Loading Addresses...
Loading coupons...
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Loading Conversation...
This conversation is closed
You can no longer send messages on this ticket.
Loading Tickets...
Select a category and describe your issue
Describe your issue in detail so we can help you faster.
Please enter a message.Sending Ticket...
Allow the app to push notification in application.
Forward all account notifications to your email address
1.1 This Policy forms the core internal POPIA compliance framework of SendMiza.
1.2 Its purpose is to establish minimum governance, operational and accountability standards for the lawful processing of personal information across the SendMiza business.
2.1 This Policy applies to SendMiza, its directors, officers, employees, contractors, consultants, support staff, developers, operators and any other persons who process personal information on behalf of or under the authority of SendMiza.
3.1 SendMiza accepts responsibility for ensuring that personal information is processed lawfully, reasonably and in a manner that does not unjustifiably infringe privacy.
3.2 Management shall support POPIA compliance and shall ensure that adequate resources, policies, processes and training are maintained.
4.1 SendMiza shall designate an Information Officer and, where appropriate, one or more Deputy Information Officers.
4.2 The Information Officer shall oversee compliance, facilitate data-subject requests, maintain compliance records, coordinate breach response, liaise with the Information Regulator, and ensure that necessary documentation is implemented and maintained.
5.1 SendMiza shall process personal information only where there is a lawful purpose and lawful justification for doing so.
5.2 Personal information shall be processed in a manner that is adequate, relevant and not excessive in relation to the purpose for which it is processed.
5.3 SendMiza shall not retain personal information indefinitely without lawful reason.
5.4 Reasonable steps shall be taken to ensure the quality, accuracy and completeness of personal information where appropriate.
6.1 Wherever personal information is collected, SendMiza shall take reasonably practicable steps to ensure that the data subject is informed of:
6.1.1 The information being collected.
6.1.2 The source of the information where it is not collected directly.
6.1.3 The name and contact details of SendMiza.
6.1.4 The purpose of collection.
6.1.5 Whether supply of the information is voluntary or mandatory.
6.1.6 The consequences of failing to provide the information where relevant.
6.1.7 Intended recipients or categories of recipients.
6.1.8 Whether information may be transferred outside South Africa.
6.1.9 The data subject's rights.
7.1 SendMiza shall not appoint an operator to process personal information unless the operator is capable of maintaining appropriate confidentiality and security safeguards.
7.2 Every operator processing personal information for SendMiza shall be bound by a written agreement.
7.3 Every operator agreement shall include, at minimum:
7.3.1 A prohibition on processing personal information except on documented instructions from SendMiza or as required by law.
7.3.2 A duty of confidentiality.
7.3.3 Minimum security obligations.
7.3.4 Breach notification duties.
7.3.5 Audit or compliance cooperation obligations.
7.3.6 Return or destruction obligations on termination.
8.1 SendMiza shall secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.
8.2 Such measures shall include, where appropriate:
8.2.1 Role-based access controls.
8.2.2 Password and authentication standards.
8.2.3 Logging and monitoring of system activity.
8.2.4 Encryption or tokenisation where appropriate.
8.2.5 Secure software development and patching procedures.
8.2.6 Backup and disaster recovery arrangements.
8.2.7 Employee and contractor confidentiality undertakings.
8.2.8 Periodic security assessment and improvement.
9.1 SendMiza shall maintain a retention schedule setting out the categories of personal information processed, the purpose of retention, applicable retention period, archive rules and destruction method.
9.2 Personal information shall be deleted, destroyed, anonymised or de-identified when no longer required, unless retention is necessary for contractual, legal, regulatory, accounting, tax, insurance, fraud or litigation purposes.
10.1 SendMiza shall maintain processes for handling requests for access, correction, deletion and objection.
10.2 Requests shall be acknowledged promptly and dealt with in accordance with internal procedures, identity verification requirements, statutory time periods and lawful grounds of response.
11.1 Any person who becomes aware of actual or suspected unauthorised access, loss, disclosure, corruption or compromise of personal information must report it immediately to the Information Officer or designated incident-response contact.
11.2 SendMiza shall investigate the incident, take steps to contain and mitigate the impact, preserve evidence, assess affected data, determine reporting obligations and notify affected persons or authorities where required by law.
12.1 The SendMiza POPIA Compliance Pack shall include at least the following operative documents:
12.1.1 Information Officer appointment and registration record.
12.1.2 PAIA manual.
12.1.3 Public Privacy Policy.
12.1.4 Internal privacy compliance policy, being this Policy.
12.1.5 Operator agreement template and executed operator agreements.
12.1.6 Information-security and breach response procedure.
12.1.7 Retention and deletion schedule.
12.1.8 Data-subject request form and response workflow.
12.1.9 Staff confidentiality and acceptable information handling undertaking.
13.1 Any operator appointed by SendMiza shall sign an agreement substantially incorporating the following obligations:
13.1.1 The Operator acknowledges that any personal information processed on behalf of SendMiza remains under the control of SendMiza as responsible party.
13.1.2 The Operator shall process personal information only on documented instructions from SendMiza or as required by law.
13.1.3 The Operator shall keep such information confidential and shall implement appropriate security safeguards.
13.1.4 The Operator shall notify SendMiza without undue delay of any actual or suspected security compromise.
13.1.5 The Operator shall not appoint any sub-operator without prior written approval from SendMiza.
13.1.6 Upon termination, the Operator shall return or securely destroy personal information as directed by SendMiza, subject to any legal obligation to retain same.