POPIA Compliance

1. About POPIA

The Protection of Personal Information Act (POPIA), Act 4 of 2013, is South Africa's data protection legislation. It regulates how personal information is collected, stored, processed, and shared. POPIA aims to protect the constitutional right to privacy while balancing it with other rights such as access to information.

Solution Trail (Pty) Ltd is committed to complying with POPIA and ensuring that all personal information entrusted to us is handled responsibly, lawfully, and transparently.

2. Responsible Party

Under POPIA, the "responsible party" is the entity that determines the purpose and means of processing personal information.

3. Purpose of Processing

We process personal information for the following specific, defined purposes:

• To provide and maintain our WhatsApp Business messaging platform
• To manage customer conversations on behalf of our clients
• To communicate with clients regarding their accounts and services
• To fulfil contractual obligations under service agreements
• To comply with legal and regulatory requirements
• To improve and develop our products and services

We do not process personal information for purposes other than those stated above without obtaining further consent from the data subject.

4. Categories of Personal Information

We may collect and process the following categories of personal information as defined by POPIA:

We do not intentionally collect special personal information (such as race, religion, health, sexual orientation, biometric data, or criminal history) as defined in Section 26 of POPIA.

5. Lawful Basis for Processing

Under Section 11 of POPIA, we process personal information based on one or more of the following lawful grounds:

• Consent — The data subject has given voluntary, specific, and informed consent
• Contract — Processing is necessary to fulfil a contractual obligation
• Legal obligation — Processing is required by law
• Legitimate interest — Processing is necessary for a legitimate interest that does not infringe the data subject's rights

6. Data Subject Rights

Under POPIA, data subjects have the following rights:

• Right to be notified (Section 18) — To be informed when personal information is collected
• Right of access (Section 23) — To request confirmation of and access to personal information held
• Right to correction (Section 24) — To request correction or deletion of inaccurate, irrelevant, or excessive information
• Right to deletion (Section 24) — To request destruction of personal information no longer needed
• Right to object (Section 11(3)) — To object to processing of personal information
• Right to withdraw consent — To withdraw previously given consent at any time
• Right to lodge a complaint — To submit a complaint to the Information Regulator

To exercise any of these rights, contact us at info@solutiontrail.co.za. We will respond within 10 business days as required by POPIA.

7. Third-Party Operators

Under Section 21 of POPIA, an "operator" is a person or entity that processes personal information on behalf of the responsible party under a contract.

We may use the following categories of operators:

• Meta / WhatsApp — For WhatsApp Business API messaging services
• Cloud hosting providers — For data storage and infrastructure (servers located in South Africa and/or the EU)
• Authentication providers — For secure login services

All operators are contractually required to process personal information only on our instructions and to implement appropriate security measures.

8. Cross-Border Data Transfers

Under Section 72 of POPIA, personal information may only be transferred outside South Africa if adequate protections exist. Our data may be processed in:

• South Africa — Primary data storage
• European Union — Infrastructure with GDPR-level protections (considered adequate under POPIA)
• Meta's infrastructure — As required for WhatsApp Business API functionality

We ensure that any cross-border transfer is compliant with Section 72 and that adequate safeguards are in place.

9. Security Safeguards

In accordance with Section 19 of POPIA, we take reasonable technical and organisational measures to secure personal information, including:

• HTTPS/TLS encryption for data in transit
• Secure authentication mechanisms
• Access control and role-based permissions
• Regular review of security practices

As our platform is currently in MVP stage, we are actively working to implement additional safeguards including encryption at rest, automated backups, and multi-factor authentication.

10. Data Breach Notification

In accordance with Sections 21 and 22 of POPIA, in the event of a data breach that compromises personal information:

• We will notify the Information Regulator as soon as reasonably possible
• We will notify affected data subjects as soon as reasonably possible
• We will provide details of the breach, the information compromised, and the measures taken to address it
• We will take immediate steps to mitigate the impact of the breach

11. Information Officer

Under Section 55 of POPIA, every responsible party must appoint an Information Officer. For Solution Trail:

The Information Officer is responsible for encouraging compliance with POPIA, handling data subject requests, and working with the Information Regulator.

12. Complaints

If you are not satisfied with our handling of your personal information, you have the right to lodge a complaint with the Information Regulator:

We encourage you to contact us first at info@solutiontrail.co.za so we can attempt to resolve your concern directly.