POPIA Policy


THE SUN EXCHANGE (PROPRIETARY) LIMITED (Registration No. 2015/142280/07) Incorporated in the Republic of South Africa (“Company”)

What is POPIA about?

It relates to South African law and the protection of personal Information of all South Africans and entities.

The Company acknowledges and supports the right to privacy of all its contracting parties.

The purpose of POPIA

To give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at:

  • balancing the right to privacy against other rights, particularly the right of access to information;
  • protecting important interests, including the free flow of information within South Africa and across international borders;
  • regulating the manner in which personal information may be processed by establishing conditions in harmony with international standards that prescribe the minimum threshold requirements for the lawful processing of personal information;
  • providing persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and
  • establishing voluntary and compulsory measures including the establishment of an Information Regulator to ensure respect for and to promote, enforce and fulfil the rights protected by this Act.

What POPIA prohibits

A Responsible Party may, subject to section 27, not process personal information concerning:

  • the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
  • the criminal behaviour of a data subject to the extent that such information relates to; or the alleged commission by a data subject of any offence; or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.

Definitions associated with this document

These definitions are provided by POPIA.

‘‘competent person’’ means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child.

‘‘consent’’ means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.

‘‘data subject’’ means the person to whom personal information relates.

‘‘electronic communication’’ means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.

‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  2. information relating to the education or the medical, financial, criminal or employment history of the person;
  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  4. the biometric information of the person;
  5. the personal opinions, views or preferences of the person;
  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  7. the views or opinions of another individual about the person; and
  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

‘‘private body’’ means:

  1. a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
  2. a partnership which carries or has carried on any trade, business or profession; or
  3. any former or existing juristic person, but excludes a public body.

‘‘record’’ means any recorded information:

  1. regardless of form or medium, including any of the following:
    1. writing on any material;
    2. information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
    3. label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
    4. book, map, plan, graph or drawing;
    5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
  2. in the possession or under the control of a responsible party;
  3. whether or not it was created by a responsible party; and
  4. regardless of when it came into existence.

‘‘responsible party“ means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

‘‘restriction’’ means to withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information.

‘‘special personal information’’ means personal information as referred to in section 26.

‘‘unique identifier’’ means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.

Why does the Company collect personal information?

The Company will only collect and process your personal information (either directly or through our service providers) if there is a lawful purpose for doing so and as required by the laws of the Republic of South Africa.

The contracting parties will at all times be informed regarding the information they are required to provide and will, on inquiry, be informed for what specific reasons they are required to provide such information for purposes of transparency and full disclosure.

What personal information will the Company collect and process?

Information for business contacts

  1. Full registered name;
  2. Trading name (if any);
  3. Registration Number,
  4. Financial, legal and qualification information
    1. including your bank account information
    2. Value Added Tax number
    3. Banking details
    4. power of attorney if applicable,
  5. Postal Address;
  6. Street Address;
  7. Telephone and Cell phone contact numbers;
  8. Email address;
  9. Type of Juristic person;
  10. Accountants or Auditors contact details;
  11. Registered office of their Auditors; and
  12. Debtors.

You can expect to have questions posed regarding asset value, annual turnover, premises location, landlord details; mortgage loans, book debts and debts the debtors, customers and independent services providers may have ceded or are standing security for and the financial status of their owners, directors, members or the like.

Members of the platform

  1. Where applicable, entity name and registration and VAT details;
  2. Financial, legal and qualification information:
    1. including your bank account information, If applicable
    2. cryptocurrency wallet details, if applicable
    3. power of attorney relating to you, If applicable
  3. Residential Address;
  4. Telephone and Cell phone contact number, If applicable, and;
  5. Email address.

Unlawful access to your personal information

If you believe that your personal information has been unlawfully accessed or acquired, you may contact the Company’s Information Officer using the contact information below and provide details of the incident so that the Company can investigate it.

Security and storage

We may hold personal information in either electronic or hard copy form. In both cases we will take reasonable and appropriate steps to ensure that the personal information is protected from misuse and loss and from unauthorised access, modification, or disclosure.

We keep personal information for as long as we need to achieve the purpose for which it was collected and any other permitted linked purpose (for example your personal information which is relevant to a transaction may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such information). If personal information is handled for 2 purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period once that period expires.

Personal information is destroyed or irreversibly anonymised when no longer needed or when we are no longer required by law to retain it (whichever is the later).

We restrict access to the personal information to those authorised persons who need to use it for the relevant purpose(s).


By contracting with the Company, you indemnify and hold the Company harmless from any loss, damages, or injury that you may incur as a result of furnishing incorrect or incomplete Personal Information to us. We encourage you to contact the Information Officer using the contact details supplied below to review and update information where necessary.


Should you not consent to all or some of your Personal Information being processed as set out above, please send an email stating this to the Information Officer’s email address below. Such correspondence must detail which Personal Information may not be processed and confirm that you are duly authorised to advise the Company of your dissent. Dissenting contracting parties are to note that should you not permit the Company to receive and process Personal Information as may be required, this could result in amendments or cancellation of existing contracts.

Our Information Officer contact details are:

Saul Wainwright
POPIA Information Officer
192 Main Rd, Muizenberg, Cape Town, South Africa
Email: POPIA@thesunexchange.com