POPIA Policy

Protection of Personal Information Act Compliance

Reinvent Debt Solutions (Pty) Ltd | Last updated: October 19, 2025

Our Commitment

Reinvent Debt Solutions is committed to complying with the Protection of Personal Information Act (POPIA) of South Africa and embracing Treating Customers Fairly (TCF) principles in providing debt review services. We safeguard client personal information and foster trust through responsible data handling practices.

1. Introduction and Context

The Protection of Personal Information Act (POPIA) was promulgated on 26 November 2013 in South Africa. POPIA aims to promote the right to privacy while protecting the flow of information and advancing access to and protection of information, setting rules for processing personal information about individuals and juristic persons.

Key Implementation Facts:
  • Effective Date: 1 July 2021
  • Enforcement Agency: Information Regulator South Africa
  • Penalties: Up to R10 million fine and/or 10 years imprisonment
  • Scope: All businesses processing personal information in South Africa
TCF Integration:

Our POPIA compliance integrates with Treating Customers Fairly (TCF) principles, ensuring fair treatment of clients in debt review processes and transparent, ethical handling of personal information.

2. Definitions

Data Subject:

Clients of Reinvent Debt Solutions and any individual whose personal information we process for debt review purposes.

Personal Information:

Information relating to an identifiable living individual, including names, contact details, identity numbers, financial information, and other sensitive data as defined under POPIA.

Processing:

Any operation concerning personal information, including collection, storage, use, modification, transmission, or destruction of data.

Responsible Party:

Reinvent Debt Solutions (Pty) Ltd, as the entity determining the purposes and means of processing personal information for debt review services.

Operator:

Third parties like Payment Distribution Agencies (PDAs) and Credit Bureaus that process client data on behalf of Reinvent Debt Solutions under contractual agreements.

Information Officer:

The designated person responsible for overseeing POPIA compliance, handling data subject requests, and managing data protection aspects.

3. Purpose and Objectives

This POPIA policy outlines Reinvent Debt Solutions' commitment to:

  • Protecting personal information in accordance with POPIA requirements
  • Ensuring lawful, fair, and transparent processing of client data
  • Promoting accountability and responsible data handling practices
  • Upholding the constitutional right to privacy (Section 14 of the SA Constitution)
  • Integrating fair customer treatment principles into data processing activities
  • Maintaining trust through transparent communication about data use

4. POPIA Principles

Reinvent Debt Solutions adheres to the eight core principles of POPIA for lawful processing of personal information:

Accountability

We take responsibility for ensuring compliance with all POPIA conditions and implementing necessary measures to protect personal information.

Processing Limitation

Personal information is processed lawfully, fairly, and transparently, with adequate, relevant, and non-excessive data collection.

Purpose Specification

Data is collected for specific, explicitly defined, and legitimate debt review purposes only.

Further Processing Limitation

Information is not processed for secondary purposes unless compatible with the original debt review purpose.

Information Quality

We ensure personal information is accurate, complete, up-to-date, and not misleading.

Openness

Data subjects are informed about information collection, processing purposes, and their rights under POPIA.

Security Safeguards

Appropriate technical and organizational measures protect against unauthorized access, loss, or damage.

Data Subject Participation

Clients have rights to access, correct, and request deletion of their personal information.

TCF Alignment:

These POPIA principles align with Treating Customers Fairly (TCF) by ensuring transparency, fair treatment, and respect for client rights throughout the debt review process.

5. Roles and Responsibilities

Information Officer

Reinvent Debt Solutions has appointed an Information Officer responsible for:

  • Overseeing POPIA compliance
  • Handling data subject requests
  • Managing data protection and breach response
  • Ensuring staff awareness and training
  • Regular compliance reviews
Responsible Party

As the Responsible Party, Reinvent Debt Solutions:

  • Determines processing purposes and means
  • Ensures POPIA principle compliance
  • Maintains appropriate safeguards
  • Manages operator relationships
  • Responds to regulatory requirements
Third-Party Operators:

Payment Distribution Agencies (PDAs) and Credit Bureaus processing client data on our behalf operate under strict POPIA-compliant agreements ensuring appropriate data handling and security measures.

6. Data Processing for Debt Review

Lawful Processing Purposes

Reinvent Debt Solutions processes client personal and financial data for:

  • Over-indebtedness Assessment: Evaluating client financial situations
  • Debt Review Management: Managing ongoing debt review arrangements
  • Credit Provider Negotiations: Communicating with creditors for restructuring
  • Payment Distribution: Facilitating payments through PDAs
  • Legal Compliance: Meeting National Credit Act requirements
  • Client Communication: Providing updates and support
  • Record Keeping: Maintaining required documentation
Types of Information Processed
Personal Details
  • Full names
  • Identity numbers
  • Contact information
  • Employment details
Financial Information
  • Income and expenses
  • Banking details
  • Credit agreements
  • Debt information
Credit Data
  • Credit bureau reports
  • Credit scores
  • Payment histories
  • Default information

7. Security Measures

Technical Safeguards
Device Security

Laptops and devices used for accessing client data have:

  • Encryption protection
  • Strong password requirements
  • Access controls and authentication
  • Regular security updates
Database Protection

Client data in databases is secured through:

  • Access controls and role-based permissions
  • Encryption for storage and transmission
  • Regular security reviews and updates
  • Secure backup and recovery procedures
Network Security

Network protection includes:

  • Firewalls and intrusion detection systems
  • Secure transmission protocols
  • Regular security monitoring
  • Physical security measures for offices
Organizational Safeguards
  • Staff Training: Regular POPIA awareness and data protection training
  • Access Management: Authorized personnel only access client data for legitimate purposes
  • Document Security: Physical documents with client data have appropriate safeguards
  • Compliance Reviews: Regular assessment of security measures and procedures

8. Client Rights Under POPIA

As data subjects, clients have the following rights under POPIA, which align with our TCF commitment to fair treatment:

Access Rights
  • Request access to personal data held for debt review
  • Obtain information about processing purposes
  • Know who has access to their information
Correction Rights
  • Request correction of inaccurate data
  • Update incomplete information
  • Ensure data quality and accuracy
Objection Rights
  • Object to certain processing activities
  • Withdraw consent where applicable
  • Request restriction of processing
Deletion Rights
  • Request deletion of personal information
  • Subject to legal retention requirements
  • Particularly after debt review completion
Fair Treatment Process:

Reinvent Debt Solutions handles all client requests fairly and transparently per POPIA and TCF principles. We respond within statutory timeframes and provide clear explanations of our decisions and processes.

9. Breach Response and Notification

Breach Detection and Response

Reinvent Debt Solutions has established processes for:

  • Detection: Identifying potential data breaches affecting client information
  • Assessment: Evaluating the nature and extent of the breach
  • Containment: Immediate steps to stop and remedy the breach
  • Investigation: Determining causes and implementing preventive measures
Notification Requirements

In case of breaches impacting client data, Reinvent Debt Solutions will:

  • Notify the Information Regulator within 72 hours where feasible
  • Inform affected data subjects without undue delay
  • Provide sufficient information for protective measures
  • Document the breach and response actions taken

10. Third-Party Compliance

Credit Bureaus

Client credit data is obtained lawfully per POPIA requirements. We ensure compliance when handling data from Credit Bureaus for debt review assessments and maintain appropriate agreements covering data protection responsibilities.

Payment Distribution Agencies (PDAs)

PDAs processing client payments operate under POPIA-compliant agreements ensuring:

  • Appropriate security measures for client financial data
  • Limited processing to authorized payment distribution purposes
  • Compliance with operator responsibilities under POPIA
  • Regular review of data handling practices
Operator Agreements

All third-party operators handling client data must:

  • Sign comprehensive POPIA compliance agreements
  • Implement equivalent security safeguards
  • Provide breach notification capabilities
  • Submit to regular compliance audits

11. Client Communication and Transparency

Reinvent Debt Solutions communicates with clients regarding:

Data Use Explanation

Clear communication about how client data is used for debt review purposes, ensuring transparency per POPIA requirements.

Rights Awareness

Informing clients about their POPIA rights and how to exercise them, promoting fair treatment and empowerment.

Process Transparency

Fair and transparent explanation of debt review processes, maintaining trust and enabling informed decisions.

12. Compliance and Review

Ongoing Compliance
  • Regular Reviews: Periodic assessment of POPIA compliance measures
  • Information Officer Oversight: Dedicated oversight of data protection practices
  • Staff Awareness: Ongoing training on POPIA and fair treatment principles
  • Policy Updates: Regular review and updating of policies and procedures
  • Risk Management: Continuous assessment and mitigation of compliance risks
Documentation and Records

Reinvent Debt Solutions maintains comprehensive documentation of:

  • Processing activities and purposes
  • Consent and lawful basis records
  • Security measures and incident responses
  • Data subject requests and responses
  • Third-party agreements and compliance assessments

13. Contact Information

For POPIA-related inquiries, data subject requests, or compliance concerns, please contact our Information Officer:

Information Officer

info@reinventdebt.co.za
010 502 1977
Monday - Friday, 9am - 4pm
Saturdays, Sundays & Public holidays - closed
Subject: "POPIA Request" for priority handling

Information Regulator

www.justice.gov.za/inforeg/
inforeg@justice.gov.za
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001

Our POPIA Commitment

Reinvent Debt Solutions is committed to upholding the principles of the Protection of Personal Information Act (POPIA) in safeguarding client personal information, fostering trust through responsible data handling practices in our debt review services, and ensuring fair treatment of all clients throughout their journey to financial freedom.