EchoFelix

POPIA Compliance

ECHOELIX

Protection of Personal Information Act (POPIA) Compliance Statement

Our Commitment to POPIA

EchoFelix is fully committed to compliance with the Protection of Personal Information Act 4 of 2013 (POPIA). We understand the critical importance of protecting personal information, especially in the legal sector where confidentiality and privilege are paramount.

As a technology service provider to law firms, we act as an Operator under POPIA, processing personal information on behalf of our clients who are the Responsible Parties.

Key POPIA Principles We Follow

1. Lawfulness

We only process personal information with lawful justification, including consent, legitimate interests, and legal obligations.

2. Minimality

We collect and process only the minimum personal information necessary to provide our transcription services.

3. Purpose Limitation

Personal information is processed only for the specific purpose of providing AI transcription services to legal professionals.

4. Further Processing

We do not use personal information for any purpose other than providing the Service, including training AI models.

5. Quality

We maintain the accuracy and completeness of personal information through regular data quality checks and user access controls.

6. Openness

We maintain transparency about our data processing activities through clear privacy policies and regular communication.

7. Security Safeguards

We implement comprehensive technical and organizational measures to protect personal information against unauthorized access, loss, or damage.

8. Data Subject Participation

We facilitate data subject rights including access, correction, deletion, and objection to processing as required by POPIA.

Our Security Measures

Technical Safeguards

  • End-to-End Encryption: TLS 1.3 for all data transmission
  • Data Encryption at Rest: AES-256 encryption for all stored data
  • Multi-Factor Authentication: Required for all system access
  • Role-Based Access Control: Strict access controls based on job function
  • 24/7 Security Monitoring: Continuous monitoring for threats and anomalies
  • Regular Security Audits: Annual penetration testing and vulnerability assessments

Organizational Safeguards

  • Confidentiality Agreements: All staff and contractors sign strict confidentiality agreements
  • Background Checks: Comprehensive background checks for all personnel with data access
  • Regular Training: Ongoing POPIA and data protection training for all staff
  • Incident Response: Comprehensive data breach response procedures
  • Access Logging: Detailed logging of all data access and processing activities

Data Subject Rights

Under POPIA, data subjects have the following rights, which we fully support:

Right of Access

Request a copy of all personal information we hold about you

Right of Correction

Request correction of inaccurate or incomplete information

Right of Deletion

Request deletion of personal information (subject to legal requirements)

Right to Object

Object to processing of personal information in certain circumstances

Right to Restrict

Request restriction of processing in certain circumstances

Data Portability

Receive your data in a structured, machine-readable format

How to Exercise Your Rights

To exercise any of these rights, please contact our Information Officer:

Email: [Coming Soon]

Response Time: We will respond within 30 days of receiving your request

Verification: We may need to verify your identity before processing your request

Data Breach Notification

In the unlikely event of a data breach affecting personal information, we have comprehensive procedures in place:

Our Breach Response Process

  1. Immediate Containment: We immediately contain and assess the breach
  2. 24-Hour Notification: We notify affected clients within 24 hours of discovery
  3. Detailed Reporting: We provide comprehensive details about the breach, data affected, and remediation steps
  4. Regulatory Cooperation: We assist with notification obligations to the Information Regulator
  5. Ongoing Updates: We provide regular updates as the investigation progresses
  6. Cybercrimes Act Compliance: We report to SAPS within 72 hours if required

Data Location and Transfers

South African Data Centers

All personal information is stored on servers located in South Africa. We do not routinely transfer personal information outside South Africa.

If international transfer is ever required (e.g., for technical support), we will:

  • Obtain your explicit consent
  • Ensure the receiving country has adequate data protection laws
  • Use Standard Contractual Clauses or other approved mechanisms
  • Maintain the same level of protection as required by POPIA

Complaints and Contact Information

Our Information Officer

Name: [Information Officer Name]

Email: [Coming Soon]

Phone: [To be provided]

Response Time: We respond to all inquiries within 30 days

If You Have a Complaint

If you believe we have violated your privacy rights or POPIA requirements, you can:

1. Contact Us First

Email: [Coming Soon]

We will investigate and respond to your complaint within 30 days.

2. Contact the Information Regulator

Email: complaints.IR@justice.gov.za

Phone: 012 406 4818

Website: www.justice.gov.za/inforeg

Regular Compliance Reviews

We regularly review and update our POPIA compliance measures to ensure continued adherence to the law:

  • Annual Compliance Audits: Comprehensive review of all data processing activities
  • Policy Updates: Regular updates to privacy policies and procedures
  • Staff Training: Ongoing POPIA training for all personnel
  • Technology Updates: Regular security updates and improvements
  • Legal Review: Regular legal review of our compliance measures

Our Commitment to You

EchoFelix is committed to maintaining the highest standards of data protection and privacy. We understand that as a legal service provider, your clients' confidentiality is paramount, and we treat all personal information with the utmost care and respect.