POPIA Policy | SupplyPal

Protection of Personal Information (POPIA) Policy

1. Introduction

This POPIA Policy outlines the measures and practices that Verka (Pty) Ltd t/a SupplyPal ("the Company") will implement to protect personal information in accordance with the Protection of Personal Information Act (POPIA) of South Africa.

2. Purpose

The purpose of this policy is to ensure that the Company complies with POPIA requirements and protects the personal information of its clients, employees, and other stakeholders.

3. Scope

This policy applies to all personal information collected, used, stored, and disclosed by the Company.

4. Definitions

- Personal Information: Any information relating to an identifiable, living natural person and where it is reasonable to believe that such person can be identified from that information.
- Processing: Includes the collection, recording, storage, updating, and use of personal information.

5. Principles

The Company will adhere to the following principles:
- Accountability: The Company is responsible for ensuring compliance with POPIA.
- Processing Limitation: Personal information must be processed lawfully and in a manner that is fair, transparent, and minimizes the risk of harm to the data subject.
- Purpose Specification: Personal information must be collected for a specific, explicitly defined, and lawful purpose.
- Further Processing Limitation: Personal information may not be further processed in a manner incompatible with the purpose for which it was collected.
- Information Quality: The Company will take reasonable steps to ensure that personal information is complete, accurate, and up-to-date.
- Openness: The Company will maintain an open and transparent approach to processing personal information.
- Security Safeguards: The Company will implement appropriate technical and organizational measures to protect personal information against unauthorized access, loss, or damage.
- Data Subject Participation: Data subjects have the right to access, correct, and request the deletion of their personal information.

6. Responsibilities

- Data Protection Officer: The Company will appoint a Data Protection Officer (DPO) responsible for overseeing compliance with POPIA.
- Training: Employees will receive training on POPIA requirements and the Company's data protection policies.

7. Data Subject Rights

Data subjects have the right to:
- Access their personal information.
- Request correction or deletion of inaccurate or outdated information.
- Object to the processing of their personal information.
- Request the transfer of their personal information to another party.

8. Breach Notification

In the event of a data breach, the Company will notify the relevant authorities and affected data subjects as required by POPIA.

9. Policy Review and Update

This policy will be reviewed and updated regularly to ensure ongoing compliance with POPIA and to reflect any changes in the Company's data processing activities.