Contact Us

POPIA Policy

Growth Bridge Capital (Pty) Ltd is committed to processing your personal information lawfully and in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). We implement appropriate safeguards to protect your data and uphold your rights as a data subject.

  1. Home
  3. POPIA Policy

This POPIA Policy outlines Growth Bridge Capital (Pty) Ltd’s commitment to protecting the privacy and confidentiality of personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and related South African data protection laws.

1. Purpose

This policy protects Growth Bridge Capital (Pty) Ltd (“the Company”) from compliance, operational, and reputational risks arising from the unlawful or negligent processing of personal information. It ensures that all processing of personal data complies with POPIA and that data subjects’ rights are respected and upheld.

2. Scope

This policy applies to all employees, directors, contractors, and service providers of Growth Bridge Capital who have access to personal information held by the Company, whether in electronic or paper form.

3. Definitions

Key terms as defined under POPIA include:

  • Personal Information: Information relating to an identifiable living person, including name, ID number, contact details, opinions, correspondence, biometric data, and financial information.
  • Data Subject: The person to whom personal information relates.
  • Responsible Party: The entity that determines the purpose and means of processing personal information (Growth Bridge Capital).
  • Operator: A person or organisation that processes personal information on behalf of the Responsible Party.
  • Processing: Any operation concerning personal information, including collection, storage, use, dissemination, or destruction.
  • Information Officer: The person appointed by Growth Bridge Capital to ensure compliance with POPIA and to serve as the contact point for the Information Regulator.

4. Rights of Data Subjects

Data subjects have the following rights under POPIA:

  1. Access to personal information held by the Company.
  2. Request correction or deletion of personal information.
  3. Object to the processing of personal information.
  4. Object to direct marketing.
  5. Lodge a complaint with the Information Regulator.
  6. Be informed of the collection of personal information.
  7. Be notified of any data breach compromising their personal information.

5. Conditions for Lawful Processing

Growth Bridge Capital adheres to the eight conditions for lawful processing as prescribed in Chapter 3 of POPIA:

  • Accountability: All personal information is processed in compliance with POPIA.
  • Processing Limitation: Information is processed lawfully, fairly, and only with consent or legal justification.
  • Purpose Specification: Information is collected for a specific, lawful purpose.
  • Further Processing Limitation: Further use must be compatible with the original purpose of collection.
  • Information Quality: Information must be complete, accurate, and up to date.
  • Openness: Data subjects are informed about the collection and use of their information.
  • Security Safeguards: Appropriate measures are implemented to protect personal information.
  • Data Subject Participation: Individuals may access and correct their personal information.

6. Information Officer and Responsibilities

The Information Officer, registered with the Information Regulator, is responsible for:

  • Overseeing POPIA compliance and implementation.
  • Managing requests for access to personal information.
  • Ensuring employee awareness and training.
  • Reporting data breaches and maintaining incident logs.
  • Conducting POPIA audits and updating the PAIA Manual.

Each employee has a duty to protect personal information under their control and must report any suspected breach immediately.

7. Security Safeguards

Growth Bridge Capital employs technical and organisational measures to ensure information security, including:

  • Multi-factor authentication and encryption of sensitive data.
  • Secure password management and restricted system access.
  • Regular data backups and secure off-site storage.
  • Controlled physical access to facilities and records.
  • Clean-desk policy and locked filing cabinets.
  • Cybersecurity monitoring and penetration testing.
  • Third-party operator agreements that include data protection obligations.

8. Processing of Personal Information

Personal information is processed for legitimate business purposes, including but not limited to:

  • Client onboarding, financial management, and contract administration.
  • Employee recruitment, payroll, and HR management.
  • Supplier and partner management.
  • Compliance with FICA, FAIS, and other applicable laws.
  • Direct marketing (with consent) and customer relationship management.

Personal information will not be transferred across borders unless adequate data protection safeguards are in place.

9. Access Requests and Complaints

Data subjects may request access to or correction of their personal information by submitting a written request using PAIA Form C to the Information Officer at info@gbcapital.co.za.

Complaints regarding POPIA compliance may be submitted in writing to the Information Officer and will be acknowledged within two working days.

Unresolved complaints may be escalated to the Information Regulator.

10. Information Regulator Contact Details

Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Postal: P.O. Box 31533, Braamfontein, 2017 Email: PAIA.IR@justice.gov.za | complaints.IR@justice.gov.za | infoIR@justice.gov.za Website: https://www.justice.gov.za/inforeg

11. POPIA Compliance Monitoring and Audits

The Information Officer shall conduct regular audits to ensure compliance with this policy, verify security measures, and assess operator contracts.

Audit results will be reported to senior management for corrective action where necessary.

12. Disciplinary Action

Non-compliance with this policy constitutes a breach of company policy and may result in disciplinary action, including termination of employment, civil damages, or criminal prosecution where applicable.

13. Relationship to PAIA Manual

This policy must be read in conjunction with the Company’s PAIA Manual (2025 Edition), which details procedures for requesting access to information under Section 51 of the Promotion of Access to Information Act.

14. Review and Approval

This POPIA Policy will be reviewed annually or whenever material changes in legislation or the Company’s operations may impact information-processing activities.