POPIA Statement
Protection of Personal Information Act 4 of 2013 — Our commitment and how ConsentYes helps your business comply
What is POPIA?
The Protection of Personal Information Act (POPIA) is South Africa's primary data privacy law, fully enforceable since 1 July 2021. It regulates how organisations collect, process, store, and share personal information. Non-compliance can result in fines of up to R10 million or 10 years imprisonment.
ConsentYes's Own POPIA Compliance
ConsentYes (Pty) Ltd is committed to full compliance with POPIA in all aspects of our operations. We have appointed an Information Officer who is responsible for overseeing our compliance programme. Our Information Officer is registered with the Information Regulator of South Africa.
We process personal information only to the extent necessary to provide our platform and in accordance with the eight conditions for lawful processing set out in POPIA.
The 8 Conditions for Lawful Processing
Accountability
We take responsibility for ensuring that POPIA requirements are met. Our Information Officer oversees our compliance and is the point of contact for data subjects and the Information Regulator.
Processing Limitation
We collect only the personal information necessary for our specified purpose. ConsentYes's consent banner collects only anonymous visitor IDs — not names or email addresses of website visitors.
Purpose Specification
We clearly state the purpose for which we collect personal information and only process it for that stated purpose. Purposes are documented in our Privacy Policy and communicated to data subjects at the time of collection.
Further Processing Limitation
Personal information collected for one purpose is not used for an unrelated, incompatible purpose. We do not sell or share personal data with advertisers.
Information Quality
We take reasonable steps to ensure personal information is accurate, complete, and up-to-date. Users can update their account information at any time through their dashboard settings.
Openness
We are transparent about how we collect and process personal information. This POPIA statement, our Privacy Policy, and our Terms of Service are publicly available and written in plain language.
Security Safeguards
We implement appropriate technical and organisational measures including TLS encryption in transit, AES-256 encryption at rest, access controls, regular security reviews, and audit logging to protect personal information.
Data Subject Participation
Data subjects can request access to, correction of, or deletion of their personal information at any time by emailing privacy@consentyes.co.za. We respond within 30 days.
How ConsentYes Helps Your Business Comply
- Consent Banner — obtain and record lawful consent from website visitors before placing non-essential cookies, with a full audit trail
- DSAR Workflow — manage data subject access, deletion, and correction requests within POPIA's 30-day response window
- Cookie Scanner — identify what cookies and trackers are active on your site so you can disclose them accurately
- Consent Logs — maintain tamper-evident records of all consent events for regulatory audits
- Settings — customise your banner text to match your privacy notice accurately
Information Regulator
The Information Regulator (South Africa) oversees the enforcement of POPIA. You have the right to lodge a complaint with them if you believe your personal information has been mishandled.
- Website: www.justice.gov.za/inforeg
- Email: inforeg@justice.gov.za
- Phone: 010 023 5200
Contact Our Information Officer
For any POPIA-related queries, requests, or complaints:
- Email: privacy@consentyes.co.za
- Response time: within 30 days