Nestiva (Pty) Ltd POPI Act Compliance Policy

1. Introduction and Purpose

Nestiva (Pty) Ltd (“Nestiva”, “the Company”, “we”, “us”, “our”) is committed to protecting your privacy and ensuring the lawful and responsible processing of your personal information. This POPI Act Compliance Policy (the “Policy”) outlines how Nestiva collects, uses, stores, and protects personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”).

The purpose of this Policy is to inform individuals whose personal information we process, including our clients, website visitors, service providers (cleaners and contractors), and employees (“Data Subjects”), about our commitment to privacy and our practices regarding the handling of their personal information.

2. Scope

This Policy applies to all personal information processed by Nestiva, whether collected directly from Data Subjects or from third parties. It covers all aspects of our operations, including our website (www.nestiva.co.za), mobi-sites, software applications, and all other channels through which we interact with Data Subjects.

3. Key Definitions (as per POPIA)

  • Data Subject: The person to whom personal information relates.
  • Personal Information: Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including (but not limited to):
    • Information relating to race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    • Information relating to the education or the medical, financial, criminal or employment history of the person;
    • Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
    • The biometric information of the person;
    • The personal opinions, views or preferences of the person;
    • Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • The views or opinions of another individual about the person; and
    • The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
  • Processing: Any operation or activity concerning personal information, including collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, degradation, erasure or destruction of information.
  • Responsible Party: The public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. (In this Policy, Nestiva is the Responsible Party).
  • Operator: A person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party.

4. POPI Principles and Nestiva’s Adherence

Nestiva adheres to the eight (8) conditions for the lawful processing of personal information as set out in POPIA:

4.1. Accountability

Nestiva, as the Responsible Party, takes full responsibility for ensuring that the conditions for the lawful processing of personal information are met. We have appointed an Information Officer who is responsible for overseeing our POPIA compliance.

4.2. Processing Limitation

  • Minimality: We only collect personal information that is adequate, relevant, and not excessive for the purpose for which it is collected.
  • Consent, Justification, and Objection: We process personal information primarily based on your consent, where necessary for the performance of a contract with you (e.g., booking a cleaning service), or where processing is necessary for legitimate interests. You have the right to object to the processing of your personal information in certain circumstances.

4.3. Purpose Specification

  • Collection for Specific Purpose: Personal information is collected for specific, explicitly defined, and legitimate purposes related to our services and operations. These purposes are communicated to you at the time of collection.
  • Record Retention: Records of personal information are not retained for longer than is necessary to achieve the purpose for which the information was collected or subsequently processed, unless required by law or a contract.

4.4. Further Processing Limitation

Further processing of personal information will only be done if it is compatible with the original purpose for which the information was collected. If further processing is for a new purpose, your consent will be obtained, or it will be done as required or permitted by law.

4.5. Information Quality

We take reasonable steps to ensure that the personal information collected and processed is complete, accurate, not misleading, and up-to-date. We rely on Data Subjects to provide accurate information and to update it as necessary.

4.6. Openness

We are transparent about our personal information processing activities. This Policy, along with our Privacy Policy (www.nestiva.co.za/privacy), details the types of information we collect, the purposes for which it is used, and how Data Subjects can exercise their rights.

4.7. Security Safeguards

We implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised destruction, and unlawful access or processing. These measures include:

  • Physical security of our premises and data storage.
  • IT security measures, including firewalls, encryption (where appropriate), and access controls.
  • Employee training on data protection and privacy.
  • Regular reviews and updates of our security practices.
  • Agreements with Operators to ensure they apply similar security safeguards.

In the event of a data breach, Nestiva commits to notifying the Information Regulator and affected Data Subjects as required by law.

4.8. Data Subject Participation

Data Subjects have the right to:

  • Access: Request confirmation of whether we hold personal information about them, and to request access to that information.
  • Correction/Deletion: Request the correction, destruction, or deletion of their personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
  • Object: Object, on reasonable grounds relating to their particular situation, to the processing of their personal information.
  • Withdraw Consent: Withdraw their consent to the processing of personal information at any time, subject to legal or contractual restrictions.

Requests to exercise these rights should be made in writing to the Information Officer.

5. Types of Personal Information Collected

Nestiva may collect and process various types of personal information, including but not limited to:

  • Contact Information: Name, surname, physical address, email address, telephone number, mobile number.
  • Identification Information: (For Service Providers and Employees) ID number, passport number, visa details, criminal record checks (where legally permissible and necessary for vetting).
  • Financial Information: Bank account details (for payments to/from service providers and employees), credit/debit card details (processed securely via third-party payment gateways – Nestiva does not store full card numbers).
  • Service-Related Information: Booking details, service preferences, property access instructions, special requests (e.g., pet-friendly, same-gender cleaner), feedback, and complaints.
  • Technical Information: IP addresses, browser type, operating system, website usage data (via cookies and analytics, where consented to), device information.
  • Employment-Related Information: (For Employees and Service Providers) Qualifications, work history, references, performance reviews, health information (relevant to work duties).

6. How Information is Collected

Personal information is primarily collected directly from the Data Subject through:

  • Our website (e.g., online booking forms, newsletter sign-ups, contact forms).
  • Telephone calls, emails, and WhatsApp messages.
  • Direct interactions when booking or receiving services.
  • Application processes for employees and service providers.
  • Third-party background check services (for vetting cleaners/contractors, with consent).

7. Why Information is Collected (Purposes of Processing)

Nestiva collects and processes personal information for the following purposes:

  • To provide and manage our cleaning and related property care services (e.g., matching clients with service providers, scheduling bookings, managing appointments).
  • To process payments and manage billing.
  • To communicate with Data Subjects regarding their bookings, services, and queries.
  • To verify the identity and suitability of service providers and employees.
  • To market and promote our services, including sending newsletters, updates, and promotional offers (where consent has been given or legitimate interest applies).
  • To improve our services, website, and applications.
  • To comply with legal and regulatory obligations (e.g., tax, employment laws).
  • To resolve disputes and enforce our terms and conditions.
  • For internal record keeping, reporting, and statistical analysis.

8. Information Sharing and Disclosure

Nestiva will not sell or rent your personal information to third parties. We may share your personal information with:

  • Service Providers (Operators): Independent contractors (cleaners, specialist contractors) who provide services booked through our Platform, only to the extent necessary to fulfill the service (e.g., client name, address, contact number, service requirements). These Operators are bound by confidentiality agreements.
  • Third-Party Service Providers: Such as payment gateways (PayFast, Subscriptionbay), IT service providers, analytics providers, and background check services, who assist us in operating our business. These third parties are contractually obligated to protect your information and only process it for the purposes specified by Nestiva.
  • Legal and Regulatory Authorities: When required by law, court order, or to protect our rights, property, or safety, or that of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction.

9. Security Measures

Nestiva implements robust technical and organisational security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Access Control: Limiting access to personal information to authorised personnel only, based on a “need-to-know” principle.
  • Data Encryption: Encrypting sensitive data during transmission and at rest where appropriate.
  • Network Security: Implementing firewalls, intrusion detection systems, and regular vulnerability assessments.
  • Physical Security: Securing our physical premises where data is stored.
  • Employee Training: Conducting regular training for all staff on data protection and privacy best practices.
  • Data Minimisation: Collecting and retaining only the necessary personal information.
  • Incident Response Plan: Having procedures in place to detect, respond to, and recover from data security incidents.

10. Retention of Information

Nestiva retains personal information for as long as necessary to fulfil the purposes for which it was collected, to provide our services, to comply with our legal and regulatory obligations, or for legitimate business interests. Once personal information is no longer required, it will be securely destroyed or de-identified.

11. Monitoring and Review

This Policy will be reviewed and updated regularly to ensure ongoing compliance with POPIA and other applicable laws. Material changes to this Policy will be posted on our website.

12. Information Officer Contact Information

For any questions, concerns, or requests regarding this Policy or the processing of your personal information by Nestiva, please contact our Information Officer:

Information Officer: Marius Joubert, Email: support@nestiva.com Telephone: 062 266 8892, Postal Address: No. 7, 3rd Avenue, Boston, Bellville, Cape Town, 7350, South Africa

13. Effective Date

This Policy is effective as of June 17, 2025.

Experience the Nestiva difference!

Discover how we turn routine cleaning into an elevated experience.
Enquire Now
Make a Booking
Shopping Cart
Scroll to Top