POPIA Compliant

POPIA Compliance

Our commitment to protecting your personal information under South Africa's Protection of Personal Information Act (Act 4 of 2013)

About POPIA

The Protection of Personal Information Act (POPIA) regulates how South African organizations must process personal information. As a South African company, Ensemble EHS fully complies with all eight conditions for lawful processing of personal information.

We have implemented comprehensive data protection measures, appointed a dedicated Information Officer, and maintain transparent practices to ensure your privacy rights are respected at all times.

Act 4 of 2013

Commenced 1 July 2021, with compliance deadline 30 June 2021

8 Conditions

Comprehensive conditions for lawful processing we fully comply with

Your Rights

6 fundamental rights you have over your personal information

8 Conditions for Lawful Processing

How we comply with each POPIA condition

Accountability

We have appointed a dedicated Information Officer responsible for POPIA compliance and data protection oversight.

Designated Information Officer with direct board reporting
Annual POPIA compliance audits
Regular staff training on data protection
Documented data protection policies and procedures

Processing Limitation

Personal information is processed lawfully, in a reasonable manner, and only for specified purposes.

Explicit consent obtained before processing
Purpose specification at data collection
Processing limited to original purpose
No secondary processing without consent

Purpose Specification

We clearly communicate the purpose of data collection before obtaining personal information.

Transparent privacy notices at collection
Purpose-specific consent mechanisms
Clear communication of data usage
No processing beyond stated purposes

Further Processing Limitation

Personal information is not used for purposes incompatible with the original collection.

Compatibility assessments before new processing
Additional consent for new purposes
Regular purpose alignment reviews
Documented processing change approvals

Information Quality

We ensure personal information is complete, accurate, and updated where necessary.

Regular data accuracy verification
User self-service data correction
Automated data quality checks
Periodic data cleansing processes

Openness

We maintain transparent documentation about personal information processing.

Public privacy policy (updated quarterly)
Processing activity records
Data subject notification procedures
Accessible information officer contact

Security Safeguards

Appropriate technical and organizational measures protect personal information.

AES-256 encryption for data at rest
TLS 1.3 for data in transit
ISO 27001 certified security controls
Regular security assessments and penetration testing

Data Subject Participation

Individuals have the right to access and correct their personal information.

Self-service data access portal
Data correction requests within 7 days
Data export functionality (JSON/CSV)
Clear objection and deletion procedures

Your Rights Under POPIA

How to exercise your data protection rights

Right to Access

Request access to your personal information we hold

How to exercise:

Timeline:

Immediate (self-service) or 30 days (manual request)

Right to Correction

Request correction of inaccurate or incomplete personal information

How to exercise:

Update directly in account settings or email privacy@ensemble-ehs.com

Timeline:

7 business days for manual corrections

Right to Deletion

Request deletion of your personal information (subject to legal obligations)

How to exercise:

Email privacy@ensemble-ehs.com with deletion request

Timeline:

30 days (with confirmation of legal review)

Right to Object

Object to processing of your personal information for specific purposes

How to exercise:

Email privacy@ensemble-ehs.com with objection details

Timeline:

14 days for review and response

Right to Data Portability

Receive your personal information in a structured, machine-readable format

How to exercise:

Settings > Privacy > Export Data (JSON or CSV format)

Timeline:

Immediate (self-service)

Right to Complain

Lodge a complaint with the Information Regulator of South Africa

How to exercise:

Contact Information Regulator: complaints@inforegulator.org.za

Timeline:

As per Information Regulator procedures

Lawful Bases for Processing

Why we process your personal information

Consent

You have explicitly consented to processing for specified purposes (e.g., marketing communications)

Examples:

Marketing email subscriptionsOptional analytics trackingBeta feature participation

Contract Performance

Processing is necessary to fulfill our service agreement with you

Examples:

Account creation and managementService delivery and supportBilling and payment processing

Legal Obligation

We are required by law to process certain information

Examples:

Tax reporting requirementsLabor law compliance recordsRegulatory reporting (OHSA, MHSA)

Legitimate Interest

Processing is necessary for our legitimate business interests (balanced against your rights)

Examples:

Fraud prevention and securitySystem optimizationBusiness analytics

Information Officer

Our designated Information Officer is responsible for ensuring POPIA compliance and handling data subject requests. You can contact them for any privacy-related questions or to exercise your rights.

Contact Information

Email: privacy@ensemble-ehs.com

Phone: +27 (0) 11 123 4567

Address: 123 Safety Lane, Johannesburg, 2000

Response Times

Email inquiries: 2 business days

Data requests: 30 days (as per POPIA)

Complaints: 14 days acknowledgment

Questions About Your Privacy?

Our Information Officer is available to answer questions about how we process your personal information and your rights under POPIA.

Contact Privacy Team Read Privacy Policy