M&G Research (Pty) Ltd (“M&G Research”, “we”, “our”, or “us”) is committed to protecting the privacy and personal information of all individuals who engage with our services, participate in our research studies, or visit our website.

This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA), the General Data Protection Regulation (GDPR) where applicable, and other relevant South African legislation.

By engaging with our services, visiting our website, or participating in any research conducted by M&G Research, you acknowledge that you have read and understood this Privacy Policy.

We collect personal information only to the extent necessary for legitimate research, business, and operational purposes. The categories of information we may collect include:

Personal identification information

• Full name, title, and contact details (email address, telephone number, postal address)
• Professional role, employer, and organisational affiliation
• Identity or passport number where required by law or project scope

Research and survey data

• Survey responses, interview transcripts, and focus group contributions
• Demographic data (age, gender, province, employment status) for research analysis
• Opinions, perceptions, and behavioural data relevant to specific research projects

Technical and website data

• IP address, browser type, device information, and pages visited
• Cookies and usage analytics (see Section 9)

Client and partner data

• Billing and contractual information for service delivery
• Communication records for project management purposes

M&G Research uses personal information for the following purposes:

• Conducting academic, corporate, and public sector research projects
• Analysing survey and field data to produce reports and publications
• Communicating with research participants, clients, and project partners
• Managing contracts, invoicing, and service delivery administration
• Complying with legal, regulatory, and reporting obligations
• Improving our website, services, and research methodologies
• Sending relevant research updates, publications, or service information (with consent)

We process personal information on one or more of the following lawful bases under POPIA and applicable legislation:

• Consent: Where you have given clear, informed consent for a specific purpose
• Contractual necessity: Where processing is required to fulfil a contract or service agreement
• Legal obligation: Where we are required to process information to comply with the law
• Legitimate interest: Where we have a legitimate research, academic, or business interest that does not override your rights
• Public interest: Where processing supports lawful research, journalism, or public benefit activities

M&G Research does not sell, rent, or trade personal information. We may share information only in the following circumstances:

• Research clients and funders: Aggregated, anonymised findings as specified in project agreements
• Partner institutions: Where a project is conducted jointly (e.g. LGSETA, Cornell University, SANRAL) — governed by data sharing agreements
• Service providers: Trusted third parties who assist with data analysis, transcription, or IT services, bound by confidentiality obligations
• Legal authorities: Where required by law, court order, or regulatory authority
• Publications: Anonymised or aggregated data only — no individually identifiable information is published without explicit consent

We take the security of personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure.

• Encrypted storage for all digital research datasets
• Password-protected and access-controlled research files
• Secure data transfer protocols for sharing with authorised parties
• Physical security controls for any paper-based records
• Regular security reviews and staff confidentiality training

While we implement robust security measures, no system is entirely immune to risk. In the event of a data breach that poses a risk to your rights, we will notify affected individuals and the Information Regulator as required by POPIA.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

• Research data: Retained for the duration of the project plus a minimum of 5 years for academic integrity purposes
• Client records: Retained for 7 years in accordance with financial and contractual obligations
• Website analytics: Retained for up to 24 months
• Marketing communications: Until you withdraw consent or unsubscribe

Once the retention period expires, personal information is securely deleted or anonymised.

Under POPIA and applicable legislation, you have the following rights regarding your personal information:

To exercise any of these rights, please contact our Information Officer using the details in Section 13. We will respond within 30 days.

Our website uses cookies and similar tracking technologies to improve user experience and analyse site usage. Cookies are small text files stored on your device.

• Essential cookies: Required for website functionality — cannot be disabled
• Analytics cookies: Help us understand how visitors interact with our site (e.g. Google Analytics)
• Preference cookies: Remember your settings and preferences

You may disable non-essential cookies through your browser settings at any time. Note that disabling cookies may affect the functionality of certain website features.

If you participate in any research conducted or commissioned by M&G Research, the following additional protections apply:

• Participation is entirely voluntary and you may withdraw at any time without consequence
• An informed consent form will be provided prior to data collection, clearly stating the purpose, scope, and use of your information
• Where requested, your identity will be anonymised in all reports and publications
• Audio or video recordings will only be made with your explicit consent
• Raw data (interview transcripts, survey responses) will not be shared with clients in an identifiable form
• You have the right to review and approve any direct quotations attributed to you before publication

M&G Research does not knowingly collect personal information from children under the age of 18 without the consent of a parent or legal guardian.

Where research involves minors (such as school-based studies), we obtain written consent from parents or guardians and assent from the child as appropriate, in compliance with POPIA and relevant ethical guidelines.

We may update this Privacy Policy from time to time to reflect changes in legislation, our services, or data handling practices. When we make significant changes, we will:

• Update the “Last updated” date at the top of this policy
• Notify registered users or research participants by email where appropriate
• Post a notice on our website for a reasonable period

We encourage you to review this policy periodically. Continued engagement with our services after changes are posted constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact our designated Information Officer: