A practical overview of how Synergy Evolution approaches privacy, POPIA, GDPR-aware handling, and cross-border processing when personal information is involved.
Why this page exists
Synergy Evolution takes the view that strong privacy practice is not only a compliance exercise. It is also part of how trust is built across client relationships, service delivery, and technology operations.
POPIA governs how personal information is handled in South Africa, while GDPR continues to shape the wider global standard. This page sets out the language and operating roles that matter most.
| POPIA term | GDPR term | Meaning |
|---|---|---|
| Responsible party | Controller | The organization that determines why and how personal information is processed. |
| Operator | Processor | The party that processes personal information on behalf of the responsible party. |
| Personal information | Personal data | Information that can directly or indirectly identify a person, and under POPIA may also include legal entities. |
Over 100 nations, including a rising number of African nations, have data protection legislation. The good news is that many of the world's data protection rules follow the same core principles.
Synergy Evolution is a proudly South African business that competes on a global scale, so we maintain a global perspective because of the interdependence of data privacy regulations.
The General Data Protection Regulation, or GDPR, is a law of the European Union that took effect on May 25, 2018.
The GDPR sets major global trends for data protection law because Europe is a leading jurisdiction in this space. It establishes how organizations must handle and safeguard the personal data of people residing in the European Union.
Although it was created and adopted in the EU, it places obligations on organizations worldwide that target or gather personal data about EU citizens. Even though Synergy Evolution has a limited number of customers in the EU, we take the safety of personal information seriously and aim to operate in a way that aligns with GDPR expectations where relevant.
The Protection of Personal Information Act, or POPIA, is South Africa's law governing the collection, use, and storage of personal information.
POPIA came fully into effect on July 1, 2021 and is designed to strengthen the security and protection of personal information in South Africa. Synergy Evolution must comply with POPIA requirements.
Personal information or personal data means any information that directly or indirectly identifies a person, such as names, contact information, email addresses, or IP addresses.
Unlike the GDPR, POPIA also protects the personal information of legal entities such as companies, close corporations, and non-profit organizations.
There are generally three key role players in data protection: the data subject, the responsible party, and the operator.
Synergy Evolution is either the responsible party or the operator, depending on the circumstance. We are the responsible party when we directly collect personal information, for example when we collect employee information because we determine why and how it is processed.
In many cases, especially with software and managed technology solutions, we operate as an operator on behalf of our customers because they determine the purpose and means of processing while we support service delivery and troubleshooting in the backend.
Yes. If you provide products or services to clients in the European Union, then you may need to comply with the GDPR in more than one role.
You may be the controller of the personal data you process about your client or customer, and you may also act as a processor of personal data uploaded to services hosted on Synergy Evolution infrastructure.
Where a reseller of Synergy Evolution's services acts as a processor for their own clients, Synergy Evolution can become a sub-processor of the data hosted on our systems.
An information officer is responsible for helping to ensure that the necessary steps are taken to preserve the privacy of individuals and to support compliance with applicable data protection obligations.
If you have questions about the protection of your personal information or how we seek to handle it in accordance with relevant laws and regulations, you can contact us through the channels listed on our privacy policy page.
We have taken several steps to comply with relevant data protection laws and to strengthen the way personal information is handled across our business.
A data processing agreement, sometimes called a data processing addendum or DPA, is a legally binding contract between two organizations where one authorizes the other to carry out information operations on its behalf.
These relationships often involve a third party handling personal information, which means they are commonly subject to strict requirements under data protection legislation.
We have taken proactive measures to amend our agreements, including customer relationship terms, contractor relationship terms, and various orders, in line with our obligations under data protection law.
That means your contracts with us may already include data protection clauses. If you have additional questions about whether a separate DPA is required, we are willing to engage further to support compliance with relevant laws.
Usually not, but POPIA does impose restrictions on the cross-border transfer of personal information by a responsible party.
Synergy Evolution often acts as an operator on behalf of clients who are the responsible party. Where cloud-based delivery is involved, we may need to transfer personal information outside South Africa in order to provide products and services.
We seek to ensure that the infrastructure is located in jurisdictions with similar protections or that suitable contractual safeguards are in place where that is not the case. We also apply industry-standard information security measures to help protect the information entrusted to us.
Related pages
For the full policy language and formal contact routes, move from this FAQ page into the privacy policy. If you need formal information access guidance, the PAIA manual is also available on the site.
