POPIA Compliance Policy

POPIA Policy Akeroyd Accounting and Tax Services CC 1. Purpose of this Policy Akeroyd Accounting and Tax Services CC (“the Company”) is committed to safeguarding personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA). This Policy outlines how the Company collects, processes, stores, shares, and protects personal information to ensure compliance with POPIA and to maintain the trust of its Clients, Employees, Suppliers, and Business Partners. 2. Scope This Policy applies to: All Members, Employees, Contractors, and Service Providers of Akeroyd Accounting and Tax Services CC. All personal information processed by the Company relating to Clients, Prospective Clients, Suppliers, Employees, and Third Parties. 3. Definitions Personal Information: Any information relating to an identifiable, living Individual or Juristic person. Processing: Any operation concerning personal information, including collection, storage, use, dissemination, or destruction. Data Subject: The Individual or Entity to whom the personal information relates. Responsible Party: Akeroyd Accounting and Tax Services CC, which determines the purpose and means of processing personal information. Operator: A Third Party that processes personal information on behalf of the Company. 4. Principles of Processing Personal Information The Company adheres to the Eight Conditions for Lawful processing under POPIA: Accountability: The Company accepts responsibility for lawful processing. Processing Limitation: Personal information is processed lawfully, minimally, and with consent or other lawful justification. Purpose Specification: Information is collected for specific, explicitly defined, and legitimate purposes. Further Processing Limitation: Further processing is compatible with the original purpose of collection. Information Quality: Reasonable steps are taken to ensure information is accurate, complete, and up to date. Openness: The Company maintains transparency regarding how personal information is processed. Security Safeguards: Appropriate technical and organisational measures are implemented to protect personal information. Data Subject Participation: Data subjects have the right to access, correct, or delete their personal information. 5. Collection of Personal Information The Company may collect personal information directly from Data Subjects or from authorised Third Parties, where consent or lawful justification exists. Information collected may include: Identification Details (e.g., Names, ID Numbers, Company Registration Numbers). Contact Information (e.g., Addresses, Telephone Numbers, email Addresses). Financial Information (e.g., Banking Details, Tax Records, Compliance Data). Employment or Contractual Information. 6. Purpose of Processing Personal information is processed for purposes including: Providing Accounting, Tax, and Advisory services. Meeting statutory and regulatory obligations (e.g., SARS, CIPC, and other authorities). Communicating with Clients, Employees, and Stakeholders. Internal Administration, Record Keeping, and HR functions. Marketing services, where consent has been obtained. 7. Sharing of Personal Information The Company may share personal information with: Regulatory authorities (e.g., SARS, CIPC, Department of Labour). Professional Service Providers and Subcontractors (e.g., Auditors, IT Service Providers, Consultants). All sharing is done only where necessary, under strict confidentiality obligations, and in compliance with POPIA. The Company does not sell personal information to Third Parties. 8. Safeguarding Personal Information The Company implements appropriate safeguards, including: Physical Security measures (Secure Premises and Filing Systems). Technical measures (Encryption, Firewalls, Password Protection). Administrative Controls (Access Restrictions and Policies). Confidentiality Agreements with Employees and Service Providers. Ongoing Staff Training on Data Protection and Privacy. 9. Rights of Data Subjects In terms of POPIA, Data Subjects have the right to: Be notified of the collection of their personal information. Access their personal information. Request correction, deletion, or destruction of personal information. Object to processing, including direct marketing. Lodge a Complaint with the Information Regulator. All requests must be submitted in writing to the Information Officer. 10. Information Officer The appointed Information Officer for Akeroyd Accounting and Tax Services CC is: Nicholas Jon Akeroyd Name: Nicholas Jon Akeroyd Email: nic@nala-bts.co.za Address: 7A Leslie Road, West Riding, Hillcrest, KZN, 3610 The Information Officer is responsible for ensuring compliance with POPIA, managing data subject requests, and maintaining records of processing activities. 11. Retention of Records Personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Records that are no longer required will be securely destroyed or de-identified. 12. Breach Notification In the event of a Data Breach, the Company will: Notify affected data subjects and the Information Regulator where required. Take immediate steps to mitigate risks and prevent further breaches. Investigate and implement corrective actions. 13. Review of Policy This Policy will be reviewed annually or when there are significant changes in legislation, regulations, or business operations. 14. Acceptance All Employees, Contractors, and Service Providers are required to familiarise themselves with this Policy and comply with its provisions as a condition of their engagement with the Company.