Sikatrix Business Accountants
Legal

POPIA Compliance Notice

Protection of Personal Information Act 4 of 2013 — Notice to Data Subjects

This notice is issued pursuant to Section 18 of the Protection of Personal Information Act 4 of 2013 (POPIA) and informs you of your rights as a data subject, the identity of our Information Officer, and the purpose for which we process your personal information.

1. Responsible Party

Name: Sikatrix Business Accountants
Address: 42 Hennie Alberts Street, Brackenhurst, Alberton, 1448
Email: info@sikatrix.com
Phone: (011) 867-2550

2. Information Officer

Our Information Officer is responsible for ensuring compliance with POPIA. Enquiries or requests relating to personal information must be directed to the Information Officer at info@sikatrix.com.

Our Information Officer is registered with the South African Information Regulator as required by POPIA.

3. Purpose of Processing

We collect and process personal information for the following purposes:

  • To provide accounting, bookkeeping, payroll, and tax services
  • To submit returns to SARS and documents to CIPC on your behalf
  • To meet our professional obligations as SAIPA members and SARS Tax Practitioners
  • To communicate service-related information, deadline reminders, and compliance alerts
  • To comply with anti-money laundering (FICA) obligations where applicable
  • To send marketing communications (with your consent)

4. Categories of Personal Information Processed

  • Personal identifiers (name, ID number, tax reference number)
  • Contact details (email, phone, address)
  • Financial information (income, expenses, bank details)
  • Employee information (for payroll clients)
  • Company information (registration numbers, directorship details)

5. Lawful Basis for Processing

We process personal information on the following grounds (Section 11 of POPIA):

  • Contractual necessity: Processing required to fulfil our service agreement with you
  • Legal obligation: Required by SARS, CIPC, SAIPA, and other statutory authorities
  • Legitimate interests: Operational communications and service delivery
  • Consent: Marketing communications and newsletter subscriptions

6. Recipients of Personal Information

Personal information may be disclosed to:

  • SARS (tax submissions, PAYE, VAT returns)
  • CIPC (company registrations and annual returns)
  • Cloud accounting platforms (QuickBooks, Xero, Sage, Draftworx, SimplePay, Syft) — under data processing agreements
  • Email and communication service providers — under data processing agreements

We do not sell, rent, or trade personal information to third parties.

7. Cross-Border Transfers

Some cloud platforms we use may store data on servers outside South Africa. Where this occurs, we ensure that the recipient country or organisation provides an adequate level of protection for personal information as required by Section 72 of POPIA.

8. Retention Period

In accordance with the Tax Administration Act (Act 28 of 2011) and SAIPA standards, client records are retained for a minimum of 5 years from the date of the last relevant submission or transaction. Certain records may be retained for up to 15 years in cases of ongoing disputes.

9. Your Rights as a Data Subject

Under POPIA, you have the right to:

  • Access: Request a record of the personal information we hold about you (Section 23)
  • Correction or deletion: Request that inaccurate, irrelevant, or out-of-date information be corrected or deleted (Section 24)
  • Objection: Object to the processing of your personal information (Section 11(3))
  • Withdraw consent: Withdraw consent for marketing communications at any time
  • Complaint: Lodge a complaint with the Information Regulator of South Africa

10. Complaints to the Information Regulator

If you believe we have violated your rights under POPIA, you may lodge a complaint with the Information Regulator of South Africa:

  • Website: www.inforegulator.org.za
  • Email: inforeg@justice.gov.za
  • Phone: +27 10 023 5207

11. Security Measures

We implement appropriate technical and organisational measures to safeguard personal information against unauthorised access, loss, destruction, or alteration. These include encrypted storage, role-based access controls, secure password management, and regular staff training on data protection.

12. Data Breach Notification

In the event of a data breach involving your personal information, we will notify you and the Information Regulator as required by Section 22 of POPIA.

13. How to Exercise Your Rights

To exercise any of the rights listed above, contact our Information Officer in writing:

info@sikatrix.com
(011) 867-2550
42 Hennie Alberts Street, Brackenhurst, Alberton, 1448

We will respond to all valid requests within 30 days, or advise you of any extension of this period.