Skip to content
Back to Home

POPIA Compliance Statement

Last updated: 3 March 2026

1. Our Commitment to POPIA

Camberly (camberly.co.za) is committed to complying with the Protection of Personal Information Act, No. 4 of 2013 ("POPIA"). We process personal information lawfully, in a reasonable manner, and in accordance with the eight conditions for lawful processing set out in POPIA.

This statement should be read together with our Privacy Policy and Terms of Service.

2. Information Officer

In terms of Section 55 of POPIA, our designated Information Officer is responsible for ensuring compliance with the Act, encouraging compliance by the organisation, and handling all requests related to personal information.

  • Information Officer: Camberly Information Officer
  • Email: info@camberly.co.za
  • Response time: Within 30 days of receipt of a valid request

3. Lawful Basis for Processing

We process personal information on the following lawful grounds as defined in POPIA:

  • Consent (Section 11(1)(a)) — When you create an account, submit a vendor registration form, or provide your vehicle information, you consent to us processing that data for the stated purposes.
  • Contractual necessity (Section 11(1)(b)) — Processing is necessary to provide the services you have requested, such as account management, reading progress tracking, and search history.
  • Legitimate interest (Section 11(1)(f)) — We collect aggregated, anonymous usage analytics to improve our platform. This data cannot be linked to individual users and does not infringe on your privacy rights.
  • Legal obligation (Section 11(1)(c)) — Where required to comply with applicable laws or respond to lawful requests from authorities.

4. Categories of Personal Information

The following categories of personal information may be processed by Camberly:

CategoryData ElementsPurpose
IdentityFull name, email addressAccount creation and authentication
ContactPhone number (optional)Profile personalisation
VehicleCar make, model, year, nicknamePersonalised car management
UsageReading progress, search history, completed guidesResume reading, content recommendations
TechnicalIP address, browser type, device typeSecurity, rate limiting, server operations
Business (vendors)Business name, address, phone, email, services, hoursProvider directory listing

We do not process special personal information (as defined in Section 26 of POPIA), including information about race, health, sexual orientation, political persuasion, religious beliefs, trade union membership, or criminal behaviour.

5. Purpose Limitation

In accordance with Condition 2 of POPIA (Purpose Limitation), we collect personal information only for specific, explicitly defined, and lawful purposes:

  • Providing and maintaining our platform and services.
  • Creating and managing your user account.
  • Displaying approved vendor/provider listings.
  • Improving our content and user experience through aggregated analytics.
  • Protecting against fraud, abuse, and security threats.
  • Complying with legal obligations.

We will not further process your personal information in a manner that is incompatible with these purposes without your consent.

6. Your Rights as a Data Subject

Under Sections 23 to 25 of POPIA, you have the following rights:

6.1 Right of Access (Section 23)

You have the right to request confirmation of whether we hold personal information about you and to request a copy of that information. We will provide this information free of charge, though we may charge a reasonable fee for additional copies.

6.2 Right to Correction (Section 24)

You have the right to request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully. You can update your name and phone number directly through your profile settings.

6.3 Right to Deletion

You have the right to request that we delete your personal information. You can delete your entire account — including all associated vehicles, reading progress, and search history — directly from your profile settings. If you need assistance, contact our Information Officer.

6.4 Right to Object (Section 11(3))

You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation, unless the processing is required by law.

6.5 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. You may withdraw consent by deleting your account or contacting our Information Officer.

6.6 Right Not to Be Subject to Automated Decision-Making

Camberly does not make decisions based solely on automated processing that produce legal effects or significantly affect you. Our platform does not use automated profiling or algorithmic decision-making on user data.

7. How to Exercise Your Rights

To exercise any of the rights listed above, you may:

  • Self-service: Update your profile, clear your search history, or delete your account directly through your Camberly profile settings.
  • Email request: Send a written request to our Information Officer at info@camberly.co.za. Please include sufficient detail to identify yourself and specify the right you wish to exercise.

We will acknowledge your request within 5 business days and respond substantively within 30 days, as required by POPIA.

8. Cross-Border Data Transfers

Our infrastructure providers (Supabase, Vercel, and Railway) may store or process data in data centres outside of South Africa, including the United States and the European Union. In accordance with Section 72 of POPIA, we ensure that:

  • Our service providers are subject to laws, contracts, or binding corporate rules that provide an adequate level of protection substantially similar to POPIA.
  • We have entered into agreements with these providers that include appropriate data protection obligations.
  • The transfer is necessary for the performance of the services you have requested.

9. Data Breach Notification

In the event of a security compromise involving your personal information, we will:

  • Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach, as required by Section 22 of POPIA.
  • Notify all affected data subjects as soon as reasonably possible, providing details of the breach, the information compromised, and the steps we are taking to mitigate the impact.
  • Recommend steps that affected individuals can take to protect themselves.

10. Security Safeguards

In compliance with Condition 7 of POPIA (Security Safeguards), we have implemented the following technical and organisational measures:

  • Encrypted connections (HTTPS/TLS) for all data transmission.
  • Strict Content Security Policy (CSP) headers to prevent cross-site scripting attacks.
  • Passwords hashed using industry-standard algorithms (never stored in plain text).
  • Row-level security (RLS) on the database ensuring users can only access their own data.
  • Role-based access control (RBAC) for administrative functions.
  • Rate limiting on all API endpoints to prevent abuse.
  • Anti-spam measures including honeypot fields on public forms.
  • Audit logging of all administrative actions.

11. Complaints

If you are unsatisfied with how we have handled your personal information or a request you have made, you may first contact our Information Officer at info@camberly.co.za.

If we are unable to resolve your complaint, you have the right to lodge a complaint with the Information Regulator of South Africa:

12. Changes to This Statement

We may update this POPIA Compliance Statement from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this statement periodically.

13. Contact

For any questions about this POPIA statement or the processing of your personal information, please contact: