Digital Capital Privacy Policy
Last updated: 26 May 2026


This Privacy Policy applies to Digital Capital (Pty) Ltd (“DigiCap”, “we”, “us” or “our”).
This Privacy Policy explains how we collect, use, store, disclose and protect personal
information when you access our website, contact us, submit an enquiry, provide information
relating to a potential investment opportunity, engage with us commercially, or otherwise
interact with DigiCap.
This Privacy Policy should be read together with our Website Terms and Conditions.
By using our website or providing personal information to us, you acknowledge that you
have read and understood this Privacy Policy.

  1. Purpose of this Privacy Policy
    The purpose of this Privacy Policy is to explain:
    a. what personal information we may collect;
    b. how and why we process personal information;
    c. when we may share personal information with third parties;
    d. how we protect and retain personal information;
    e. your rights in relation to your personal information; and
    f. how you may contact us or lodge a complaint.
    We are committed to processing personal information lawfully, reasonably and in a manner
    that respects privacy and complies with applicable data protection laws, including the
    Protection of Personal Information Act, 2013 (“POPIA”).

  2. Definitions
    In this Privacy Policy:
    “Personal Information” has the meaning given to it in POPIA and includes information
    relating to an identifiable natural or juristic person.
    “Processing” means any activity concerning personal information, including collecting,
    receiving, recording, storing, updating, using, analysing, sharing, transferring, deleting or
    destroying personal information.
    “Special Personal Information” means special categories of personal information under
    POPIA, including information relating to health, biometrics, race or ethnic origin, political
    persuasion, religious or philosophical beliefs, trade union membership, sex life or criminal
    behaviour.
    “Submitted Information” means information, documents or materials submitted to DigiCap,
    including pitch decks, business plans, company profiles, financial information, forecasts, cap
    tables, shareholder information, founder details, customer information, supplier information,
    employee information, contracts or due diligence materials.
    “Website” means the DigiCap website and any pages, forms, content or functionality made
    available through it.

“you” means any person who accesses our website, contacts us, submits information to us,
represents a company or business engaging with us, or otherwise interacts with DigiCap.

  1. Who this Privacy Policy applies to
    This Privacy Policy may apply to personal information relating to:
    a. founders, shareholders, directors and management teams of businesses that engage with
    DigiCap;
    b. potential investee companies and their representatives;
    c. employees, contractors, consultants, customers and suppliers of businesses assessed by
    DigiCap;
    d. investors, advisers, consultants, service providers and commercial partners;
    e. website visitors and persons who submit enquiries through our website;
    f. persons who communicate with us by email, telephone, online form or other channels; and
    g. any other person whose personal information is provided to or processed by DigiCap.
    Where you provide us with personal information about another person, you must ensure that
    you are lawfully entitled to do so and, where required, that the person has been informed of
    this Privacy Policy.

  2. What personal information we may collect
    Depending on the nature of your interaction with us, we may collect and process the
    following categories of personal information:
    a. names, surnames and contact details;
    b. email addresses, telephone numbers and business addresses;
    c. company names, registration numbers and business details;
    d. job titles, roles and areas of responsibility;
    e. founder, shareholder, director and management information;
    f. identity or verification information where reasonably required for legal, compliance, due
    diligence or transaction purposes;
    g. financial information, including company financials, forecasts, budgets, management
    accounts, bank-related information, funding history and shareholder loan information;
    h. ownership information, including cap tables, shareholder registers, option arrangements
    and related party information;
    i. commercial information, including client, supplier, pipeline, revenue, contract and
    operational information;
    j. correspondence and records of communication with us;
    k. website usage information, including IP address, browser type, device information, pages
    viewed and interaction data; and
    l. any other information that you voluntarily provide to us.
    We may also process limited Special Personal Information where required or permitted by
    law, or where it is voluntarily included in information submitted to us. We do not intentionally
    request Special Personal Information through our website unless it is necessary for a lawful
    purpose.

  3. How we collect personal information

We may collect personal information:
a. directly from you when you contact us, complete a form, submit an enquiry or provide
information to us;
b. from companies, founders, shareholders, directors or representatives engaging with
DigiCap;
c. through Submitted Information provided during screening, investment assessment, due
diligence, negotiation or post-investment engagement;
d. from public sources, including company registries, websites, professional platforms and
publicly available business information;
e. from third parties, including advisers, consultants, accountants, lawyers, technical
specialists, commercial partners, investors, funders, service providers and due diligence
providers;
f. through electronic communications, including email, online meetings and document
sharing platforms; and
g. through website technologies such as cookies, analytics tools and server logs.

  1. Why we process personal information
    We may process personal information for the following purposes:
    a. to operate and manage our website;
    b. to respond to enquiries and communications;
    c. to assess potential investment, funding, acquisition, partnership or commercial
    opportunities;
    d. to conduct initial screening, commercial assessment, investment analysis and due
    diligence;
    e. to evaluate founders, management teams, shareholders, business models, financial
    performance, legal risks, operational risks and market opportunities;
    f. to prepare, negotiate and conclude term sheets, shareholder agreements, subscription
    agreements, sale agreements, loan agreements, confidentiality agreements and other
    transaction documents;
    g. to communicate with founders, shareholders, directors, management, advisers and other
    relevant parties;
    h. to manage post-investment reporting, governance, financial management, KPI tracking
    and operational involvement;
    i. to comply with legal, regulatory, tax, accounting, audit and governance obligations;
    j. to protect our rights, enforce agreements and manage disputes or claims;
    k. to prevent fraud, misrepresentation, unlawful conduct or security risks;
    l. to maintain business records;
    m. to improve our website, investment processes, internal systems and business operations;
    and
    n. to send relevant communications where lawful and appropriate.
    We will not process personal information for a purpose that is incompatible with the purpose
    for which it was collected, unless permitted by law or with appropriate consent.

  2. Legal basis for processing
    We process personal information where one or more lawful grounds apply, including where:

a. you have consented to the processing;
b. processing is necessary to take steps at your request before entering into a contract;
c. processing is necessary to perform a contract;
d. processing is necessary to comply with a legal obligation;
e. processing protects a legitimate interest of DigiCap, you or a third party;
f. processing is necessary for the proper performance of a public law duty by a public body,
where applicable; or
g. processing is otherwise permitted by applicable law.

  1. Submitted Information and investment-related materials
    If you submit information to DigiCap in relation to a potential investment, funding, acquisition,
    partnership or commercial opportunity, you acknowledge that we may process that
    information for purposes of evaluating the opportunity.
    Submitted Information may include personal information relating to founders, directors,
    shareholders, employees, customers, suppliers, contractors, advisers and other third parties.
    You must ensure that any personal information included in Submitted Information has been
    lawfully collected and may lawfully be disclosed to DigiCap.
    Unless we have entered into a separate written non-disclosure agreement with you,
    information submitted to DigiCap through the website, by email or through other informal
    channels will not automatically be treated as confidential.

  2. Direct marketing and communications
    We may send you communications relating to DigiCap, our investment activities, events,
    updates or opportunities where we are lawfully permitted to do so.
    Where direct marketing consent is required, we will request consent before sending such
    communications.
    You may opt out of direct marketing communications at any time by following the
    unsubscribe instructions in the communication or by contacting us directly.
    We may still send non-marketing communications where necessary, including
    communications relating to enquiries, transactions, legal notices, due diligence, governance,
    reporting or existing business relationships.

  3. Cookies and website analytics
    Our website may use cookies, analytics tools and similar technologies to:
    a. operate the website;
    b. improve website functionality and performance;
    c. understand how users interact with the website;
    d. remember preferences;
    e. support security; and
    f. generate usage statistics.

Cookies may collect information such as IP address, browser type, device type, operating
system, pages visited, time spent on pages and referral information.
You may disable cookies through your browser settings. However, some website
functionality may not operate properly if cookies are disabled.
Where required by law, we will provide appropriate cookie notices or consent options.

  1. Sharing personal information with third parties
    We may share personal information where necessary or appropriate with:
    a. our directors, employees, consultants and representatives;
    b. professional advisers, including attorneys, accountants, auditors, tax advisers, corporate
    finance advisers and transaction advisers;
    c. technical, commercial, operational, financial and legal due diligence providers;
    d. IT service providers, cloud storage providers, hosting providers, software providers and
    cybersecurity providers;
    e. banks, funders, investors, co-investors or potential transaction participants, where
    relevant to an opportunity or transaction;
    f. investee companies, portfolio companies or commercial partners, where relevant to our
    business activities;
    g. regulatory authorities, public bodies, courts, tribunals or law enforcement agencies where
    required or permitted by law;
    h. parties involved in actual or proposed corporate transactions, restructurings, investments,
    acquisitions or disposals; and
    i. any other third party where you have consented or where disclosure is permitted by law.
    We will take reasonable steps to ensure that third parties who process personal information
    on our behalf are subject to appropriate confidentiality and data protection obligations.

  2. Cross-border transfers
    We may transfer personal information outside South Africa where necessary for business,
    operational, storage, due diligence, communication, advisory or transaction-related
    purposes.
    This may occur where we use cloud-based systems, international service providers, foreign
    advisers, investors, funders or commercial partners.
    Where personal information is transferred outside South Africa, we will take reasonable
    steps to ensure that the transfer is lawful and that appropriate safeguards are in place,
    where required by applicable law.

  3. Security of personal information
    We take reasonable technical and organisational measures to protect personal information
    against loss, damage, unauthorised access, unlawful processing, disclosure, alteration or
    destruction.

These measures may include access controls, secure storage, confidentiality obligations, IT
security measures, document management protocols and internal governance procedures.
However, no electronic communication, website, server, system or method of storage is
completely secure. You submit information to us at your own risk.
If we become aware of a security compromise affecting personal information, we will take
reasonable steps to assess the incident and, where legally required, notify affected persons
and/or the Information Regulator.

  1. Retention of personal information
    We will retain personal information only for as long as reasonably necessary for the
    purposes for which it was collected or processed, unless a longer retention period is required
    or permitted by law.
    We may retain personal information for purposes including:
    a. responding to enquiries;
    b. maintaining records of investment opportunities assessed by DigiCap;
    c. managing ongoing business relationships;
    d. complying with legal, tax, accounting, audit and governance obligations;
    e. supporting due diligence, transaction records and investment committee processes;
    f. resolving disputes or enforcing rights; and
    g. maintaining historical records where we have a legitimate business reason to do so.
    When personal information is no longer required, we will take reasonable steps to delete,
    destroy, de-identify or anonymise it.

  2. Accuracy of personal information
    We will take reasonable steps to ensure that personal information in our possession is
    accurate, complete and up to date where necessary for the purpose for which it is
    processed.
    You are responsible for ensuring that information you provide to us is accurate, complete
    and not misleading.
    Please notify us if your personal information changes or if you believe that any personal
    information we hold is inaccurate.

  3. Failure to provide personal information
    Where we need personal information to respond to an enquiry, assess an opportunity,
    perform due diligence, comply with law or enter into a transaction, and the required
    information is not provided, we may be unable to proceed with the relevant engagement,
    assessment, transaction or request.

  4. Your rights
    Subject to applicable law, you may have the right to:

a. request confirmation of whether we hold personal information about you;
b. request access to your personal information;
c. request correction or deletion of inaccurate, irrelevant, excessive, outdated, incomplete,
misleading or unlawfully obtained personal information;
d. object to the processing of your personal information in certain circumstances;
e. withdraw consent where processing is based on consent;
f. object to direct marketing;
g. request that we restrict certain processing, where applicable; and
h. lodge a complaint with the Information Regulator.
Requests may be subject to verification of identity and any applicable legal limitations.

  1. Access requests and PAIA
    Requests for access to records or personal information may be dealt with in accordance with
    POPIA, the Promotion of Access to Information Act, 2000 (“PAIA”), and DigiCap’s PAIA
    Manual, where applicable.
    We may charge prescribed fees where permitted by law.

  2. Children’s personal information
    Our website and services are not directed at children.
    We do not knowingly collect personal information of children unless permitted by law,
    required for a lawful purpose, or provided with the consent of a competent person, such as a
    parent or legal guardian.
    If we become aware that children’s personal information has been provided to us without the
    necessary authority, we may delete or de-identify that information where appropriate.

  3. Links to third-party websites
    Our website may contain links to third-party websites, platforms or resources.
    We are not responsible for the privacy practices, security, content or policies of third-party
    websites. You should review the privacy policies of any third-party websites you access.

  4. Updates to this Privacy Policy
    We may update this Privacy Policy from time to time.
    The updated version will be published on our website with a revised “Last updated” date.
    Your continued use of our website or engagement with us after the updated Privacy Policy is
    published will constitute acknowledgement of the updated Privacy Policy.

  5. Complaints

If you believe that we have processed your personal information unlawfully or contrary to this
Privacy Policy, please contact us first so that we can attempt to resolve the matter.
You also have the right to lodge a complaint with the Information Regulator.
The Information Regulator’s website confirms that POPIA complaints may be lodged where
a person believes their personal information has been processed in a way that violates
POPIA.
Information Regulator (South Africa)
Website:
https://inforegulator.org.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal Address: PO Box 31533, Braamfontein, Johannesburg, 2107

  1. Contact details
    For questions, requests or complaints relating to this Privacy Policy or the processing of
    personal information by DigiCap, please contact:
    Digital Capital (Pty) Ltd
    Information Officer: [insert name]
    Email: [insert email address]
    Address: [insert registered / business address]
    Website: [insert website URL]

Digital Capital (Pty) Ltd (“DigiCap”) respects your privacy and processes personal
information in accordance with POPIA and this Privacy Policy.