Privacy Policy

Allan Gray Orbis Foundation (RF) NPC (“AGOF” or “We”) is a member of Allan Gray Philanthropies (AGGP), a philanthropic group of companies with a mission to attack poverty by nurturing and empowering entrepreneurs and leaders who benefit society by helping accelerate meaningful employment creation while embodying the values and behaviours of ethical leadership. This is in fulfilment of our vision of an empowered and productively engaged African citizenry thriving in ethical societies with dignity and hope.

AGOF contributes to the above mission through its various programmes which are established to enable promising young South Africa to undertake appropriate studies at universities and other teach and learning institutions within South Africa and elsewhere which is intended to develop their potential as future business entrepreneurs.

We recognise that in the pursuit of our vision and mission, we will be processing personal information of employees and any other person or entity contracting or partnering with us which includes but is not limited to: strategic partners, fellows, programme participants, learners, grantees, scholarship recipients, interns, volunteers, consultants, contractors and suppliers. “Personal information”, for the purposes herein, shall refer to information relating to an identified or identifiable natural person, whether the identification is by direct or indirect means.

We have, therefore, adopted a data protection policy in line with our values and industry best practice. We recognise the significant threat of, among other things, cybercrime, and identity theft and to that end, we prioritise our security safeguards to protect your personal information and to ensure that we process your personal information in an appropriate manner and for legitimate purposes.
The purpose of this privacy statement is to outline the governing principles and our practices regarding the processing and protection of your personal information. By using the website, you are accepting the terms of this Privacy Policy.

AGGP is committed to protecting and respecting your privacy in accordance with the local data protection laws applicable to the jurisdictions in which we operate. As such, we have chosen to adopt a global approach to data protection compliance. The relevant local law applicable to the activities and programmes of AGOF is as follows:


Data Protection law

South Africa

Protection of Personal Information Act, 4 of 2013


Data Protection Act, 32 of 2018


Specific legislation not yet in force. Constitution protects right to privacy.


Data Protection Act, 2022

We update this privacy notice from time to time in response to changes in applicable laws and regulations and/or changes to our processing practices and to the nature and scope of our activities.
Please pay special attention to the clauses in bold as they may (a) limit the liability of AGOF or a third party; (b) create risk or liability for You; (c) require You to release the Foundation or a third party from liability; (d) require You to acknowledge a fact.

1. Acceptance

Acceptance Required

You must accept all the terms of this Privacy Policy when entering into any agreement or partnership with AGOF. If there is anything in this Privacy Policy t that you do not agree with, then you may not contract with us. By accepting this Privacy Policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.

Legal capacity
You may access our website if you are younger than 18 years old. You may not contract with Us if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts, unless you have the consent of a competent person or person holding parental responsibility over you. If you are under 18 years of age you should only review this Privacy Policy with a person with parental responsibility over you to ensure your understanding of it.  In case you are younger than 18 years old, and we discover that we have collected personal information from you without the requisite parental consent, we will delete that personal information.

Your obligations
You may only voluntarily send us your own personal information or the information of another person where you have their demonstrable permission to do so.

2. How do we collect your personal information?

Directly from you
We ordinarily collect your personal information from you via our website or through correspondence in person, via email or telephone when You:

  1. search and browse for content;
  2. subscribe for newsletters or other publications;
  3. register for events;
  4. contact us for further information;
  5. apply for scholarships or fellowships;
  6. visit our Websites while logged into a social media platform; and/or
  7. participate in our online surveys.


There are, however, instances where personal information is not retrieved directly from you when you navigate our website and other online channels. This is done using “cookies”. Please see our Cookies Policy for more information.

Third party sources
We may collect additional information from you from third parties, such as:

  1. Agents or representatives who are duly authorised to disclose your personal information
  2. Verification agencies for the purposes of general background checking
  3. Educational and other institutions which you have authorised to disclose your personal information


3. Lawful grounds for processing your personal information

AGOF will only collect, process and store your personal information, with your consent, for legitimate purposes or in situations where it is in our legitimate interest and which will not cause you undue prejudice. In summary, this includes the following:

  • Procurement of your consent. This is where you have consented to the processing of the personal information as part of onboarding. We may be required by law to collect certain personal information. Should you voluntarily withhold or withdraw consent, this may restrict your ability to participate in programmes or projects and, depending on the personal information which you are not consenting to being processed, your overall ability to participate in such programmes or projects.
  • Fulfilment of our contract with you. This is where the processing of your personal information is necessary for participation in our philanthropic activities and programmes, which includes communicating to you about any changes to programmes or funding arrangements, dealing with complaints or disputes, and the recovery of any money owing to us.
  • Compliance with legal obligations. This is where we need to process your personal information to comply with any binding legal obligations imposed on us by the relevant governmental or regulatory authority.
  • It is in our legitimate interests. This includes adhering to local and international best practice guidelines in respect of our philanthropic activities or performing the relevant IT due diligence testing to detect malicious data and cyber threats.

4. Examples of how We Use Personal Information

The following non-exhaustive list gives an indication as to how we may use, disclose and share Your Personal Information:

  • to identify you;
  • to administer and manage the Websites, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site, premium content, or other services limited to Registered Users;
  • to understand how people, use the features and functions of our Websites in order to improve the user experience;
  • to develop our businesses and services;
  • to invite you to attend events, participate in forums, etc.;
  • by disclosing Your Personal Information to third party service providers appointed by Us in order to enable Us to provide the Website and Goods to You, and who are bound by these same privacy restrictions;

In addition, We may disclose Personal Information to law enforcement, other government officials, or other third parties as We, in Our sole discretion, believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose Us to legal liability, or in connection with a merger, consolidation, or sale of Our assets.

5. The sharing of your personal information

Employees or independent contractors
We may need to disclose personal information to our AGGP employees or independent contractors who require the personal information to perform their roles. These include the following departments: Human Resources, Finance, Information Technology, Legal and responsible management.

Change of ownership
If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to another entity, we may assign our rights to the personal information we process to a successor, purchaser or separate entity. We will disclose the transfer on our website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.

Third parties
We will protect your personal information and will not sell, rent or trade your personal information to any person. There will, however, be instances where We will have an obligation to share your personal information, which includes the following:

  • Should it be requested by any regulatory authority exercising its statutory duties;
  • Should such disclosure be in the public interest or for a legitimate purpose;
  • By an order of court;
  • In order to protect the legitimate interests of AGOF in exercising its rights or the protection of its reputation and property;
  • To fulfil our legal and regulatory obligations in terms of any applicable law;


You further acknowledge that we may disclose your personal information within the AGGP group, and you expressly consent to this.

6. Storage and destruction of your personal information

We will retain your personal information for the duration that you are a participant or partner or service provider in respect of our Philanthropic programmes or activities, or otherwise contracted with US. After such agreements or arrangements cease, we may keep your data up to a maximum period of five years:

  • To comply with retention requirements imposed by any law; and
  • For prudent record-keeping for our various philanthropic programmes and activities.


We may be required to retain your personal information for longer than five years, should it be the subject of any litigation or for other legal reasons. We may also keep your information for research or statistical purposes with the necessary security controls in place.

7. Security

We take reasonable technical, administrative and physical steps to protect against unauthorised access to and disclosure of Personal Information. We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of Your online session and to protect Our systems from unauthorised access.

Our databases are protected from general personnel access both physically and logically. We encrypt Your password so that Your password cannot be recovered, even by Us. All backup drives and tapes are also encrypted.

Accurate and up-to-date information
We try to keep the personal information we collect as accurate, complete and up to date as possible. From time to time, we may request you to update your personal information. You are able to review or update any personal information that we have on record for you by emailing or phoning us, or in person at our offices.

Please note that to better protect you and safeguard your personal information, we take steps to verify your identity before making any corrections to your personal information.

9. Your rights

You have the right to have your personal information processed according to the conditions for lawful processing of personal information which includes the rights of:

  • Notification – the right to be notified that personal information about you is being collected or that it has been accessed or acquired by an unauthorised person.
  • Access – the right to establish where we hold your personal information and to request access to such personal information.
  • Rectification and erasure – the right to request, where necessary, the correction, destruction or deletion of your personal information.
  • Objection – the right to object, on reasonable grounds in relation to your particular situation, to the processing of your personal information. This includes the right to object to the processing of your personal information for direct marketing.
  • Profiling – the right not to be subject, under certain circumstances, to a decision which is made solely on the basis of the automated processing of your personal information intended to provide a profile of you.
  • Personal data portability – the right to request for your personal data to be sent to you in a structured and readable format, and the right to request for it to be transmitted to another data controller, where technically feasible, without hindrance.
  • Right to restriction of data processing – the right to restrict the processing of your personal data for a period where: you object to its accuracy and while its accuracy is being verified; you object to its processing pending the verification of whether the legitimate grounds given override your rights, freedoms or legitimate interests.
  • Right to representation – the right to representation where: you are under 18 years; you have a physical or medically determinable mental impairment and are unable to represent yourself or; for any other reason in which case you are represented by another person authorized in writing by yourself in accordance with relevant law.
  • Complaints – the right to submit a complaint to the Information Regulator regarding alleged interference with the protection of your personal information.
  • Civil proceedings – the right to institute civil proceedings regarding alleged interference with the protection of your personal information.


Please keep in mind that these rights are not unlimited. We are required by any relevant law to limit your right to exercise some of these rights. Examples of such instances include (among others) where required by:

  • Tax laws;
  • Anti-money laundering and fraud-prevention laws;
  • Pension fund laws; and
  • Insurance laws.

10. Limitation

We are not responsible for, give no warranties, nor make any representations regarding the privacy policies or practices of linked or any third-party websites.

11. Enquiries

If you have any questions or concerns based on this Privacy Policy or regarding the way in which we handle personal information, please contact the Group Head of Legal and Compliance at:

12. Proof of Date of Publication and Version of The Privacy Policy

A certificate signed by our Website Administrator will, unless the contrary is proven, be sufficient evidence of the date of publication and the content of the Privacy Policy and the content of earlier versions of the Privacy Policy and the date and content of any communication and notifications sent in terms of the Privacy Policy.