Purple Wallet logo

POPIA Compliance

Protection of Personal Information Act (POPIA) Compliance Statement

Our Commitment to POPIA

Purple Wallet (Pty) Ltd is committed to complying with the Protection of Personal Information Act 4 of 2013 ("POPIA"). We recognize the importance of protecting your personal information and have implemented comprehensive measures to ensure compliance with all eight conditions for lawful processing of personal information.

This page outlines our POPIA compliance framework and how we safeguard your personal information in accordance with South African law.

The Eight POPIA Conditions

1

Accountability

Purple Wallet has appointed an Information Officer responsible for ensuring POPIA compliance. We maintain comprehensive documentation of our data processing activities and regularly review our practices to ensure ongoing compliance.

2

Processing Limitation

We process personal information lawfully, reasonably, and only with your consent or another lawful basis. We are transparent about our data collection practices and process information only for specified, explicitly defined, and legitimate purposes.

3

Purpose Specification

We clearly communicate the purpose for collecting your personal information at the time of collection. We do not use your information for purposes other than those for which it was collected without obtaining your consent.

4

Further Processing Limitation

Further processing of personal information is compatible with the original purpose, or we obtain new consent. We do not process information in a manner that is incompatible with the original purpose without explicit authorization.

5

Information Quality

We ensure that personal information is complete, accurate, not misleading, and updated where necessary. We provide mechanisms for you to update or correct your information and regularly verify data accuracy.

6

Openness

We maintain transparent documentation of our personal information processing activities. Upon request, we provide information about what personal data we hold, how we use it, and to whom we disclose it.

7

Security Safeguards

We implement appropriate technical and organizational measures to secure personal information against loss, damage, unauthorized access, and unlawful processing. Our security measures are regularly reviewed and updated.

8

Data Subject Participation

We respect your rights as a data subject, including the right to access your information, request corrections, object to processing, and request deletion where appropriate. We respond to all requests within the timeframes prescribed by POPIA.

Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

Right to Access

Request confirmation of what personal information we hold about you

Right to Correction

Request correction of inaccurate or incomplete information

Right to Deletion

Request deletion of your personal information (subject to legal obligations)

Right to Object

Object to the processing of your personal information

Right to Restrict

Request restriction of processing in certain circumstances

Right to Complain

Lodge a complaint with the Information Regulator

Our Security Measures

We implement comprehensive security measures to protect your personal information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Multi-factor authentication for system access
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and security protocols
  • Incident response and data breach notification procedures
  • Secure data backup and disaster recovery systems
  • Access controls and role-based permissions
  • Regular security patch management and updates

Data Breach Notification

In the event of a data breach that is reasonably likely to cause harm to data subjects, we will:

  1. Notify the Information Regulator as soon as reasonably possible
  2. Inform affected data subjects in accordance with POPIA requirements
  3. Take immediate steps to mitigate the breach
  4. Conduct a thorough investigation to prevent future incidents
  5. Provide regular updates on remediation efforts

Third-Party Operators

When we engage third-party operators to process personal information on our behalf, we ensure:

  • Written agreements are in place establishing their obligations
  • They process information only on our instructions
  • They implement appropriate security measures
  • They assist us in responding to data subject requests
  • They notify us of any data breaches
  • They comply with all POPIA requirements

Cross-Border Information Transfers

When transferring personal information outside South Africa (such as to international insurance markets), we ensure:

  • Adequate levels of protection are in place
  • Recipients are subject to POPIA-compliant data protection laws or agreements
  • We obtain your consent where required
  • Appropriate safeguards and transfer mechanisms are implemented

Information Officer Contact Details

To exercise your POPIA rights or for any data protection queries, contact our Information Officer:

Information Officer

[Name and Title]

connect@purplewallet.eco

Lodge a Complaint with the Information Regulator

If you believe your personal information rights have been violated, you may lodge a complaint with:

Information Regulator (South Africa)

JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001

P.O. Box 31533, Braamfontein, Johannesburg, 2017

Email: complaints.IR@justice.gov.za

Website: www.justice.gov.za/inforeg

This POPIA Compliance statement is reviewed and updated regularly to reflect changes in our practices and legal requirements. Last reviewed: January 2025.