Avey Data Protection Case Study

Background and Company Profile:

Avey is an online beauty treatment platform that allows clients to book a beauty treatment in the comfort of their home or office. Avey allows the client to select a beauty professional for an appointment at a specified time. The beauty professionals also register to operate on the platform and go through a screening process before they are approved as Avey beauty professionals. This platform therefore processes both client and beauty professional personal data.


Avey currently operates in the major cities within South Africa and is therefore conscientious that that they need to comply with the Protection of Personal Information Act (POPIA). As an online platform they also have clients placing orders from all over the world, and they also have a vision to expand to different areas in the world. They are also therefore concerned to comply with the General Data Protection Regulations (GDPR).


Bahati Tech conducted a readiness assessment for Avey based on their current organisational and technical controls, as well as the general business processes against the data protection norms and standards as well as requirements of GDPR and POPIA. Bahati Tech also conducted data protection awareness training for Avey staff with a strong emphasis on data security. Bahati Tech delivered a readiness assessment report to Avey management with a suggested roadmap on any improvement measures that were recommended for the organisation.


  • Avey formalised their data privacy policies and developed a roadmap to implement a data protection project.
  • During this project Avey reviewed and implemented improved security controls around the management of Avey Beauty Professional personal data.
  • Avey staff received training on data protection and data security
  • Avey management received a gap analysis report with details around the current Avey business processes, organisational and technical controls versus the requirements for GDPR and POPIA

Company Statement in response to the Global Covid-19 Pandemic

Bahati Tech (PTY) Ltd takes the threat posed by the recent coronavirus outbreak very seriously. Our approach is based on guidance from the following sources:

The World Health Organization (WHO)

COVID-19 Corona Virus South African Resource Portal

Regulations and Guidelines – Coronavirus Covid-19  

Our approach as a business:

As Bahati Tech (PTY) Ltd we will strive to continue providing our Data Protection services and meet our obligations to our clients while carefully adhering to the National Lockdown announced by President Cyril Ramaphosa. In doing this, we will take into account governmental advice coupled with our real-world experiences to ensure the safety of all our stakeholders.

Should we or one of our customers cancel or curtail any activity, then our standard contractual terms will be applied regarding any payments made or due.  

Our staff will continue to reasonably fulfil their roles and their obligations to our customers; any changes to this expectation will be informed by government advice and communicated both to staff and to our clients accordingly.

Training and consultancy delivery:

From a training and consultancy delivery perspective, the business will take the following approach:

All in-person engagements will be postponed for the time being. We are taking proactive measures to make online consulting and training available and where necessary and feasible, we will move all pre-planned consultancy engagements to online platforms. 

Our other business lines and services that are delivered remotely are unaffected by this policy.