Executive Summary

My Buildings Africa is committed to safeguarding all personal and sensitive data in full compliance with the Protection of Personal Information Act (POPIA). This report details how our databases are secured, how personal information is used in our applications, and the robust measures we have implemented to protect data. We want to affirm that personal information is processed only for legitimate purposes and that our data storage practices are fully aligned with POPIA requirements.

Introduction

The Protection of Personal Information Act (POPIA) sets out measures for the lawful processing of personal information. At My Buildings Africa, protecting the privacy and security of our clients, partners, and employees is paramount. This report outlines the practices and technical measures we utilize when storing data, ensuring transparency and accountability across all operations.

Data Storage on Azure

Platform Security and Reliability

Cloud Provider Standards:

We use Microsoft Azure, a platform that meets international security standards and local regulatory obligations. Azure’s robust infrastructure, including data encryption in transit and at rest, supports our compliance needs.

Data Segmentation:

Our databases are architected to ensure proper segmentation and isolation between different types of data. This separation minimizes the risk of unauthorized access, thereby upholding data integrity and confidentiality.

Access Controls & Monitoring

Role-Based Access:

Strict role-based access controls (RBAC) are implemented to ensure that only authorized personnel have access to specific datasets.

Continuous Monitoring:

Regular audits and monitoring of database activities are performed to detect and respond to any unauthorized access attempts swiftly.

Use of Personal Information in the Application

Our application services incorporate the processing of personal information for purposes that include but are not limited to:

Client Management:

Maintaining up to date contact information and service interaction records for enhanced customer engagement.

Operational Excellence:

Leveraging data for internal analytics to optimize service delivery and improve operational workflows.

While personal information is utilized, all processing activities are confined to clearly defined purposes and are performed under strict compliance with POPIA guidelines. We ensure that personal data is collected, used, stored, and destroyed in accordance with the principles of necessity, transparency, and fairness.

POPIA Compliance Measures

Lawful & Minimal Processing

Legitimate Processing:

All personal data is processed based on a clear, legitimate purpose that is communicated to data subjects where required.

Data Minimization:

We collect only the minimum necessary personal information to support our operational needs and service delivery.

Security Safeguards

Encryption & Anonymization:

Data stored on Azure is encrypted both in transit and at rest. Where applicable, anonymization techniques are used to further safeguard individual identities.

Regular Security Assessments:

Periodic vulnerability assessments and penetration tests are conducted to ensure our security measures remain effective.

Data Subject Rights

Transparency & Access:

Data subjects have the right to access their personal information on request, and we have established procedures to promptly verify and respond to such requests.

Third-Party Processing & Contractual Safeguards

Azure as a Data Processor:

As part of our commitment to data protection, Microsoft Azure operates as our cloud data processor under strict contractual agreements that ensure compliance with all relevant data protection laws.

Service Level Agreements:

Our contracts include clear clauses about data security, breach notification, and compliance with local and international regulations.

Conclusion & Compliance Commitment

My Buildings Africa continuously reviews and refines its data protection strategies to remain compliant with POPIA and industry best practices. We ensure that every piece of personal information stored on our Azure databases and processed through our application, is handled with the utmost care and in full compliance with all legal requirements.

Compliance Statement:

My Buildings Africa expressly acknowledges the use of personal information within our application, and we remain fully compliant with the mandates of POPIA. Our data storage solutions on Azure are implemented and maintained to the highest standards of security and privacy protection, reflecting our unwavering commitment to safeguarding the personal data entrusted to us.

Jan Marthinus Botha

Director

MyBuildings Africa (Pty) Ltd

Jan.botha@corevision.africa

079-075-2000