POPIA Compliance - Ntshware Online

1. Introduction to POPIA

The Protection of Personal Information Act 4 of 2013 (POPIA) is South Africa's data protection law that regulates the processing of personal information. Ntshware Online is fully committed to compliance with POPIA and protecting the personal information of all our users, customers, and partners.

Legal Compliance

As a responsible South African company, we recognize the importance of POPIA compliance and have implemented comprehensive measures to ensure the lawful processing of personal information in accordance with the Act's requirements.

2. Information Officer

In compliance with POPIA Section 55, Ntshware Online has appointed an Information Officer responsible for ensuring compliance with the Act.

Information Officer Details

Name: Information Officer
Email: info@ntshware.co.za
Phone: (+27) 081 788 0727

2.1 Responsibilities of the Information Officer

Ensuring compliance with POPIA conditions
Developing and implementing a compliance framework
Conducting internal awareness sessions
Managing data subject requests
Liaising with the Information Regulator
Overseeing data breach responses

3. POPIA Compliance Principles

We adhere to the eight conditions for lawful processing of personal information as outlined in POPIA:

Principle	Description	Our Implementation
Accountability	Responsible party must ensure conditions are met	Appointed Information Officer and compliance team
Processing Limitation	Lawful and minimal processing	Data minimization and purpose limitation
Purpose Specification	Collection for specific, explicit purposes	Clear purpose statements and consent forms
Further Processing Limitation	Compatible with original purpose	Strict controls on secondary data use
Information Quality	Complete, accurate, not misleading	Regular data quality checks and updates
Openness	Documentation and transparency	Comprehensive privacy notices and policies
Security Safeguards	Integrity and confidentiality of personal info	Technical and organizational security measures
Data Subject Participation	Access, correction, and deletion rights	Easy-to-use data subject request portal

4. Types of Personal Information Processed

We process various types of personal information in accordance with POPIA requirements:

4.1 Personal Information Categories

Identity Information: Names, ID numbers, dates of birth
Contact Information: Email addresses, phone numbers, physical addresses
Financial Information: Payment details (processed securely through PayFast)
Transactional Information: Order history, purchase details
Technical Information: IP addresses, browser information, device data
Profile Information: Preferences, interests, feedback

4.2 Special Personal Information

We do not process special personal information (such as race, ethnicity, health information, etc.) unless specifically required by law or with explicit consent.

5. Security Measures

We implement appropriate technical and organizational measures to ensure the security of personal information:

Technical Security

SSL/TLS encryption for data transmission
Firewall protection and intrusion detection
Regular security updates and patches
Secure data storage with encryption at rest
Multi-factor authentication for admin access

Organizational Security

Privacy by design and default approach
Employee training on data protection
Access controls and need-to-know basis
Regular security audits and assessments
Data breach response plan

6. Data Subject Rights

Under POPIA, data subjects have the following rights regarding their personal information:

6.1 Right to Access

You have the right to request confirmation of whether we hold personal information about you and to request access to that information.

6.2 Right to Correction

You have the right to request correction, deletion, or destruction of your personal information that is inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or obtained unlawfully.

6.3 Right to Object

You may object to the processing of your personal information on reasonable grounds relating to your particular situation.

6.4 Right to Complain

You have the right to submit a complaint to the Information Regulator if you believe your rights have been infringed.

7. Data Breach Protocol

We have established procedures for responding to data breaches in compliance with POPIA Section 22:

Detection and Assessment: Immediate identification and assessment of suspected breaches
Containment: Taking steps to contain the breach and prevent further unauthorized access
Notification: Notifying the Information Regulator and affected data subjects where required
Investigation: Conducting a thorough investigation to determine the cause
Remediation: Implementing corrective measures to prevent recurrence
Documentation: Maintaining detailed records of all breaches and responses

8. Cross-Border Data Transfers

In compliance with POPIA Chapter 9, we ensure that any cross-border transfer of personal information meets the required conditions:

Data subject consent for the transfer
Transfer necessary for contract performance
Recipient country provides adequate protection
Binding corporate rules or standard contractual clauses
Transfer approved by the Information Regulator

9. Record Keeping

We maintain detailed records of all processing operations as required by POPIA Section 17:

Records of processing activities
Consent documentation
Data protection impact assessments
Data breach records
Training and awareness records
Third-party processor agreements

Contact Our Information Officer

For any POPIA-related inquiries, to exercise your rights, or to report a concern, please contact our Information Officer:

Email

info@ntshware.co.za

Phone

(+27) 081 788 0727

Response Time

Within 7 working days

For more information about POPIA, visit the Information Regulator's website: justice.gov.za/inforeg

POPIA Compliance Statement