POPIA

The eight conditions for lawful processing

1. 1
   Accountability — The responsible party must ensure all POPIA conditions are complied with.
2. 2
   Processing limitation — Information may only be processed lawfully, minimally, and with consent or a lawful basis.
3. 3
   Purpose specification — The reason for collecting information must be defined and disclosed upfront.
4. 4
   Further processing limitation — Information may not be used for a purpose incompatible with the original reason collected.
5. 5
   Information quality — Data must be accurate, complete, and kept up to date.
6. 6
   Openness — Data subjects must be informed of what is collected, why, and how.
7. 7
   Security safeguards — Reasonable technical and organisational measures must protect information from loss or unauthorised access.
8. 8
   Data subject participation — Individuals have the right to access, correct, and request deletion of their personal information.

How SoftSol complies

• We maintain a published Privacy Policy aligned to POPIA requirements.
• Client and supplier data is collected only for defined service delivery purposes and is not used for any other purpose.
• Access to client data is restricted to authorised personnel only, through role-based access controls.
• We have a documented incident response procedure that includes notification obligations for data breaches.
• We do not sell or share personal data with third parties for marketing purposes.
• Subcontractors who access client data are bound by confidentiality obligations in line with POPIA requirements.