☕ Brewed

Steaming the milk…

Legal

POPIA Compliance Notice

Protection of Personal Information Act, Act 4 of 2013

Purpose of This Notice

This notice is issued in compliance with the Protection of Personal Information Act (POPIA), Act 4 of 2013. It explains how Brewed, as a Responsible Party, processes personal information in accordance with the eight conditions for lawful processing set out in POPIA.

The Eight Conditions of Lawful Processing

1. Accountability

Brewed takes responsibility for ensuring that all personal information processed on the platform complies with POPIA. The operator of Brewed is the designated Information Officer for the purposes of this Act.

2. Processing Limitation

We only process personal information that is adequate, relevant, and not excessive. We collect only what is necessary to provide the Brewed platform — primarily your email address and chosen username. We do not collect sensitive information such as race, health data, political beliefs, or biometric information.

3. Purpose Specification

Personal information is collected for the following specific purposes:

  • Creating and managing your user account
  • Displaying your community contributions (reviews, submissions)
  • Sending account-related notifications
  • Processing premium membership payments via PayFast
  • Platform security and fraud prevention

We will not process your information for any other purpose without your explicit consent.

4. Further Processing Limitation

We do not process personal information for purposes incompatible with those stated above. We do not sell, rent, or trade personal information to third parties for commercial purposes.

5. Information Quality

We take reasonable steps to ensure that the personal information we hold is accurate, complete, and up to date. You can update your profile information at any time via your account settings.

6. Openness

This POPIA notice, together with our Privacy Policy, provides full transparency about how we process personal information. We notify users of any significant changes to our processing activities.

7. Security Safeguards

We implement appropriate technical and organisational measures to protect personal information against:

  • Unauthorised access, disclosure, or alteration
  • Loss, damage, or destruction
  • Unlawful processing

These measures include encrypted data storage, secure authentication, and access controls limited to authorised personnel only.

8. Data Subject Participation

As a data subject, you have the right to:

  • Request confirmation of whether we hold your personal information
  • Request access to your personal information (PAIA request)
  • Request correction or deletion of inaccurate or incomplete information
  • Object to the processing of your personal information
  • Submit a complaint to the Information Regulator

Community Submissions and Third-Party Information

Brewed relies on community members to submit information about roasters, blends, and coffee shops. By submitting information, you confirm that:

  • The information is publicly available and not confidential
  • You are not submitting personal contact details of individuals without their consent
  • The information is accurate to the best of your knowledge
  • You are not infringing on the intellectual property of any third party

Brewed reviews all submissions before publication. Submissions that contain personal information of identifiable private individuals will be rejected.

Information Regulator

If you believe your rights under POPIA have been infringed, you may lodge a complaint with the Information Regulator of South Africa:

Website: www.inforegulator.org.za

Email: complaints.IR@justice.gov.za

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Contact the Information Officer

For any POPIA-related queries or to exercise your rights:

Email: brewed.community@gmail.com

We will respond to all requests within 5 business days and resolve them within 30 days as required by POPIA.