Free Assessment
Free Assessment

Privacy Policy

Effective 31 March 2026

Who we are

Global Micro Solutions (Pty) Ltd (Registration No. 1995/005280/07) is the data controller for personal data collected through this website. Our registered address is 5th Floor Global House, 28 Sturdee Avenue, Rosebank, Johannesburg 2196, South Africa.

Global Micro Solutions (GMS) has over 30 years of experience securing more than 1,200 Microsoft 365 tenants across EMEA, with offices in South Africa, Ireland, the United Kingdom, Saudi Arabia, the UAE, and the United States. We deploy and manage Microsoft 365 security and provide ISO 27001 certification as a managed service.

Data we collect and why

Assessment form data

When you complete our security assessment at /assess/, we collect:

  • Email address — to deliver your assessment report and follow up with recommendations
  • Company name — to personalise the report and understand your organisational context
  • Assessment responses — your answers to security posture questions, used to generate your report

Website analytics

We use anonymous analytics tools to understand how visitors use the site and to monitor performance. Neither tool identifies you personally.

  • Microsoft Clarity — anonymous session recordings, heatmaps, and click tracking to improve the user experience
  • Azure Application Insights — page views and performance telemetry to ensure the site runs reliably

No marketing cookies or third-party trackers

We do not use cookies for advertising. We do not employ third-party marketing trackers. Our analytics are focused on improving the site, not tracking you across the web.

How we use your data

  • Deliver services — providing your personalised security assessment report and recommendations
  • Communicate with you — responding to enquiries and following up on assessment results
  • Improve the website — analysing anonymous usage data to enhance functionality and content
  • Monitor performance — ensuring the site operates efficiently and reliably
  • Meet legal obligations — complying with applicable laws and regulations

How we protect your data

  • ISO 27001:2022 certified — our information security management system is independently audited to the international standard
  • Microsoft 365 security controls — your data is protected by the same controls we deploy for our customers
  • Encryption — all data is encrypted in transit (TLS 1.2+) and at rest

Where your data is stored

This website is hosted on Microsoft Azure. All data collected via the site, including assessment data stored in Azure Cosmos DB, is processed and stored within the Microsoft Azure West Europe region.

Data sharing

We do not sell your personal data. We do not share your data with third-party marketing platforms. We may share data with trusted service providers who assist in operating the website and delivering our services (e.g., Microsoft Azure for hosting and analytics). These providers are contractually bound to protect your data and process it only according to our instructions. We may also disclose data if required by law.

Data retention

  • Assessment data — email address, company name, and assessment responses are retained for 12 months, then securely deleted
  • Analytics data — anonymous and retained per Microsoft's default retention policies for anonymised data
  • Contact submissions — retained for the duration of the business relationship or as long as necessary to address your enquiry

Your data protection rights

Your rights depend on applicable data protection legislation. Global Micro Solutions (Pty) Ltd processes data under the Protection of Personal Information Act 4 of 2013 (POPIA).

Under POPIA (South African residents)

  • Access — request confirmation of whether we hold your personal information and obtain a copy
  • Correction or deletion — request correction, destruction, or deletion of inaccurate, irrelevant, or excessive information
  • Object to processing — object on reasonable grounds to the processing of your personal information
  • Object to direct marketing — object to processing for unsolicited electronic marketing
  • Lodge a complaint — with the Information Regulator of South Africa

Under the GDPR (EEA and UK residents)

  • Access — request copies of your personal data
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Restrict processing — request that we limit how we process your data
  • Data portability — request transfer of your data to another organisation
  • Object — object to our processing of your data
  • Lodge a complaint — with a supervisory authority. For our jurisdiction: Data Protection Commission (DPC), Ireland

How to exercise your rights

Contact us at privacy@globalmicro.co.za. We will respond within the timeframes required by applicable data protection laws. We may request information to confirm your identity before processing your request.

Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or for legal and regulatory reasons. Any updates will be posted on this page with a revised effective date.

Contact us

If you have questions about this Privacy Policy or our data protection practices: