POPIA Notice

This notice is provided in compliance with the Protection of Personal Information Act, 2013 (Act 4 of 2013) (“POPIA”). It explains how NEXPILLAR (Pty) Ltd collects, uses, stores, and protects your personal information when you interact with our website.

This notice should be read together with our Privacy Policy and Terms of Service.

Responsible Party

The responsible party for the processing of your personal information, as defined in Section 1 of POPIA, is:

• Name: NEXPILLAR (Pty) Ltd
• Registration No.: 2026/238837/07
• Email: info@nexpillar.co.za

Information Officer

Our designated Information Officer, as required by Section 55 of POPIA, can be contacted at:

Email: info@nexpillar.co.za

The Information Officer is responsible for ensuring compliance with POPIA and for handling all requests relating to your personal information.

Categories of Personal Information Collected

We collect the following personal information when you submit our contact form:

• Your name
• Your email address
• The message you write to us

We do not collect cookies, analytics data, location data, or any special personal information as defined in Section 26 of POPIA.

Purpose of Processing

As required by Section 13 of POPIA, we inform you that your personal information is collected and processed solely for the purpose of:

• Receiving and responding to your enquiry
• Communicating with you regarding the subject matter of your message

We do not use your personal information for marketing, automated profiling, or any purpose other than addressing the reason you contacted us.

Legal Basis for Processing

We process your personal information on the following lawful grounds:

• Consent (Section 11(1)(a)) — you voluntarily submit the contact form and consent to the processing of the information provided.
• Legitimate interest (Section 11(1)(f)) — processing is necessary for our legitimate interest in responding to business enquiries, provided this does not prejudice your rights and freedoms.

Recipients & Third Parties

Your contact form submission is delivered to us via Brevo (formerly Sendinblue), a transactional email service. Brevo acts as an operator (processor) and processes your name, email address, and message solely for the purpose of delivering the email to us.

We do not sell, rent, trade, or otherwise share your personal information with any other third party.

Cross-Border Transfers

Brevo may process your personal information on servers located in the European Union. This transfer is permitted under Section 72 of POPIA as the EU provides an adequate level of data protection through the General Data Protection Regulation (GDPR).

We do not transfer your personal information to any other country or jurisdiction.

Retention Period

In accordance with Section 14 of POPIA, your personal information is retained for a maximum of 12 months from the date of submission. After this period, your enquiry and all associated personal information are permanently deleted.

You may request earlier deletion at any time by contacting our Information Officer.

Your Rights as a Data Subject

Under POPIA, you have the following rights in relation to your personal information:

• Right of access (Section 23) — request confirmation of whether we hold your personal information and obtain a copy of it.
• Right to correction (Section 24) — request that we correct or update any inaccurate, incomplete, or misleading information.
• Right to deletion (Section 24) — request that we delete your personal information where it is no longer necessary for the purpose for which it was collected.
• Right to object (Section 11(3)) — object to the processing of your personal information on grounds of legitimate interest.
• Right to complain — lodge a complaint with the Information Regulator if you believe your rights have been infringed.

To exercise any of these rights, contact our Information Officer at info@nexpillar.co.za. We will respond to your request within 30 days as required by POPIA.

Automated Decision-Making

We do not use automated decision-making or profiling in relation to your personal information. All enquiries are reviewed and responded to by a human.

Security Measures

In accordance with Section 19 of POPIA, we take appropriate technical and organisational measures to protect your personal information, including:

• TLS encryption for all data in transit
• Content Security Policy headers to prevent cross-site scripting
• Rate limiting to prevent abuse of the contact form
• Minimal data collection — we only collect what is necessary for the stated purpose
• Access controls limiting who can view submitted enquiries

For Visitors from the European Economic Area

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) may apply to you in addition to POPIA. We wish to inform you of the following:

• Lawful basis — we process your data on the basis of consent (Article 6(1)(a)) and legitimate interest (Article 6(1)(f)).
• Your GDPR rights — in addition to the POPIA rights listed above, you have the right to data portability (Article 20) and the right to restrict processing (Article 18).
• Supervisory authority — you have the right to lodge a complaint with your local data protection authority in addition to the South African Information Regulator.
• Data Protection Contact — for GDPR-related enquiries, contact us at info@nexpillar.co.za.

Information Regulator (South Africa)

If you are not satisfied with our response to a request or believe that your personal information is being processed unlawfully, you may lodge a complaint with:

• The Information Regulator
• Email: complaints.IR@justice.gov.za
• Postal: P.O Box 31533, Braamfontein, Johannesburg, 2017
• Tel: 010 023 5207

Changes to This Notice

We may update this notice from time to time to reflect changes in our practices or applicable legislation. Any changes will be posted on this page with an updated “Last updated” date.