Africa Science (AfricaScience.org)
Effective Date: 1 July 2026 Last Updated: 29 June 2026
1. Introduction
Africa Science (“we”, “us”, “our”), accessible at https://www.africascience.org, is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and all applicable South African data protection legislation.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, subscribe to our newsletter, or otherwise interact with our services.
By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent to process personal information, you may withdraw that consent at any time.
2. Information Officer
In terms of Section 55 of POPIA, our designated Information Officer is:
- Name: The Editor-in-Chief, Africa Science
- Email: privacy@africascience.org
- Postal Address: Africa Science, Cape Town, South Africa
- Website: https://www.africascience.org
You may contact our Information Officer with any queries or complaints regarding the processing of your personal information.
3. Personal Information We Collect
We collect personal information through the following means:
3.1 Newsletter Subscriptions
When you subscribe to the Africa Science newsletter, we collect:
- Your email address
- Your first name (optional)
- Your last name (optional)
- Subscription preferences and interests (optional)
- Date and time of subscription
- IP address at the time of subscription (for consent verification)
Newsletter subscriptions are managed through Mailchimp (The Rocket Science Group LLC), a third-party email marketing platform.
3.2 Website Analytics
We use Google Analytics 4 (GA4) to collect anonymised and aggregated data about how visitors use our website. This includes:
- Pages visited, time spent on pages, and navigation paths
- Referring websites and search terms
- Browser type, operating system, and device category
- Approximate geographic location (city/country level, derived from IP address)
- Screen resolution and language preferences
Google Analytics 4 does not collect personally identifiable information by default. IP addresses are anonymised before storage. We do not enable any Google Analytics advertising features or User-ID tracking.
3.3 Cookies and Similar Technologies
Our website uses cookies and similar technologies for the following purposes:
| Cookie Type | Purpose | Duration | Legal Basis |
| Strictly Necessary | Essential website functionality (e.g., security, session management) | Session / up to 12 months | Legitimate interest |
| Analytics | Understanding website usage patterns via GA4 | Up to 14 months | Consent |
| Preferences | Remembering user settings (e.g., dark mode, font size) | Up to 12 months | Consent |
You can manage your cookie preferences at any time through your browser settings or our cookie consent mechanism. Disabling cookies may affect certain website features.
3.4 Contributor and Editor Information
If you contribute articles or serve as an editor, we may collect:
- Your full name and biographical details for author profiles
- Your email address and contact information
- Your WordPress login credentials (username and hashed password)
- Content you create or edit on the platform
3.5 Information Collected Automatically
When you visit our website, our web servers automatically log:
- Your IP address
- Date and time of access
- Pages requested
- HTTP referrer
- User-agent string (browser and device information)
Server logs are retained for security and operational purposes and are deleted after 90 days.
4. Purpose of Processing Personal Information
We process your personal information for the following purposes, each supported by a lawful basis under POPIA:
| Purpose | Lawful Basis (POPIA Section 11) |
| Delivering newsletter content you subscribed to | Consent |
| Analysing website traffic to improve content and user experience | Legitimate interest |
| Ensuring website security and preventing abuse | Legitimate interest |
| Publishing author profiles alongside contributed articles | Contract / Consent |
| Responding to enquiries and correspondence | Legitimate interest |
| Complying with legal obligations | Legal obligation |
| Managing contributor/editor access to our CMS | Contract |
We will not process your personal information for purposes incompatible with those listed above without first notifying you and, where required, obtaining your consent.
5. Sharing of Personal Information
We do not sell, rent, or trade your personal information. We may share your information with the following categories of recipients:
5.1 Third-Party Service Providers
| Service Provider | Purpose | Data Shared | Location |
| Mailchimp (Intuit Inc.) | Email newsletter delivery and management | Email address, name, subscription preferences | United States |
| Google Analytics (Google LLC) | Website analytics and reporting | Anonymised usage data, cookie identifiers | United States |
| Hosting Provider | Website hosting and server infrastructure | Server logs, website data | As per hosting agreement |
5.2 Legal and Regulatory Disclosures
We may disclose your personal information where required by law, regulation, legal process, or enforceable governmental request, including in response to requests from the Information Regulator of South Africa.
5.3 Professional Advisors
We may share personal information with our legal, accounting, or other professional advisors in connection with the advice they provide to us, subject to appropriate confidentiality obligations.
6. Transborder Information Flows
Certain third-party service providers (Mailchimp and Google) are based in the United States. In terms of Section 72 of POPIA, we transfer personal information outside of South Africa only where:
- The recipient is subject to laws, binding corporate rules, or binding agreements that provide an adequate level of protection substantially similar to POPIA;
- You have provided your consent to the transfer;
- The transfer is necessary for the performance of a contract between you and us; or
- The transfer is for your benefit and it is not reasonably practicable to obtain your consent.
Both Mailchimp and Google maintain compliance frameworks (including adherence to recognised international data protection frameworks) that provide an adequate level of protection for personal information transferred from South Africa.
7. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Category | Retention Period |
| Newsletter subscriber data | Until you unsubscribe, plus 30 days for processing |
| Website analytics data | 14 months (GA4 default retention) |
| Server logs | 90 days |
| Contributor/editor profiles | Duration of the contributor relationship, plus 12 months |
| Correspondence and enquiries | 24 months from last communication |
After the applicable retention period, personal information is securely deleted or irreversibly anonymised.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption: SSL/TLS encryption for all data transmitted between your browser and our website (HTTPS)
- Access Controls: Role-based access controls for contributor and editor accounts; strong password requirements
- Platform Security: Regular software updates and security patches for our content management system (WordPress)
- Third-Party Security: Selection of service providers (Mailchimp, Google) that maintain robust security certifications and practices
- Data Minimisation: We collect only the personal information that is necessary for the stated purposes
- Monitoring: Regular review of access logs and security configurations
While we take reasonable steps to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Your Rights Under POPIA
As a data subject, you have the following rights under POPIA:
9.1 Right of Access (Section 23)
You have the right to request confirmation of whether we hold personal information about you and to request access to that information.
9.2 Right to Correction (Section 24)
You have the right to request that we correct or delete personal information about you that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
9.3 Right to Deletion (Section 24)
You have the right to request the destruction or deletion of your personal information where we are no longer authorised to retain it.
9.4 Right to Object (Section 11(3))
You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing.
9.5 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
9.6 Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your personal information has been processed in violation of POPIA:
Information Regulator (South Africa) – Email: enquiries@inforegulator.org.za – Website: https://inforegulator.org.za – Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017
9.7 How to Exercise Your Rights
To exercise any of the above rights, please submit a written request to our Information Officer at privacy@africascience.org. We will respond to your request within 30 days of receipt, as required by POPIA. We may require you to verify your identity before processing your request.
10. Children’s Privacy
Our website is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verifiable parental or guardian consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact our Information Officer.
11. Third-Party Links
Our website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party websites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Post the revised policy on our website
- Where appropriate, notify newsletter subscribers by email
Your continued use of our website after the publication of changes constitutes your acceptance of the revised Privacy Policy.
13. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of South Africa, including but not limited to:
- The Protection of Personal Information Act 4 of 2013 (POPIA)
- The Electronic Communications and Transactions Act 25 of 2002 (ECTA)
- The Consumer Protection Act 68 of 2008 (CPA)
14. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us:
- Information Officer Email: privacy@africascience.org
- General Enquiries: info@africascience.org
- Website: https://www.africascience.org
- Postal Address: Africa Science, Cape Town, South Africa
This Privacy Policy was last reviewed and updated on 29 June 2026.
