Adapt IT Logo
  • Home
  • About
    • Executives
    • People Connect
      • Working at Adapt IT
      • Vacancies
      • Learnerships
      • Bursaries
    • History
    • Partners
    • Compliance
    • Governance
  • Acquisitions
  • Services
    • Admin, Support & ERP
    • Core Business Operations
    • Customer Experience
    • EPM Services
    • Public Sector
    • Adapt IT Company Brochure
  • Industries
    • Education
    • Manufacturing
    • Finance Professionals
    • Heavy Industries
    • Multi-Industries
    • Telecommunications
    • Hospitality and Consumer Markets
    • Security and Services
    • Public Sector
  • ESG Sustainability
    • Empowerment
    • Ethics
    • CSI
    • Sustainability Reports
  • JSE Archive
    • Corporate Action
    • Investor Dashboard
    • Reports
    • Presentations and Webcasts
    • Results Coverage
    • Shareholder Meetings
    • 2021 King IV Application Register
  • Media
    • News
    • Press Releases
    • Blogs
  • Contact
Search
  • There are no suggestions because the search field is empty.

Data Protection FAQs

  • Trust Centre
  • Data Protection
    • Privacy Policy
    • PAIA Manual
    • Cookie Policy
    • Data Protection FAQs
    • Data Subject Access Request
  • Message Disclaimer
  • Complaints Policy
  • Terms of Use
  • Trust Centre
  • Data Protection
    • Privacy Policy
    • PAIA Manual
    • Cookie Policy
    • Data Protection FAQs
    • Data Subject Access Request
  • Message Disclaimer
  • Complaints Policy
  • Terms of Use

Data Protection FAQs

Introduction

Adapt IT Holdings Proprietary Limited (“Adapt IT”) adheres to applicable data privacy laws. We believe that everyone has a right to privacy, and we take our responsibilities seriously in processing the personal information of those we do business with.

What is the global view on data protection?

There are over 100 countries that have data protection laws, including an increasing number of African countries. The good news is that data protection laws around the world are about 80% the same. As a proudly South African company that plays on the global stage, Adapt IT maintains a global view because data protection laws influence each other.

What is the GDPR?

GDPR stands for the General Data Protection Regulation. It is a European Union (EU) law that became effective on 25 May 2018. Europe is the world leader in data protection, which means that the GDPR sets the global trends for data protection law. The GDPR determines how organisations must process and protect the personal information of people living in the European Union. Although it was drafted and passed in the EU, it imposes obligations onto organisations anywhere, so long as they target or collect the personal information of people in the EU. While Adapt IT only has a small number of EU customers, we take the protection of your personal information very seriously and have positioned ourselves to comply with the GDPR.

What is POPIA?

POPIA stands for the Protection of Personal Information Act. It is the South African law that governs how personal information is collected, used, and stored. POPIA recently came into full effect on 1 July 2021. It aims to strengthen the security and protection of personal information in South Africa. Adapt IT is required to comply with POPIA.

POPIA uses different terminology to the GDPR:

  • POPIA refers to a responsible party, the GDPR refers to a controller.
  • POPIA refers to an operator, the GDPR refers to a processor.
  • POPIA refers to personal information, the GDPR refers to personal data.

What is personal information (or personal data)?

Personal information (or personal data) is any information that identifies a person either directly (e.g. names and contact details) or indirectly (e.g. email addresses and IP addresses). POPIA differs from the GDPR in that it protects the personal information of not only natural persons, but also juristic entities, like companies, close corporations, and non-profit organisations.

What is Adapt IT’s role as defined by data protection laws?

Generally, there are three role players in data protection:

  • The data subject: the person to whom the information relates.
  • The responsible party: the person who determines why and how to process the personal information.
  • The operator: the person who processes personal information on behalf of the responsible party.

Adapt IT is either the responsible party or the operator, depending on the circumstance.

      • We are the responsible party when we directly collect personal information. A good example is when we directly collect our employees’ personal information because we determine why and decide how to process it.
      • Most times however, we are your (our customers’) operator, especially with our different software-as-a-service solutions. Here are some examples:

- With our Caseware™ solution, we provide you with practice management, audit and financial reporting functionality. Our solution allows you to upload your customer’s information to manage their tax, finance and audit related matters more efficiently. In this case we are your operator because you are using the Caseware solution to provide services to your customers and we have the backend ability to view your customer’s information to help troubleshoot any issues you may have.

- With our IntelliPERMIT™ solution, we provide you with electronic permits to work and plant operations management services. You use our solution to track and monitor the safety and compliance of your staff at a plant. Like with the Caseware example, we have the backend ability to view your staff data and troubleshoot any issues you have may experience.

Although it’s these are our solutions, you are collecting the personal information that we can view, and you are making the decisions on how to process that personal information.

  • In summary, if we are processing personal data on your behalf, and you determine the why and the how of the processing, then we are your operator, and you are the responsible party.

Does the GDPR apply to Adapt IT’s resellers, collaborators and contractors?

Yes. If you provide products or services to clients in the EU, then you need to comply with the GDPR in the following roles:

            • You will be the controller of the personal data that you process about your client or customer.
            • You will also be a processor of personal data uploaded to your hosting package on Adapt IT’s servers.

A reseller of Adapt IT’s services acts as a processor to their customers, and Adapt IT becomes a sub-processor of the information uploaded to your hosting package on our servers.

What is an Information Officer (or Data Protection Officer)?

An Information Officer is responsible for making sure that an organisation is doing everything right when it comes to protecting personal information. An Information Officer is sometimes called a Data Protection Officer or Privacy Officer. Eddy Lekhuleni is Adapt IT’s Information Officer. If you have any questions about your personal information, or how we protect it and ensure that it is processed according to relevant laws and regulations, he is available at dataprivacyofficer@adaptit.com.

What steps has Adapt IT taken to comply with relevant data protection laws?

We have taken several steps to comply with relevant data protection laws, including:

            • updating our privacy and information security policies;
            • entering into data processing agreements with our customers and suppliers;
            • updating our data security on our equipment, infrastructure, and systems; and
            • implementing monitoring procedures to monitor compliance with the data protection laws and company policies.

Our privacy policy goes into more detail to help you to better understand how we protect your personal information, and you can find it here.

What is a data processing agreement?

A data processing agreement (or data processing addendum or DPA) is a legally binding document that describes an arrangement between two organisations, where one instructs the other to perform information operations on their behalf. These relationships almost always entail a third-party processing people’s personal data. For this reason, data protection laws generally have strict rules governing data processing agreements.

Does Adapt IT have data processing agreements?

We have taken proactive steps to update our various agreements in line with our requirements in data protection law, including our Customer Relationship Terms, Contractor Relationship Terms and various orders. This means that data protection provisions have already been incorporated into your agreements with us.

If you are still concerned about whether you need a DPA with us, please contact our Information Officer. We are happy to work with you to ensure compliance with relevant data protection laws.

In terms of POPIA, does the law prohibit Adapt IT from transferring personal information cross-border?

Generally, no. However, POPIA does place various limitations on how a responsible party may transfer personal information cross-border. In the definition of POPIA, Adapt IT usually acts as an operator on behalf of our customers (the responsible party). POPIA permits operators to transfer personal data outside of South Africa on the condition that a responsible party is informed by an operator where personal data is transferred to.

The way we provide you with our products and services may require us to transfer personal data you place in our care outside of South Africa. This is especially the case with our products that makes use of cloud-based technology. Some examples of these products include:

  • ITS Integrator, ICAS and Wisenet LRM in the education sector
  • EasyRoster, CaneLab and OpSUITE in the manufacturing sector
  • Caseware Cloud and related cloud apps in the financial services sector
  • ARMS, ORTEC and our various SAP solutions in the energy sector
  • CDR Live, VISION and our various TEM solutions in the communications sector
  • Micros and our various Oracle solutions in the hospitality sector

Although cloud infrastructure may not always be based in South Africa, we have taken appropriate due diligence and care to ensure that:

  1. the infrastructure is either located in countries that have similar data protection laws to South Africa to ensure that your personal data is protected; or
  2. we have agreements in place to ensure that the information is protected and kept secure, where the countries that do not have adequate data protection laws like POPIA.


Adapt IT uses industry-standard information security measures to make sure that the personal information you put in our trust is as secure as reasonably possible.

Adapt IT remains committed to helping you Achieve more by working together to protect personal data.

© 2025 Adapt IT Holdings Proprietary Limited. All Rights Reserved.

  • Home
  • About
  • Services
  • JSE Archive
  • Media
  • Contact
  • Trust Centre
  • Privacy
  • Cookies

In Brief

Adapt IT is a leader in the ICT market through the provision of software solutions to the Education, Manufacturing, Energy, Financial Services, Communications and Hospitality sectors, employing over 1 000 technology professionals and servicing more than 10 000 customers in 53 countries.

In Brief 3

Adapt IT is a leader in the ICT market through the provision of software solutions to the Education, Manufacturing, Energy, Financial Services, Communications and Hospitality sectors, employing over 1 000 technology professionals and servicing more than 10 000 customers in 53 countries.