POPI Act Compliance

1. Our Commitment to POPIA

M & K Braai & Fireplaces is committed to complying with the Protection of Personal Information Act, 2013 (POPIA) and respecting your privacy rights as a South African citizen or resident.

This document outlines how we meet our obligations under POPIA and explains your rights regarding the personal information we process.

2. What is POPIA?

The Protection of Personal Information Act (Act No. 4 of 2013) is South African legislation that regulates how organizations process personal information. POPIA aims to:

• Protect individuals' privacy rights
• Regulate the processing of personal information
• Establish minimum requirements for lawful processing
• Provide rights to data subjects
• Establish the Information Regulator to oversee compliance

3. POPIA's Eight Conditions for Lawful Processing

We ensure all personal information processing adheres to POPIA's eight conditions:

3.1 Accountability

We take responsibility for all personal information under our control and have implemented policies, procedures, and safeguards to ensure POPIA compliance.

3.2 Processing Limitation

We process personal information lawfully, fairly, and only for specific, explicitly defined purposes. We collect information directly from you and process it with your knowledge or consent.

3.3 Purpose Specification

We collect personal information only for:

• Providing braai and fireplace quotes and consultations
• Delivering manufacturing and installation services
• Communicating about your projects
• Business operations and record-keeping
• Marketing (with consent)

3.4 Further Processing Limitation

We do not process personal information for purposes incompatible with the original purpose for which it was collected, unless you consent or it's required by law.

3.5 Information Quality

We take reasonable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary. You may request corrections at any time.

3.6 Openness

We are transparent about our information processing practices. This POPI compliance page and our Privacy Policy provide clear information about what we collect and how we use it.

3.7 Security Safeguards

We implement appropriate technical and organizational measures to protect personal information against:

• Unauthorized or unlawful processing
• Accidental loss, destruction, or damage
• Data breaches

Our security measures include access controls, secure storage, encryption, and employee training.

3.8 Data Subject Participation

We respect your rights to access, correct, and delete your personal information. See Section 5 below for details on exercising these rights.

4. Categories of Personal Information We Process

We may collect and process the following categories of personal information:

4.1 Contact Information

• Name and surname
• Email address
• Phone number
• Physical address or location

4.2 Project Information

• Project requirements and specifications
• Property details
• Budget and timeline preferences

4.3 Technical Information

• IP address
• Browser type and device information
• Website usage data (via cookies)

4.4 Communication Records

• Email correspondence
• WhatsApp messages
• Phone call records
• Meeting notes

5. Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

5.1 Right to Access

You have the right to request confirmation of whether we hold your personal information and to access that information.

5.2 Right to Correction

You may request that we correct or update inaccurate, irrelevant, excessive, or outdated personal information.

5.3 Right to Deletion (Right to be Forgotten)

You may request deletion of your personal information in certain circumstances, such as when:

• It's no longer necessary for the original purpose
• You withdraw consent (where processing was based on consent)
• You object to processing and there are no legitimate grounds to continue
• Information was unlawfully processed

5.4 Right to Object

You may object to the processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides otherwise.

5.5 Right to Restriction

You may request that we restrict the processing of your personal information in certain circumstances.

5.6 Right to Data Portability

You may request your personal information in a structured, commonly used, machine-readable format for transfer to another responsible party.

5.7 Right to Withdraw Consent

Where we process your information based on consent, you may withdraw that consent at any time. This won't affect the lawfulness of processing before withdrawal.

5.8 Right to Complain

You have the right to lodge a complaint with the Information Regulator if you believe your rights have been violated.

6. How to Exercise Your Rights

To exercise any of your rights under POPIA, please contact us using the details below. We will respond to your request within a reasonable timeframe, and no later than one month from receipt.

You may be required to provide proof of identity to protect your personal information from unauthorized access.

7. Data Breach Notification

In the event of a data breach that may cause harm to you, we will notify you and the Information Regulator as soon as reasonably possible, in accordance with POPIA's requirements.

8. Cross-Border Data Transfers

We primarily operate within South Africa. If we need to transfer your personal information outside of South Africa, we will:

• Ensure the recipient country has adequate data protection laws, or
• Obtain your consent, or
• Implement appropriate safeguards (such as binding agreements)

9. Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods vary based on:

• The nature of the information
• The purpose for which it was collected
• Legal and regulatory requirements (e.g., tax, accounting)

When information is no longer needed, we securely destroy or anonymize it.

10. Children's Personal Information

We do not knowingly process personal information of children under 18 without parental/guardian consent, except where permitted by law.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

12. Updates to This Policy

We may update this POPI compliance document from time to time. We will notify you of significant changes and update the "Last Updated" date at the top of this page.

13. Contact Our Information Officer

For any POPIA-related inquiries, requests, or complaints, please contact our Information Officer:

14. Information Regulator (South Africa)

If you are not satisfied with our response to your POPIA-related concerns, you may lodge a complaint with: