1. Purpose

This policy outlines Monitor's commitment to complying with the Protection of Personal Information Act (POPIA) in processing personal information.

2. Scope

Applies to all personal information processed by Monitor in the course of providing services.

3. Information Officer

Keith Kennedy has been appointed as the Information Officer responsible for ensuring compliance with POPIA.

4. Processing of Personal Information

We process personal information:

• Lawfully and in a reasonable manner.

• For specific, explicitly defined, and lawful purposes.

5. Data Subject Participation

We ensure that data subjects can:

• Access their personal information.

• Request corrections or deletions.

• Object to processing.

6. Security Safeguards

We implement security measures to protect personal information against loss, damage, unauthorised destruction, and unlawful access.

7. Breach Notification

In the event of a data breach, we will notify the Information Regulator and affected data subjects as required by POPIA.

8. Cross-Border Data Transfers

Personal information will not be transferred outside South Africa unless:

• The recipient is subject to a law, binding corporate rules, or binding agreement which provides an adequate level of protection.

9. Training and Awareness

Employees receive training on POPIA requirements and data protection best practices.

10. Review and Updates

This policy is reviewed annually and updated as necessary to ensure continued compliance with POPIA.