ClientConnect Logo ClientConnect AI

POPIA Compliance

Our commitment to South Africa's Protection of Personal Information Act

Effective from July 1, 2021

Shield POPIA Compliance Commitment

ClientConnect AI is fully committed to complying with the Protection of Personal Information Act (POPIA) and protecting the personal information of all South African data subjects.

1. What is POPIA?

The Protection of Personal Information Act (Act 4 of 2013), commonly known as POPIA, is South Africa's comprehensive data protection legislation. It regulates how personal information must be processed, stored, and protected by organizations operating in South Africa.

2. POPIA Principles We Follow

Target Purpose Limitation

We process personal information only for specific, lawful purposes related to accounting and business management.

Scale Processing Limitation

Personal information is processed lawfully, fairly, and transparently with appropriate consent.

Target Data Minimisation

We collect only the minimum personal information necessary for our accounting services.

[OK] Data Quality

We ensure personal information is complete, accurate, not misleading, and updated where necessary.

Lock Security Safeguards

Robust technical and organizational measures protect against unauthorized access, loss, or damage.

User Data Subject Participation

We respect your rights to access, correct, and delete your personal information.

3. Your POPIA Rights

Under POPIA, you have the following rights regarding your personal information:

Clipboard Right to be Notified

You have the right to be notified that your personal information is being collected and how it will be used.

Eye Right of Access

You can request confirmation of whether we hold your personal information and access to that information.

Pencil Right of Correction

You can request that we correct or delete personal information that is inaccurate or incomplete.

Stop Right of Objection

You can object to the processing of your personal information in certain circumstances.

4. Lawful Basis for Processing

We process personal information based on the following lawful grounds:

  • Consent: You have given clear consent for processing for specific purposes
  • Contract: Processing is necessary for the performance of our service contract
  • Legal Obligation: Processing is necessary to comply with South African tax and business laws
  • Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security)

5. Data Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • • End-to-end encryption
  • • Secure local data storage
  • • Regular security updates
  • • Access controls and authentication
  • • Automated backup systems

Organizational Safeguards

  • • Staff training on data protection
  • • Data handling procedures
  • • Regular security audits
  • • Incident response protocols
  • • Vendor security assessments

6. Data Transfers

6.1 Local Data Storage

ClientConnect AI is designed to store your data locally on your devices. This ensures your personal information remains within South African borders and under your direct control.

6.2 Cloud Services (Optional)

If you choose to use our optional cloud backup features, your data is stored on servers located in South Africa with appropriate security measures and POPIA-compliant data processing agreements.

7. Data Retention

We retain personal information only for as long as necessary to:

  • • Provide our accounting services
  • • Comply with legal and regulatory requirements (including 7-year tax record retention)
  • • Resolve disputes and enforce agreements
  • • Improve our AI models and services (using anonymized data only)

8. Data Breach Response

In the unlikely event of a data breach, we will:

  • • Notify the Information Regulator within 72 hours (where required)
  • • Inform affected individuals without undue delay
  • • Take immediate steps to contain and remedy the breach
  • • Provide ongoing updates on our investigation and remediation efforts

9. Children's Information

ClientConnect AI does not knowingly collect personal information from children under 18 years of age. Our services are designed for business use by adults. If we discover we have collected information from a child, we will delete it immediately.

10. Information Officer

Email Contact Our Information Officer

For POPIA-related inquiries, to exercise your rights, or to lodge a complaint:

Information Officer: POPIA Compliance Officer

Email: info@clientconnect.co.za

Phone: 081 615 4542

Address: ClientConnect AI, Gauteng, South Africa

Response Time: We will respond to POPIA requests within 30 days as required by law.

11. Complaints and Enforcement

If you believe we have not complied with POPIA, you can:

  • • Contact our Information Officer directly
  • • Lodge a complaint with the Information Regulator of South Africa
  • • Seek legal remedies through the courts

Information Regulator South Africa

Website: www.justice.gov.za/inforeg

Email: inforeg@justice.gov.za

12. Updates to POPIA Compliance

We regularly review and update our POPIA compliance measures to ensure continued adherence to the law and best practices. Any material changes will be communicated through our usual channels.