POPIA compliance.

Syniq Ops, operated by Syniq (Pty) Ltd, is committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA) of the Republic of South Africa. This notice outlines how we process personal information in accordance with POPIA's eight conditions for lawful processing.

Syniq (Pty) Ltd is the responsible party under POPIA for the processing of your personal information. Our contact details are:

• Company: Syniq (Pty) Ltd
• Email: info@syniqsolutions.co.za
• Service: Syniq Ops Business Management Platform

We collect and process the following categories of personal information:

• Account information — name, email address, password (encrypted), business name
• Business information — VAT registration number, contact details, business address
• Client data — information you store about your clients (names, contact details, VAT numbers)
• Financial data — invoices, expenses, job records, payment information
• Usage data — log files, IP addresses, browser type, device information, usage patterns
• Communication data — support requests, feedback, correspondence with us

We process your personal information for the following purposes:

• To create and maintain your user account
• To provide the Syniq Ops platform and its features
• To process payments and manage billing
• To authenticate users and maintain security
• To provide customer support and respond to inquiries
• To improve our services and develop new features
• To send important service updates and notifications
• To comply with legal obligations and prevent fraud

We process personal information based on the following lawful grounds under POPIA:

• Consent — you have given explicit consent for us to process your data for specific purposes
• Contract performance — processing is necessary to fulfil our service agreement with you
• Legal obligation — processing is required to comply with South African laws and regulations
• Legitimate interest — processing is necessary for our legitimate business interests (e.g. security, fraud prevention)

As a data subject under POPIA, you have the following rights:

• Right to access — request access to your personal information we hold
• Right to correction — request correction of inaccurate or incomplete data
• Right to deletion — request deletion of your personal information (subject to legal retention requirements)
• Right to object — object to the processing of your personal information in certain circumstances
• Right to data portability — request your data in a portable format
• Right to withdraw consent — withdraw previously given consent at any time
• Right to lodge a complaint — lodge a complaint with the Information Regulator

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration:

• Encryption of data in transit and at rest
• Secure authentication mechanisms
• Regular security audits and updates
• Access controls and user permissions
• Secure hosting infrastructure
• Staff training on data protection

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this notice, unless a longer retention period is required by law. When you close your account, we will delete or anonymise your personal information within a reasonable timeframe.

We do not sell your personal information. We may share your information with:

• Service providers — third-party service providers who assist in operating our platform (e.g. hosting, payment processing)
• Legal authorities — when required by law or to protect our rights and safety
• Business transfers — in the event of a merger, acquisition, or sale of assets

We ensure that all third parties are bound by confidentiality obligations and comply with POPIA requirements.

Your personal information may be processed on servers located outside of South Africa. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with POPIA requirements.

To exercise any of your rights under POPIA, please contact us at support@syniqsolutions.co.za with the subject line “POPIA Data Subject Request”. We will respond within a reasonable timeframe as required by POPIA.

If you believe we have not complied with POPIA, you have the right to lodge a complaint with the Information Regulator (South Africa) at www.justice.gov.za/inforeg or inforeg@justice.gov.za.

We may update this POPIA Compliance Notice from time to time. We will notify you of any material changes via email or through the platform.