• Bedfordview, Johannesburg, SA
Free Consultation
Privacy Policy

Home -> Privacy Policy (POPIA)

Privacy Policy (POPIA)

Last updated: 17 October 2025

This Privacy Policy explains how FinOps Lab (“we”, “us”, “our”) processes personal information under South Africa’s Protection of Personal Information Act, 2013 (POPIA).

Who we are

FinOps Lab Bedfordview, Johannesburg, South Africa

Email: hello@finopslab.co.za

Phone: +27 82 339 9842

We are accountable for the personal information we handle and process it in line with POPIA’s conditions: Accountability; Processing Limitation; Purpose Specification; Further Processing Limitation; Information Quality; Openness; Security Safeguards; Data Subject Participation.

1) What we collect

We collect and process the following categories of personal information, as relevant to our services and your interactions with us:

  • Contact details: name, email address, telephone number, company, role.
  • Business/transactional information: bookkeeping data you provide, invoices, statements, supplier/customer details.
  • Support & correspondence: messages, call notes, meeting notes, emails.
  • Website & device data: pages viewed, form interactions, IP address, basic device/usage data (via cookies or similar—see Cookies Policy).
  • Payment information: invoice and remittance details (we do not store credit card details on our servers).

We do not intentionally collect special personal information (e.g., health, biometric, religious beliefs) or children’s data. If such information is inadvertently provided, we will secure and minimise it, and delete where appropriate.

2) How we obtain personal information

  • Directly from you (forms, emails, calls, meetings, onboarding documents).
  • From your authorised representatives (e.g., your staff or service providers you instruct us to liaise with).
  • Automatically when you use our website (cookies/analytics—see Cookies Policy).

3) Why we process personal information (purpose)

We process personal information for:

  • Providing our services (bookkeeping & accounting support, financial management, payroll, toolkits/templates, and related support you request).
  • Client onboarding & administration (creating accounts, verifying details, billing/invoicing).
  • Compliance & legal obligations (record-keeping required by law, responding to lawful requests).
  • Communication (responding to enquiries, service notices, operational messages).
  • Improvement & security (service quality, training, troubleshooting, fraud prevention).
  • Direct marketing (only with your consent or as permitted by law; you can opt out at any time).

4) Lawfulness and minimality (Processing Limitation)

We process only what is adequate, relevant, and not excessive for the stated purposes and do so on lawful grounds permitted by POPIA, including your consent, performance of a contract, and legal obligations. Where required, we will request your explicit consent and you may withdraw consent at any time.

5) Retention

We keep personal information only as long as necessary for the purposes above or as required by law. Typical periods include:

  • Client and financial records: retained for 5 years (Tax Administration Act) and certain company records up to 7 years (Companies Act).
  • Sales and enquiry records: up to 24 months after last interaction, unless you become a client or consent to longer retention (e.g., for legal defence). When retention periods end, we securely delete or de‑identify the data.

6) Sharing and disclosures

We may share personal information with:

  • Operators (processors) who assist us (e.g., secure hosting, email, analytics, CRM, communications, storage, accounting tools). They act under contract and must protect your data.
  • Professional advisors (legal, tax, audit) under confidentiality.
  • Regulators or law enforcement where legally required.
  • Parties you authorise us to share with in the course of providing services.

We do not sell personal information.

7) Cross‑border transfers

If we transfer personal information outside South Africa (for example, to cloud services hosted abroad), we will ensure that the recipient is subject to a law, binding corporate rules, contract, or another mechanism that provides adequate protection as required by POPIA.

8) Security safeguards

We use appropriate technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction, including:

  • Access controls and least‑privilege permissions
  • Encryption in transit (HTTPS) and secure storage
  • Strong authentication on systems
  • Regular updates and security patching
  • Backups and recovery procedures
  • Staff confidentiality undertakings and awareness

No method of transmission or storage is completely secure; we continuously improve our safeguards.

9) Your rights (Data Subject Participation)

Under POPIA, you may:

  • Access your personal information we hold.
  • Request correction of inaccurate, irrelevant, excessive, out‑of‑date, incomplete, or misleading information.
  • Request deletion or destruction where legally permissible.
  • Object to processing, including for direct marketing.
  • Withdraw consent where processing is based on consent.
  • Complain to the Information Regulator if you believe your rights have been infringed.

To exercise your rights, contact us at hello@finopslab.co.za. We may require proof of identity and enough information to locate the records.

10) Direct marketing

We only send electronic direct marketing with your consent or as otherwise permitted by POPIA. You can opt out at any time by using the unsubscribe link or by emailing us at hello@finopslab.co.za.

11) Cookies and similar technologies

We use cookies (and similar) to operate the website, remember preferences, and understand usage. See our Cookies Policy for details and how to manage your choices.

12) Openness & PAIA

Where applicable, our PAIA manual (if required for our organisation) explains how to request access to records under the Promotion of Access to Information Act. Contact us if you need assistance.

13) Third‑party links

Our website may link to third‑party sites. Their privacy practices are their own; please review their policies.

14) Changes to this Policy

We may update this Policy from time to time. We will post the new version with an updated date and, where appropriate, notify you via the website or email.

15) Contact us

FinOps Lab

Bedfordview, Johannesburg, South Africa

Email: hello@finopslab.co.za

Phone: +27 82 339 9842

If we cannot resolve your concern, you can contact the Information Regulator (South Africa). See the Regulator’s website for current contact details and complaint procedures: inforegulator.org.za.

FREE DOWNLOAD

Bookkeeper Month-End Checklist

Never miss a step. Get our comprehensive Excel template to streamline your month-end close process.

We respect your privacy. Unsubscribe anytime.

Facebook-f Twitter Linkedin-in
Copyright © 2025 FinOps Lab, All rights reserved. Designed by DiginamiX