Finance & Governance
Odoo Accounting & Invoicing Multi-Company Consolidation African Tax Localization Expenses & Budget Management
Supply Chain & Operations
Inventory & WMS Manufacturing (MRP) & PLM Quality Control & Maintenance Purchase & Vendor Management
Human Capital
Employee Lifecycle & Recruitment Payroll Management Appraisals & Fleet
Sales & Customer Experience
CRM & Pipeline Point of Sale Subscription Management Field Service Operations
Web & E-Commerce
B2B & B2C E-commerce Website Builder & SEO eLearning Platforms
Advisory & Strategy
Digital Transformation Consulting ERP Readiness Audits Business Process Re-engineering
Implementation
Turnkey Implementation Agile Project Management Data Migration Services On-Premise vs. Odoo.sh
Development
Custom Module Development API Integrations Mobile App Development
Support
24/7 SLA Support Server Maintenance & Security Version Migration
Enablement
Corporate Training Functional & Technical Certification
Primary Sectors
Agriculture & Agribusiness Manufacturing Retail & Distribution
Service Sectors
Professional Services Construction & Real Estate Hospitality
Public & Non-Profit
Government & Public Sector NGOs & International Aid Education
πŸ‡ΏπŸ‡¦ Southern Africa πŸ‡°πŸ‡ͺ East Africa πŸ‡³πŸ‡¬ West Africa πŸ‡ͺπŸ‡¬ North Africa 🌍 International
Resources
Case Studies White Papers & Reports E-books & Guides
Academy
Webinars & Events User Documentation Developer Portal
Newsroom
Blog & Insights Press Releases Serpa in the News
About Serpa
Our Story & Vision
Partnership Status
Why Choose a Silver Partner? Our Odoo Certification
Careers
Work at Serpa Internship Programs
Contact
Get in Touch
Request a Consultation

GDPR & POPIA Compliance

Our commitment to data protection regulations

Introduction

SERPA Africa is committed to complying with the European Union's General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA). This page outlines our approach to data protection and your rights under these regulations.

GDPR Compliance

For clients and contacts in the European Union, we comply with GDPR requirements including:

Lawful Basis for Processing

We only process personal data when we have a lawful basis, such as:

  • Your explicit consent
  • Performance of a contract with you
  • Compliance with legal obligations
  • Our legitimate business interests

Your GDPR Rights

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing activities
  • Rights Related to Automated Decision-Making: Request human review

POPIA Compliance

For South African clients and contacts, we comply with POPIA requirements:

Conditions for Lawful Processing

  • Accountability: We take responsibility for data protection
  • Processing Limitation: Data collected only for specific purposes
  • Purpose Specification: Clear communication of data use
  • Further Processing Limitation: Consistent with original purpose
  • Information Quality: Keeping data accurate and complete
  • Openness: Transparency about data processing
  • Security Safeguards: Protecting data from unauthorized access
  • Data Subject Participation: Respecting your rights

Your POPIA Rights

  • Be notified when personal information is collected
  • Request access to your personal information
  • Request correction of your personal information
  • Request deletion of your personal information
  • Object to processing of your personal information
  • Lodge a complaint with the Information Regulator

Data Protection Measures

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security audits and assessments
  • Employee training on data protection
  • Incident response procedures
  • Data processing agreements with vendors

International Data Transfers

When transferring data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy assessments.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Retention periods are documented in our data retention policy.

Exercising Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer:

Data Protection Officer
SERPA Africa
Email: dpo@serpa.africa
Phone: +263 718 592 096

We will respond to your request within the timeframes required by applicable law (typically 30 days).

Complaints

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

  • EU: Your local Data Protection Authority
  • South Africa: Information Regulator (www.justice.gov.za/inforeg)