POPIA Summary Compliance Policy

Consolidated Data Protection, Security & Privacy Framework

    1. Purpose

    This Policy provides a consolidated overview of how Emergence Growth South Africa (“the Company”) processes, protects and manages Personal Information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and the Promotion of Access to Information Act, 2000 (PAIA).

    2. Scope

    This Policy applies to all employees, contractors, clients, suppliers and third parties who process or have access to Personal Information.

    3. Data Protection Principles

    The Company ensures that Personal Information is:

    • Processed lawfully, fairly and transparently
    • Collected for a specific, legitimate purpose
    • Adequate, relevant and limited to what is necessary
    • Accurate and kept up to date
    • Retained only as long as required
    • Secured against unauthorised access or loss

    4. Data Subject Rights

    Data Subjects have the right to:

    • Access their Personal Information
    • Request correction or deletion
    • Object to processing
    • Withdraw consent

    Requests are managed via formal procedures aligned with PAIA and POPIA.

    5. Consent And Direct Marketing

    • Personal Information is processed with consent where required
    • Direct marketing is conducted on an opt-in basis
    • Data Subjects may opt-out at any time

    6. Information Security

    The Company implements:

    • Access control (least privilege)
    • Password protection and MFA
    • Encryption and secure storage
    • Network and system security controls

    7. Special Personal Information

    Special Personal Information is:

    • Processed only where legally permitted
    • Restricted to authorised personnel
    • Subject to enhanced security controls

    8. Third Party Processing (Operators)

    All Operators must:

    • Sign a written Data Processing Agreement
    • Implement appropriate security measures
    • Notify the Company of any data breaches
    • Process data only under instruction

    9. Data Breach Management

    • All incidents must be reported immediately
    • Breaches are assessed, contained and recorded
    • The Information Regulator and Data Subjects are notified where required

    10. Record Retention

    • Records are retained in line with legal requirements
    • Personal Information is securely destroyed when no longer needed

    11. Registers

    The Company maintains:

    • Processing Activities Register (ROPA)
    • Data Breach Register
    • Consent Register
    • Operator Register

    12. Employee Privacy

    Employee data is:

    • Collected for employment purposes
    • Processed lawfully and securely
    • Retained in accordance with legal requirements

    13. Access To Information

    • Access is granted on a need-to-know basis
    • Requests are handled in line with PAIA
    • Access may be refused where legally justified

    14. Roles And Responsibilities

    Information Officer:

    • Oversees compliance and reporting

    Employees:

    • Protect Personal Information
    • Report incidents immediately

    15. Training And Awareness

    All staff receive ongoing training on:

    • Data protection
    • Information security
    • Incident reporting

    16. Non-Compliance

    Failure to comply may result in:

    • Disciplinary action
    • Legal consequences

    Updates to this Policy

    The Company reserves the right to amend this Policy at any time to ensure ongoing compliance with applicable legislation and best practices.

     

    Updated March 2026

    Ready to transform insights into action?
    Contact Emergence Human Capital to design, deploy, and drive meaningful change through intelligent employee engagement surveys.

    Office: +27 11 026 3442

    eMail: [email protected]

    https://emergencegrowth.com/hr-reward-services/hr-surveys-data-insights/