Protection Of Personal Information (POPI) Policy

1. Purpose

The purpose of this policy is to ensure that ALVA Group Projects complies with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), by establishing minimum standards for the lawful processing of personal information and safeguarding the privacy rights of individuals. This policy sets out how personal information is collected, used, stored, and protected within the organization.

2. Scope

This policy applies to all ALVA Group Projects employees, contractors, and service providers who have access to personal information processed by the company, including client, supplier, employee, and third-party data.

3. Legal Framework

This policy is guided by the Protection of Personal Information Act, 4 of 2013, which promotes the protection of personal information processed by public and private bodies and provides for the rights of data subjects, the responsibilities of responsible parties, and the enforcement of compliance.

4. Policy Statements

4.1. POPIA Principles for Processing Personal Information

ALVA Group Projects commits to the following principles in processing personal information:

  • Accountability: ALVA will ensure compliance with POPIA and take responsibility for personal information in its possession.
  • Processing Limitation: Only collect and process personal information that is necessary, lawful, and justified.
  • Purpose Specification: Collect personal information for a specific, lawful purpose and only use it for that defined purpose.
  • Further Processing Limitation: Ensure that further processing is aligned with the original purpose of collection.
  • Information Quality: Take steps to ensure that collected personal information is complete, accurate, and up to date.
  • Openness: Inform data subjects of the purpose for which their data is being collected and maintain transparency.
  • Security Safeguards: Secure all personal information through appropriate technical and organisational measures.
  • Data Subject Participation: Allow individuals to access, update, or request deletion of their personal information where applicable.

4.2. Collection and Use of Personal Information

  • Personal information will only be collected for legitimate business purposes and in a manner that does not infringe on the privacy rights of the individual.
  • Individuals will be informed of the reason their information is being collected and how it will be used.

4.3. Consent

  • Consent will be obtained from data subjects where required by law before collecting, processing, or sharing personal information.
  • Data subjects may withdraw consent at any time, provided legal or contractual obligations do not override such withdrawal.

4.4. Rights of Data Subjects

  • Individuals may request access to personal information ALVA holds about them.
  • Individuals may request the correction or deletion of inaccurate, outdated, or unnecessary information.
  • All requests must be submitted in writing to the company’s designated Information Officer.

4.5. Security Safeguards

  • ALVA Group Projects will implement appropriate IT, physical, and administrative safeguards to protect personal information from loss, damage, unauthorised destruction, and unlawful access.
  • Regular security audits will be conducted to identify and mitigate risks.

4.6. Training and Awareness

  • All employees will receive POPIA awareness training to understand their responsibilities under this policy and the legislation.
  • Training will be conducted during onboarding and refreshed annually or when significant updates occur.

5. Information Officer

The appointed Information Officer is responsible for overseeing the implementation of this policy and ensuring compliance with POPIA. All POPIA-related enquiries and requests must be directed to:

Name: AJ van Antwerpen
Email: ali@alvagroup.co.za
Designation: Director acting as Information Officer

6. Disciplinary Action

Failure to comply with this policy may result in disciplinary action, up to and including dismissal. The severity of action will depend on the nature of the breach and its impact on the company and data subject(s).Name: AJ van Antwerpen
Email: ali@alvagroup.co.za
Designation: Director acting as Information Officer

7. Review and Amendment of Policy

This policy will be reviewed annually or in response to legislative updates. Amendments will be approved by the management team and communicated to all relevant stakeholders.

Approved by: Executive Committee
Date: June 2025
Next Review Date: June  2026

Leave Reply

Your email address will not be published. Required fields are marked *

Contact Us


Office - 010 500 6532
Email - info@alvagroup.co.za

291 Gouws Ave
Wierdapark, Centurion, 0157
South Africa

Quick Links