STATUTORY PROTECTION OF PERSONAL INFORMATION ACT (POPIA) PRIVACY POLICY

 

  1. DEFINITIONS AND INTERPRETATION

1.1 “Personal Information”, “Responsible Party”, “Data Subject”, and “Processing” shall bear the meanings assigned to them in Section 1 of the Protection of Personal Information Act, No. 4 of 2013 (POPIA).

 

  1. LEGAL CAPACITY AND RESPONSIBLE PARTY IDENTIFICATION

2.1 Scearp Communications (Pty) Ltd acts as the “Responsible Party” for the data collected directly from its Clients for billing, provisioning, and account management.
2.2 Crucial Legal Distinction: Where the Company hosts a website, server space, custom portal, or database on behalf of a Client, the Client remains the sole “Responsible Party” for all data subjects interacting with that website or database. The Company acts strictly as an “Operator” in terms of Section 1 of POPIA, processing data exclusively under the technical mandate and operational instructions of the Client.

 

  1. CATEGORIES OF PERSONAL INFORMATION PROCESSED

In alignment with Section 7 of the Company’s PAIA Manual, the following categories of personal information are processed:

    • Names, surnames, identity or passport numbers.
    • Physical addresses, postal addresses, contact details, and electronic communication records.
    • Financial information, corporate registration records, and VAT profiles.
    • Employment records and personnel profiles for recruitment and human resource administration.

 

  1. THE SPECIFIC PURPOSE OF PROCESSING

Data processing is strictly confined to the following lawful justifications as outlined in the Company’s compliance frameworks:

    • To fulfill contractual obligations related to service delivery, domain registrations, DNS routing, and hosting services.
    • To execute legal financial operations, invoicing, auditing, and tax compliance with SARS.
    • To manage recruitment, payroll, and internal administrative operations.
    • To secure network infrastructure against brute-force attacks and unauthorized server penetration.

 

  1. TRANSBORDER DATA TRANSFERS

5.1 The Client acknowledges and consents to the fact that the Company may utilize cloud infrastructure and data center environments located outside the borders of the Republic of South Africa (including but not limited to the EU or USA).
5.2 The Company ensures that any international upstream infrastructure providers are bound by strict data privacy regulations offering an equal or higher level of protection than POPIA.

 

  1. DATA SUBJECT RIGHTS

In terms of POPIA, data subjects retain the right to request access to their personal information, request correction or deletion, object to processing, and lodge complaints directly with the South African Information Regulator via email at PAIAComplaints@inforegulator.org.za.

Version Control

Version: PP 2.0
Effective Date: 01 June 2026
Legal Pages Archive: https://scearpcommunications.co.za/legal-pages-archive/