Legal Compliance

POPIA Compliance

Shopeazy is fully committed to the Protection of Personal Information Act (POPIA) and ensuring the privacy rights of all South African data subjects.

Our Commitment

The Protection of Personal Information Act (POPIA) is South Africa's data protection law, designed to protect personal information processed by public and private bodies. At Shopeazy, we view POPIA compliance not just as a legal requirement, but as a fundamental aspect of building trust with our merchants and their customers.

personInformation Officer

In accordance with POPIA, Shopeazy has appointed an Information Officer responsible for overseeing data protection compliance.

NameShopeazy Data Protection Officer
Physical AddressCape Town, South Africa
Response TimeWithin 72 hours

gavelThe 8 POPIA Principles

POPIA establishes eight conditions for the lawful processing of personal information. Here is how Shopeazy applies each principle:

shield

Accountability

We take full responsibility for protecting the personal information under our control.

block

Processing Limitation

We only collect information that is necessary for specific, explicitly defined purposes.

description

Purpose Specification

We clearly communicate why we collect personal information and how it will be used.

lock

Further Processing Limitation

We do not use personal information for purposes other than those originally specified.

check_circle

Information Quality

We take reasonable steps to ensure personal information is accurate and up-to-date.

visibility

Openness

We maintain transparency about our data processing activities and policies.

security

Security Safeguards

We implement appropriate technical and organizational measures to protect personal information.

person

Data Subject Participation

We enable individuals to access, correct, and delete their personal information.

verified_userYour Rights as a Data Subject

Under POPIA, you have specific rights regarding your personal information. Shopeazy is committed to upholding these rights:

1

Right to be Informed

Know what personal information is being collected and how it will be used.

2

Right of Access

Request a copy of all personal information we hold about you.

3

Right to Correction

Request correction of inaccurate or outdated personal information.

4

Right to Deletion

Request deletion of your personal information under certain circumstances.

5

Right to Object

Object to the processing of your personal information for specific purposes.

6

Right to Withdraw Consent

Withdraw consent for processing where consent is the legal basis.

how_to_regHow to Exercise Your Rights

mail

Step 1: Contact Us

Email privacy@shopeazy.co with your request

fact_check

Step 2: Verification

We verify your identity to protect your data

reply

Step 3: Response

We respond within 72 hours as required by POPIA

warningSpecial Personal Information

What is Special Personal Information?

Under POPIA, special personal information includes data about a person's religious beliefs, race, ethnic origin, trade union membership, political opinions, health, sex life, biometric information, or criminal behaviour.

Shopeazy generally does not collect special personal information. In the limited circumstances where such information may be processed (e.g., for accessibility requirements), we obtain explicit consent and implement additional security measures as required by Section 27 of POPIA.

notification_importantData Breach Notification

In the unlikely event of a data breach that poses a risk to your personal information, Shopeazy will:

  • Notify the Information Regulator within 72 hours of becoming aware of the breach
  • Notify affected data subjects without unreasonable delay
  • Provide details about the nature of the breach and measures taken
  • Offer guidance on steps you can take to protect yourself

publicCross-Border Data Transfers

Shopeazy primarily stores and processes data within South Africa. However, some of our service providers may operate internationally. When transferring personal information outside South Africa, we ensure:

  • The recipient country has adequate data protection laws, OR
  • Appropriate safeguards are in place (e.g., standard contractual clauses), OR
  • Explicit consent has been obtained from the data subject

contact_mailContact the Information Regulator

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the South African Information Regulator:

Information Regulator South Africa

Website: www.inforegulator.org.za

Email: inforeg@justice.gov.za

Phone: 010 023 5207

Related Documents

Privacy Policy →Terms of Service →