The policy represents the company‘s commitment to compliance with its obligations under the Protection of Personal Information Act 4 of 2013 (“POPI”).
The processing of personal information:
We provide this policy in accordance with POPI, detailing the lawful approach we take in the collection of information and in regard to the management, use and processing of all information collected from you and other legitimate sources and all subsequent dealings with your lawful representatives and other entities listed in this policy.
In the course of our business we only process personal information in relation to our clients in terms of the services requested by them, which will be detailed in the agreement between us (“the lawful purpose”).
The types of personal information collected and processed:
We gather information about yourself and or the organisation you represent primarily from the information you provide and or the information submitted by your organisations account owners and administrators.
Why we Process Personal Information
We Process Personal Information:
in order to provide a service to you and your organisation.
to ensure information that you submit, use or view is applicable to you in reference to the service you provide your client, the industry in which you operate and the applicable laws and legislation's your are required to comply with.
What laws authorize us to collect personal information?
We are authorized to collect your personal information, for a lawful purpose, by POPI. In order to access/collect/process your information, we act on your behalf as the “responsible party” requesting access to your information under South African legislation.
How we collect personal information:
We collect personal information in South Africa from these possible legitimate sources:
from your account administrator/ account owner in reference to the industry(s) in which you operate or an authorized representative of such
Please note, depending on circumstances, we may choose not to collect information from all these sources.
Parties we share your information with:
We only share your information with you and your organisation's representatives
How we hold personal information securely:
All content and data collected, stored and processed is done so using Data Encryption and provided by 3rd party services who comply with the EU General Data Protection Regulation (GDPR)
Our 3rd party services encrypt data in transit using HTTPS and logically isolate customer data. In addition, data is also encrypted at rest.
Innovative Thinking and its 3rd party services restricts access to a select employee(s) who have a business purpose to access personal data.
All of our 3rd party services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process
How you may complain about our failure to comply with POPIA:
You can Contact Us through the linked form
Or you can email us at