5. Data protection principles and objectives

5.1   Any employee or third-party service providers (who getlion may employ or partner with) and/or third party payment providers who process personal information belonging to a user on behalf of getlion, shall comply with all the provisions of POPIA, including the 8 data protection conditions set out under section 4 of POPIA, which are as follows:


5.1.1      Personal information shall be obtained and processed fairly and lawfully;

5.1.2      Personal information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes, unless specific consent to do so has been obtained;

5.1.3      Personal information shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;

5.1.4      Personal information shall be accurate and, where necessary, kept up to date;

5.1.5      Personal information processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes;

5.1.6      Personal information shall be processed in accordance with the rights of user under POPIA;

5.1.7      Appropriate technical and organisational safeguards and measures must be put in place to protect and guard against unauthorised or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal information;

5.1.8      Personal information shall not be transferred outside South Africa to another country unless that country has similar data privacy laws to those set out under POPIA in place, or the person / organisation to whom the personal information is being transferred provides a written undertaking to apply the principles set out under POPIA to the processing of the personal information.