Data Privacy and Protection Agreement as defined in the Protection of Personal Information Act 4 OF 2013



  • “POPI” means the Protection of Personal Information Act adopted by the Republic of South Africa on 26 November 2013 and as amended from time to time.
  • Data” for the purposes of this clause means ‘personal information’ as that term is defined in the Protection of Personal Information Act 4 of 2013 (“POPI Act”) and includes, but is not limited to the following:
    • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
    • information relating to the education or the medical, financial, criminal or employment history of the person.
    • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
    • the biometric information of the person.
    • the personal opinions, views or preferences of the person.
    • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
    • the views or opinions of another individual about the person; and
    • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
  • Processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal or any information, including but not limited to:
  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use.
  • dissemination by means of transmission, distribution or making available in any other form; or
  • merging, linking, as well as restriction, degradation, erasure or destruction of information.


  • Both Parties agree that they will comply with the POPI regulations and process all the information and/or personal data in respect of the services being rendered in accordance with the said regulation and only for the purpose of providing the Services set out in the Agreement.
  • The Client owns the Client data and all intellectual property rights in it.
  • Both parties agree and acknowledge that all information provided, whether personal or otherwise, may be used and processed by MCI and such use may include placing such information in the public domain.
  • MCI acknowledges that in providing the services to the Client that MCI may be exposed to the Client’s Data.
  • MCI will use its best endeavours and take all reasonable precautions to ensure that any information provided, is only used for the purposes it has been provided.
  • The Parties specifically record that all Data provided by the Client to MCI or to which MCI may be exposed in the performance of its obligations in terms of this Agreement, shall constitute Confidential Information and as such, MCI shall comply with all the provisions of this Agreement in relation to same.
  • MCI hereby warrants in favour of the Client, that it shall, at all times, strictly comply with all applicable legislation and with all the provisions and requirements of the Client ‘s Data Protection Policies and Procedures as may be updated from time to time as notified to MCI in writing.
  • MCI hereby warrants and undertakes that it shall not, at any time copy, compile, collect, collate, process, mine, store, transfer, alter, delete, interfere with or in any other manner use the Data for any purpose other than with the express prior written consent of the Client, and to the extent necessary to provide the services to the Client.
  • All Data, including Customer Data, provided by the Client, or accessed (or accessible) by MCI, shall be used by MCI only in connection with the provision of the services and shall not be commercially exploited by MCI in any manner whatsoever.
  • MCI further warrants that it shall ensure that all its systems which it uses to provide the Services, including all systems onto which the Client’s Data is copied, compiled, collected, collated, processed, mined, stored, transmitted, altered, or deleted, or otherwise used as part of providing the Services, shall at all times be of a minimum standard required by law for the protection, control and use of Data.
  • MCI has procured written undertakings from all its staff that those staff members who have access to Confidential Information are bound by confidentiality undertakings no less onerous than those contained in this Agreement.
  • MCI may retain Confidential Information to the extent required by, and for the duration of, any Services performed for the Client in terms of agreements between the Parties, provided that the Client has not waived performance of such Services and subject to the right of the Client to recover the Confidential Information at any time on the terms agreed herein.
  • MCI shall, in writing, notify the Client immediately where there are reasonable grounds to believe that the Personal Information received from and Processed on behalf of the Client has been accessed or acquired by any unauthorised person.


MCI warrants that:

  • It shall, at all times perform its responsibilities under the Agreement in a manner that does not infringe, or constitute an infringement or misappropriation of, any Intellectual Property or other proprietary rights of the Client or any third party.
  • It is and will remain for the duration of this Agreement, fully cognisant of and compliant with any relevant legislative or regulatory requirements and/or rulings or codes of practice of any competent authority or industry body that has jurisdiction over the provision of or is relevant to the Services.
  • It shall remain compliant with all applicable legislation, including its statutory obligations set out in the POPI Act and the Consumer Protection Act 68 of 2008 (“CPA”) if, and then to the extent, so required by the POPI Act and the CPA, respectively.


  • On termination of the Agreement for any reason, or upon written request from the Client at any time, MCI shall cease Processing any Personal Data, and (at the Client’s instruction) return to the Client or delete (in accordance with MCI’s document retention and deletion policies), any Personal Data in MCI’s possession or control, except as required by law or as required in order to defend any actual or possible legal
  • The Client acknowledges and agrees that MCI shall have no liability for any losses incurred by the Client arising from or in connection with MCI’s inability to perform the Services as a result of MCI complying with a request to delete or return Personal Data made by the Client.

This Data Privacy and Protection Agreement was last revised on 30 June 2021. Any material changes hereto will be published on our website. Your continued use of our services following any updates means that you accept MCI’s Data Privacy and Protection Agreement.