The Protection of Personal Information Act 4 of 2013 (POPIA) is South Africa’s data protection law.
POPIA aims to protect your constitutional right to privacy by ensuring that your personal information is processed in a manner that ensures its confidentiality and that your privacy is respected.Since its enactment in 2013, certain provisions of the Act relating to the establishment of the Information Regulator and regulations under POPIA have come into force. The full POPI Act will take effect once a date has been determined by the President. To achieve this, the Protection of Personal Information Act sets conditions for when it is lawful for someone to process someone else’s personal information.
MANNERSection 69 of the POPIA places significant limitations on the circumstances in which a party may engage in direct marketing by means of unsolicited communications by requiring individuals to have either explicitly consented to the use of their personal information (opt-in) or for there to be an existing relationship between the parties. An existing relationship between the parties is itself subject to additional limitations and does not result in a freedom to make repeated advances.
The following are particularly noteworthy among the novelties introduced: data handling must be unambiguous. POPIA states that silence, pre-ticked boxes or inactivity should not constitute consent.
In addition, the nature of the consent required to satisfy the condition for processing sensitive personal data must be “explicit” - it must be obtained in a way that leaves no room for misinterpretation.
Consent must also be verifiable ,in other words, the business must be able to prove that it obtained the individual’s consent.
Complying with the new regulation, we have developed a platform so that you can gather the explicit consent of the users easily and quickly.
We will enable SFTP account to load your database in csv format, with the email or mobile phone of your users.
We send a Registered email or a Registered SMS with a link to a web page to your users, depending on the information we have.
On the website, your users can read your privacy conditions and select those clauses they want to accept.
Finally, we issue a digitally signed certificate with the accepted clauses, and store it in the SFTP account.
It is a file that contains the values in a table of text lines organized so that each column value is separated by a comma from the next column's value and each row starts a new line.
The file must contain the unique identifiers of your clients, their email and their mobile phone. If you do not have that information just leave a blank space. For example:
12345,email@example.com,+27834445555 12346,firstname.lastname@example.org,+27830002222 12347,,+27834567891 12348,email@example.com,
Change to You decide if the message should be sent via SMS or email or both.
Yes ,content is fully customizable. Email also allows you to add your own logo.
Every 24 hours, we will generate a CSV file, with those users that have accepted or rejected the clauses. You can find the file in your SFTP account. This file has the information of the users of your CSV file, a column with the status of each clause, and, finally, the name of the certificate for that user. As per the above example, for the acceptance of 3 new clauses:
The sending of the initial communication activates an expiration counter. This counter is fully customized to meet your needs. When it expires, the certificate will be automatically generated and that user will be part of the CSV file of that particular day, with the expired value.
No problem . We will configure a SFTP account for each type of user, and you will have to segment your users according to typology and create a CSV for each of them.
The certificate is the document that gathers the evidence of the entire process; in this case, all the actions that the user performs to state freely, specific, informed and unambiguously the processing of personal data relating to him.
We issue a certificate which provides an audit trail of the entire process. In this case, all the actions that the user performs to state their consent to one or more clauses regarding the processing of their personal information, is included in the documentary evidence.
Mobile telephone numbers or mail addresses, source and destination address, as well as the corresponding IPs.
The certificate provides the sending and delivery date and time of the different communications, as well as the actions taken.
The message sent by SMS or by email is also attached in the documentary evidence.
If the email has attachments, they will be included in the certificate; If they are PDF's or images, they will be displayed directly on it.
The logs of the server, with all the technical information, are in the technical annex of the certificate.
This document is digitally signed, including time stamping.
To request a quote please fill out the following form. Do you have any questions? Contact us, we will clear up any doubts you may have.
+27 (0) 10 003 6742