BACK TO HOME

POPIA Compliance Statement

Protection of Personal Information Act 4 of 2013

Our Commitment to POPIA

BidMyMove (Pty) Ltd is fully committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA) — South Africa's primary data protection legislation. POPIA regulates the manner in which personal information may be collected, processed, stored, shared, and destroyed, and it grants data subjects specific rights over their personal information.

We recognise that personal information is valuable, private, and deserving of protection. Our compliance with POPIA is not merely a legal obligation — it is a reflection of our commitment to operating with integrity and earning the trust of every customer, driver, and partner who uses our platform.

What is POPIA?

POPIA is the South African law that governs the processing of personal information by public and private bodies. It establishes eight conditions for lawful processing of personal information, which include:

  1. Accountability — The responsible party must ensure compliance with POPIA conditions.
  2. Processing Limitation — Personal information may only be collected for a specific, defined purpose.
  3. Purpose Specification — The purpose for collecting information must be disclosed at the time of collection.
  4. Further Processing Limitation — Information may not be processed for a purpose incompatible with the original purpose.
  5. Information Quality — Personal information must be accurate, complete, and kept up to date.
  6. Openness — Data subjects must be informed about the collection and use of their personal information.
  7. Security Safeguards — Appropriate security measures must be implemented to protect personal information.
  8. Data Subject Participation — Data subjects have the right to access, correct, and request deletion of their personal information.

BidMyMove's data practices are structured around all eight of these conditions.

Our Information Officer

In accordance with POPIA, BidMyMove has designated an Information Officer who is responsible for overseeing our compliance with POPIA and responding to data subject requests. Our Information Officer has been registered with the Information Regulator of South Africa as required by law.

To contact our Information Officer: Email: privacy@bidmymove.co.za

What Personal Information We Collect

BidMyMove collects personal information that is necessary for the provision of our services. This includes name, contact details, location data, payment information, and verification documentation for drivers. Full details of the information we collect are set out in our Privacy Policy.

We apply the principle of minimum necessary information — we collect only what we need, and we do not collect personal information speculatively or in excess of what our services require.

How We Use Your Personal Information

We use personal information only for the specific purposes disclosed at the time of collection or in our Privacy Policy. We do not sell, rent, or trade your personal information to third parties for commercial purposes.

Where we share personal information with third-party service providers (such as payment processors or cloud infrastructure providers), those providers are bound by data processing agreements that require them to process personal information lawfully and securely.

Security Safeguards

BidMyMove implements technical and organisational security measures to protect personal information against:

  • Unauthorised access
  • Loss or accidental destruction
  • Unlawful processing
  • Data breaches

Our security measures include encrypted data transmission, encrypted storage, role-based access controls, regular security audits, and the use of PCI-DSS compliant payment processing.

In the event of a security compromise that poses a risk to the personal information of our users, BidMyMove will notify affected data subjects and the Information Regulator in accordance with Section 22 of POPIA.

Your Rights Under POPIA

As a data subject, you have the following rights in relation to your personal information held by BidMyMove:

  • Right of Access (Section 23): You have the right to request confirmation of whether BidMyMove holds personal information about you and to request access to that information.
  • Right to Correction or Deletion (Section 24): You have the right to request that BidMyMove correct, destroy, or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
  • Right to Object (Section 11(3)): You have the right to object, on reasonable grounds, to the processing of your personal information. Where processing is for direct marketing purposes, you may object at any time without the need to provide reasons.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before withdrawal.
  • Right to Complain: If you believe that BidMyMove has processed your personal information in contravention of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa.

Information Regulator of South Africa

The Information Regulator is the independent body responsible for the enforcement of POPIA in South Africa. Their contact details are:

Website: www.inforegulator.org.za

Email: inforeg@justice.gov.za

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

How to Exercise Your Rights

To exercise any of your POPIA rights, or to make a query or complaint about how BidMyMove handles your personal information, please contact us:

Email: privacy@bidmymove.co.za

Response time: We will acknowledge your request within 3 business days and respond fully within 30 days, as required under POPIA.

We may request proof of identity before processing your request to ensure that personal information is not disclosed to unauthorised parties.

Updates to Our POPIA Compliance Statement

BidMyMove reviews its data protection practices on an ongoing basis. This compliance statement will be updated as our practices evolve or as regulatory guidance is issued by the Information Regulator. The date of the most recent update is indicated at the top of this document.