Somdaka Funerals

POPIA Compliance

Last Updated: January 15, 2024

Introduction

Somdaka Funerals is committed to complying with the Protection of Personal Information Act 4 of 2013 ("POPIA") in South Africa. This statement outlines our approach to data protection and how we ensure compliance with POPIA.

POPIA establishes minimum requirements for the processing of personal information and aims to protect the right to privacy while ensuring that personal information is processed in a fair, transparent, and secure manner.

Our Commitment

At Somdaka Funerals, we are committed to:

  • Processing personal information lawfully and in a reasonable manner that does not infringe on the privacy of our clients and employees
  • Collecting personal information for specific, explicitly defined, and legitimate purposes
  • Ensuring that personal information is adequate, relevant, and not excessive for the purposes for which it is processed
  • Maintaining the quality of personal information by keeping it accurate, complete, and up-to-date
  • Not retaining personal information for longer than necessary for achieving the purpose for which it was collected
  • Implementing appropriate technical and organizational measures to secure personal information
  • Being transparent about our data processing activities and providing individuals with information about how their personal information is processed

Information Officer

In accordance with POPIA, we have appointed an Information Officer who is responsible for:

  • Encouraging and ensuring compliance with POPIA
  • Dealing with requests made to Somdaka Funerals pursuant to POPIA
  • Working with the Information Regulator in relation to investigations
  • Ensuring that a compliance framework is developed, implemented, monitored, and maintained
  • Conducting personal information impact assessments to ensure that adequate measures and standards exist

Our Information Officer can be contacted at:

Email: privacy@somdaka.co.za
Phone: +27 11 920 2002

Processing of Personal Information

We process personal information for various purposes, including:

  • Providing funeral services and related products
  • Managing client relationships
  • Processing payments
  • Complying with legal and regulatory requirements
  • Conducting market research and improving our services
  • Communicating with clients and potential clients
  • Managing our employees and contractors

We only process personal information when we have a lawful basis for doing so, such as:

  • Consent from the data subject
  • Performance of a contract
  • Compliance with a legal obligation
  • Protection of a legitimate interest
  • Performance of a public law duty
  • Pursuit of a legitimate interest of ours or a third party

Special Personal Information

We recognize that certain categories of personal information are considered "special personal information" under POPIA, including information relating to religious or philosophical beliefs, race or ethnic origin, health, and biometric information. We only process special personal information when:

  • We have obtained explicit consent from the data subject
  • Processing is necessary for the establishment, exercise, or defense of a right or obligation in law
  • Processing is for historical, statistical, or research purposes
  • The information has been deliberately made public by the data subject
  • Processing is permitted by the Information Regulator

Data Subject Rights

Under POPIA, data subjects have the following rights:

  • The right to be notified that personal information is being collected or has been accessed by an unauthorized person
  • The right to request access to personal information
  • The right to request correction, destruction, or deletion of personal information
  • The right to object to the processing of personal information
  • The right not to have personal information processed for direct marketing by means of unsolicited electronic communications
  • The right not to be subject to a decision based solely on automated processing
  • The right to submit a complaint to the Information Regulator
  • The right to institute civil proceedings regarding the alleged interference with the protection of personal information

To exercise any of these rights, please contact our Information Officer using the contact details provided above.

Security Safeguards

We have implemented appropriate technical and organizational measures to secure personal information against loss, damage, unauthorized destruction, and unlawful access or processing. These measures include:

  • Physical security measures for our premises and storage facilities
  • Access controls for our systems and networks
  • Encryption of electronic data where appropriate
  • Regular security assessments and testing
  • Staff training on data protection and security
  • Confidentiality agreements with employees and service providers
  • Incident response procedures

We regularly review and update our security measures to ensure they remain appropriate and effective.

Cross-border Transfers

We may transfer personal information to recipients in other countries. When we do so, we ensure that:

  • The recipient is subject to a law, binding corporate rules, or binding agreement that provides an adequate level of protection
  • The data subject consents to the transfer
  • The transfer is necessary for the performance of a contract between the data subject and us
  • The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject
  • The transfer is for the benefit of the data subject and it is not reasonably practicable to obtain their consent, but if it were, they would likely give it

Data Breach Notification

In the event of a data breach involving personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible
  • Notify affected data subjects as soon as reasonably possible, providing sufficient information to allow them to take protective measures against potential consequences of the breach

Contact Information

If you have any questions about our POPIA compliance or wish to exercise your rights as a data subject, please contact our Information Officer at:

Information Officer
Somdaka Funerals
1 Msibi Street, Emmangweni Section
Tembisa, Johannesburg
Email: privacy@somdaka.co.za
Phone: +27 11 920 2002

Information Regulator

If you believe that we have not adequately addressed your concerns regarding the processing of your personal information, you have the right to lodge a complaint with the Information Regulator:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/

Return to Home