POPIA Compliance
Effective Date: June 1, 2025
Learn how Accounter complies with South Africa's Protection of Personal Information Act (POPIA) and understand your rights under this important privacy legislation.
Contents
POPIA Overview
The Protection of Personal Information Act (POPIA) is South Africa's comprehensive privacy and data protection law that governs how organizations collect, process, store, and share personal information. At Accounter, we are committed to protecting your privacy and ensuring compliance with POPIA requirements. This page explains how we comply with POPIA and outlines your rights under this important South African legislation.
Responsible Party & Information Officer
Accounter acts as a responsible party for personal information collected through our website and software platform. We have appointed an Information Officer who is responsible for overseeing our data protection strategy and ensuring compliance with POPIA requirements. You can contact our Information Officer at info@accounter.com.
Our Information Officer Responsibilities
Our Information Officer monitors our POPIA compliance, advises on data protection obligations, provides advice regarding Privacy Impact Assessments, and serves as a contact point for data subjects and the Information Regulator of South Africa.
Contact Information
You can contact our Information Officer by email at info@accounter.com or by mail at: Accounter Information Officer, 123 Accounting Way, Suite 400, Cape Town, Western Cape, 8001.
Conditions for Processing
Under POPIA, we must have a lawful condition for processing your personal information. Depending on the context, we process your personal information on the following legal grounds:
Contractual Performance
We process your personal information to perform our contract with you when you use our accounting software services. This includes processing account information, financial data you input, and service usage information necessary to provide our services.
Legitimate Interests
We process certain information based on our legitimate interests, which include improving our services, ensuring network security, preventing fraud, and direct marketing of similar products. We balance our interests against your privacy rights and will not process information on this basis if your rights override our interests.
Consent
For certain types of processing, such as sending marketing communications or collecting certain types of non-essential cookies, we rely on your explicit consent. You have the right to withdraw your consent at any time.
Legal Obligation
We may process your information to comply with legal obligations, such as maintaining financial records for tax purposes or responding to valid legal requests from law enforcement or regulatory authorities including the South African Revenue Service (SARS).
Your Rights Under POPIA
POPIA provides you with several rights regarding your personal information. As a user of Accounter, you have the following rights:
Right to Access
You have the right to request access to the personal data we hold about you and to receive a copy of this information in a structured, commonly used, and machine-readable format.
Right to Rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information corrected or completed without undue delay.
Right to Erasure (Right to be Forgotten)
In certain circumstances, you have the right to request the deletion of your personal data, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent on which the processing is based.
Right to Restriction of Processing
You have the right to request restriction of the processing of your personal data in specific situations, such as when you contest the accuracy of the data or when the processing is unlawful.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from us, where technically feasible.
Right to Object
You have the right to object to the processing of your personal data for direct marketing purposes, for scientific or historical research, or for legitimate interests pursued by us or a third party.
Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply.
How to Exercise Your Rights
You can exercise your POPIA rights by contacting our Information Officer at info@accounter.com. We will respond to your request within a reasonable time, generally within 30 days of receipt. This period may be extended where necessary, taking into account the complexity and number of requests. In such cases, we will inform you of the extension along with the reasons for the delay.
Verification Process
To protect your information and ensure proper handling of your request, we may need to verify your identity before processing your request. We may ask for specific information to help us confirm your identity.
No Fee Required
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Request Form
To help streamline the process, we provide a standardized form for data subject requests through our account settings page. Using this form ensures we have all the information needed to process your request efficiently.
Data Processing Activities
At Accounter, we process personal data for various purposes related to providing our accounting software services. Below is a summary of our key data processing activities:
Account Management
We process personal information such as name, email address, and contact details to create and manage user accounts, authenticate users, and provide customer support.
Accounting Services
We process financial data, transaction records, and other accounting information that users input or import into our platform to provide core accounting services.
Analytics and Service Improvement
We analyze usage patterns and application performance to improve our services, fix bugs, and enhance user experience.
Communication
We process contact information to send service updates, notifications, and (with consent) marketing communications about our products and services.
Legal Compliance
We maintain records as required by applicable laws and regulations, including financial and tax reporting obligations.
Cross-Border Information Transfers
Accounter may transfer personal information to countries outside South Africa. When we transfer personal information internationally, we ensure adequate safeguards are in place to protect your information in compliance with POPIA requirements.
Adequate Protection
Where possible, we transfer information to countries that provide an adequate level of protection for personal information as determined by South African law or international agreements.
Binding Corporate Rules
For transfers to countries without adequate protection, we implement appropriate safeguards, including binding corporate rules and contractual clauses that ensure protection of your personal information.
Additional Safeguards
We implement additional technical and organizational measures to ensure that your information receives an adequate level of protection, such as encryption, access controls, and regular security assessments.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.
Account Data
We retain account information for as long as your account is active. After account closure, we may retain certain information for a limited period to comply with legal obligations or for legitimate business purposes.
Financial Data
Financial and accounting data may be retained for longer periods to comply with South African tax and financial reporting regulations, typically 5-7 years as required by SARS and other applicable laws.
Usage Data
We retain usage data and analytics information in an anonymized or pseudonymized form for statistical purposes and service improvement.
Data Security Measures
Protecting your personal data is a priority at Accounter. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption
We use industry-standard encryption for data in transit and at rest to protect sensitive information from unauthorized access.
Access Controls
We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access personal data.
Regular Security Assessments
We conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security risks.
Data Breach Procedures
We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay.
Privacy Impact Assessments
For processing activities that may result in a high risk to your rights and freedoms, we conduct Privacy Impact Assessments (PIAs) to identify and minimize these risks. These assessments help us implement appropriate safeguards and ensure POPIA compliance from the design stage through the entire information processing lifecycle.
Children's Data
Our services are not intended for children under 18 years of age, and we do not knowingly collect personal data from children. If we learn that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.
Complaints
If you believe that our processing of your personal information infringes POPIA or other data protection laws, you have the right to lodge a complaint with the Information Regulator of South Africa. We would, however, appreciate the chance to address your concerns before you approach the regulator, so please contact us first at info@accounter.com.
Changes to Our POPIA Compliance Statement
We may update this POPIA compliance statement from time to time in response to changing legal, technical, or business developments. When we update this statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
Contact Us
If you have any questions about our POPIA compliance or how we handle your personal information, please contact our Information Officer at info@accounter.com or by mail at: Accounter Information Officer, 123 Accounting Way, Suite 400, Cape Town, Western Cape, 8001.
Your POPIA Rights at a Glance
Access & Portability
Request a copy of your data in a structured, machine-readable format
Rectification
Request corrections to inaccurate or incomplete data
Erasure
Request deletion of your personal data in certain circumstances
Objection
Object to processing of your personal data in certain circumstances
If you wish to exercise any of these rights or have questions about how we process your information, please contact our Information Officer.