PERSONAL INFORMATION PROCESSING AND PROTECTION POLICY
1. GENERAL PROVISIONS
1.1. This Personal Information Processing and Protection Policy (the "Policy") defines the procedure for processing and protecting personal information of individuals who visit and use the website forex-drop.com (the "Operator").
1.2. This Policy has been developed in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) of the Republic of South Africa.
1.3. The purposes of this Policy are to:
protect the rights and freedoms of individuals when processing their personal information
ensure the lawful execution of agreements between the Operator and Users
provide information about services offered by the Operator
prevent unauthorised access to Users' personal information
2. DEFINITIONS
Personal Information — any information relating to an identifiable, living natural person, as defined under POPIA.
Operator / Responsible Party — forex-drop.com, the party that determines the purpose and means of processing personal information.
Processing — any operation performed on personal information, including collection, recording, storage, updating, distribution, or destruction.
Data Subject — the individual to whom the personal information relates.
Consent — voluntary, specific, and informed agreement by the Data Subject to the processing of their personal information.
Information Regulator — the regulatory authority established under POPIA responsible for the protection of personal information in South Africa.
3. COLLECTION OF PERSONAL INFORMATION AND CONSENT
3.1. Personal information is collected through the Operator's website when a User submits a form, registers, or interacts with the Operator's services.
3.2. Consent is obtained electronically by the User ticking the checkbox next to the statement "I agree to the processing of my Personal Data", with the date and time of consent recorded in system logs.
3.3. If the User does not provide consent, access to certain services may be restricted, as the Operator is not permitted to process personal information without the Data Subject's consent.
4. RIGHTS AND OBLIGATIONS
4.1. Rights of the Data Subject
The Data Subject has the right to:
be informed about the collection of their personal information
access their personal information held by the Operator
request correction or deletion of inaccurate, incomplete, or outdated information
withdraw consent to processing at any time
object to the processing of their personal information
lodge a complaint with the Information Regulator of South Africa
seek legal remedy and claim damages where applicable
4.2. How to Exercise Your Rights
Requests may be submitted:
by email: [your contact email]
via the website contact form
The Operator will respond within 30 days of receiving a request.
4.3. Obligations of the Operator
The Operator undertakes to:
process personal information lawfully, fairly, and transparently
collect information only for specific, defined purposes
not share personal information with third parties without consent, except as required by law
implement appropriate technical and organisational security measures
notify Data Subjects and the Information Regulator in the event of a data breach
5. CONFIDENTIALITY
5.1. The Operator ensures the confidentiality and security of personal information in accordance with POPIA.
5.2. Employees who process personal information are bound by confidentiality obligations and may only process data within the scope of their duties.
5.3. Access to personal information is terminated upon the end of an employee's engagement with the Operator.
6. CATEGORIES AND CONDITIONS OF PROCESSING
6.1. The Operator processes the following personal information:
Website Users: first name, email address, phone number.
6.2. The Operator does not process special categories of personal information (such as race, religion, health data, or political views).
6.3. Personal information is stored electronically on secure servers.
6.4. Personal information is retained for 3 (three) years from the end of the relationship with the User, after which it is securely destroyed.
6.5. The Operator may use personal information to send service notifications and promotional communications, where the User has consented to receive these.
6.6. The Operator does not sell or transfer personal information to third parties for commercial purposes.
7. SECURITY MEASURES
The Operator implements the following security measures:
Firewall protection preventing unauthorised external database access
Access controls and two-factor authentication
Encrypted data transmission via TLS protocol
Regular vulnerability assessments
Anti-virus and intrusion detection systems
Secure cloud hosting with object-level encryption
IP-based access restrictions
Employee training on data protection obligations
8. DATA BREACH NOTIFICATION
8.1. In the event of a data breach that poses a risk to Data Subjects, the Operator will notify both the affected individuals and the Information Regulator as soon as reasonably possible, in accordance with Section 22 of POPIA.
9. COMPLAINTS
9.1. If a Data Subject believes their rights have been violated, they may lodge a complaint with the:
Information Regulator (South Africa)
Website: www.inforegulator.org.za
Email: inforeg@justice.gov.za
10. POLICY UPDATES
10.1. This Policy may be updated from time to time. The current version is always available on the Operator's website at forex-drop.com.
Last updated: April 2026