top of page

Privacy Policy

Last Updated: March 2026

​

Reach Africa Ltd ("Reach Africa", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect personal data across all our activities — including use of this website, enquiries and commercial engagements, and the delivery of CTV advertising campaigns and managed services on behalf of clients.


1. Who We Are

Reach Africa Ltd is a connected television (CTV) advertising platform registered in Mauritius, operating as a technology platform and managed service. We connect brands and agencies with CTV and smart TV advertising inventory across African markets, facilitating the planning, delivery, and reporting of digital advertising campaigns.

We have a South African subsidiary through which certain operations are conducted. References to "Reach Africa" in this Policy refer to the group as a whole unless the context requires otherwise.

Our data protection obligations are governed primarily by the Mauritius Data Protection Act 2017 ("DPA 2017"). Because we also deliver advertising campaigns using automated means within South Africa, and because our South African subsidiary is domiciled there, we are concurrently subject to South Africa's Protection of Personal Information Act 4 of 2013 ("POPIA"). Where we engage with individuals in the European Economic Area or the United Kingdom, the EU General Data Protection Regulation ("GDPR") and UK GDPR also apply respectively.


2. Scope

This Policy covers:

- Use of our website at www.reachafrica.com
- Contact forms, newsletter subscriptions, and cookies
- Enquiries, proposals, and commercial engagements
- The delivery of CTV advertising campaigns on behalf of clients
- The collection and processing of audience and campaign data through our advertising technology infrastructure


3. Our Role in Data Processing

Depending on the context, Reach Africa acts in different capacities:

- Website and direct contact data: We act as a controller (DPA 2017) and responsible party (POPIA) in respect of personal information you provide directly to us via this website.
- Client campaign delivery: We act as a processor (DPA 2017) or operator (POPIA) when processing personal information on behalf of clients (brands, agencies, and media buyers) for the purpose of campaign delivery and reporting. In this capacity we act only on documented client instructions.

We require all clients to comply with applicable data protection laws in their respective jurisdictions. Where we act as a processor or operator, a data processing agreement is in place between Reach Africa and the relevant client.


4. Information We Collect

4.1 Website and Direct Contact

When you use our website or contact us directly, we may collect:

- Contact details such as your name, company, job title, email address, and phone number (via contact forms or direct communication)
- Subscription data when you sign up for newsletters or updates
- Usage data including browser type, device, operating system, and pages visited (via analytics and cookies)
- Technical data such as IP address and approximate location for performance and security purposes

4.2 CTV Campaign and Audience Data

In the course of delivering advertising campaigns, Reach Africa and its technology partners may collect, process, or store audience and device-level data. We do not intentionally collect information that directly identifies individual viewers. Data collected is pseudonymous or aggregated in nature and may include:

- Device identifiers (e.g. smart TV device IDs, advertising identifiers)
- IP address and approximate geolocation (city, region, country)
- Viewing behaviour and content interaction data
- Ad impression, click, and engagement data
- Browser type, device model, operating system, and connection type
- Data about interactions with advertisements delivered through our platform


5. How We Collect Data

We use the following technologies to collect data in connection with campaign delivery:

- Pixels and tags: used to record ad delivery, measure campaign performance, and track user journeys across publisher environments
- Cookies: used in web-based environments to support campaign delivery and frequency management
- Device identifiers: used in CTV and smart TV environments to manage ad delivery and attribution


6. How We Use Your Information

We use personal information to:

- Respond to your enquiries and requests
- Send newsletters or updates (only if you have opted in)
- Analyse website usage and improve user experience
- Maintain website functionality, security, and compliance
- Deliver advertising impressions to targeted audiences on CTV and smart TV inventory
- Measure campaign performance, reach, frequency, and attribution
- Produce reporting and analytics for clients
- Detect and prevent fraudulent or invalid traffic
- Fulfil contractual obligations to clients, agencies, and publishers

We do not sell or rent your personal information to third parties.

Lawful basis for processing: Under the DPA 2017 and POPIA, we process your personal information on the basis of your consent (for website data and newsletters), contractual necessity (for client and commercial engagements), and legitimate interests (for campaign analytics and fraud prevention).


7. Cookies

Our website uses cookies and similar technologies. Cookies are categorised as follows:

- Necessary cookies: required for the website to function correctly — these cannot be disabled
- Statistics cookies: used to understand how visitors interact with the website — used only with your consent
- Marketing cookies: used by us or third parties to deliver relevant content — used only with your consent
- Preferences cookies: used to remember your settings on return visits — used only with your consent

You can manage your cookie preferences through the cookie settings tool on this website, or by modifying your browser settings. Note that disabling certain cookies may affect site functionality.

We use Google Analytics to understand website usage. For more information see policies.google.com.


8. Age-Restricted Advertising

Where we deliver campaigns for age-restricted categories (such as alcohol), we apply layered targeting controls to avoid serving such advertisements to audiences that may be under the legal age. Clients running age-restricted campaigns are required to confirm compliance with applicable advertising codes and content regulations. We do not knowingly facilitate the delivery of age-restricted advertising to minors.


9. Data Sharing

We do not sell personal information. We may share information in the following circumstances:

- With clients: campaign performance data and audience analytics are shared with the relevant client as part of our managed service, on an aggregated or pseudonymous basis where possible
- With service providers: we share limited personal information with trusted service providers, including Mailchimp for newsletter management and analytics platforms, where necessary for website operation and communication. These providers are bound by confidentiality and data protection agreements and may not use your data for their own purposes
- With technology partners: third-party technology providers supporting our platform operations are contractually required to process data only as instructed by us and to maintain appropriate security standards
- Within the Reach Africa group: data transfers between our Mauritius parent and South African subsidiary are governed by intra-group data transfer arrangements consistent with the DPA 2017 and POPIA
- Change of control: in the event of a merger, acquisition, or sale of all or part of our business, personal information may be transferred to a successor entity in accordance with applicable law
- Legal and regulatory: where required by law, court order, or regulatory authority, we may disclose information to government bodies, law enforcement, or regulators


10. International Data Transfers

Reach Africa is registered in Mauritius and operates across multiple African markets. Data flows within the Reach Africa group and to third-party partners may involve cross-border transfers.

- Under the DPA 2017, personal data transfers outside Mauritius are permitted only where the recipient country ensures an equivalent level of protection, or where appropriate safeguards are in place
- Under POPIA, transfers from South Africa to foreign countries are governed by Section 72 of POPIA, which requires the recipient to be subject to a law or agreement providing substantially similar protection
- For transfers involving EEA or UK personal data, we rely on Standard Contractual Clauses or equivalent safeguards

All cross-border transfers within the group and to third parties are subject to appropriate contractual safeguards consistent with the DPA 2017, POPIA, GDPR, and UK GDPR as applicable.


11. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Policy or as required by law:

- Website enquiry and contact data: typically no longer than three years unless an ongoing commercial relationship exists
- Campaign and audience data: retained for the duration of the campaign and for a period sufficient to fulfil reporting obligations; pseudonymous data is typically deleted or anonymised quarterly
- Financial and contractual records: retained in accordance with Mauritius and South African legal requirements, including applicable Companies Acts and tax legislation

You may request deletion of your personal information at any time by contacting us at info@reachafrica.com.


12. Data Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction, including:

- Access controls limiting data access to authorised personnel only
- Encryption and secure storage of personal data
- Regular testing and review of security measures
- Staff training on data protection obligations

While we take all reasonable precautions, no online transmission or storage system is completely secure. Please notify us immediately if you become aware of any suspected unauthorised access to your personal information.


13. Data Breach Notification

In the event of a personal data breach:

- Under the DPA 2017, we will notify the Mauritius Data Protection Commissioner within 72 hours of becoming aware of the breach, and will notify affected individuals where the breach is likely to result in high risk to them
- Under POPIA, we will notify the South African Information Regulator and affected data subjects as soon as reasonably possible after discovery
- Where both frameworks apply to the same incident, we will comply with both notification obligations concurrently


14. Automated Decision-Making

Our platform uses automated processes to determine which advertisements are delivered to which audience segments. These processes do not produce legal effects or significantly affect individual viewers in a personal or binding sense. We do not make automated decisions about individuals that would affect their legal rights or create binding outcomes.


15. Your Rights

Depending on your location, you have the following rights in relation to your personal data.

Mauritius (DPA 2017)

- Right to be informed about how your data is used
- Right of access to a copy of personal data we hold about you
- Right to rectification of inaccurate or incomplete data
- Right to erasure where there is no lawful basis for continued processing
- Right to object to processing
- Right to restrict processing
- Right to data portability
- Right to lodge a complaint with the Mauritius Data Protection Commissioner at dataprotection.govmu.org

South Africa (POPIA)

- Right to be notified of collection or unauthorised access to your personal information
- Right to access personal information we hold about you
- Right to request correction or deletion of inaccurate, irrelevant, or outdated information
- Right to object to processing
- Right to lodge a complaint with the South African Information Regulator at www.justice.gov.za/inforeg or inforeg@justice.gov.za

EEA (GDPR) and UK (UK GDPR)

- All of the above rights, plus the right to data portability in a structured, machine-readable format
- Right not to be subject to solely automated decision-making that significantly affects you
- Right to lodge a complaint with your national data protection authority (EEA) or the UK Information Commissioner's Office at ico.org.uk (UK)

To exercise any of your rights, please contact us at info@reachafrica.com. We will respond within one calendar month of receiving your request.


16. Children

Our website and services are not directed at persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has submitted personal information to us without parental consent, please contact us and we will delete it promptly.


17. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. When updates are made, we will revise the "Last updated" date and post the new version on this page. Your continued use of the website following any update constitutes your acceptance of the revised Policy.


18. Contact Us

Reach Africa Ltd
1st Floor, Cascavelle Business Park, Riviere Noire Road, Cascavelle, 90522, Mauritius
Email: info@reachafrica.com
Website: www.reachafrica.com

bottom of page