POPIA Compliance
Protection of Personal Information Act Compliance Statement
SS Group Pty Ltd - RAF Claim Tracker App
Last Updated: January 1, 2025
Our Commitment to POPIA
SS Group Pty Ltd is committed to protecting your personal information and complying with the Protection of Personal Information Act, 4 of 2013 (POPIA). This statement outlines how we fulfill our obligations under POPIA and safeguard your privacy rights.
What is POPIA?
The Protection of Personal Information Act (POPIA) is South African legislation that regulates how organizations collect, process, store, and share personal information. POPIA gives individuals control over their personal information and establishes minimum standards for data protection.
POPIA's Eight Conditions for Lawful Processing
We adhere to all eight conditions mandated by POPIA:
1. Accountability
We have designated a responsible person to ensure POPIA compliance across our organization. We maintain comprehensive records of all personal information processing activities and regularly review our practices.
2. Processing Limitation
We only collect and process personal information that is:
- Lawfully obtained with your consent
- Necessary for providing our claim tracking services
- Collected directly from you (the data subject)
- Processed for a lawful purpose related to our business function
3. Purpose Specification
We collect your personal information for specific, explicitly defined purposes:
- Verifying your identity
- Managing your RAF claim tracking subscription
- Obtaining claim status updates from the RAF on your behalf
- Processing subscription payments
- Providing customer support
- Complying with legal obligations
We will not use your information for any purpose other than those specified without obtaining fresh consent.
4. Further Processing Limitation
We will not process your personal information for secondary purposes incompatible with the original collection purpose, unless:
- You provide additional consent
- Required by law
- Necessary to protect your legitimate interests
5. Information Quality
We take reasonable steps to ensure that your personal information is:
- Complete, accurate, and not misleading
- Updated where necessary
You have the right to request correction of inaccurate information at any time.
6. Openness
We are transparent about our data processing activities. We provide:
- Clear notification when collecting personal information
- Information about why data is being collected
- Details on who will have access to the information
- Accessible privacy policies and terms of service
- Contact information for privacy-related inquiries
7. Security Safeguards
We implement appropriate technical and organizational measures to secure your personal information:
- Technical Measures: Encryption, secure servers, firewalls, access controls, regular security audits
- Organizational Measures: Staff training, confidentiality agreements, data breach response procedures
- Third-Party Security: Secure payment gateways, vetted service providers with contractual data protection obligations
We regularly review and update our security measures to address emerging threats.
8. Data Subject Participation
We respect and facilitate your rights as a data subject. You have the right to:
- Be notified when we collect your information
- Access your personal information
- Request correction or deletion of information
- Object to processing
- Lodge a complaint with the Information Regulator
Your POPIA Rights
Under POPIA, you have the following rights regarding your personal information:
Right to Access
Request confirmation of what personal information we hold about you and obtain a copy.
Right to Correction
Request correction of inaccurate, incomplete, or outdated information.
Right to Deletion
Request deletion of your personal information when it's no longer needed or if you withdraw consent.
Right to Object
Object to processing of your information for direct marketing or other purposes.
Right to Restriction
Request temporary restriction of processing in certain circumstances.
Right to Complain
Lodge a complaint with us or the Information Regulator if you believe your rights have been violated.
How We Obtain Your Consent
We obtain your explicit consent before collecting or processing personal information through:
- Registration Consent: During account registration, you actively consent to our terms
- POPIA Consent Modal: You review and accept our POPIA compliance statement
- Legal Authorization: You sign a digital authorization form allowing us to act on your behalf
- Documented Consent: We record timestamp, IP address, and consent metadata for audit purposes
You may withdraw your consent at any time, though this may affect our ability to provide services.
Data Breach Response
In the unlikely event of a data breach affecting your personal information, we will:
- Notify the Information Regulator as required by law
- Inform affected users without undue delay
- Provide details about the nature of the breach
- Explain potential consequences and mitigation measures
- Take immediate action to contain and remediate the breach
Cross-Border Data Transfers
Your personal information is primarily stored and processed within South Africa. If we need to transfer data internationally, we will:
- Obtain your explicit consent
- Ensure the recipient country has adequate data protection laws
- Implement appropriate safeguards (e.g., data transfer agreements)
- Comply with POPIA's cross-border transfer requirements
Children's Information
We do not knowingly collect personal information from individuals under 18 years of age without parental or guardian consent. If you are under 18, please do not provide any personal information through our App without your parent or guardian's permission.
Automated Decision-Making
We do not use automated decision-making or profiling that would significantly affect your rights. All claim status updates are manually verified by our staff and sourced from official channels.
Data Retention
We retain your personal information only for as long as necessary to:
- Provide our services to you
- Comply with legal, accounting, or reporting requirements
- Maintain business records for legitimate purposes
- Resolve disputes and enforce our agreements
After the retention period expires, we securely delete or anonymize your information.
Third-Party Processing
When we share your information with third parties (e.g., payment processors), we ensure they:
- Are contractually bound to protect your information
- Process data only for specified purposes
- Comply with POPIA requirements
- Implement appropriate security measures
Regular Compliance Reviews
We conduct regular internal audits to ensure ongoing POPIA compliance, including:
- Annual privacy policy reviews
- Security assessments and penetration testing
- Staff training on data protection
- Updates to procedures and documentation
How to Exercise Your Rights
To exercise any of your POPIA rights or raise privacy concerns, please contact us:
Email: support@ssgroup.co.za
Phone: +27 (0) 800 123 456
Subject Line: "POPIA Rights Request" or "Privacy Inquiry"
We will respond to your request within a reasonable timeframe, typically within 30 days.
Complaints to the Information Regulator
If you believe we have violated your privacy rights or POPIA, you may lodge a complaint with the Information Regulator:
Information Regulator (South Africa)
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
Physical Address: 33 Hoofd Street, Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg
Policy Updates
We may update this POPIA Compliance statement to reflect changes in legislation, our practices, or services. We will notify you of material changes through:
- App notifications
- Email alerts
- Prominent notices on our website
Continued use of our services after updates constitutes acceptance of the revised statement.