Legal Hub PAIA & POPIA Notice
Statutory Compliance — South Africa

PAIA & POPIA Notice

Our statutory notices under the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA) — your rights, our obligations.

PAIA — Act 2 of 2000 POPIA — Act 4 of 2013 Republic of South Africa Last Updated: April 2026
01 — PAIA

Promotion of Access to Information Act (PAIA)

The Promotion of Access to Information Act, 2 of 2000 (PAIA) gives effect to the constitutional right of access to any information held by the state, and to information held by another person that is required for the exercise or protection of any right.

Section 51 of PAIA requires private bodies — including ChAinge Logic — to compile a manual describing the categories of records held, how to request access, and the grounds for refusal. This notice serves as our PAIA compliance notice.

PAIA Manual

ChAinge Logic's full PAIA manual is available on written request. The manual describes the categories of records held, record access procedures, and applicable exemptions.

Request by email:
legal@chaingelogic.co.za
Subject: "PAIA Manual Request"

Information Officer

ChAinge Logic's designated Information Officer is responsible for processing access requests and ensuring PAIA compliance.

Contact:
privacy@chaingelogic.co.za
ChAinge Logic (Pty) Ltd, South Africa

How to Request Access to Records

Requests for access to records held by ChAinge Logic must be submitted using the prescribed Form C (available from the South African Department of Justice) or by written request to our Information Officer.

01
Submit a written request
Email privacy@chaingelogic.co.za with the subject "PAIA Access Request". Include your full name, contact details, a description of the record(s) requested, and the right you are seeking to exercise or protect.
02
Acknowledgement within 5 business days
We will acknowledge receipt of your request within 5 business days and advise whether an access fee applies (as prescribed under PAIA regulations).
03
Decision within 30 days
We are required to make a decision on your request within 30 days of receipt (extendable by a further 30 days in exceptional circumstances, with notice). You will be notified in writing of the decision, including grounds for any refusal.
04
Appeal a refusal
If your request is refused, you may appeal to the Information Regulator or approach the High Court for relief, as provided for under PAIA.

Grounds for refusal: Access to records may be refused where disclosure would be unreasonably prejudicial to third parties, involves privileged legal communications, constitutes commercially sensitive information, or falls within other exemptions listed in PAIA. All refusals will be accompanied by written reasons.

02 — POPIA

Protection of Personal Information Act (POPIA)

The Protection of Personal Information Act, 4 of 2013 (POPIA) regulates the processing of personal information by public and private bodies in South Africa. It gives effect to the constitutional right to privacy and sets out conditions for lawful, fair, and transparent data processing.

ChAinge Logic, as a Responsible Party under POPIA, processes personal information in accordance with the eight conditions for lawful processing set out in Chapter 3 of POPIA. Our full privacy practices are described in our Privacy Policy.

Your Rights Under POPIA

As a data subject under POPIA, you have the following rights in respect of your personal information:

01
Right to be Notified
You have the right to be notified when your personal information is being collected and to be informed of the purpose for which it is being collected.
02
Right of Access
You have the right to request confirmation of whether we hold personal information about you and to request a copy of that information.
03
Right to Correction
You have the right to request correction or deletion of your personal information where it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained.
04
Right to Object
You have the right to object to the processing of your personal information on reasonable grounds. We will cease processing unless there are compelling legitimate grounds that override your interests.
05
Right Against Automated Decisions
You have the right not to be subject to decisions made solely on the basis of automated processing of your personal information where those decisions have significant effects on you.
06
Right to Complain
You have the right to submit a complaint to the Information Regulator of South Africa if you believe your rights under POPIA have been infringed.
03 — Data Access Requests

Requesting Access to Your Personal Information

To request access to the personal information we hold about you, submit a written request to our Information Officer:

Email: privacy@chaingelogic.co.za
Subject line: "POPIA Data Access Request – [Your Full Name]"
Include: Your full name, email address on file, description of the specific information requested, and a copy of a valid identity document for verification purposes.

We will respond within 30 days of receipt of a valid request. In complex cases, we may extend this by a further 30 days with written notice. We may request additional verification before releasing information to protect against unauthorised disclosure.

Access to third-party information: Where your request includes information about another person, we may be required to consult that person before making a decision on your request. Access to third-party personal information will only be granted where legally permissible.

04 — Correction & Deletion

Requesting Correction or Deletion of Personal Information

You may request that we correct or delete personal information we hold about you. Requests are handled as follows:

Submit a correction request to privacy@chaingelogic.co.za specifying:

  • The specific information you believe is inaccurate or incomplete
  • What the correct information should be
  • Supporting evidence where available (e.g., updated documents)

We will evaluate the request and, where the correction is substantiated, update the record within 15 business days. Where we do not agree that a correction is warranted, we will notify you in writing with reasons, and you may request that a notation of the correction request be attached to the record.

You may request deletion of your personal information where:

  • The information is no longer necessary for the purpose for which it was collected
  • You withdraw consent and there is no other lawful basis for processing
  • The information was processed unlawfully

We will evaluate each deletion request against our legal retention obligations. Where we are required by law to retain the information (e.g., FICA records, tax records), we will notify you of the applicable retention obligation and the period. Deletion will be carried out upon expiry of that period.

Submit deletion requests to privacy@chaingelogic.co.za with subject "POPIA Deletion Request – [Your Name]".

05 — Information Regulator

South African Information Regulator

The Information Regulator of South Africa is the independent body responsible for enforcing PAIA and POPIA. If you are unsatisfied with our response to any access request or privacy complaint, you have the right to lodge a complaint with the Regulator.

Information Regulator — Contact Details

Complaints email:

complaints.IR@justice.gov.za

General enquiries:

inforeg@justice.gov.za

Physical address:

SALU Building
316 Thabo Sehume Street
Pretoria, 0001
Republic of South Africa

Before lodging a complaint with the Information Regulator, we encourage you to first raise the matter directly with us through the process described on our Contact & Complaints page. Many matters can be resolved swiftly through direct engagement.

POPIA Section 73: A data subject may submit a complaint to the Information Regulator if they believe a Responsible Party has interfered with the protection of their personal information. The Regulator may investigate, issue enforcement notices, or impose administrative fines.

06 — POPIA Conditions Summary

The Eight Conditions for Lawful Processing

ChAinge Logic's processing of personal information complies with the eight conditions for lawful processing set out in Chapter 3 of POPIA:

  • Accountability: We take responsibility for ensuring that personal information in our possession is processed in accordance with POPIA.
  • Processing limitation: We process personal information only where a lawful basis exists (consent, contractual necessity, legal obligation, or legitimate interest).
  • Purpose specification: Personal information is collected for specific, explicitly defined, and lawful purposes — communicated at the point of collection.
  • Further processing limitation: Personal information is not processed in a manner incompatible with the purpose for which it was originally collected.
  • Information quality: We take reasonable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary.
  • Openness: We maintain documentation of all processing activities and notify data subjects at the point of collection.
  • Security safeguards: We implement appropriate technical and organisational measures to protect personal information against loss, damage, or unauthorised access.
  • Data subject participation: We respect data subjects' rights to access, correct, and delete their personal information, and to object to processing.