NeftalyApp Courses Partner Invest Corporate Charity Divisions

Neftaly Staff

Neftaly Email: sayprobiz@gmail.com Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital POPI Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP363

Document Code: NeftalyP363
Approved By: Neftaly Malatjie, Chief Executive Officer
Last Reviewed: 21 November 2025
Next Review Date: 21 May 2026
Policy Owner: Neftaly Chief Human Capital Officer (NeftalyCHCR)

NeftalyP363-1: CEO Statement on the Launch of the Policy

To the Neftaly Chairperson, Neftaly Board, Neftaly Royal Chiefs, and the entire Neftaly Human Capital Community,

I am honoured to launch the Neftaly Human Capital POPI Management Policy (NeftalyP363).

The Protection of Personal Information (POPI) is a cornerstone of trust, compliance, and ethical operations at Neftaly. This policy ensures that all Human Capital operations respect, protect, and manage personal information in line with the POPI Act, regulatory requirements, and Neftaly governance standards.

It is critical for safeguarding employee, stakeholder, and organisational data while enhancing our credibility and operational integrity.

My message shall end here.

Signed:
Neftaly Malatjie
Chief Executive Officer
Neftaly

NeftalyP363-2: Scope

NeftalyP363-2-1: This policy applies to:

  • NeftalyP363-2-1-1All Neftaly Human Capital units and staff handling personal information.
  • NeftalyP363-2-1-2 Digital and physical storage, processing, and transfer of personal information.
  • NeftalyP363-2-1-3 Recruitment, payroll, training, health, performance, and engagement records.
  • NeftalyP363-2-1-4 Third-party service providers processing personal data on behalf of Neftaly.

NeftalyP363-3: Definitions

TermDefinition
Personal InformationAny information relating to an identifiable individual, including employees, applicants, vendors, or stakeholders.
POPI ActProtection of Personal Information Act, 2013, Republic of South Africa.
Data SubjectThe individual to whom personal information relates.
ProcessingAny operation performed on personal information, including collection, storage, use, dissemination, or deletion.
Data BreachAny incident where personal information is accessed, disclosed, or compromised without authorisation.

NeftalyP363-4: Objectives

  • NeftalyP363-4-1 Ensure full compliance with the POPI Act in all Human Capital operations.
  • NeftalyP363-4-2 Safeguard personal information of employees, stakeholders, and partners.
  • NeftalyP363-4-3 Establish standardised processes for collection, processing, storage, and disposal of personal information.
  • NeftalyP363-4-4 Prevent unauthorised access, loss, or misuse of personal information.
  • NeftalyP363-4-5 Promote awareness, accountability, and compliance among all Human Capital staff.

NeftalyP363-5: Roles and Responsibilities

NeftalyP363-5-1 Neftaly Chief Executive Officer (NeftalyCER)

  • NeftalyP363-5-1-1 Approves POPI compliance policies and major data protection initiatives.

NeftalyP363-5-2 Neftaly Chief Human Capital Officer (NeftalyCHCR)

  • NeftalyP363-5-2-1 Oversees POPI compliance within Human Capital operations.
  • NeftalyP363-5-2-2 Approves personal information processing protocols and safeguards.

NeftalyP363-5-3 Neftaly Human Capital POPI Compliance Unit

  • NeftalyP363-5-3-1 Develops, monitors, and enforces POPI processes and procedures.
  • NeftalyP363-5-3-2 Conducts audits, risk assessments, and compliance reporting.
  • NeftalyP363-5-3-3 Provides training and guidance to staff on personal information protection.

NeftalyP363-5-4 Neftaly Officers / Supervisors

  • NeftalyP363-5-4-1 Ensure their units comply with POPI requirements.
  • NeftalyP363-5-4-2 Report breaches, risks, or non-compliance incidents immediately.

NeftalyP363-5-5 Neftaly Staff / Representatives

  • NeftalyP363-5-5-1 Follow approved procedures for handling personal information.
  • NeftalyP363-5-5-2 Complete mandatory POPI awareness and compliance training.

NeftalyP363-6: Procedures

NeftalyP363-6-1 Collection of Personal Information

  • NeftalyP363-6-1-1 Collect only necessary personal data with explicit consent.
  • NeftalyP363-6-1-2 Use Neftaly POPI Data Collection Form (NeftalyT363-01).

NeftalyP363-6-2 Processing and Storage

  • NeftalyP363-6-2-1 Store data securely using digital encryption and access controls.
  • NeftalyP363-6-2-2 Maintain physical records in restricted-access areas.
  • NeftalyP363-6-2-3 Limit access to authorised personnel only.

NeftalyP363-6-3 Use and Sharing

  • NeftalyP363-6-3-1 Use personal information strictly for approved purposes.
  • NeftalyP363-6-3-2 Share information only with authorised personnel or third parties under a contractual agreement ensuring POPI compliance.

NeftalyP363-6-4 Data Subject Rights

  • NeftalyP363-6-4-1 Ensure individuals can request access, correction, or deletion of their personal information.
  • NeftalyP363-6-4-2 Respond to requests within 21 business days.

NeftalyP363-6-5 Breach Management

  • NeftalyP363-6-5-1 Report any data breach immediately to NeftalyCHCR and the POPI Compliance Unit.
  • NeftalyP363-6-5-2 Conduct investigation, contain risk, and notify affected data subjects as required.

NeftalyP363-6-6 Monitoring and Reporting

  • NeftalyP363-6-6-1 Maintain Neftaly POPI Compliance Log (NeftalyR363-01).
  • NeftalyP363-6-6-2 Conduct quarterly audits and submit reports to NeftalyCHCR.

NeftalyP363-6-7 Training and Awareness

  • NeftalyP363-6-7-1 Provide mandatory POPI training to all Human Capital staff.
  • NeftalyP363-6-7-2 Issue periodic reminders and updates on compliance requirements.

NeftalyP363-7: Templates, Documents and Forms

  • NeftalyP363-7-1 NeftalyT363-01: POPI Data Collection Form
  • NeftalyP363-7-2 NeftalyT363-02: POPI Consent Form
  • NeftalyP363-7-3 NeftalyT363-03: POPI Data Breach Report Form
  • NeftalyP363-7-4 NeftalyT363-04: POPI Data Subject Request Form
  • NeftalyP363-7-5 NeftalyT363-05: POPI Staff Compliance Acknowledgment Form
  • NeftalyP363-7-6 NeftalyR363-01: POPI Compliance Log
  • Extended list available on request

NeftalyP363-8: Compliance

NeftalyP363-8-1: All Human Capital operations must comply with:

  • NeftalyP363-8-1-1 POPI Act, 2013
  • NeftalyP363-8-1-2 Neftaly Governance Manual and Operational Procedures
  • NeftalyP363-8-1-3 Data protection and cybersecurity standards
  • NeftalyP363-8-1-4 Labour and national regulatory requirements
    Non-compliance may result in corrective or disciplinary action.

NeftalyP363-9: Frequently Asked Questions (Preview)

  1. What is the purpose of the POPI Management Policy at Neftaly?
  2. Who is responsible for POPI compliance in Human Capital?
  3. How should personal information be collected and stored?
  4. What are the procedures for handling data subject requests?
  5. How do I report a data breach?
  6. Are third-party vendors required to comply with POPI?
  7. How often is POPI compliance monitored?
  8. What training is required for staff?
  9. How are breaches investigated and resolved?
  10. What are the consequences of non-compliance?