Vericore

Verification

Authentication

Centralized

Intelligence

POPIA Compliance Requirements

Effective Date: 2024 November, 29th.

Vericore is committed to ensuring that all personal information collected, processed, and stored by our company complies with the requirements of the Protection of Personal Information Act (POPIA). This document outlines the key compliance requirements Vericore adheres to in relation to the collection, processing, and storage of personal data.

1. Purpose of Personal Information Processing

Vericore only collects and processes personal information for specific, legitimate purposes, which are aligned with the services we offer. We ensure that personal data is used only for the following purposes:

  • To provide and manage services.
  • To communicate with our users regarding account-related matters, updates, and inquiries.
  • To comply with legal obligations and to resolve any disputes or concerns.
  • For marketing purposes (with consent).

2. Lawful, Reasonable, and Transparent Collection

  • Consent: We will obtain explicit consent from individuals (data subjects) for the collection and processing of their personal data unless the processing is necessary for the performance of a contract, compliance with a legal obligation, or other lawful reasons under POPIA.
  • Notice: Before collecting personal information, we will provide clear and transparent notice to the data subjects about the collection, use, and purpose of their data. This notice will be provided in writing or electronically, as appropriate.

3. Data Minimization and Purpose Limitation

  • Vericore will only collect personal information that is adequate, relevant, and necessary for the specific purpose for which it was collected.
  • We will not process personal data for purposes beyond those initially disclosed unless further consent is obtained or it is required for another lawful reason under POPIA.

4. Accuracy and Up-to-Date Information

We ensure that personal information collected is accurate, complete, and up to date. We will take reasonable steps to update or rectify any inaccurate or incomplete data upon request by the data subject.

5. Data Security

Vericore implements technical, organizational, and physical measures to protect personal information against unauthorized access, loss, or damage. These measures include:

  • Encryption of sensitive data both in transit and at rest.
  • Access control systems to ensure that only authorized personnel have access to personal data.
  • Regular security audits and vulnerability assessments to identify and mitigate risks.

6. Data Subject Rights

In accordance with POPIA, individuals (data subjects) have the following rights regarding their personal information:

  • Right to Access: Individuals have the right to request access to the personal information Vericore holds about them.
  • Right to Correction: Data subjects can request that inaccurate or incomplete information be corrected or updated.
  • Right to Deletion: Data subjects may request that their personal data be deleted, subject to any legal requirements for data retention.
  • Right to Object: Individuals have the right to object to the processing of their personal data for certain purposes, including direct marketing.
  • Right to Portability: Data subjects may request a copy of their personal data in a structured, commonly used, and machine-readable format.

7. Retention of Personal Information

Vericore retains personal information for no longer than necessary to fulfill the purposes for which it was collected or as required by law. Once personal information is no longer required, we will take reasonable steps to securely delete or anonymize the data.

8. Third-Party Processors

Where Vericore shares personal information with third-party service providers (e.g., cloud storage providers, marketing platforms), we ensure that these third parties are compliant with POPIA and take appropriate steps to protect personal data. We will only share personal information with third parties when necessary and ensure that these third parties process the data in accordance with POPIA’s requirements.

9. Data Breach Notification

In the event of a data breach that compromises personal information, Vericore will notify the Information Regulator (South Africa's data protection authority) and affected individuals within the required time frame, as stipulated by POPIA. The notification will include:

  • The nature of the breach.
  • The data affected.
  • Measures taken to mitigate the breach.
  • Steps data subjects can take to protect themselves.

10. Employee Training and Accountability

Vericore ensures that all employees are trained on POPIA compliance and are made aware of the importance of protecting personal information. Employees are required to comply with Vericore’s data protection policies and procedures and are held accountable for any breaches of confidentiality or data protection laws.

11. Information Officer

Vericore has appointed an Information Officer to ensure ongoing compliance with POPIA. The Information Officer’s responsibilities include:

  • Overseeing data protection practices within the organization.
  • Conducting regular audits to ensure compliance.
  • Acting as the point of contact for data subjects and the Information Regulator.

12. Cross-Border Data Transfers

Vericore may transfer personal information to countries outside of South Africa. In such cases, we will ensure that appropriate safeguards are in place to protect personal data in accordance with POPIA. These safeguards may include standard contractual clauses, binding corporate rules, or other mechanisms recognized by the Information Regulator.

13. Changes to the POPIA Compliance Requirements

Vericore reserves the right to update and modify our POPIA compliance requirements in order to comply with any changes in the law, improve our data protection practices, or address emerging privacy concerns. We will notify users of significant changes and ensure transparency in our practices.

14. Contact Us

If you have any questions or concerns about Vericore's POPIA compliance, or if you wish to exercise any of your rights under POPIA, please contact our Information Officer:

Information Officer

E-mail: popia@vericore.co.za
Address: 1 Bridgewat Road, Century City, Cape Town, 7441, ZAF