The Protection of Personal Information Act (POPIA) is South Africa’s data protection law. The purpose of the Act is to protect people from harm by protecting their personal information.
POPIA places various obligations on the responsible party, which is the body ultimately responsible for the lawful processing of the personal information.
At EvTrack, we care deeply about the security of your personal information provided to us. You can read more about what EvTrack has done to comply with data protection laws, including POPIA in our Data Storage and Data Security.
It is not possible to be certified as the Information Regulator has not yet set up a system allowing organisations the ability to obtain a POPIA certification.
Although POPIA was signed into law on 26 November 2013 and commenced on 1 July 2020, it is not yet effective as there is a one year grace period that expires on 1 July 2021.
The Protection of Personal Information Act (POPIA) is a new South African privacy law which becomes enforceable on 1 July 2021. It aims to strengthen the security and protection of personal data in South Africa.
POPIA is very similar to the GDPR but uses slightly different terminology.
“Personal data” as defined by data protection law is broad and includes:
Note: GDPR applies to the personal data of natural persons and not legal persons, like companies. This differs from POPIA, which applies to the personal information of both natural and legal persons.
When you use our services, we will store your data on our database to enable us to provide those services and to improve those services by making them more relevant.
We are an Data Processor (or operator) of Personal Data (storage, recording, organisation or retrieval). We are the entity which processes personal data on behalf of the controller (responsible party).
Controller: Our customers are the "Data Controller"/"Responsible Party" and we process information on their behalf. They decide which information is collected from you, how it is processed and how long it is retained. This personal data includes details such as names and contact information.
Processor: We act as the "Data Processor"/"Operator" and our customers are "Data Controller"/"Responsible Party". We are the processor of data that is submited and uploaded to your account, as we store this data on your behalf.
Your acount may capture the personal information of your clients and contratactors. You control this data and how it gets collected and used, and EvTrack processes this data by storing it on our servers.
We have conducted an audit of business processes that deal with personal data of individuals and other subjects, including how we collect, process and store this data securely.
We have audited our “Right to be Forgotten” process to ensure that customers leaving EvTrack (Pty) Ltd can have their personal information deleted.
We have implemented a Privacy by Design and by Default Policy (PbD Policy).
We have updated our incident response policies and procedures.