POPIA Policy | Website Policies
POPIA Policy
Introduction
Caps South Africa is committed to protecting the personal information of our customers, employees, and other stakeholders in accordance with the Protection of Personal Information Act (POPIA) in South Africa. This policy outlines our approach to handling personal information responsibly and transparently.
Scope
This policy applies to all personal information collected, processed, stored, or transmitted by Caps South Africa in the course of our business operations.
Principles of POPIA Compliance
We adhere to the following principles outlined in POPIA:
- Accountability: We are responsible for ensuring compliance with POPIA and implementing appropriate measures to protect personal information.
- Lawful Processing: We only collect, process, and use personal information for lawful and legitimate purposes with the consent of the data subject, or as permitted by law.
- Purpose Specification: We clearly specify the purposes for which personal information is collected and ensure that it is not used for any other purposes without consent.
- Data Minimization: We collect only the minimum amount of personal information necessary to fulfill the intended purpose.
- Accuracy: We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date.
- Storage Limitation: We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
- Security Safeguards: We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction.
- Data Subject Rights: We respect the rights of data subjects, including the right to access, rectify, or delete their personal information, as well as the right to withdraw consent.
- Transborder Data Flows: We ensure that any cross-border transfer of personal information complies with the requirements of POPIA and provides adequate protection for the data subject’s rights.
Personal Information Collection and Use
We collect personal information only for specified and lawful purposes, such as providing products or services, managing employee relationships, or complying with legal obligations. Personal information may include but is not limited to:
- Name, contact details
We obtain consent from data subjects before collecting their personal information, and we use it only for the purposes for which it was collected.
Security Measures
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encryption of sensitive data
- Access controls and authentication mechanisms
- Regular security assessments and audits
- Employee training on data protection best practices
Data Subject Rights
We respect the rights of data subjects as outlined in POPIA, including the right to:
- Request access to their personal information
- Rectify inaccuracies in their personal information
- Object to the processing of their personal information
- Request the deletion of their personal information
- Withdraw consent for the processing of their personal information
- Data subjects can exercise these rights by contacting our data protection officer at [insert contact information].
Data Breach Response
In the event of a data breach involving personal information, we will promptly assess the situation, take appropriate steps to mitigate any harm, and notify the relevant authorities and affected data subjects as required by law.
Compliance Monitoring and Review
We regularly monitor our compliance with POPIA and review our data protection practices to ensure ongoing effectiveness and adherence to legal requirements.
Contact Information
If you have any questions or concerns regarding our POPIA policy or the handling of personal information, please contact our data protection officer at michael@tshirtssouthafrica.com