Data Processing Policy

This Data Processing Policy outlines how ApexAudit Solutions ("we", "us", "our", or the "Company") collects, uses, stores, and processes personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa.

We are committed to protecting your personal information and ensuring that your privacy is respected. This policy applies to all personal information processed by us, whether in electronic or paper format.

1. Information Officer

ApexAudit Solutions has appointed an Information Officer who is responsible for ensuring compliance with POPIA and this Data Processing Policy. The Information Officer's details are as follows:

Information Officer
ApexAudit Solutions
55 Wale Street, Cape Town
Western Cape, South Africa
Email: info@florandisstudio.sbs
Phone: +27 21 555 4796

2. Definitions

• Personal Information: Information relating to an identifiable, living natural person or juristic person, including but not limited to names, contact details, identifying numbers, location information, and online identifiers.
• Processing: Any operation or activity concerning personal information, including collection, receipt, recording, organization, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, restriction, degradation, erasure, or destruction.
• Data Subject: The person to whom the personal information relates.
• Responsible Party: A public or private body or any other person which determines the purpose of and means for processing personal information.
• Operator: A person who processes personal information for a responsible party in terms of a contract or mandate.

3. Processing Principles

We are committed to processing personal information lawfully and in a reasonable manner that does not infringe on the privacy of the data subject. We adhere to the following principles:

3.1 Accountability

We ensure that the conditions for lawful processing of personal information are complied with at the time of determination of the purpose and means of processing, as well as during the processing itself.

3.2 Processing Limitation

We process personal information lawfully and in a reasonable manner that does not infringe on the privacy of the data subject. We collect personal information directly from the data subject, except in specified circumstances, and only with the consent of the data subject or as otherwise permitted by law.

3.3 Purpose Specification

We collect personal information for specific, explicitly defined, and lawful purposes related to our function or activity, and do not process it further in a way that is incompatible with those purposes.

3.4 Further Processing Limitation

Any further processing of personal information is compatible with the purpose for which it was collected, taking into account various factors such as the nature of the information, consequences of further processing, and any applicable contractual rights and obligations.

3.5 Information Quality

We take reasonably practicable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary.

3.6 Openness

We maintain the documentation of all processing operations and are transparent about our data practices.

3.7 Security Safeguards

We secure the integrity and confidentiality of personal information in our possession or under our control by taking appropriate, reasonable technical and organizational measures to prevent loss, damage, unauthorized access or processing.

3.8 Data Subject Participation

We recognize the right of data subjects to access and correct their personal information held by us, subject to certain limitations.

4. Types of Personal Information We Process

We may process the following types of personal information:

• Personal identification information (name, ID number, passport number)
• Contact information (email, phone number, physical address)
• Professional or employment-related information
• Financial information necessary for our services
• Any other information relevant to our services

5. Purpose of Processing Personal Information

We process personal information for various purposes, including:

• To provide our auditing and financial consulting services
• To comply with legal and regulatory requirements
• To respond to your inquiries and requests
• To maintain and manage our relationship with you
• To communicate with you about our services
• To improve our services
• For record-keeping and administrative purposes

6. Recipients of Personal Information

We may share your personal information with:

• Our employees who need access to the information to perform their duties
• Third-party service providers who assist us in providing our services
• Regulatory authorities and government agencies, where required by law
• Professional advisors and consultants
• Any other party with your consent or as required by law

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

7. Cross-Border Transfer of Personal Information

We may transfer your personal information to recipients outside South Africa. In such cases, we will ensure that:

• The recipient is subject to a law, binding corporate rules, or binding agreement which provides an adequate level of protection; or
• You consent to the transfer; or
• The transfer is necessary for the performance of a contract between you and us; or
• The transfer is for your benefit, and obtaining your consent is not reasonably practicable, but if it were, you would be likely to give it.

8. Data Security

We have implemented appropriate technical and organizational measures to secure personal information and protect it against unauthorized access, accidental loss, damage, or destruction. These measures include:

• Access controls and user authentication
• Physical security measures for our premises
• Secure storage of physical documents
• Encryption of electronic data where appropriate
• Regular backups and data recovery procedures
• Staff training on data protection
• Confidentiality agreements

We regularly review and update our security measures to ensure the ongoing integrity and confidentiality of personal information.

9. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this policy, or as required by law. The retention period will depend on various factors, including:

• The purpose for which we collected the information
• Legal, tax, and accounting requirements
• Professional guidelines
• Industry standards

Once your personal information is no longer required, we will securely delete or anonymize it.

10. Your Rights as a Data Subject

Under POPIA, you have the following rights:

• The right to be informed about the collection and use of your personal information
• The right to access your personal information
• The right to request correction of your personal information
• The right to request deletion of your personal information
• The right to object to the processing of your personal information
• The right to submit a complaint to the Information Regulator

To exercise any of these rights, please contact our Information Officer using the contact details provided above.

11. Complaints

If you believe that we have not complied with this policy or have violated your rights under POPIA, please contact our Information Officer. You also have the right to submit a complaint to the Information Regulator at:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za

12. Changes to this Policy

We may update this Data Processing Policy from time to time to ensure that it remains accurate and compliant with changes in the law. We will notify you of any significant changes by posting the updated policy on our website or by other appropriate means.