POPIA Compliance
Our commitment to protecting personal information under the Protection of Personal Information Act, 2013 (POPIA) of South Africa.
1. Our Commitment
Aisend is committed to full compliance with the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA"). We process personal information responsibly, lawfully, and transparently in accordance with the eight conditions for lawful processing as set out in the Act.
2. POPIA Conditions for Lawful Processing
2.1 Accountability
Aisend takes responsibility for ensuring compliance with POPIA. We have appointed an Information Officer who is responsible for overseeing data protection practices and ensuring ongoing compliance.
2.2 Processing Limitation
We collect personal information only for specific, explicitly defined, and lawful purposes. We do not process personal information beyond what is necessary for providing our services.
2.3 Purpose Specification
Personal information is collected for the purposes described in our Privacy Policy. We do not use personal information for purposes incompatible with those for which it was originally collected.
2.4 Further Processing Limitation
Any further processing of personal information is compatible with the original purpose of collection. We do not sell, rent, or share personal information with third parties for unrelated marketing purposes.
2.5 Information Quality
We take reasonable steps to ensure personal information is complete, accurate, not misleading, and updated where necessary. Users can request correction of their personal information at any time.
2.6 Openness
We are transparent about our data processing practices. Our Privacy Policy, Terms of Service, and this POPIA Compliance Statement are publicly available and maintained in plain, accessible language.
2.7 Security Safeguards
We implement appropriate technical and organisational measures to protect personal information:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls with principle of least privilege
- Regular security assessments and vulnerability testing
- Secure cloud infrastructure with access logging
- Employee training on data protection responsibilities
- Documented incident response and breach notification procedures
2.8 Data Subject Participation
Individuals (data subjects) have the right to access, correct, and request deletion of their personal information. We process these requests within 30 days in accordance with POPIA requirements.
3. Special Personal Information
Our AI Voice Agent services may process voice recordings, which could constitute biometric information under certain interpretations of POPIA. We handle such data with enhanced security measures and process it only with appropriate consent or contractual necessity.
4. Direct Marketing
In compliance with Section 69 of POPIA, we obtain consent before sending direct marketing communications. Existing clients may receive service-related communications based on our existing business relationship, with the option to opt out at any time.
5. Cross-Border Data Transfers
Where personal information is transferred to service providers outside South Africa, we ensure compliance with Section 72 of POPIA by verifying that the recipient country or organisation provides adequate protection, or by implementing appropriate safeguards such as binding agreements.
6. Data Breach Notification
In the event of a data breach that may compromise the personal information of data subjects, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects as required by Section 22 of POPIA
- Provide details of the breach, potential consequences, and remedial measures
- Take immediate steps to contain and mitigate the breach
7. Information Officer
Our designated Information Officer can be contacted for any POPIA-related enquiries:
- Email: privacy@aisend.co.za
- Subject Line: "POPIA Request — [Your Name]"
8. Information Regulator
If you believe your personal information has been mishandled or your rights have been infringed, you may lodge a complaint with the Information Regulator:
- Website: inforegulator.org.za
- Email: complaints.IR@justice.gov.za