POPIA Compliance Statement

Last updated: 5 February 2025

1. Introduction

BidReady is built and owned by TSP Digital (Pty) Ltd (registration number 2013/198107/07). TSP Digital (Pty) Ltd, as the Responsible Party for the processing of your personal information in connection with BidReady, is committed to compliance with the Protection of Personal Information Act (POPIA) No. 4 of 2013 of South Africa. This document outlines how we comply with POPIA requirements in processing your personal information.

2. Information Officer

In accordance with POPIA Section 55, TSP Digital (Pty) Ltd, as the Responsible Party, has designated an Information Officer responsible for ensuring compliance with POPIA. For any POPIA-related inquiries, please contact:

Email: privacy@bidready.co.za

3. Lawful Basis for Processing

We process personal information in accordance with POPIA Section 11, which requires lawful basis for processing. We process your information based on:

  • Consent: You have given clear consent for us to process your personal information
  • Contract: Processing is necessary for the performance of a contract with you
  • Legal obligation: Processing is necessary for compliance with a legal obligation
  • Legitimate interests: Processing is necessary for our legitimate business interests

4. Conditions for Lawful Processing

We ensure all processing complies with POPIA's eight conditions for lawful processing:

  1. Accountability: We take responsibility for ensuring compliance with POPIA
  2. Processing Limitation: We only collect and process information that is necessary
  3. Purpose Specification: We clearly specify the purpose for collecting information
  4. Further Processing Limitation: We limit further processing to compatible purposes
  5. Information Quality: We ensure information is accurate and up-to-date
  6. Openness: We are transparent about our data processing practices
  7. Security Safeguards: We implement appropriate security measures
  8. Data Subject Participation: We respect your rights to access and correct your information

5. Your Rights Under POPIA

As a data subject, you have the following rights:

  • Right to be notified: You have the right to be notified when we collect your information
  • Right of access: You can request access to your personal information
  • Right to correction: You can request correction of inaccurate information
  • Right to deletion: You can request deletion of your personal information
  • Right to object: You can object to processing of your information
  • Right to withdraw consent: You can withdraw consent at any time
  • Right to complain: You can lodge a complaint with the Information Regulator

6. Security Measures

We implement appropriate technical and organizational measures to protect personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Secure hosting infrastructure (Supabase)
  • Regular backups and disaster recovery procedures

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When information is no longer needed, we securely delete or anonymize it.

8. Third-Party Processors

We use third-party service providers who process personal information on our behalf:

  • Supabase: Data storage and authentication (POPIA compliant)
  • Paystack: Payment processing (POPIA compliant)
  • OpenAI: AI processing (data is not stored by OpenAI)

All third-party processors are required to comply with POPIA and maintain appropriate security measures.

9. Cross-Border Transfers

Some of our service providers may process data outside South Africa. We ensure that:

  • Transfers comply with POPIA Section 72 requirements
  • Adequate protection measures are in place
  • You are informed of any cross-border transfers

10. Breach Notification

In the event of a security breach that compromises personal information, we will:

  • Notify the Information Regulator within 72 hours (if required)
  • Notify affected data subjects without undue delay
  • Take immediate steps to contain and remediate the breach

11. Contact Information

For any POPIA-related inquiries or to exercise your rights, please contact our Information Officer:

Email: privacy@bidready.co.za
Registered address: Mikro Industrial Park 17 Hammer Avenue Randburg, 2191 ,Gauteng, South Africa

Information Regulator:
Website: https://www.justice.gov.za/inforeg/