Skip to content
SwiftCode Innovation
Legal

POPIA Compliance

Last updated: July 2026

Draft for review: This statement summarises how SwiftCode Innovation (Pty) Ltd approaches compliance with the Protection of Personal Information Act. It should be reviewed and approved by a legal professional and read together with our Privacy Policy and PAIA Manual.

1. Our commitment

SwiftCode Innovation (Pty) Ltdis committed to processing personal information lawfully, transparently and securely in accordance with the Protection of Personal Information Act, 4 of 2013 ("POPIA"). POPIA gives effect to the constitutional right to privacy and regulates how organisations collect, use, store and share personal information. This statement explains how we meet our obligations.

2. Responsible party and operator

Where we determine the purpose and means of processing personal information (for example, our own client, supplier and employee data), we act as the responsible party. Where we process personal information on behalf of a client under their instructions — for instance when building or operating a platform for them — we act as an operator and apply appropriate security measures and confidentiality obligations.

3. The eight conditions for lawful processing

We align our processing with the eight conditions set out in POPIA:

  • Accountability — we take responsibility for ensuring the conditions for lawful processing are met.
  • Processing limitation — we process personal information lawfully, minimally, and with consent or another lawful justification, and collect it directly from the data subject where reasonable.
  • Purpose specification — we collect information for specific, explicitly defined and lawful purposes, and retain it only for as long as necessary.
  • Further processing limitation — any further processing is compatible with the purpose for which the information was originally collected.
  • Information quality — we take reasonable steps to keep information accurate, complete and up to date.
  • Openness — we document our processing and notify data subjects of the collection of their information (see our Privacy Policy).
  • Security safeguards — we secure the integrity and confidentiality of personal information through appropriate technical and organisational measures.
  • Data subject participation — we uphold the rights of data subjects to access and correct their personal information.

4. Rights of data subjects

Subject to applicable law, data subjects have the right to:

  • be notified that their personal information is being collected and processed;
  • request access to the personal information we hold about them;
  • request correction, deletion or destruction of their personal information;
  • object, on reasonable grounds, to the processing of their personal information;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with the Information Regulator.

5. Consent

Where we rely on consent, we ensure it is specific, informed and voluntary. Special personal information and the personal information of children are only processed where POPIA permits. Consent may be withdrawn at any time, without affecting the lawfulness of processing carried out beforehand or on another lawful basis.

6. Security safeguards and breach notification

We implement appropriate, reasonable technical and organisational measures to protect the confidentiality and integrity of personal information, and we require operators who process information on our behalf to do the same. If we reasonably believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and the affected data subjects as soon as reasonably possible.

7. Cross-border transfers

Where personal information is transferred outside South Africa (for example, to cloud providers), we do so only where POPIA permits — such as where the recipient is bound by laws or agreements that provide an adequate level of protection, or with the data subject's consent.

8. Information Officer

Our Information Officer is responsible for encouraging and monitoring compliance with POPIA, dealing with requests and complaints, and liaising with the Information Regulator. Requests and queries may be directed to:

  • Information Officer: Atusaye Msiska
  • SwiftCode Innovation (Pty) Ltd
  • 33 Rolls Royce Street, Impala Park, Boksburg, 1459, South Africa
  • Email: admin@swiftcode.co.za
  • Phone: +27 74 832 8272

9. Complaints to the Information Regulator

If you believe we have not handled your personal information in accordance with POPIA, you may lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.