Skip Navigation

Privacy Policy

This Privacy Policy is effective as of May 2026.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. IT EXPLAINS HOW YOUR PERSONAL INFORMATION IS COLLECTED AND USED.

Climb Global Solutions Proprietary Limited (registration number 2023/788655/07) (referred to as “Climb“, “we“, “us” or “our“), a subsidiary of Climb Global Solutions, Inc. (NASDAQ: CLMB), is committed to protecting your privacy as a customer, reseller, partner or website visitor (referred to as “you” or “your“), and we take our responsibility regarding the security of your Personal Information (which has the meaning given in the Data Privacy Law applicable to you) very seriously.

This privacy notice (the “Privacy Policy“) describes –

  • the types of Personal Information we collect on the Climb Channel Solutions website (www.climbcs.com) (“Website“) and any online portals, forms or systems made available by Climb in connection with its services (collectively the “Platform“);
  • how we hold and use the information;
  • with whom we may share your Personal Information;
  • your rights regarding our use of your Personal Information;
  • the measures we take to protect the security of the information; and
  • how you can contact us about our privacy practices.

When you access or use the Platform, submit any forms or applications to us, or otherwise engage with our services, you declare by means of clicking “I ACCEPT” or through your continued use that you accept this Privacy Policy and expressly consent to the handling, use and disclosure of your Personal Information in the manner described herein.

1. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

1.1 Climb is the “responsible party” (i.e. the organisation responsible) for all Personal Information processed through the Platform for the purposes of data privacy laws, principles and regulations which may apply to you (including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA“) and, where applicable, the General Data Protection Regulation (“GDPR“)) (collectively, “Data Privacy Laws“).

1.2 Climb is the operator (i.e. Climb processes personal information on behalf of another entity) where users of the Platform use the Platform to submit personal information on behalf of third parties, including in connection with authority letters, credit applications or partner agreements.

2. DATA COLLECTION: WHAT PERSONAL INFORMATION DO WE COLLECT AND FROM WHERE?

2.1 To the extent permissible under applicable Data Privacy Law, we collect information about you and any other party whose details you provide us when you –

2.1.1 Register to use our services or apply for a reseller or credit account (through the Platform). This includes the following mandatory information: Your name, email address, phone number, the organisation you represent, identity number or passport number, and company registration number;

2.1.2 Your preferences;

2.1.3 Information about your use of the Platform;

2.1.4 The IP address of your computer or device may be used to determine your geographic location and to assist in customising your experience on the Platform;

2.1.5 Location. If you elect to use location-based features on the Platform and turn on the location services settings on your device or computer;

2.1.6 Provide your contact details to us: For example, when you access or register to use any websites, applications, or services we make available, or when you update those details; and

2.1.7 Contact us offline. For example, by telephone, fax, SMS, email, or post

2.2 You may submit content including documentation, forms, correspondence and supporting materials (“Your Content“) to the Platform. Where Your Content contains the personal information of third parties, you warrant that you have complied with Data Privacy Laws and that you have duly obtained consent to collect and process the personal information from those third party data subjects whose personal information forms part of Your Content. Under no circumstances whatsoever will we be liable to any third persons where you fail to obtain such consent and it is your responsibility to do so.

2.3 You agree that where Your Content contains personal information of third parties that you collected using the Platform, as contemplated in paragraph 2.2, then Climb will be acting as an operator in respect of such personal information.

3. SPECIAL PERSONAL INFORMATION

3.1 Under Data Privacy Law, certain categories of personal information are recognised as sensitive, including information about your religious beliefs, philosophical beliefs, political opinions, race and ethnic origin, trade union membership, health information, information about your sex life, biometric information or information about your criminal behaviour (“Sensitive Personal Information“). 

3.2 In limited cases, we may collect Sensitive Personal Information about you. We would only collect Sensitive Personal Information if there is a clear reason for doing so and with your explicit consent.

4. PURPOSE AND LAWFUL BASIS: WHY AND HOW DO WE USE YOUR PERSONAL INFORMATION?

4.1 Your personal information may be used for the following purposes –

4.1.1 Provide the services you request and features of the Platform: We use the personal information you give us to provide the services you request, including –

4.1.1.1 to create and set up your user account;

4.1.1.2 if you use the Platform to manage your reseller account, submit credit applications or process orders, we will collect and store this information so that you can review it on the Platform and track your account activity.

4.1.2 Communicate information about our products and services and for other promotional purposes: With your prior consent, or as otherwise permitted by applicable Data Privacy Law, we will use your personal information to provide information that we believe is of interest to you, including marketing communications and news concerning our services, products, vendor promotions, events and other promotions. Such consent will be collected by means of a separate, voluntary opt-in tick box on the relevant form or registration page, which is distinct from your acceptance of this Privacy Policy and our Terms and Conditions. This consent mechanism will clearly describe the nature of the communications to which you are consenting. You can opt-out at any time after you have given your consent to such communications by contacting us using the details set out in paragraph 12 below or by clicking “unsubscribe” in any marketing communication.

4.1.3 Customer service communications: We use your personal information to manage our relationship with you as our customer and to improve our services and enhance your experience with us.

4.1.4 Administrative or legal purposes: We use your personal information to operate our business, including for statistical and marketing analysis, systems testing and to diagnose technical and service problems, maintenance and development of our Platform, compliance with the Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001) (“FICA”) (including customer due diligence, identity verification and ongoing monitoring), or in order to deal with a dispute or claim. We may also perform data analysis based on the data we collect from you for statistical and marketing analysis purposes.

4.1.5 Security, health, administrative, crime prevention/detection and legal purposes: We may use your personal information to verify your information and identity, and to protect against, identify and prevent fraud and other unlawful activities. We may also share your personal information with government authorities or enforcement bodies for compliance with legal requirements, or as otherwise required or permitted by applicable Data Privacy Law.

4.1.6 Other purposes: We may also use your personal information in other ways, and where we do so, we will provide specific notice at the time of collection and obtain your consent unless otherwise permitted by applicable Data Privacy Law.

4.2 We will only process your personal information where we have a legal basis to do so, which will depend on the reasons for which we have collected and need to use your personal information. In most cases we will need to process your personal information so that we can enter into contracts with you under our terms of use. Our processing of your personal information for the above purposes is done pursuant to the following legal basis –

4.2.1 to carry out our obligations under the contract we have with you;

4.2.2 to comply with a legal obligation;

4.2.3 if it is in our legitimate interests to do so as a business (e.g. for administrative purposes and to improve the functionality of our Platform); and

4.2.4 where you have consented to our using your personal information (e.g. to process your special personal information and for direct marketing related uses).

5. COOKIES

5.1 Unless you have disabled cookies in your internet browser, we will store cookies on your computer/device when you visit our website. These cookies (small text files containing a string of characters) enable us to recognise you as a returning visitor, track your usage behaviour, as well as store your user preferences and other information. We do this to remember information so that you will not have to re-enter it during your visit or the next time you visit the website.

5.2 Cookies also allow us to provide custom, personalised content and information, monitor the effectiveness of our marketing campaigns, monitor aggregate metrics such as total number of visitors and pages viewed.

6. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

6.1 We may share your personal information with the following people for the purposes described in this Privacy Policy –

6.1.1 other companies and members within the Climb Global Solutions group, including Climb Global Solutions, Inc. and Climb Global Solutions Ltd;

6.1.2 our trusted third party service providers with whom we contract to assist us in providing services to you, including cloud infrastructure and hosting providers (such as Microsoft Azure), credit insurers, and other service providers engaged from time to time;

6.1.3 These service providers process your personal information strictly in accordance with our instructions and for the purpose for which such personal information has been disclosed to them. They will always be under obligation to protect your personal information on terms that provide the same or equivalent protection as set out in this Privacy Policy;

6.1.4 only where you have provided consent, other companies, contractors or agents in connection with our marketing efforts, or marketing platform providers, including selected vendor partners for joint promotional activities and co-branded or co-sponsored campaigns;

6.1.5 government authorities, law enforcement bodies and regulators for compliance with legal requirements, or where otherwise required by applicable Data Privacy Law; and

6.1.6 our legal and other professional advisers in order to enforce our legal rights in relation to our contract with you.

7. AGGREGATED INFORMATION

7.1 We aggregate your personal information with that of other customers and resellers for statistical and business intelligence purposes and may share this aggregated statistical data with our vendors, partners or affiliates for reporting purposes.

7.2 We ensure that such aggregated statistical data cannot be linked to any specific person, including you, by any third party. No third party can identify you individually from the statistical data and therefore such data does not constitute personal information for the purpose of Data Privacy Laws or under this Privacy Policy.

8. YOUR RIGHTS

8.1 Under certain circumstances, under applicable Data Privacy Law you have the right to –

8.1.1 Request information. You may request information about whether we hold personal information about you, where we got your personal information from, what personal information is held or being used; why we are holding/using it i.e. the purpose; and whether or not the supply of such information is voluntary or mandatory (as well as the consequences if you fail to provide personal information)

8.1.2 Request access to your personal information. This allows you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

8.1.3 Right to rectification of the personal information that we hold about you. If you believe that the personal information we have is inaccurate or incorrect, you have the right to ask us to correct that personal information.

8.1.4 Request erasure of your personal information. You have the right to ask us to delete or remove your personal information from our records where there is no good reason for us continuing to process it.

8.1.5 Right to object to processing of your personal information. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, you have the right to object to the processing of your personal information for that purpose;

8.1.6 Right to portability. You have the right to receive your personal information in a portable format.

8.1.7 Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so;

8.1.8 Right to complain: You have the right to complain and lodge a complaint with–

8.1.8.1 If you are in South Africa, the Information Regulator (South Africa) whose details are –

8.1.8.1.1 Website: https://inforegulator.org.za/

8.1.8.1.2 Tel: +27 (0)10 023 5207

8.1.8.1.3 Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

8.1.8.1.4 Email: inforeg@justice.gov.za

8.2 If you wish to exercise your rights related to your personal information (including the rights set out above), please contact us using the details set out in paragraph 12 below.

9. TRANSFER OF YOUR PERSONAL INFORMATION OUTSIDE SOUTH AFRICA AND SECURITY MEASURES

9.1 International transfers of your personal information

9.1.1 We may transfer your personal information outside the Republic of South Africa, including to the United States of America, where your personal information may be stored on cloud-based systems hosted by Microsoft Azure. Such transfers will only take place where adequate safeguards are in place to protect your personal information, in accordance with section 72 of POPIA.

9.1.2 Where your personal information is transferred, we take measures to protect your personal information as described in this Privacy Policy and in compliance with applicable Data Privacy Law. We also require all third party data recipients (including our service providers) to process your information in a secure manner and in accordance with Data Privacy Law.

9.2 Data security

We follow strict security procedures in the storage and disclosure of your personal information, which are designed to protect it against misuse, unauthorised access, modification or disclosure and accidental loss, destruction or damage.

9.3 Retention of your Personal Information

9.3.1 We will not retain your personal information for longer than is necessary to fulfil the purposes for which it is being processed. However, in terms of FICA, records obtained during the customer due diligence process must be retained for a minimum period of five (5) years from the date on which the business relationship is terminated or the relevant transaction is concluded. Personal information will not be retained for longer than is required by applicable law.

9.3.2 When we no longer need your personal information, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal information that we use, and if we can de-identify your personal information so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

10. THIRD PARTY WEBSITES

Our Platform may provide links to other websites for your convenience and information. These websites may operate independently from us. If you visit any website linked to our Platform, you are subject to that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.

11. SECURITY BREACH NOTIFICATION

In the event that Climb has reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, Climb will, in accordance with section 22 of POPIA, notify the Information Regulator and, where your identity can be established, notify you as soon as reasonably possible after discovery of the compromise. Such notification will be made in writing and will include a description of the possible consequences of the security compromise, the measures taken or to be taken to address it, and a recommendation of steps you may take to mitigate any adverse effects.

12. UPDATES TO THIS PRIVACY POLICY

Climb may revise and update this Privacy Policy at any time in its sole discretion by posting an updated Privacy Policy on the Platform. All such changes to the Privacy Policy are effective immediately when posted to the Platform and apply to all access to and use of the Platform thereafter.

13. HOW TO CONTACT US?

If you would like to access, correct, amend, or delete any Personal Information we have about you, register a complaint, or simply want more information, please contact us on info@climbcs.co.za.