POPIA Compliance

Privacy Policy & POPIA Compliance

Nexa BPO is committed to protecting your personal information in full compliance with the Protection of Personal Information Act (POPIA) of South Africa. Below you will find our privacy policy, our compliance framework, and your rights as a data subject.

Governing Legislation

POPIA — Act 4 of 2013

Regulator

Information Regulator (SA)

The 8 Conditions

Lawful Processing Under POPIA

True POPIA compliance requires actively satisfying all eight core conditions. Registering an Information Officer is only the first step — here is how we uphold each principle.

01

Accountability

We take full responsibility for all data we handle and ensure active compliance measures are in place at every level of our operations.

02

Processing Limitation

We only collect data for lawful, justifiable reasons. We obtain clear, voluntary consent before processing your personal information.

03

Purpose Specification

We collect personal information for a specific, explicit purpose and securely delete it once that purpose has been fulfilled.

04

Further Processing Limitation

We will not use your data for a secondary, unrelated purpose without obtaining fresh consent from you.

05

Information Quality

We take reasonable steps to ensure all personal data we hold is complete, accurate, and kept up to date.

06

Openness

We maintain a transparent, public-facing Privacy Policy detailing exactly what we collect and why — in plain language.

07

Security Safeguards

We implement active technical defences — firewalls, encryption, and access controls — to protect your data from leaks or breaches.

08

Data Subject Participation

You may request a copy of your data, correct it, or ask for its deletion at any time, free of charge.

Our Privacy Policy

How We Handle Your Data

Last updated: June 2025. Written in plain language to satisfy POPIA's Openness condition.

1

The Personal Information We Collect

We may collect and process the following types of personal information:

  • Contact Details: Name, email address, phone number, and physical or postal address.
  • Technical Data: IP addresses, browser types, cookie data, and browsing behaviour on our site.
  • Inquiry Data: Any information you provide when filling out forms or contacting us directly.
2

How and Why We Use Your Information

We only process your personal information for lawful, justifiable reasons, including:

  • Providing and maintaining our services to you.
  • Responding to your inquiries, support requests, or complaints.
  • Sending you marketing communication, provided you have consented to receive it.
  • Complying with legal obligations or protecting our legitimate business interests.
3

Sharing Your Information

We will never sell or rent your personal information to third parties. We only share your data with:

  • Third-Party Operators: Trusted service providers (e.g., website hosting, IT support, payment processors) who help us run our business and are contractually bound to protect your data.
  • Legal Authorities: Government bodies or regulators if required to do so by South African law.
4

Data Security

We implement strict technical and organisational security measures to protect your personal information from unauthorised access, loss, misuse, or alteration. These measures include secure firewalls, data encryption, and restricted staff access. In the event of a data breach, we will notify the Information Regulator and affected individuals as required by law.

5

How Long We Keep Your Data

We only retain your personal information for as long as necessary to fulfil the specific purpose we collected it for, or as required by South African law. Once it is no longer needed, your data is securely destroyed or permanently anonymised.

6

Your Legal Rights Under POPIA

Under POPIA, you have the following rights — all exercisable free of charge:

Access

Request a copy of the personal information we hold about you.

Correct

Ask us to update or correct inaccurate or incomplete data.

Delete

Request that we delete or destroy your personal data where legally permitted.

Object

Object to us processing your personal information for marketing purposes.

To exercise any of these rights, please contact our Information Officer at hi@nexabpo.co.za.

Living Framework

How We Demonstrate Compliance

There is no official POPIA compliance certificate — the Information Regulator does not issue one. Compliance is an ongoing practice demonstrated through a living framework of documentation and operational controls.

Information Officer Registration Certificate

Our official registration with the Information Regulator confirming our designated Information Officer.

PAIA Manual

A compiled document explaining how the public can access our records under the Promotion of Access to Information Act.

Privacy Policy

This document — a clear notice detailing exactly how we process your personal data.

Employee Training Logs

Proof that all staff have been formally trained on data protection practices.

Security & Breach Frameworks

Documented IT security controls and an active incident response plan.

Operator Agreements

Signed POPIA-compliant contracts binding all third-party service providers to our data security standards.

Questions About Your Data?

Contact our Information Officer directly — we respond within 30 days as required by POPIA.

Contact Our Information Officer

← Back to Home