POPIA Statement

Last updated: 8 March 2026

1. What this page is for

This page explains, at a high level, how VisaFlow approaches the Protection of Personal Information Act, 2013 (POPIA), in its public website and service relationships.

It is not a blanket statement that every VisaFlow processing context is fully or completely POPIA compliant in isolation. POPIA outcomes also depend on customer configuration, contracts, governance records, operational processes, and the specific feature being used.

2. VisaFlow's role can differ by processing context

Website visitors, enquiries, and newsletter signups

VisaFlow generally acts as the responsible party for personal information collected directly through the marketing site.

Customer case and applicant data inside the platform

The customer organisation will usually determine the purpose and means of processing, and VisaFlow will usually process that information to provide the service.

VisaFlow business operations

VisaFlow may act as a responsible party for its own finance, support, security, vendor-management, and marketing activities.

3. Public-facing controls currently reflected on this site

  • Public website forms include a collection notice that explains the purpose of collection, required and optional fields, recipient categories, and where to find the Privacy Policy.
  • Newsletter subscriptions require an express marketing opt-in.
  • Optional analytics and campaign-measurement technologies on the marketing site are gated behind visitor consent.
  • Privacy and marketing requests can be directed to privacy@visaflow.co.za.

See the Privacy Policy for additional detail about how information is collected, used, shared, and retained.

4. Direct marketing and analytics

VisaFlow uses newsletter and product-marketing email on an opt-in basis through the public website. Each marketing email should include an unsubscribe route, and you may also object by emailing privacy@visaflow.co.za.

Optional website analytics and campaign-measurement technologies are loaded only after visitor consent on the marketing site.

5. Rights requests

POPIA gives data subjects rights that can include access, correction, deletion or restriction where applicable, objection, and the right to complain to the Information Regulator.

  • Requests may require identity verification before we act on them.
  • If a request relates to customer-controlled platform data, the relevant customer may need to assess or fulfil the request because it may determine the purpose of processing.
  • Complaints can also be escalated to the Information Regulator of South Africa.

6. Security and compromises

VisaFlow uses technical and organisational measures designed to protect personal information. A current overview is available on our Security page.

If a security compromise involving personal information is identified, VisaFlow will assess applicable notification and response obligations under POPIA and any relevant contracts, and will communicate with the appropriate parties as required by law.

7. Governance and further information

If you require current information about privacy contacts, applicable request channels, or supporting governance documentation relevant to your relationship with VisaFlow, email privacy@visaflow.co.za.

Complaints may also be directed to the Information Regulator of South Africa via inforegulator.org.za.