Legal Document
POPIA
POPIA COMPLIANCE STATEMENT NEXT GENETICS PLATFORM --- 1. INTRODUCTION 1.1 This POPIA Compliance Statement (“Statement”) sets out how NEXT GENetics (“Platform”, “we”, “us”, “our”) complies with the Protection of Personal Information Act, 4 of 2013 (“POPIA”). 1.2 This Statement applies to all personal information processed by the Platform, including through all subdomains and services. --- 2. RESPONSIBLE PARTY 2.1 NEXT GENetics acts as the **Responsible Party** in respect of personal information processed on the Platform. 2.2 Contact details: NEXT GENETICS DORPERS (PTY) LTD 2026/181336/07 250 Milner Street, Waterkloof, Pretoria, Gauteng, 0181 info@nextgeneticsza.co.za --- 3. INFORMATION OFFICER 3.1 The Platform has appointed an Information Officer in accordance with POPIA. 3.2 Responsibilities include: * Ensuring compliance with POPIA * Handling data subject requests * Liaising with the Information Regulator 3.3 Contact details: [Insert Name] [Insert Email Address] --- 4. DEFINITIONS 4.1 “Personal Information” means information relating to an identifiable person, as defined in POPIA. 4.2 “Processing” includes collection, storage, use, dissemination, and destruction. 4.3 “Operator” means a third party processing personal information on behalf of the Platform. 4.4 “Data Subject” means the person to whom personal information relates. --- 5. CONDITIONS FOR LAWFUL PROCESSING The Platform processes personal information in accordance with the eight conditions set out in POPIA: --- 5.1 Accountability The Platform ensures compliance with POPIA in all processing activities. --- 5.2 Processing Limitation Personal information is processed: * Lawfully * Minimally * With consent or other lawful justification --- 5.3 Purpose Specification Personal information is collected for: * User registration and verification * Facilitating marketplace transactions * Payment processing * Fraud prevention * Legal compliance --- 5.4 Further Processing Limitation Further processing is compatible with the original purpose of collection. --- 5.5 Information Quality The Platform takes reasonable steps to ensure that personal information is: * Accurate * Complete * Up to date --- 5.6 Openness The Platform maintains transparency through: * Privacy Policy * Terms and Conditions * This POPIA Statement --- 5.7 Security Safeguards The Platform implements appropriate measures to secure personal information. (See Section 9 below) --- 5.8 Data Subject Participation Data Subjects may: * Access their personal information * Request corrections * Object to processing --- 6. LAWFUL BASIS FOR PROCESSING Processing is justified under: 6.1 Consent 6.2 Performance of a contract 6.3 Legal obligation 6.4 Legitimate interest --- 7. SPECIAL PERSONAL INFORMATION 7.1 The Platform does not intentionally process special personal information unless: * Required by law * Necessary for compliance purposes 7.2 Where processed, such information is handled in accordance with POPIA requirements. --- 8. OPERATOR AGREEMENTS 8.1 The Platform uses third-party Operators, including: * Payment providers * Hosting providers * Analytics services 8.2 All Operators are bound by written agreements requiring: * Confidentiality * Security safeguards * Processing limitations --- 9. SECURITY SAFEGUARDS 9.1 The Platform implements reasonable technical and organisational measures, including: * Encryption of data in transit and at rest * Role-based access control * System monitoring and logging * Secure authentication mechanisms 9.2 The Platform regularly reviews and updates security measures. --- 10. DATA BREACH RESPONSE 10.1 In the event of a data breach: * The Platform will assess the risk * Notify affected Data Subjects where required * Notify the Information Regulator where required 10.2 Breach responses will comply with POPIA requirements. --- 11. CROSS-BORDER TRANSFERS 11.1 Personal information may be transferred outside South Africa. 11.2 Such transfers occur only where: * The recipient provides adequate protection, or * Binding agreements ensure compliance --- 12. DATA RETENTION 12.1 Personal information is retained: * For as long as necessary to fulfil its purpose * As required by law 12.2 Retention may be required for: * Financial records * Legal compliance * Fraud prevention --- 13. DATA SUBJECT RIGHTS Data Subjects have the right to: 13.1 Access personal information 13.2 Request correction or deletion 13.3 Object to processing 13.4 Withdraw consent (where applicable) 13.5 Lodge complaints with the Information Regulator --- 14. DIRECT MARKETING 14.1 Direct marketing is conducted: * Only with consent, or * As permitted by law 14.2 Data Subjects may opt out at any time. --- 15. AUTOMATED DECISION-MAKING 15.1 The Platform may use automated systems for: * Fraud detection * Risk assessment 15.2 Such processing is subject to appropriate safeguards. --- 16. RECORD KEEPING 16.1 The Platform maintains records of: * Processing activities * Data subject requests * Security incidents --- 17. TRAINING AND AWARENESS 17.1 The Platform ensures that personnel handling personal information are: * Properly trained * Aware of POPIA obligations --- 18. AMENDMENTS 18.1 This Statement may be updated from time to time. 18.2 Continued use of the Platform constitutes acceptance of updates. --- 19. GOVERNING LAW This Statement is governed by the laws of the Republic of South Africa. --- 20. CONTACT DETAILS NEXT GENETICS DORPERS (PTY) LTD 2026/181336/07 250 Milner Street, Waterkloof, Pretoria, Gauteng, 0181 info@nextgeneticsza.co.za --- 21. COMPLAINTS Complaints may be directed to: 22. COMPLAINTS Users may lodge complaints with: The Information Regulator (South Africa) https://inforegulator.org.za/ 📞 Toll Free :0800 017 160 📞 Landline :010 023 5200 📧 enquiries@inforegulator.org.za 📧 POPIAComplaints@inforegulator.org.za --- END OF DOCUMENT