POPIA Compliance

Last Updated: February 26, 2026

1. What is POPIA?

The Protection of Personal Information Act ("POPIA") is South Africa's data protection law. It sets out conditions for the lawful processing of personal information by public and private bodies. Foundation-1 is fully committed to upholding the principles of POPIA to protect our clients' and users' information.

2. Our Information Officer

Foundation-1 has appointed an Information Officer and Deputy Information Officers to ensure compliance with POPIA. Our Information Officer is responsible for:

  • Encouraging compliance with the conditions for the lawful processing of personal information.
  • Dealing with requests made to the body pursuant to POPIA.
  • Working with the Information Regulator in relation to investigations.
  • Ensuring and maintaining compliance with PAIA and POPIA.

3. Lawful Processing Principles

We adhere to the eight conditions for the lawful processing of personal information:

**1. Accountability:** We ensure that all processing activities are in compliance with POPIA.

**2. Processing Limitation:** We only process personal information where it is necessary, lawful, and relevant to our energy infrastructure services.

**3. Purpose Specification:** Personal information is collected for specific, explicitly defined, and lawful purposes related to our business functions.

**4. Further Processing Limitation:** Any further processing of personal information is only carried out if it is compatible with the original purpose of collection.

**5. Information Quality:** We take reasonably practicable steps to ensure that the personal information we collect is complete, accurate, and not misleading.

**6. Openness:** We maintain documentation of all processing operations and provide clear notices to data subjects about the information we collect.

**7. Security Safeguards:** We implement technical and organizational measures to prevent loss, damage, or unauthorized access to personal information.

**8. Data Subject Participation:** We provide mechanisms for data subjects to access, correct, or delete their personal information.

4. Security Measures

We employ robust security measures to protect personal information, including:

  • Encryption of sensitive data both in transit and at rest.
  • Strict access controls based on the principle of least privilege.
  • Regular security audits and vulnerability assessments.
  • Employee training on data protection and POPIA compliance.
  • Physical security controls for on-site energy infrastructure hardware.

5. Cross-Border Data Transfers

Foundation-1 strives to keep data processing within the Republic of South Africa. In instances where personal information must be transferred cross-border, we ensure that the recipient is subject to law, binding corporate rules, or binding agreements which provide an adequate level of protection that is either the same or substantially similar to the conditions for lawful processing as set out in POPIA.

6. Data Breach Management

In the event of a security breach where personal information has been compromised, Foundation-1 will notify the Information Regulator and the affected data subjects as soon as reasonably possible, taking into account the legitimate needs of law enforcement or any measures necessary to determine the scope of the compromise and restore the integrity of the information system.

7. Access and Correction

Under POPIA, you have the right to request:

  • Confirmation of whether Foundation-1 holds your personal information.
  • The record or a description of the personal information held by us.
  • The identities of any third parties who have had access to your personal information.

You may also request the correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, or misleading.

8. Complaints

If you believe Foundation-1 has not complied with POPIA, you have the right to lodge a complaint with the Information Regulator:

**The Information Regulator (South Africa)**
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@justice.gov.za / inforeg@justice.gov.za

9. Contact Us

For any POPIA-related inquiries, please contact our Information Officer at popia@foundation-1.co.za.