Skip to main content
LeavePro

POPIA

Nobody wakes up excited to read legal pages, but we do take privacy seriously, and POPIA matters.

What is POPIA?

POPIA (the Protection of Personal Information Act 4 of 2013) is South Africa’s privacy law. In plain English, it sets rules for how organisations must collect, use, store, share, and protect personal information, and it gives people rights (like asking to see or correct their information). POPIA has been enforceable since 1 July 2021.

This page explains POPIA in the context of the LeavePro leave management platform. For information about how LeavePro processes personal information as a Responsible Party (for example, website enquiries, trial signups, and billing contacts), please see our Privacy Policy.

Responsible Party vs Operator (in plain language)

  • You (our customer) are typically the Responsible Party for your employees’ personal information in LeavePro, and you decide why it is processed and how it should be used.
  • LeavePro is an Operator that processes personal information on your behalf, under your instructions, to provide the service.

POPIA’s 8 conditions for lawful processing

POPIA sets out eight conditions for lawful processing of personal information:

  1. Accountability
  2. Processing limitation
  3. Purpose specification
  4. Further processing limitation
  5. Information quality
  6. Openness
  7. Security safeguards
  8. Data subject participation

What personal information we process (typical examples)

Depending on your configuration and usage, LeavePro may process:

  • Employee identity and contact details (e.g., name, email address, employee number)
  • Employment details (e.g., department, start date)
  • Leave-related information (e.g., leave applications, balances, approvals, audit history)
  • User/account access information (e.g., usernames, roles)

Why we process it

We process personal information to:

  • Provide the LeavePro service (leave capturing, approvals, balances, reporting).
  • Maintain audit trails and system integrity.
  • Provide customer support and troubleshoot issues where authorised.
  • Meet contractual and applicable legal obligations.

LeavePro’s commitments as an Operator

As an Operator, LeavePro will:

  • Process only on instruction. We only process personal information with the Responsible Party’s authorisation and to provide the service.
  • Keep it confidential. Personal information is treated as confidential.
  • Protect it with security safeguards. We implement appropriate technical and organisational measures to protect confidentiality and integrity, and we will notify the Responsible Party if we have reasonable grounds to believe personal information was accessed or acquired by an unauthorised person.

Sub-processors (third-party service providers)

LeavePro may use carefully selected third-party service providers (for example, infrastructure hosting, email delivery, monitoring, and payment services) to operate and support the platform. We take reasonable steps to ensure appropriate confidentiality and security commitments are in place with these providers.

Special personal information

Some information (for example, health-related information contained in leave notes or documents you upload) may be special personal information under POPIA and requires additional care. You are responsible for ensuring you have a lawful basis to process and upload such information. LeavePro will treat it with appropriate confidentiality and security controls.

Data subject rights and requests

POPIA gives data subjects rights such as access, correction, objection (in certain circumstances), and, where applicable, deletion.

Because your employees’ information is processed by LeavePro on your behalf, employees should generally submit POPIA requests to their employer (the Responsible Party). If you need our assistance to respond to a lawful request (for example, exporting information from LeavePro), contact us and we will assist where reasonably possible.

Information Officer

LeavePro’s Information Officer can be contacted at: informationofficer@leavepro.co.za

Complaints

Any person may submit a complaint to the Information Regulator in the prescribed manner if they believe there has been interference with the protection of personal information.