POPIA manual

Nautilus Risk Management, Gauteng, South Africa. Reachable at wellen@ns3.co.za or 074 289 1446.

Our designated Information Officer under POPIA is Wellen DeMeyer, partner. All access requests, complaints and correspondence about your personal information should go to wellen@ns3.co.za with the subject "POPIA request".

We process the personal information you share with us on one or more of these lawful bases under POPIA, depending on context:

• Your consent — when you fill in the contact form and submit it to us
• Performance of a contract — when we are quoting, scoping or delivering a service for you
• Legitimate interest — for ordinary business correspondence, supplier records and security of our systems
• Compliance with the law — where SA tax, regulatory or insurance law requires us to keep records

• Identifying information — your name, company, role
• Contact information — email, phone number, physical address (only if you give it)
• Correspondence — the content of messages, calls and meetings between us
• Operational information — for active engagements, what you have told us about your fleet, sites or business that we need to do the work

We do not knowingly process special-category personal information (race, religion, biometric data, etc.) through this website. If you submit it inside the contact-form message field, please don't — and we will delete it on receipt.

Internally, your information is accessible to the two Nautilus partners (Wellen and Karl) and to anyone working directly on your engagement. We use Afrihost (SA-based) for email and hosting. We do not sell or rent personal information to anyone.

If a Nautilus engagement involves a partner solution — for example deploying GotYou Telematics on your fleet — we will share what is necessary with that supplier and tell you we are doing it.

We do not transfer your personal information outside the Republic of South Africa as a routine matter. If a specific engagement requires it (for example, providing a quote to a foreign affiliate of your company), we will tell you first and only proceed with your consent.

POPIA gives you the right to:

• Know what information of yours we hold
• Have it corrected if it is wrong
• Have it deleted, where we are not legally required to keep it
• Withdraw consent or object to specific processing
• Lodge a complaint with the Information Regulator if you believe we have not complied with the Act

To exercise any of these rights, email our Information Officer at wellen@ns3.co.za. We will respond within thirty calendar days.

Start with us · we want to fix anything we have got wrong. If you are not satisfied with our response, you can take your complaint to the Information Regulator of South Africa:

• Website · inforegulator.org.za
• Email · POPIAComplaints@inforegulator.org.za
• Phone · 010 023 5200

We take reasonable technical and organisational steps to protect your information from loss, unauthorised access and destruction. The site is served over HTTPS. Email is held on Afrihost's SA infrastructure. Operational documents are kept on access-controlled cloud storage with two-factor authentication.

We will update the effective date at the top of the page whenever we change anything material. Active clients will be notified directly of any change that affects them.