Legal

POPIA Compliance Statement

Protection of Personal Information Act 4 of 2013 · Last updated: 1 May 2026

← All legal documents

NGUNI FORCE (Pty) Ltd is fully compliant with POPIA

This statement sets out our compliance with the Protection of Personal Information Act 4 of 2013 (POPIA), effective 1 July 2021. We process personal information as both a Responsible Party (for our own customers and staff) and as an Operator (for personal information processed on behalf of our customers through the POPIA Guardian platform).

Information Officer

Information Officer

Lerato Dlamini

CIPM · Head of Compliance

[email protected]

Responsible Party

NGUNI FORCE (Pty) Ltd

Reg. No. 2023/123456/07

Sandton, Johannesburg

Our POPIA compliance commitments

NGUNI FORCE (Pty) Ltd is committed to processing personal information in accordance with the eight conditions for lawful processing set out in Chapter 3 of POPIA:

1

Accountability

We take full responsibility for ensuring compliance with POPIA across all personal information we process.

2

Processing limitation

We collect only the personal information we genuinely need for a specified, lawful purpose.

3

Purpose specification

We document and communicate the purpose for which we collect personal information before or at the time of collection.

4

Further processing

We do not use personal information for purposes incompatible with the original purpose of collection.

5

Information quality

We take reasonable steps to ensure personal information is accurate, complete, and up to date.

6

Openness

We maintain this POPIA Statement and our Privacy Policy to inform data subjects about our processing activities.

7

Security safeguards

We implement appropriate technical and organisational measures to protect personal information against compromise.

8

Data subject participation

We honour data subjects' rights to access, correct, and object to processing of their personal information.

Your rights as a data subject

Under POPIA, you have the following rights in relation to personal information we hold about you. To exercise any of these rights, contact our Information Officer or submit a DSAR through our portal.

Right of access (Section 23)

Request confirmation of whether we hold your personal information and a copy of that information.

Right to correction (Section 24)

Request correction or deletion of inaccurate, irrelevant, excessive, outdated, or misleading information.

Right to object (Section 11(3))

Object to the processing of your personal information on reasonable grounds.

Right to complain (Section 74)

Lodge a complaint with the Information Regulator if you believe your rights under POPIA have been violated.

Submit a DSAR →

Data breach notification

In the event of a security compromise that involves personal information, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, as required by Section 22 of POPIA. Our breach response procedures include:

  • Immediate containment and investigation of the incident.
  • Notification to the Information Regulator within 72 hours of becoming aware of the breach.
  • Direct notification to affected data subjects where required.
  • Post-incident review and remediation.

How to lodge a complaint

First, contact us directly

If you believe we have violated your POPIA rights, please contact our Information Officer first at [email protected]. We will investigate and respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator (South Africa):

Website: www.justice.gov.za/inforeg

Email: [email protected]

Complaints: [email protected]

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Trans-border information flows

All personal information processed by POPIA Guardian is stored on servers located in South Africa (AWS Cape Town region, af-south-1). We do not transfer personal information outside of South Africa except where strictly necessary to deliver a specific service feature, in which case we ensure equivalent protection is in place as required by Section 72 of POPIA.