Last Updated: February 16, 2026

POPIA Complaince Policy

(Protection of Personal Information Act – South Africa)

Nongo Telecoms (Pty) Ltd t/a NONGOTEL (“NONGOTEL” or “the Company”)

1. PURPOSE

This Policy is adopted in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa.

The purpose of this Policy is to:

  • Ensure lawful processing of Personal Information
  • Protect the rights of Data Subjects
  • Establish safeguards to prevent unlawful access, disclosure, or loss of Personal Information
  • Demonstrate NONGOTEL’s commitment to data privacy and protection

2. SCOPE

This Policy applies to:

  • All employees, directors, contractors, and third parties acting on behalf of NONGOTEL
  • All Personal Information processed by NONGOTEL
  • All electronic, physical, and verbal processing of Personal Information

3. DEFINITIONS

For purposes of this Policy:

  • “Personal Information” means information relating to an identifiable, living natural person or existing juristic person.
  • "Data Subject” means the person to whom Personal Information relates.
  • “Processing” includes collection, receipt, recording, storage, updating, retrieval, dissemination, or destruction.
  • “Information Officer” means the person appointed in terms of POPIA.
  • “Operator” means a third party processing Personal Information on behalf of NONGOTEL.

4. PERSONAL INFORMATION PROCESSED

NONGOTEL may process the following categories of Personal Information:

4.1 Customers

  • Full names
  • ID numbers / registration numbers
  • Contact details (phone, email, address)
  • Billing information
  • Banking details
  • Call/data usage records
  • IP addresses
  • Location data (where applicable)

4.2 Employees

  • Identity numbers
  • Employment records
  • Banking details
  • Tax information
  • Performance records
  • Biometric data (if applicable)

4.3 Suppliers and Contractors

  • Contact details
  • Company registration details
  • Banking information
  • Compliance documentation

5. CONDITIONS FOR LAWFUL PROCESSING

NONGOTEL processes Personal Information in accordance with the eight conditions under POPIA:

5.1 Accountability

NONGOTEL ensures compliance with POPIA at all times.

5.2 Processing Limitation

  • Information is processed lawfully and minimally.
  • Consent is obtained where required.
  • Processing is justified by contractual, legal, or legitimate business purposes.

5.3 Purpose Specification

  • Personal Information is collected for specific, lawful purposes.
  • Data is retained only as long as necessary.

5.4 Further Processing Limitation

Further processing is compatible with the original purpose of collection.

5.5 Information Quality

NONGOTEL takes reasonable steps to ensure Personal Information is accurate and updated.

5.6 Openness

Data Subjects are informed:

  • What information is collected
  • Why it is collected
  • How it will be used
  • Their rights under POPIA

5.7 Security Safeguards

NONGOTEL implements appropriate technical and organisational measures to protect Personal Information

5.8 Data Subject Participation

Data Subjects have the right to:

  • Access their information
  • Request correction or deletion
  • Object to processing
  • Withdraw consent (where applicable)

6. INFORMATION OFFICER

NONGOTEL appoints an Information Officer in terms of POPIA.

Information Officer Details:

Company: Nongo Telecoms (Pty) Ltd t/a NONGOTEL

Email: info@nongotel.co.za

Telephone: +27 78 155 9282

Physical Address: Unit 4B, 3rd Floor,Boulevard Place, Century City, Cape Town, 7441

The Information Officer is responsible for:

  • Ensuring POPIA compliance
  • Handling data subject requests
  • Managing data breaches
  • Liaising with the Information Regulator

7. SECURITY MEASURE

NONGOTEL implements the following safeguards:

7.1 Technical Measures

  • Secure servers and firewalls
  • Encryption of sensitive data
  • Password-protected systems
  • Access control restrictions
  • Anti-virus and intrusion detection systems
  • Secure backups

7.2 Organisational Measures

  • Confidentiality agreements
  • POPIA awareness training
  • Access based on role requirements
  • Access control restrictions
  • Vendor due diligence assessments

DATA RETENTION

Personal Information will be retained:

  • For the duration of the contractual relationship
  • As required by applicable legislation (e.g., RICA, Companies Act, Tax laws)
  • For dispute resolution or legal obligations

After expiry of retention periods, information will be securely destroyed or anonymised.

9. DIRECT MARKETING

NONGOTEL will:

  • Obtain consent where required for electronic marketing
  • Provide opt-out mechanisms
  • Respect objections to marketing communications

10. THIRD-PARTY OPERATORS

Where Personal Information is processed by third parties:

  • Written agreements will be in place
  • Operators must implement adequate security measures
  • Operators may not process data for unauthorised purposes

11. CROSS-BORDER TRANSFERS

Personal Information may only be transferred outside South Africa if:

  • Written agreements will be in place
  • The recipient country has adequate data protection laws, OR
  • The Data Subject consents, OR
  • It is necessary for contract performance

12. DATA BREACH MANAGEMENT

In the event of a security compromise:

  • Immediate containment measures will be implemented.
  • The Information Regulator will be notified where required.
  • Affected Data Subjects will be informed if there is a risk of harm.
  • Corrective actions will be taken.

13. COMPLAINTS

Data Subjects may lodge complaints with:

Information Officer – NONGOTEL

Email: info@nongotel.co.za

Telephone: +27 78 155 9282

Physical Address: Unit 4B, 3rd Floor,Boulevard Place, Century City, Cape Town, 7441

14. POLICY REVIEW

This Policy will be reviewed annually or when required by legislative changes.

15. APPROVAL

Director

Nongo Telecoms (Pty) Ltd t/a NONGOTEL

Date: 16/02/2026