← Back to Home

POPIA Compliance Statement

Last updated: 26 May 2026

MyPocketSmart is committed to complying with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA") and respecting the privacy rights of all data subjects who interact with our platform.

This statement outlines how we meet our obligations as a responsible party under POPIA when processing personal information of South African consumers.

1. Responsible Party

The responsible party for the processing of personal information collected through the MyPocketSmart platform is:

MyPocketSmart
Email: privacy@mypocketsmart.co.za
Website: mypocketsmart.co.za

2. Information Officer

In accordance with POPIA, MyPocketSmart has designated an Information Officer responsible for ensuring compliance with the Act and handling data subject requests. Enquiries may be directed to privacy@mypocketsmart.co.za.

3. Conditions for Lawful Processing

We process personal information in compliance with all eight conditions for lawful processing set out in POPIA:

Condition 1 — Accountability

We take responsibility for ensuring that personal information is processed lawfully and in accordance with POPIA. We maintain internal policies and procedures to govern data handling practices.

Condition 2 — Processing Limitation

We collect personal information only for specified, explicitly defined, and legitimate purposes related to our financial media and lead-generation services. We do not process data in a manner that is excessive or unrelated to those purposes.

Condition 3 — Purpose Specification

Personal information is collected for purposes including: processing financial readiness assessments, providing educational content, communicating with users, and referring qualified leads to partner financial service providers (with consent).

Condition 4 — Further Processing Limitation

We will not use personal information for purposes incompatible with the original purpose of collection, unless you have consented or further processing is permitted by law.

Condition 5 — Information Quality

We take reasonable steps to ensure personal information is complete, accurate, not misleading, and updated where necessary. You may request correction of inaccurate information at any time.

Condition 6 — Openness

We maintain this POPIA Compliance Statement and our Privacy Policy to inform data subjects about what information we collect, why we collect it, and how it is used.

Condition 7 — Security Safeguards

We implement appropriate technical and organisational security measures to protect personal information against loss, damage, unauthorised access, or unlawful processing. These include access controls, secure hosting, and confidentiality agreements with service providers.

Condition 8 — Data Subject Participation

We respect your rights as a data subject under POPIA, including the right to access, correct, delete, and object to the processing of your personal information, as detailed in Section 5 below.

4. Consent

Where we rely on consent as the basis for processing — such as when you submit our financial readiness assessment or opt in to marketing communications — we ensure that consent is:

  • Voluntary and specific to the stated purpose
  • Informed, with clear disclosure of how your data will be used
  • Given through a positive action (e.g. submitting a form or ticking an opt-in box)

You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

5. Your Rights as a Data Subject

Under POPIA, you have the following rights:

  • Right of access — request confirmation of whether we hold personal information about you and obtain a copy
  • Right to correction — request correction or deletion of inaccurate, irrelevant, excessive, or outdated information
  • Right to deletion — request destruction of personal information where we are no longer authorised to retain it
  • Right to object — object to processing on reasonable grounds relating to your particular situation
  • Right to complain — lodge a complaint with the Information Regulator if you believe your rights have been infringed

To submit a request, email privacy@mypocketsmart.co.za with sufficient detail to identify you and describe your request. We will respond within a reasonable timeframe as required by POPIA.

6. Cross-Border Transfers

Where personal information is transferred to service providers or partners located outside South Africa, we ensure that the recipient country provides an adequate level of protection for personal information, or that appropriate safeguards (such as contractual clauses) are in place as required by POPIA Section 72.

7. Direct Marketing

We will only send direct marketing communications where you have consented or where permitted under POPIA. Every marketing message will include a clear and free mechanism to opt out of further communications.

8. Data Breaches

In the event of a security compromise involving personal information, we will take appropriate steps to mitigate harm and, where required by law, notify the Information Regulator and affected data subjects without undue delay.

9. Information Regulator

If you are unsatisfied with our response to a privacy enquiry or request, you may contact the Information Regulator (South Africa):

Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za

10. Updates

We review our POPIA compliance practices regularly and will update this statement as our operations or applicable law change. The latest version will always be available on this page.