Protection of Personal Information Act (POPIA) Compliance

Last updated: January 29, 2026

POPIA Compliance Statement: We are committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and protecting your personal information in accordance with South African law.

What is POPIA?

POPIA is South Africa's data protection legislation that promotes the protection of personal information processed by public and private bodies. The Act sets conditions for when personal information may be processed lawfully.

Our POPIA Compliance Commitments

Lawful Processing

We only process personal information when we have a lawful basis to do so, including:

  • With your consent
  • When necessary for the performance of a contract
  • When required by law
  • For our legitimate interests

Processing Limitation

We ensure that personal information is:

  • Processed lawfully and in a reasonable manner
  • Adequate, relevant, and not excessive
  • Collected for a specific, explicitly defined, and lawful purpose
  • Not retained longer than necessary

Purpose Specification

We collect and process personal information for specific purposes which are communicated to you at the time of collection.

Further Processing Limitation

We do not process personal information for secondary purposes unless:

  • It is compatible with the original purpose
  • We obtain your consent
  • It is required by law

Information Quality

We take reasonable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary.

Openness

We maintain transparency about our data processing activities and make this policy readily available to data subjects.

Security Safeguards

We implement appropriate technical and organizational measures to protect personal information against:

  • Unauthorized access
  • Unlawful processing
  • Accidental loss, destruction, or damage

Data Subject Rights Under POPIA

Under POPIA, you have the right to:

  • Be Informed: Know what personal information is being collected and why
  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Object: Object to processing of your personal information
  • Complain: Lodge a complaint with the Information Regulator

Information Officer

We have appointed an Information Officer who is responsible for ensuring compliance with POPIA. Our Information Officer can be contacted at:

Email: sales1@cloudst.co.za

Direct Marketing

We only engage in direct marketing with your explicit consent, and we provide you with the option to opt-out at any time.

Cross-Border Transfers

We do not transfer personal information outside of South Africa unless appropriate safeguards are in place as required by POPIA.

Data Breaches

In the event of a data breach, we will notify affected data subjects and the Information Regulator as required by POPIA.

Contact for POPIA Matters

For any POPIA-related inquiries or to exercise your rights, please contact us:

  • Email: sales1@cloudst.co.za
  • Phone: +27 87 821 6494
  • Information Regulator: www.justice.gov.za/inforeg
  • Information Officer: sales1@cloudst.co.za

POPIA Implementation Timeline

Our POPIA compliance journey includes:

  • Completed data mapping and impact assessment
  • Implemented privacy by design principles
  • Established data protection policies and procedures
  • Conducted staff training on data protection
  • Appointed Information Officer and Deputy Information Officer

Third-Party Processors

We only engage third-party processors who provide adequate guarantees of POPIA compliance. All processors are bound by contractual obligations to protect personal information.