POPIA Compliant

POPIA Compliance Statement

Our commitment to protecting your personal information under the Protection of Personal Information Act, No. 4 of 2013.

Last Updated: January 2025

Information Officer

Designated under Section 55 of POPIA

Organisation

Jali Digital Solutions (Pty) Ltd

Location

Pretoria East, Gauteng, South Africa

info@jalidigitals.com

Phone

+27 67 003 1556

1. Our Commitment to POPIA Compliance

Jali Digital Solutions (Pty) Ltd is committed to ensuring that all personal information entrusted to us is processed lawfully, fairly, and in a transparent manner. We comply with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"), which regulates the processing of personal information in South Africa.

POPIA requires us to adhere to eight conditions for lawful processing: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation. We are committed to meeting all of these conditions in our business operations.

This statement outlines how we collect, use, store, and protect personal information, and informs data subjects of their rights under POPIA.

2. Purpose of Data Processing

We collect and process personal information only for specific, explicitly defined, and lawful purposes. These purposes include:

Delivering our Corporate, ICT, and Online Division services as requested by our clients.
Processing client enquiries, quotations, and communications.
Fulfilling contractual obligations, including invoicing and payment processing.
Complying with legal and regulatory obligations, including tax reporting (SARS), B-BBEE compliance, and CIPC requirements.
Operating and improving our online platforms, including Virtual Tutor SA, JDS Bookings, and JDS QA.
Sending service-related communications, updates, and notifications.
Marketing our services where explicit opt-in consent has been obtained.
Ensuring the security of our systems and protecting against fraud.

3. Legal Basis for Processing

Under POPIA Section 11, we process personal information based on one or more of the following legal grounds:

Consent

You have given clear consent for us to process your personal information for a specific purpose.

Contract

Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.

Legal Obligation

Processing is necessary for compliance with a legal obligation to which we are subject, including tax, corporate, and regulatory requirements.

Legitimate Interest

Processing is necessary for the legitimate interests pursued by us or a third party, provided such interests do not override your rights and freedoms.

4. Categories of Personal Information

The following table outlines the categories of personal information we process, examples, purposes, and retention periods:

Category	Examples	Purpose	Retention
Identity Information	Full name, ID number, date of birth	Service delivery, legal compliance, identity verification	Duration of relationship + 5 years
Contact Information	Email, phone, physical address	Communication, service delivery, invoicing	Duration of relationship + 3 years
Financial Information	Bank details, tax numbers, payment records	Invoicing, tax compliance, bookkeeping services	5 years (as required by SARS)
Technical Information	IP address, browser type, device info	Website functionality, security, analytics	26 months
Business Information	Company name, registration details, B-BBEE data	Corporate services, compliance, reporting	Duration of relationship + 5 years
Educational Data	Student records, assessment results, learning progress	Online Division service delivery	Duration of enrolment + 3 years

5. Data Subject Rights

Under POPIA, you are entitled to the following rights with respect to your personal information:

Right to Access

Section 23

You have the right to request confirmation of whether we hold personal information about you and to request access to that information. We will provide a copy of your personal information in a commonly used electronic format.

Right to Correction

Section 24

You may request that we correct or update personal information that is inaccurate, incomplete, misleading, or not up to date. We will make the correction and, where practical, notify any third parties to whom the data was disclosed.

Right to Deletion

Section 24

You may request the deletion or destruction of your personal information where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent. This right is subject to our legal obligations to retain certain records.

Right to Object

Section 11(3)

You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation. You also have the right to object to the processing of your information for direct marketing purposes at any time.

Right to Data Portability

Section 23

You may request that your personal information be provided to you or transmitted to another responsible party in a structured, commonly used, and machine-readable format, where technically feasible.

Right Not to be Subject to Automated Decision-Making

Section 71

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects you, unless certain conditions apply.

Right to Lodge a Complaint

Section 74

If you believe that your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa.

6. How to Submit a Data Subject Request

To exercise any of your rights under POPIA, you may submit a request to our Information Officer. Please follow these steps:

Submit Your Request

Send an email to info@jalidigitals.com with the subject line "POPIA Data Subject Request". Include your full name, contact details, and a clear description of the right you wish to exercise.

Identity Verification

We may request proof of identity (such as a copy of your ID document) to verify your request and protect your personal information from unauthorised disclosure.

Processing Your Request

We will acknowledge your request within 5 business days and process it within 30 days as required by POPIA. If we are unable to fulfil your request, we will provide a written explanation.

No Fee (Generally)

We will not charge a fee for processing your request, except where the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged.

7. Security Safeguards

In compliance with POPIA Section 19, we implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing. These measures include:

Encryption of data in transit (SSL/TLS) and at rest.
Secure access controls with role-based permissions.
Regular security audits and vulnerability assessments.
Employee training on data protection and information security.
Incident response procedures for data breach notification in accordance with POPIA Section 22.
Secure disposal of personal information when no longer required.
Contractual obligations on third-party processors to maintain equivalent security standards.

8. Data Breach Notification

In the event of a security compromise that results in the unauthorised access to or disclosure of personal information, we will comply with POPIA Section 22 by:

Notifying the Information Regulator as soon as reasonably possible after the discovery of the breach.
Notifying affected data subjects as soon as reasonably possible, providing sufficient information to allow them to take protective measures.
Describing the nature of the breach and the personal information involved.
Recommending measures that data subjects can take to mitigate the potential adverse effects of the breach.
Documenting the breach and remedial actions taken.

9. Lodging a Complaint with the Information Regulator

If you are not satisfied with how we have handled your personal information or your data subject request, you have the right to lodge a complaint with the Information Regulator of South Africa.

Information Regulator (South Africa)

General Enquiries: inforeg@justice.gov.za

Complaints: complaints.IR@justice.gov.za

We encourage you to contact us first to resolve any concerns before escalating to the Information Regulator.

Exercise Your Data Subject Rights

Your privacy is important to us. Contact our Information Officer to submit a data subject request or ask any questions about how we handle your personal information.