SubscriptionFlow POPIA Updated Policy Effective Date: [Insert Date]

1. Introduction

At SubscriptionFlow, we are committed to protecting the privacy and integrity of the personal information of our clients, partners, and website visitors. In compliance with the Protection of Personal Information Act (POPIA), this policy outlines how we collect, use, store, and secure your personal information. Our approach reflects the outcomes of our recent Self-Assessment for POPIA compliance.

2. Definitions

• Personal Information: Any information relating to an identifiable individual.
• Data Subject: An individual whose personal information is collected, processed, or stored.
• Processing: Any operation or set of operations performed on personal information, including collection, storage, alteration, dissemination, and destruction.
• Controller: The entity that determines the purposes and means of processing personal information.
• Processor: Any entity that processes personal information on behalf of the controller.

3. Scope

This policy applies to all personal information collected through our website (https://subscriptionflow.com/), applications, and any other interactions with SubscriptionFlow services. It covers all processing activities conducted by SubscriptionFlow as well as by third-party service providers on our behalf.

4. Collection and Use of Personal Information

We collect and process personal information for the following purposes:

• Account Management: To manage user registrations, authenticate logins, and provide customer support.
• Service Delivery: To facilitate the use of our SaaS platform and to customize the user experience.
• Compliance: To ensure compliance with legal obligations, including POPIA and other applicable regulations.
• Communication: To send service-related updates, notifications, and, with consent, marketing communications.
• Improvement and Analytics: To analyze usage and improve our services.

5. Legal Basis for Processing

Our processing of personal information is based on:

• Consent: When you have provided explicit consent.
• Contractual Necessity: To perform contractual obligations and deliver the services you have signed up for.
• Legal Obligation: When required by law.
• Legitimate Interest: For purposes related to our business interests, provided these do not override your rights.

6. Data Subject Rights

In accordance with POPIA, you have the right to:

• Access: Request details about the personal information we hold about you.
• Correction: Request corrections to any inaccurate or incomplete information.
• Deletion: Request deletion of your personal information where applicable.
• Objection: Object to the processing of your personal information under certain circumstances.
• Restriction: Request that the processing of your personal information be restricted.
• Data Portability: Request a copy of your personal information in a commonly used format.
• Withdraw Consent: Withdraw any consent given for the processing of your personal information at any time.

To exercise your rights, please contact our Data Protection Officer (DPO) using the details provided in Section 8 below.

7. Data Security

We employ a range of technical and organizational measures to protect personal information against unauthorized access, loss, or damage. These include:

• Encryption and secure transmission of data.
• Regular security assessments and monitoring.
• Access controls and authentication measures.
• Staff training on data protection and privacy.

8. Data Protection Officer (DPO) and Contact Information

For any questions regarding this policy or to exercise your data subject rights, please contact our Data Protection Officer:

• Name: [DPO Name or Designated Contact]
• Email: [DPO Email Address]
• Postal Address: [Company Address]
• Telephone: [Contact Number]

9. Third-Party Processors

We may share personal information with trusted third-party processors who provide services on our behalf. All third parties are required to adhere to strict data protection obligations and comply with POPIA.

10. Data Transfers

Where necessary, personal information may be transferred to third countries or international organizations. In such cases, SubscriptionFlow will take appropriate measures to ensure that the level of protection afforded to your personal information is not undermined.

11. Data Retention

We will retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods may vary depending on the type of data and legal obligations.

12. Data Breach Notification

In the unlikely event of a data breach, SubscriptionFlow will:

• Promptly assess the breach and take steps to mitigate its effects.
• Notify affected data subjects and the relevant supervisory authority in accordance with POPIA requirements.
• Provide updates and guidance on any necessary remedial actions.

13. Changes to This Policy

SubscriptionFlow may update this policy periodically to reflect changes in our practices or legal requirements. Any material changes will be communicated to you in a timely manner, and the updated policy will be posted on our website with a new effective date.

14. Your Acceptance of This Policy

By using our website and services, you acknowledge that you have read, understood, and agree to the terms outlined in this POPIA Updated Policy.