Viranova

Privacy Policy

How Viranova collects, uses, shares, protects, and lets you control your personal information — under South Africa's POPIA and, where they apply, the GDPR, UK GDPR, and California privacy law.

Who we are

Viranova (the responsible party operating viranova.co.za) is responsible for the personal information collected through this website. We decide why and how your information is processed, which makes us the responsible party under POPIA and the data controller under the GDPR and UK GDPR.

You can reach our Information Officer about anything in this policy at support@viranova.co.za.

Our registered postal address is available on request from the Information Officer at the email above.

What this policy covers

This policy applies to the public Viranova website, our forms (story submissions, contact, advertising, Work With Us, journalist applications, corrections), The Viranova Culture Brief newsletter, article comments, and the secure admin workspace. It explains your rights under South Africa's Protection of Personal Information Act (POPIA) and, where they apply to you, the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended (CCPA/CPRA).

Information we collect

Depending on how you use Viranova, we may collect: names or display names, email addresses, phone numbers, social and source links, uploaded files, messages, story material, opinions, corrections, partnership details, and consent confirmations you give us through forms or comments.

Newsletter records may include your email address, subscription status, signup source, timestamps, unsubscribe records, delivery records, and basic engagement or error signals needed to run the Culture Brief responsibly.

We also collect technical and analytics signals — such as pages visited, articles viewed, device and browser type, approximate region, and security signals — to keep the site working, secure, and useful. Optional analytics is only collected if you accept it (see Cookies below).

Why we use your information and our legal basis

We use personal information to review and respond to submissions, run editorial and correction workflows, send the newsletter you asked for, answer enquiries, moderate unsafe material, secure the platform and prevent abuse, keep audit trails, comply with the law, and improve Viranova. We do not sell your personal information.

Under POPIA we process information where you have consented, where it is necessary for a contract or a request you made, to meet a legal obligation, or for our or your legitimate interests in running a credible editorial platform. Where the GDPR or UK GDPR apply, our lawful bases are consent (Article 6(1)(a)), performance of a contract or steps you requested (b), legal obligation (c), and legitimate interests (f).

Cookies and analytics

Viranova uses essential storage to keep forms and the admin area secure, and optional Google Analytics that only runs after you accept it from our cookie banner. We use Google Consent Mode with analytics denied by default. You can change or withdraw your choice at any time from the “Cookie Preferences” link in the footer, or read the full viranova.co.za/cookie-notice.

Direct marketing

We only send The Viranova Culture Brief to people who asked for it. Every edition includes a one-click unsubscribe, and we honour List-Unsubscribe so your email client can unsubscribe for you. This reflects POPIA section 69 and the consent rules in the GDPR and the US CAN-SPAM Act.

Who we share it with

Access is limited to authorised Viranova team members and trusted service providers (processors/operators) acting on our instructions — including hosting, email delivery, media storage, analytics, backups, and security. They may only use your information to provide those services. We do not sell personal information and do not “share” it for cross-context behavioural advertising as defined by California law.

International transfers

Some of our service providers store or process data outside South Africa, including in the European Union and the United States. Where information is transferred across borders, we rely on providers that offer a comparable level of protection through recognised safeguards such as adequacy decisions or standard contractual clauses, consistent with POPIA, the GDPR, and the UK GDPR.

How long we keep your information

We keep personal information only as long as needed for the purpose it was collected, after which we delete or anonymise it. Some records may be retained longer where required for editorial integrity, legal compliance, audit logs, security, abuse prevention, backups, or resolving disputes.

How we protect your information

We protect information with HTTPS, password hashing, controlled admin access, role-based permissions, server-side storage, safe upload limits, backups, and audit logs. No system is perfectly secure, but we work to keep your information safe and to respond quickly if something goes wrong.

Your rights

Under POPIA you may ask to access your information, correct or delete it, object to certain processing, withdraw consent, and complain to the Information Regulator. To exercise any right, email support@viranova.co.za. We may need to verify your identity first, and some records may be retained where the law allows.

You can also delete your data yourself, without emailing us: go to viranova.co.za/delete-my-data, enter your email address, and confirm the secure link we send you. Confirming permanently erases every record tied to that address — newsletter subscription, comments, story submissions, enquiries, and corrections — and we email you a receipt. The confirmation link expires after 48 hours, and the request and completion are logged so we can show the erasure was carried out.

If the GDPR or UK GDPR apply to you, you also have the rights to rectification, erasure, restriction of processing, data portability, to object, to withdraw consent at any time, and to lodge a complaint with your local supervisory authority. You can exercise the right to erasure instantly using the self-service tool above.

California privacy rights (CCPA/CPRA)

This section applies to California residents and explains your rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”). It supplements the rest of this policy.

Categories of personal information we collect. In the past 12 months we may have collected: identifiers (such as name, display name, email address, phone number, and IP address); customer records and commercial information you provide through forms; internet or other electronic network activity (such as pages and articles viewed and basic interaction signals, collected only with your analytics consent); approximate location inferred from your IP address; audio, electronic, or visual information contained in files you upload; and professional or employment information you include in journalist or work applications. We collect these from you directly and from your device when you use the site. We do not collect government identifiers, financial-account or payment-card numbers, or precise geolocation.

Sources and business purposes. We collect this information from you and from your interaction with the site, and we use it for the business purposes described under “Why we use your information” above — operating, securing, and improving Viranova, responding to submissions and enquiries, running editorial and correction workflows, sending the newsletter you requested, moderating unsafe material, preventing abuse, keeping audit trails, and complying with the law. We disclose personal information only to the service providers described under “Who we share it with,” who may use it solely to provide services to us.

Sensitive personal information. Viranova does not collect sensitive personal information in order to infer characteristics about you, and does not use or disclose it for purposes beyond those the CCPA permits without offering a right to limit. We do not sell or share sensitive personal information.

No sale or sharing of personal information. Viranova does not sell your personal information and does not “share” it for cross-context behavioural advertising, as those terms are defined by the CCPA, and has not done so in the preceding 12 months. We configure Google Analytics with Google signals and advertising-personalisation features disabled, so measurement is never used for cross-context behavioural advertising.

Your California rights. You have the right to know and access the personal information we hold about you and how we use it; to delete it; to correct inaccurate information; to opt out of the sale or sharing of personal information (Viranova does not sell or share, so there is nothing to opt out of); to limit the use and disclosure of sensitive personal information; and not to receive discriminatory or retaliatory treatment for exercising any of these rights.

Opt-out preference signals (Global Privacy Control). Viranova recognises the Global Privacy Control (GPC) browser signal as a valid request to opt out of the sale or sharing of personal information. Because we do not sell or share personal information, every visitor — including any whose browser sends a GPC signal — is already treated as opted out, and we will not enable cross-context behavioural advertising for that browser.

How to exercise your California rights. Email support@viranova.co.za and tell us which right you want to exercise. We will verify your identity against information we already hold before we act, and we will respond within the timeframes the CCPA requires (generally 45 days, extendable once where permitted). You may use an authorised agent to submit a request for you if you give them written permission and we can verify both of you. Exercising your rights is free, except where the CCPA allows a fee for excessive or repetitive requests.

Children's information

Viranova is a general culture publication and is not directed at children. We do not knowingly collect the personal information of a child under 18 without the consent of a parent or guardian. If you believe a child has provided information, contact support@viranova.co.za and we will remove it.

Data breaches

If a security breach affects your personal information, we will act to contain it and, where the law requires, notify the Information Regulator and affected people. You can report a concern to support@viranova.co.za.

Complaints

You can complain to us first at support@viranova.co.za. You also have the right to complain to the Information Regulator (South Africa): lodge a POPIA complaint at POPIAComplaints@inforegulator.org.za or call 010 023 5200 (toll free 0800 017 160). Office: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191. Website inforegulator.org.za. EU and UK visitors may instead complain to their local data protection supervisory authority.

Changes to this policy

We review this policy periodically and update it as Viranova adds new forms, analytics, newsletter tools, advertising products, or editorial workflows. The version on this page is the current one.

Submit Story