Chellu Solutions

POPIA Compliance Policy

Protection of Personal Information Act, 2013 (Act 4 of 2013)

1. Our Commitment

Chellu Solutions (Pty) Ltd is committed to complying with the Protection of Personal Information Act (POPIA). We recognise the importance of protecting personal information and have implemented policies and procedures to ensure compliance with all applicable data protection legislation.

2. Information Officer

Our designated Information Officer is responsible for ensuring POPIA compliance:

Email: [email protected]
Phone: 011 087 6336
Address: Oliverdale, Randburg, 2188, Gauteng, South Africa

3. Lawful Processing Conditions

We process personal information in accordance with the eight conditions for lawful processing as outlined in POPIA: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.

4. Categories of Information Processed

We may process the following categories of personal information: contact details (name, email, phone), company information, service usage data, billing information, technical data (IP addresses, device information), and communication records.

5. Data Subject Rights

In terms of POPIA, data subjects have the right to:

  • Be notified that personal information is being collected
  • Request access to their personal information
  • Request correction or deletion of personal information
  • Object to the processing of their personal information
  • Submit a complaint to the Information Regulator regarding interference with their personal information
  • Institute civil proceedings regarding interference with their personal information

6. Data Breach Protocol

In the event of a data breach that compromises personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible
  • Notify affected data subjects unless a law enforcement agency determines that notification would impede a criminal investigation
  • Provide sufficient information to allow data subjects to take protective measures
  • Investigate the breach and implement measures to prevent recurrence

7. Cross-Border Transfers

Where personal information is transferred outside of South Africa (e.g., cloud hosting services), we ensure that the recipient country has adequate data protection laws, or that the data subject has consented to the transfer, in compliance with Section 72 of POPIA.

8. Retention & Destruction

Personal information is retained only for as long as necessary for the purpose it was collected, or as required by law. When information is no longer needed, it is securely destroyed or de-identified.

9. Contact & Complaints

To exercise your rights or lodge a complaint, contact our Information Officer at [email protected]. You may also contact the Information Regulator of South Africa at [email protected].