Protection of Personal Information Act (POPI Act)

Amended by General Laws (Anti-Money Laundering and Combating Terrorism Financing) Amendment Act 22 of 2022

As Thutofy, we take data privacy and protection seriously and are committed to complying with the applicable data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa.

To demonstrate our compliance with the FICA Act and our commitment to responsible financial practices, we have implemented the following measures:

To demonstrate our compliance with the POPI Act and our commitment to safeguarding the personal information of our users, we have implemented the following measures:

1. Lawful Processing: We ensure that all personal information collected and processed on our platform is done so in accordance with the principles and conditions set out in the POPI Act. We only collect and process personal information for legitimate and specified purposes, with the necessary consent or as permitted by law.

2. Data Collection and Consent: We clearly outline the types of personal information we collect, the purposes for which it is collected, and the rights of our users in our privacy policy. We obtain appropriate consent from our users before collecting and processing their personal information, and we provide them with the necessary control and choice over their data.

3. Data Security: We implement robust technical and organizational measures to protect the personal information we collect from unauthorized access, loss, destruction, or alteration. We regularly review and update our security practices to ensure they align with industry standards and best practices.

4. Data Subject Rights: We respect the rights of individuals as data subjects under the POPI Act. We provide mechanisms for users to access, rectify, and delete their personal information, as well as the ability to object to or restrict certain processing activities. We handle data subject requests promptly and transparently, as required by law.

5. Data Sharing and Processing: We only share personal information with third parties in accordance with the provisions of the POPI Act. Where applicable, we enter into appropriate agreements and ensure that the recipients of personal information have adequate security measures in place.

6. Data Retention: We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We have implemented retention policies and procedures to ensure compliance with the POPI Act's provisions on data retention.

7. Data Breach Notification: In the event of a data breach that poses a risk to the rights and freedoms of our users, we have procedures in place to promptly assess and mitigate the impact. If required by law, we will notify affected individuals and the relevant authorities as stipulated by the POPI Act.

By adhering to the POPI Act and implementing these measures, we strive to protect the privacy and personal information of our users, ensuring their trust and confidence in our platform.

Copyright ©2022 Thutofy. All rights reserved.