Compliance
POPIA Compliance Notice
Effective date: 24 March 2026
1. Introduction
BlyNet (Pty) Ltd (“BlyNet”, “we”, “us”, or “our”) is committed to complying with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and all applicable data protection legislation in the Republic of South Africa. This notice explains how BlyNet processes personal information in accordance with the eight conditions for lawful processing set out in Chapter 3 of POPIA.
2. Responsible Party
In terms of section 1 of POPIA, the responsible party (the entity that determines the purpose and means of processing personal information) is:
3. Information Officer
In terms of section 55 of POPIA, the Information Officer of BlyNet is the director of BlyNet (Pty) Ltd. All POPIA-related requests, complaints, and correspondence should be directed to:
4. Conditions for Lawful Processing
BlyNet processes personal information in compliance with the eight conditions for lawful processing prescribed by POPIA:
4.1 Accountability (Condition 1)
BlyNet takes responsibility for ensuring that all processing of personal information complies with POPIA. We have implemented appropriate policies, procedures, and technical measures to ensure and demonstrate compliance. All employees and service providers who process personal information on our behalf are bound by confidentiality obligations and are required to process personal information in accordance with our instructions and POPIA.
4.2 Processing Limitation (Condition 2)
Personal information is processed lawfully and in a manner that does not infringe on the privacy of the data subject. We process personal information only where:
- The data subject has consented to the processing;
- Processing is necessary for the performance of a contract to which the data subject is a party;
- Processing is necessary to comply with a legal obligation;
- Processing is necessary to protect a legitimate interest of the data subject; or
- Processing is necessary for the pursuit of the legitimate interests of BlyNet or a third party.
We collect only the minimum personal information necessary for the stated purposes and do not process personal information for unrelated, incompatible, or undisclosed purposes.
4.3 Purpose Specification (Condition 3)
Personal information is collected for specific, explicitly defined, and lawful purposes related to the operation of the Platform, including:
- Account creation and management;
- Processing of bookings and payments;
- Facilitating communication between guests and hosts;
- Host identity verification and property validation;
- Platform security and fraud prevention;
- Compliance with legal and regulatory obligations;
- Improvement of the Platform and user experience.
When a guest confirms a booking, the guest's contact details (name, email, and phone number) are shared with the host in a confirmation email, and the host's contact details are shared with the guest. This exchange is necessary for the performance of the booking contract, enabling check-in coordination and direct communication between the parties.
Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Please refer to our Privacy Policy for specific retention periods.
4.4 Further Processing Limitation (Condition 4)
Personal information is not processed in a manner incompatible with the purpose for which it was originally collected, unless the data subject has consented or such processing is permitted by law.
4.5 Information Quality (Condition 5)
BlyNet takes reasonable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary. Data subjects are encouraged to update their personal information through their account settings or by contacting us directly.
4.6 Openness (Condition 6)
BlyNet maintains transparency about how personal information is processed. This POPIA Compliance Notice, together with our Privacy Policy and Cookie Policy, provides comprehensive information about our data processing practices. We will notify data subjects of any material changes to our processing activities.
4.7 Security Safeguards (Condition 7)
BlyNet implements appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised destruction, and unlawful access. These measures include, but are not limited to:
- Encryption of personal information in transit using TLS/HTTPS.
- Encryption of sensitive personal information at rest.
- Secure password hashing using industry-standard algorithms.
- Role-based access controls restricting data access to authorised personnel.
- Regular security monitoring and vulnerability assessments.
- Secure backup and disaster recovery procedures.
- Processing of payment information by PCI-DSS compliant third-party processors (PayFast, Ozow).
- Error monitoring and incident response capabilities.
In the event of a security compromise that involves personal information, BlyNet will notify the Information Regulator and affected data subjects as required by sections 21 and 22 of POPIA.
4.8 Data Subject Participation (Condition 8)
Data subjects have the right to participate in the processing of their personal information. These rights are detailed in section 5 below.
5. Rights of Data Subjects
In terms of POPIA, data subjects have the following rights:
Right of Access (Section 23)
You may request confirmation of whether BlyNet holds personal information about you, and request a record or description of such information, including the identity of all third parties who have or have had access to the information.
Right to Correction (Section 24)
You may request correction, deletion, or destruction of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully.
Right to Object (Section 11(3))
You may object to the processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing.
Right to Object to Direct Marketing (Section 69)
You may object at any time to the processing of your personal information for the purpose of direct marketing by means of unsolicited electronic communications.
Right Not to Be Subject to Automated Decision-Making (Section 71)
You may not be subject to a decision that significantly affects you that is based solely on the automated processing of your personal information, unless appropriate measures are in place to protect your legitimate interests.
Right to Lodge a Complaint (Section 74)
You may submit a complaint to the Information Regulator if you believe that your personal information has been processed in contravention of POPIA.
To exercise any of these rights, please submit a written request to support@blynet.io. We may require proof of identity before processing your request. We will respond within 30 days of receiving a valid request.
6. Operators (Third-Party Processors)
BlyNet engages certain third-party service providers (“operators” as defined in POPIA) to process personal information on its behalf. All operators are bound by written agreements that require them to:
- Process personal information only on BlyNet’s documented instructions;
- Implement appropriate security measures to protect personal information;
- Notify BlyNet of any security breaches without undue delay;
- Delete or return personal information upon termination of the processing agreement.
Our key operators include payment processors (PayFast, Ozow), cloud infrastructure providers, email delivery services, and error monitoring services.
7. Cross-Border Transfers
Where personal information is transferred to a country outside of South Africa (for example, to cloud service providers), BlyNet ensures that the transfer complies with section 72 of POPIA by verifying that the recipient is subject to a law, binding corporate rules, or binding agreement that provides an adequate level of protection, or that the data subject has consented to the transfer.
8. Direct Marketing
BlyNet will only use personal information for direct marketing purposes with the prior consent of the data subject, in accordance with section 69 of POPIA. You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email or by contacting us at support@blynet.io.
9. Special Personal Information
BlyNet does not intentionally collect special personal information as defined in section 26 of POPIA (including information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sexual life, biometric information, or criminal behaviour). If such information is incidentally provided by a user (for example, in free-text communications), it will be processed only to the extent necessary and will not be used for profiling or discriminatory purposes.
10. Security Breach Notification
In the event of a security compromise involving personal information, BlyNet will, in accordance with section 22 of POPIA:
- Notify the Information Regulator as soon as reasonably possible after becoming aware of the compromise;
- Notify affected data subjects as soon as reasonably possible, unless the identity of the data subjects cannot be established;
- Provide sufficient information to allow data subjects to take protective measures;
- Investigate the compromise and take steps to prevent recurrence.
11. Information Regulator
If you believe that BlyNet has processed your personal information in contravention of POPIA, you have the right to lodge a complaint with the Information Regulator:
Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za
Complaints email: POPIAComplaints@inforegulator.org.za
Website: inforegulator.org.za
Tel: 012 406 4818
12. Updates to This Notice
This POPIA Compliance Notice may be updated from time to time. Material changes will be communicated to data subjects through the Platform or by email. The effective date at the top of this notice indicates when it was last updated.