POPIA & PAIA Compliance Statement

Last Updated: January 20, 2026

This document outlines how Hustla complies with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA).

---

1. Our Commitment to the 8 Conditions

As the "Responsible Party," we have implemented the following measures to meet the 8 conditions for lawful processing:

1. Accountability: We have appointed a registered Information Officer.
2. Processing Limitation: We only collect data with explicit consent for specific platform functions.
3. Purpose Specification: Data is collected solely to facilitate the match between Workers and Employers.
4. Further Processing Limitation: Data is never sold to third-party marketers.
5. Information Quality: Users can update their profiles at any time to ensure accuracy.
6. Openness: This policy and our Privacy Policy are accessible at all times.
7. Security Safeguards: We use industry-standard encryption and access controls.
8. Data Subject Participation: We provide a clear process for users to request or delete their data.

---

2. Information Officer Details

In accordance with Section 55 of POPIA, our Information Officer is responsible for ensuring compliance and liaising with the Information Regulator.

• Name: [Insert Name]
• Designation: [e.g., CEO / Operations Director]
• Email: io@[yourdomain].co.za
• Phone: [Insert Number]
• Physical Address: [Insert Address]

---

3. PAIA Manual (Access to Records)

Under Section 51 of the Promotion of Access to Information Act (PAIA), you have the right to request access to records held by us.

How to request access:

To request access to a record, you must:

1. Complete Form 2 (Request for Access to Record).
2. Submit the form to our Information Officer via email.
3. Pay the prescribed fee (if applicable, as determined by the Information Regulator).

---

4. Special Personal Information

We process the following "Special Personal Information" only where strictly necessary and with separate consent:

• Criminal Backgrounds: For security-sensitive roles.
• Biometric Data: If used for identity verification or site clock-in.
• Health Data: If relevant to the worker's ability to perform specific physical tasks.

---

5. Security Compromise (Data Breach)

In the event of a security compromise, we follow a strict internal protocol:

1. Identify: Isolate the affected systems.
2. Notify: Inform the Information Regulator via their eServices portal.
3. Communicate: Notify affected users via email or a prominent notice on the platform, providing advice on how to protect themselves.

---

6. Information Regulator Contact

If you feel your rights have been violated, you can contact the Regulator directly:

The Information Regulator (South Africa)

• JD House: 27 Stiemens Street, Braamfontein, Johannesburg, 2001
• Complaints: POPIAComplaints@inforegulator.org.za
• General: enquiries@inforegulator.org.za