POPIA Compliance
Our commitment to the Protection of Personal Information Act 4 of 2013 (POPIA). NexusOps AI processes personal information in accordance with all eight conditions for lawful processing, and supports the full set of POPIA data subject rights.
Our POPIA approach
NexusOps AI Proprietary Limited (“NexusOps AI”) is a South African AI integration and automation company. POPIA compliance is not an afterthought layered on top of our products — it is built into how we collect, process, store, transfer, and dispose of personal information by default.
Read this page alongside our Privacy Policy for the full detail of what we collect, why we collect it, how we share it, and how long we retain it.
The eight conditions for lawful processing
Accountability
We are accountable for compliance with POPIA across all processing of personal information, with an appointed Information Officer registered with the Information Regulator.
Processing limitation
We only process personal information lawfully, minimally, and with consent, contractual necessity, legal obligation, or legitimate interest as a basis.
Purpose specification
We collect personal information for specific, explicit, and lawful purposes set out in our Privacy Policy. Personal information is not processed for incompatible purposes.
Further processing limitation
Any further processing is compatible with the original purpose and is permitted under POPIA or with the data subject's consent.
Information quality
We take reasonable steps to ensure that the personal information we hold is complete, accurate, and updated where necessary.
Openness
We maintain a public Privacy Policy and Cookie Policy. Where personal information is not collected directly, the source is disclosed on request.
Security safeguards
We apply AES-256 encryption at rest, TLS 1.2+ in transit, role-based access control, MFA, immutable audit logs, regular pen testing, and a documented incident response process.
Data subject participation
Data subjects can access, correct, delete, object to, or withdraw consent for processing of their personal information. Requests are answered within 30 calendar days.
Cross-border data transfers
Cloud-based processing may result in passive cross-border transfers. NexusOps AI ensures such transfers are covered by appropriate safeguards — including data processing agreements with standard contractual clauses, due diligence on cloud providers, verification of security and access controls, and restrictions on onward transfers by sub-processors. Transfers only occur where the recipient is subject to laws or agreements providing protection substantially similar to POPIA, where necessary to perform a contract, with the data subject’s explicit consent, or for the data subject’s benefit.
Your rights as a data subject
Under POPIA, you have the following rights regarding your personal information:
To exercise any of these rights, contact our Information Officer at privacy@nexusopsai.co.za. We respond within 30 calendar days. Requests may be submitted using prescribed POPIA forms where applicable. Reasonable identity verification may be required before processing requests, in order to prevent unauthorised access.
Automated decision-making
Our AI systems generate recommendations and automate workflows. They do not make solely automated decisions producing legal consequences for data subjects without appropriate human oversight. Where automated processing materially influences outcomes (e.g. financial insights, tender scoring assistance, or sales prioritisation), outputs are subject to human review, explainable at a high level upon request, and not determinative without client control. Data subjects may request human intervention, an explanation of outcomes, or the ability to contest decisions.
Data breaches
In the event of a security compromise involving personal information, NexusOps AI will notify affected clients within 24 hours of becoming aware of the breach, and will assist with notification to the Information Regulator and affected data subjects.
Complaints
If you believe NexusOps AI has not handled your personal information in accordance with POPIA, please contact our Information Officer first so we can resolve the matter. You also have the right to lodge a complaint with the Information Regulator of South Africa:
- Websitejustice.gov.za/inforeg
- Emailinforeg@justice.gov.za
- Tel+27 10 023 5200
Last updated: April 2026 · Version 1.0