POPIA COMPLIANCE POLICY
POPIA Compliance Policy for RETAILS.co.za
Effective Date: 01/10/2024
This POPIA (Protection of Personal Information Act, 2013) Compliance Policy outlines the commitment of RETAILS.co.za, a company of ZA CREATIVE AND PROJECTS (PTY) LTD, to safeguard personal information and ensure that it is collected, processed, and stored in compliance with South Africa’s Protection of Personal Information Act (POPIA). This policy applies to all individuals and businesses (sellers and buyers) who use RETAILS.co.za.
1. Purpose of the Policy
The purpose of this policy is to:
- Ensure that RETAILS.co.za complies with the requirements of POPIA.
- Protect the privacy and personal information of all users of the RETAILS.co.za platform, including sellers, buyers, and employees.
- Promote transparency in the collection, processing, storage, and sharing of personal information.
- Establish procedures for handling personal information securely and ethically.
2. Scope of the Policy
This policy applies to all personal information that RETAILS.co.za collects from:
- Sellers who register and use the platform to list and sell their products or services.
- Buyers who use the platform to browse, purchase, or inquire about products or services.
- Employees and third-party service providers who interact with the platform.
3. Definitions
The following definitions are provided in accordance with POPIA:
- Personal Information: Information relating to an identifiable, living individual or existing legal entity. This includes, but is not limited to, names, contact details, identification numbers, financial information, and email addresses.
- Processing: Any operation or activity concerning personal information, including collection, storage, use, sharing, or deletion.
- Data Subject: The individual or legal entity to whom the personal information relates (e.g., a seller or buyer).
- Responsible Party: RETAILS.co.za, as the entity that determines the purpose of and means for processing personal information.
- Operator: Any person or organisation that processes personal information on behalf of RETAILS.co.za.
- Information Officer: The individual responsible for ensuring compliance with POPIA within RETAILS.co.za.
4. RETAILS.co.za’s Commitment to POPIA Compliance
As a responsible party under POPIA, RETAILS.co.za is committed to the following principles:
4.1. Accountability
RETAILS.co.za will take responsibility for complying with the principles of POPIA and ensuring that all personal information is handled with care and diligence.
4.2. Processing Limitation
Personal information will be collected directly from data subjects and processed only for legitimate, specific, and explicitly defined purposes. RETAILS.co.za will not process personal information beyond what is necessary unless explicit consent has been obtained.
4.3. Purpose Specification
Personal information will be collected for a specific, lawful purpose related to the operation of RETAILS.co.za (e.g., facilitating transactions between buyers and sellers). Users will be informed of the purpose at the time of collection, and personal information will not be processed for any other purpose without consent.
4.4. Data Minimisation
RETAILS.co.za will collect and process only the minimum amount of personal information required to achieve the purpose for which it is being collected. Any unnecessary information will not be requested or stored.
4.5. Information Quality
RETAILS.co.za will take reasonable steps to ensure that personal information is accurate, complete, and up-to-date. Users may request corrections or updates to their personal information at any time.
4.6. Openness and Transparency
RETAILS.co.za will be transparent about the collection and processing of personal information. Data subjects will be informed of the type of information collected, the purpose for its collection, and how it will be processed.
4.7. Security Safeguards
RETAILS.co.za will take appropriate technical and organisational measures to secure personal information against unauthorised access, loss, damage, or destruction. This includes encryption, secure storage, and restricted access to sensitive data.
4.8. Data Subject Participation
Data subjects have the right to access their personal information, request corrections, object to its processing, or request deletion, subject to legal and contractual limitations.
5. Collection of Personal Information
RETAILS.co.za collects personal information from sellers, buyers, and employees for the following purposes:
- Sellers: To facilitate registration, verification, transactions, payments, and communication related to the use of the platform.
- Buyers: To process orders, manage accounts, send notifications, and improve user experience.
- Employees and Contractors: To manage employment contracts, remuneration, and benefits, and to ensure compliance with legal and contractual obligations.
Examples of Personal Information Collected:
- Full name and contact details (e.g., email address, phone number).
- Identification details (e.g., ID number, business registration number).
- Payment details (e.g., bank account information).
- Shipping addresses and transaction history.
- User behaviour data (e.g., browsing patterns, purchasing history).
6. Processing of Personal Information
The personal information collected by RETAILS.co.za is processed for the following purposes:
- Service delivery: Facilitating sales, customer support, and communication between buyers and sellers.
- Compliance: Ensuring that sellers meet legal and regulatory requirements.
- Marketing: Promoting products and services (with the consent of data subjects).
- Improvement of Services: Analysing user behaviour to improve platform functionality and user experience.
7. Sharing of Personal Information
RETAILS.co.za will not sell or share personal information with third parties for commercial purposes without consent. However, personal information may be shared with third-party service providers under the following conditions:
- Payment Processors: To facilitate transactions and payments.
- Delivery Services: To fulfil orders and ensure delivery to buyers.
- Regulatory Bodies: To comply with legal obligations or requests from government authorities.
Third-party service providers who process personal information on behalf of RETAILS.co.za are required to enter into agreements that ensure compliance with POPIA and the protection of personal data.
8. Security of Personal Information
RETAILS.co.za implements the following security measures to protect personal information:
- Encryption: Sensitive information, such as payment details, is encrypted during transmission and storage.
- Access Control: Access to personal information is restricted to authorised personnel only.
- Data Breach Protocols: In the event of a data breach, RETAILS.co.za will notify the affected parties and the Information Regulator within the prescribed timeframes.
9. Rights of Data Subjects
Under POPIA, data subjects have the following rights:
- Right to Access: Request access to their personal information held by RETAILS.co.za.
- Right to Correction: Request corrections or updates to their personal information.
- Right to Deletion: Request the deletion of personal information under certain circumstances (e.g., when the data is no longer needed).
- Right to Object: Object to the processing of personal information based on legitimate grounds.
- Right to Withdraw Consent: Withdraw consent for the processing of personal information at any time.
Requests for access, corrections, or deletions can be submitted to RETAILS.co.za’s Information Officer.
10. Data Retention Policy
RETAILS.co.za will retain personal information for as long as necessary to fulfil the purpose for which it was collected or as required by law. Once the personal information is no longer needed, it will be securely destroyed or anonymised.
11. Information Officer
RETAILS.co.za will appoint an Information Officer who is responsible for ensuring compliance with POPIA and responding to data subject requests. The Information Officer can be contacted.
12. Complaints and Disputes
If a data subject believes that their personal information has been processed in violation of POPIA, they may lodge a complaint with RETAILS.co.za’s Information Officer. If the matter is not resolved, the complaint may be referred to the Information Regulator of South Africa.
13. Changes to the POPIA Compliance Policy
RETAILS.co.za reserves the right to update or modify this policy at any time in response to legal developments or changes in business practices. Any updates will be communicated to users via email or through the platform.
14. Conclusion
RETAILS.co.za is committed to protecting the privacy and personal information of all its users in accordance with POPIA. By complying with this policy, RETAILS.co.za aims to create a secure and trustworthy environment for all sellers and buyers.