Compliance

POPIA Compliance Statement

How EasyVisit complies with the Protection of Personal Information Act, 2013 — and what that means for properties, hosts and visitors.

Last updated · 15 May 2026

EasyVisit (Pty) Ltd is committed to full compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA). This statement summarises how we meet our obligations as a responsible party and as an operator.

1. Registration & Information Officer

EasyVisit is registered with the Information Regulator of South Africa. Our designated Information Officer is Pieter du Plessis, reachable at privacy@easyvisit.app.

2. The eight POPIA conditions, applied

Accountability

Our Information Officer oversees all processing activities and maintains the personal-information processing register.

Processing limitation

We collect only the minimum personal information needed to run a visit (name, phone, host, visit reason). No ID numbers. No addresses.

Purpose specification

Personal information is collected for property security and visit logging only. We do not repurpose data for marketing.

Further processing limitation

If a further processing purpose arises, we either obtain consent or rely on a specific legal basis — never both implicitly.

Information quality

Users can correct their own information from the dashboard or portal at any time. Visitor numbers and registrations are validated at point of capture.

Openness

Our Privacy Policy, this POPIA statement, and our Data Retention Policy are all publicly available.

Security safeguards

TLS 1.3 in transit, AES-256 at rest, encrypted backups in af-south-1 and eu-west-1, principle-of-least-privilege internal access, mandatory MFA for all staff.

Data subject participation

Subject access, correction and deletion requests are handled within 5 business days, end-to-end from the dashboard.

3. Roles: responsible party vs operator

EasyVisit acts as a responsible party for data we collect directly from our customers (property managers, hosts) and as an operator for visitor data processed on behalf of our customer properties. We sign written Operator Agreements with every customer that meet the requirements of Section 21 of POPIA.

4. Data subject requests

If you are a visitor, host or guard whose personal information is held in EasyVisit, you may request access, correction or deletion by emailing privacy@easyvisit.app. We respond within 5 business days. Where the property is the responsible party for your data, we will route your request directly to them.

5. Security breach notification

In the unlikely event of a data breach, we will notify both the Information Regulator and affected data subjects within 72 hours of detection, in line with Section 22 of POPIA.