Protection of Personal Information Act, 4 of 2013
SOCO ENERGY (Pty) Ltd is fully committed to compliance with the Protection of Personal Information Act (POPIA), Act 4 of 2013, which came into full effect on 1 July 2021. This page sets out how we give effect to the Act's eight conditions for lawful processing, and explains your rights as a data subject in plain language.
At SOCO ENERGY, we handle the personal information of our clients, employees, suppliers, and website visitors with the same rigour we apply to our engineering and financial work — systematically, responsibly, and with full accountability.
We believe that data protection is not merely a legal obligation, but a foundation of trust. We process personal information only where we have a clear, lawful purpose, and we give you genuine control over how your information is used.
The Protection of Personal Information Act (POPIA) is South Africa's primary data protection legislation. It establishes the minimum standards for the lawful processing of personal information and gives individuals the right to privacy as enshrined in Section 14 of the Constitution of the Republic of South Africa.
POPIA applies to any person or organisation that processes personal information within South Africa, or processes the personal information of South African data subjects. It is administered and enforced by the Information Regulator of South Africa.
Key definitions under POPIA that are relevant to our operations:
POPIA sets out eight conditions that must be satisfied for personal information to be processed lawfully. SOCO ENERGY gives effect to all eight:
We take responsibility for ensuring POPIA compliance across our organisation and have appointed a dedicated Information Officer.
We collect only the personal information that is adequate, relevant, and not excessive for the specific purpose — and only with your knowledge or consent where required.
We collect personal information for a specific, explicitly defined, and lawful purpose, and do not process it in a manner incompatible with that purpose.
Any further processing of personal information is compatible with the original purpose of collection. We do not repurpose your data without a valid lawful ground.
We take reasonable steps to ensure the personal information we hold is complete, accurate, not misleading, and kept up to date.
We maintain a PAIA Manual and notify data subjects of how their information is collected and used. This page, together with our Privacy Policy, gives effect to this condition.
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, alteration, or destruction.
We respect your right to access, correct, and request deletion of your personal information, and respond to all such requests within the statutory timeframes.
The Responsible Party under POPIA — the entity that determines why and how personal information is processed — is:
In terms of Section 55 of POPIA, SOCO ENERGY has designated an Information Officer who is responsible for overseeing our compliance with POPIA, handling data subject requests, and liaising with the Information Regulator.
All POPIA-related queries, access requests, complaints, and corrections should be directed to the Information Officer:
We will acknowledge your request within 3 business days and respond fully within 30 days as required by POPIA.
The categories of personal information we process, and the lawful ground for each, are set out below:
For a full description of our collection and use practices, please refer to our Privacy Policy.
POPIA grants you the following rights in respect of your personal information. We honour all of these rights without charge, subject to the statutory timeframes:
| Right | What it means |
|---|---|
| Right of access | You may request a copy of all personal information we hold about you, along with details of how and why it is being processed. |
| Right to correction | You may request that inaccurate, incomplete, or outdated personal information be corrected or updated. |
| Right to deletion | You may request that we delete your personal information where we no longer have a lawful basis to retain it. Certain legal retention obligations may limit this right. |
| Right to object | You may object to the processing of your personal information where we rely on legitimate interest as our lawful ground, including any direct marketing activities. |
| Right to withdraw consent | Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. |
| Right to complain | You have the right to lodge a complaint with the Information Regulator of South Africa if you believe we have processed your personal information unlawfully. |
To exercise any of these rights, submit a written request to our Information Officer at core@soco.energy. We may ask you to verify your identity before processing your request.
POPIA affords heightened protection to certain categories of personal information, referred to as special personal information. These categories include data relating to:
SOCO ENERGY does not intentionally collect or process any special categories of personal information in the ordinary course of our business. Where such information is incidentally disclosed (for example, in free-text correspondence), it will be treated with the highest level of confidentiality and deleted as soon as it is no longer needed.
We engage certain third-party service providers — called operators under POPIA — to assist us in delivering our services. These include providers of CRM software, email delivery platforms, cloud storage, and analytics tools.
All operators are:
We do not sell, rent, or share personal information with third parties for their own marketing or commercial purposes.
Some of the third-party platforms we use (such as cloud infrastructure or SaaS tools) may process or store data in jurisdictions outside South Africa. In terms of Section 72 of POPIA, we only transfer personal information outside South Africa where:
We take reasonable steps to ensure that all cross-border transfers of personal information maintain the same standard of protection required under POPIA.
In the event of a security compromise (data breach) that affects your personal information, SOCO ENERGY will:
Notification will include the nature of the breach, the personal information involved, the measures we have taken, and the steps you can take to protect yourself.
If you believe that SOCO ENERGY has processed your personal information in contravention of POPIA, we encourage you to first contact our Information Officer at core@soco.energy so that we may resolve the matter directly.
If you remain dissatisfied after engaging with us, you have the right to lodge a formal complaint with the Information Regulator of South Africa:
The Information Regulator may investigate your complaint and take enforcement action if it finds that POPIA has been contravened.
For all POPIA-related matters — including access requests, objections, corrections, deletions, or general queries about how we handle your personal information — please contact our Information Officer:
We are committed to resolving all data protection matters promptly, professionally, and in good faith.