As you may know, the Protection of Personal Information Act 4 of 2013 (POPIA) comes into effect on the 1st of July 2021. The below aims to provide you with a quick overview of the Act and an update on our policies with regard to this.

Protection of Personal Information Act 4 of 2013 (POPIA)

Synetics(Pty)Ltd, trading as Synetics365, collects and uses the personal information of individuals and corporate entities with whom it collaborates and is responsible for the Protection of Personal Information Act. POPIA regulates how personal information is collected, used, stored, retained, destroyed, and generally processed from the moment of collection until the moment of destruction. Synetics(Pty)Ltd and Synetics365 regard the lawful and appropriate processing of all personal information as crucial to successful service delivery, and as essential to maintaining confidence between Synetics(Pty)Ltd and those individuals and entities with whom we interact.

What is defined as personal information?

Personal information is information relating to an identifiable, living, natural or existing juristic person that relates to, among others, the race, gender, sex, marital status, sexual orientation, age, physical, mental, spiritual, economic, cultural or social identity; as well as their health, educational, or financial history. Personal information also includes identifying numbers and addresses, including biometric information belonging to either an identifiable living natural person or an existing juristic person.

The eight conditions for lawful processing of personal information

1.  Accountability
Synetics365 is responsible for the personal information it processes (even when using a third party to process it) and for determining the purpose and manner in which information is processed.

2. Processing limitation
Personal information must be processed lawfully and in a way that does not infringe upon any person’s right to privacy. Information is not processed in any manner other than what is necessary for the designated purpose.

3. Purpose specification
Synetics365 collects personal information for a specific, explicitly defined and lawful purpose, and this information is retained only as long as is necessary to achieve the purpose or as required by law.

4. Further processing limitation
POPIA requires that personal information be processed only for the purpose for which it has been collected and for no other purpose unless consent is obtained for further processing.

5. Information quality
Synetics365 takes all reasonable steps to ensure that personal information records are complete, accurate, updated where necessary and not misleading.

6. Openness
Synetics365 aims to be open and transparent in respect to the personal information collected, the reason for its collection, and how and by whom it is processed. 

7. Security safeguards
Synetics365 takes all reasonable measures to ensure that any personal information that is collected is stored securely and that its confidentiality is maintained.

8. Data subject participation
Any person who provides personal information to Synetics365 is entitled to request the details of that information and any information related to its processing. You may also request that Synetics365 delete or correct that information under certain circumstances.

Which measures are in place by Synetics365 to comply with POPIA?
Our general privacy policy can be accessed here. In addition to the policy, we have also introduced the following specific measures:

  1. We have appointed an information officer to ensure that compliance accountability is defined for Synetics365

  2. We developed a POPIA risk assessment framework and conducted assessments. Risks are recorded, monitored, and addressed on an ongoing basis.

Your privacy is very important to us and we will use reasonable efforts to ensure that any personal information provided by you, or which is collected from you, is kept secure and confidential.