POPIA Compliance Policy

Bethink (Pty) Ltd

Effective date: 15 May 2026 · Last updated: 15 May 2026 · Version 1.0

1. Purpose

This policy sets out how Bethink (Pty) Ltd complies with the Protection of Personal Information Act (POPIA), Act 4 of 2013, of South Africa.

2. Bethink’s Role Under POPIA

Bethink (Pty) Ltd is the Responsible Party for the personal information collected through bethink.co.za. This means Bethink determines why and how that information is processed and is accountable for protecting it.

The personal information Bethink processes is the information you provide through the booking form. How that information is collected, used, and stored is described in our Privacy Policy.

3. POPIA Conditions for Lawful Processing

Bethink adheres to the eight conditions for the lawful processing of personal information set out in POPIA.

Accountability

Bethink takes responsibility for POPIA compliance. We have appointed an Information Officer (see Section 6) who is accountable for how personal information is handled.

Processing Limitation

We only collect personal information that is necessary to respond to and deliver a booking request. We process it lawfully, in a reasonable manner, and with your consent, which you give by submitting the booking form.

Purpose Specification

We collect personal information for a specific, clearly defined purpose: to arrange, prepare for, and follow up on an advisory conversation. We do not retain it for longer than necessary for that purpose and our reasonable business records.

Further Processing Limitation

We do not use your personal information for any purpose incompatible with the purpose for which it was collected. If we ever need to use it for a new purpose, we will obtain your consent.

Information Quality

We take reasonable steps to ensure the information we hold is accurate and current. You may ask us to correct any inaccurate information at any time.

Openness

We are transparent about how we process personal information. This policy and our Privacy Policy document our practices, and we will notify the Information Regulator of our processing where required.

Security Safeguards

We implement appropriate technical and organisational measures to protect personal information against loss, damage, and unauthorised access. This includes encrypted (HTTPS) connections and reliance on reputable service providers. We will notify affected people and the Information Regulator of any security compromise within the timeframes POPIA requires.

Data Subject Participation

You have the right to ask what personal information we hold about you, to request access to it, and to request its correction or deletion.

4. Third-Party Processors

Bethink uses third-party service providers that process personal information on its behalf, including Vercel (hosting) and Google (calendar and email services). We select reputable providers that maintain appropriate security standards. These providers process personal information only as needed to provide their services to Bethink.

5. Your Rights and How to Exercise Them

As a data subject you may:

• Request access to the personal information we hold about you
• Request correction or deletion of that information
• Object to the processing of your information
• Withdraw your consent

To exercise any of these rights, contact our Information Officer at garth@bethink.co.za. We will respond within the timeframes required by POPIA.

6. Information Officer

Bethink’s designated Information Officer is Garth Shoebridge.

• Email: garth@bethink.co.za
• Telephone: 083 496 6860
• Website: bethink.co.za

The Information Officer handles data subject requests, POPIA compliance queries, breach notifications, and communication with the Information Regulator.

7. Complaints

If you believe Bethink has not handled your personal information lawfully, please first contact our Information Officer so that we can try to resolve the matter.

You also have the right to lodge a complaint directly with the Information Regulator of South Africa. Complaints can be submitted online or by email.

By email:

1. Download Form 5 from the Information Regulator website: https://eservices.inforegulator.org.za
2. Complete the form factually, concisely, and without emotion.
3. Attach Form 5 together with supporting documents such as emails, screenshots, and privacy policies.
4. Submit the complaint to complaints.IR@justice.gov.za with the supporting documents attached.

Online:

1. Visit https://eservices.inforegulator.org.za
2. From the main menu, select “Services”.
3. Scroll down and select “POPIA COMPLAINTS”.
4. Follow the process and submit your complaint.

8. Data Breach Notification

In the event of a security compromise affecting personal information, Bethink will:

• Notify the Information Regulator as required by POPIA
• Notify the affected people as soon as reasonably possible
• Take steps to mitigate any harm

9. Contact

Bethink (Pty) Ltd

• Registration Number: 2019/034780/07
• Registered Address: 15 Kromhout Road, Hartzenbergfontein, Gauteng, 1876, South Africa
• Information Officer: Garth Shoebridge
• Email: garth@bethink.co.za
• Telephone: 083 496 6860
• Website: bethink.co.za