We will inform the South African Information Regulator as soon as reasonably possible.
  • Notify Affected Individuals: We will also notify you, the affected data subject(s), as soon as reasonably possible, providing you with information about the breach and steps you can take to protect yourself.
  • Investigate and Mitigate: We will take immediate steps to contain the breach, investigate its cause and scope, and implement measures to prevent recurrence.

Contact us:
Make the first move.

If you have any questions about this Privacy Policy or how we handle your personal information, or if you wish to exercise any of your rights under POPIA, please don’t hesitate to reach out. We’re here to provide the direction you’ve been looking for.

Email: hello@newnarrative.co.za
Phone: +27 (0)76 256 9945

Let's Talk