POPIA

POPIA Disclosure

Specific disclosure under South Africa's Protection of Personal Information Act, 2013 (POPIA). Read alongside our Privacy Policy.

Effective: 2026-04-29 · Last updated: 2026-04-29

What POPIA is

POPIA is South Africa's primary data protection law. It sets out how Responsible Parties (organisations that decide why and how personal information is processed) must handle Data Subjects' personal information. It came into full effect on 1 July 2021 and is enforced by the Information Regulator (South Africa).

ZA Corp as Responsible Party

For the personal information collected through this website and our service engagements, ZA Corp Technical Services is the Responsible Party.

Information Officer: The Information Officer of ZA Corp Technical Services
Information Regulator Registration No.: 2026-011129 (registered 2026-04-29)
Contact route: the contact form on this website

Operators (third-party processors) acting on our instructions — such as our cloud and email provider — process personal information only as we direct, under written processing terms.

The eight POPIA conditions, in plain language

Every processing activity we undertake must satisfy the eight conditions in section 4 of POPIA:

  • Accountability — we take responsibility for compliance.
  • Processing limitation — minimum necessary, only with a lawful basis.
  • Purpose specification — collected for a specific purpose, kept only as long as needed.
  • Further processing limitation — only used for the original purpose, or compatible purposes.
  • Information quality — we keep data accurate and current.
  • Openness — you know what we're doing — this disclosure is part of that.
  • Security safeguards — encryption in transit, access controls, 2FA on staff accounts.
  • Data subject participation — you can ask, correct, object, delete.

Lawful basis we rely on

We rely on the following lawful grounds, as set out in section 11 of POPIA:

  • Consent — when you submit a contact form, accept cookies, or sign up for a service.
  • Performance of a contract — to deliver an engagement you've agreed to.
  • Legal obligation — for tax, accounting and regulatory reporting.
  • Legitimate interest — for security, service improvement, balanced against your reasonable expectations.

Your rights as a Data Subject

POPIA gives you the right to:

  • Be told what personal information we hold about you (right of access).
  • Have inaccurate or out-of-date information corrected (right to correction).
  • Have information deleted when it is no longer necessary (right to erasure).
  • Object to processing, including for direct marketing.
  • Withdraw consent at any time, where consent was the basis.
  • Lodge a complaint with the Information Regulator.

To exercise any of these rights, send a request through the contact form. We will acknowledge within 5 working days and respond substantively within a reasonable period (typically 30 days). Ordinary requests are free.

Data we typically hold

  • Contact details (name, email, optional phone).
  • Engagement details (project documents, communications).
  • Billing details (invoices, banking details where you've shared them).
  • Website technical metadata (IP, user-agent, page viewed) — for security and aggregate analytics.

International transfers

Some of our operators are based outside South Africa, including in the European Union and the United States. We rely on the protection afforded by:

  • The destination country's data protection laws (notably the EU GDPR for our EU-based operators).
  • The operator's published Data Processing Agreement, which we sign before processing begins.
  • Your consent, where the lawful basis is consent.

Direct marketing

We do not send unsolicited direct marketing. If you opt in to a newsletter or sequence, you can unsubscribe at any time from any message we send. We will not share your contact details with third parties for marketing purposes.

Security incidents

If a security incident affects your personal information held by us, we will notify the Information Regulator and any affected Data Subjects as soon as reasonably possible after we become aware of it, in line with section 22 of POPIA.

Lodging a complaint with the Information Regulator

If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

Information Regulator (South Africa)
Email:
Website: inforegulator.org.za
Postal: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Read also: Privacy Policy · Terms of Service.