Opsiqo and the Customer will process personal information and personal data in accordance with applicable data protection laws, including South Africa's Protection of Personal Information Act, 2013 (POPIA), the General Data Protection Regulation (GDPR) where applicable, and other applicable data protection, privacy, cybersecurity, and sector-specific compliance obligations.
Depending on the service and processing activity, the Customer may act as the responsible party or controller, and Opsiqo may act as an operator or processor when processing data on the Customer's documented instructions.
Opsiqo may also act as an independent responsible party or controller for its own account administration, billing, security, analytics, compliance, fraud prevention, and service improvement purposes.
Opsiqo will use appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, alteration, disclosure, or destruction.
The Customer is responsible for ensuring that the data submitted to Opsiqo is lawful, accurate, necessary for the agreed purpose, and processed with a valid legal basis.
Where required, the parties should enter into a Data Processing Agreement covering processing instructions, confidentiality, sub-processors, security measures, breach notification, data subject rights, retention, deletion, and cross-border transfers.