POPIA Compliance Framework for My Little Kitchen

This document outlines the policies and procedures implemented by My Little Kitchen to ensure full compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA). It serves as a comprehensive framework for the lawful processing of personal information.


1. Accountability

My Little Kitchen is the Responsible Party for all personal information collected and processed in connection with our services. We are committed to ensuring compliance with POPIA and upholding the rights of all data subjects.

  • Information Officer: The appointed Information Officer for My Little Kitchen is [Your Name/Name of Person], and their contact details are [Email Address] and [Phone Number]. This individual is responsible for overseeing our POPIA compliance efforts and handling all related queries. The Information Officer has been or will be registered with the Information Regulator of South Africa.
  • Delegation: The Information Officer may delegate duties to a Deputy Information Officer, but the final responsibility for compliance remains with the Responsible Party.


2. Processing Limitation

We only collect, hold, use, and share personal information when it is directly relevant to a specific, defined, and lawful purpose. We will not process personal information beyond what is necessary for that purpose.

  • Minimality: We only collect the minimum amount of personal information required to fulfill our business functions (e.g., fulfilling an order, managing a customer account, providing customer service).
  • Lawfulness: The processing of personal information is based on the consent of the data subject. Where applicable, processing may also be based on a legal obligation or contract with the data subject.


3. Purpose Specification & Further Processing Limitation

Personal information is collected for the following explicit purposes:

  • To process and fulfill customer orders.
  • To manage user accounts and provide access to our services.
  • To communicate with customers regarding their orders, promotions, and news.
  • For internal business functions such as data analysis, improving our services, and identifying usage trends.

Any further processing of personal information will be compatible with these original purposes. If we need to use your data for a new, unrelated purpose, we will first seek your specific, informed consent.


4. Information Quality

We are committed to maintaining the accuracy and integrity of the personal information we hold.

  • Accuracy: We will take reasonable steps to ensure that personal information is accurate, complete, and not misleading. We encourage data subjects to update their information through their user account or by contacting us directly.
  • Data Subjects’ Right to Rectification: Data subjects have the right to request the correction of their personal information if it is inaccurate or incomplete.


5. Openness

We are transparent about our data processing activities. Our Privacy Policy, available on our website, clearly outlines the types of personal information we collect, the purposes for which it is used, and the rights of data subjects.

  • Notification: We will notify data subjects at the point of collection about the purpose of the processing, who the Responsible Party is, and their rights under POPIA.
  • Information Regulator: We will inform data subjects of their right to lodge a complaint with the Information Regulator of South Africa if they feel their rights have been infringed.
  • Information Regulator Contact Details:
  • Website: www.inforegulator.org.za
  • Email: complaints.IR@justice.gov.za


6. Security Safeguards

We have implemented appropriate, reasonable technical and organizational measures to ensure the integrity and confidentiality of personal information.

  • Security Measures: We use secure hosting, encryption where appropriate, and access controls to prevent unauthorized access, loss, or destruction of personal information.
  • Third-Party Operators: We have written contracts with any third-party operators (like payment processors or web hosts) to ensure they also implement sufficient security measures and comply with POPIA.
  • Data Breach Protocol: In the event of a security compromise, we will follow a formal incident response plan to contain the breach, assess the damage, and notify the Information Regulator and affected data subjects as soon as reasonably possible.


7. Data Subject Participation

POPIA grants data subjects specific rights over their personal information. We respect and facilitate these rights.

  • Right to Access: Data subjects can request a copy of the personal information we hold about them. We will provide this information in a clear and accessible format.
  • Right to Object: Data subjects have the right to object to the processing of their personal information for direct marketing purposes. We use an opt-in system for all direct marketing communications.
  • Right to Deletion: Data subjects can request the deletion or destruction of their personal information. We will comply with this request unless we have a legal obligation or a lawful basis to retain the information.


8. Retention and Destruction

We will only retain personal information for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

  • Retention Schedule: We have a data retention schedule that specifies how long different types of personal information will be kept.
  • Secure Destruction: Once the purpose for retaining the information has expired, we will securely destroy or de-identify the personal information to protect the privacy of the data subject.