| Author | Marius Vorster |
| Version | 2.1 |
| Status | Published |
It is the responsibility of both Trade Shield and our Clients to process personal information lawfully, in accordance with the Protection of Personal Information Act (POPIA), 2013. Trade Shield provides configurable tools and guidance to assist Clients in collecting the necessary legal justification for processing their customers’ (referred to as Buyers) personal information. However, the ultimate responsibility for ensuring that appropriate justification is in place for all their buyers rests with the Client.
We use the following mechanisms to obtain justification, both for ourselves and on behalf of our clients:
| Consent |
|
| Contract |
|
Under the Protection of Personal Information Act (POPIA), both Trade Shield and its clients may act as either the Responsible Party or the Operator, depending on the specific data being processed and its intended use (Purpose).
Clients act as the Responsible Party for personal information they collect from their customers (Buyers) and provide to Trade Shield for onboarding, credit risk assessment, or monitoring purposes. Where Trade Shield acts as an Operator, clients are responsible for ensuring a valid operator agreement is in place, as required under Section 21 of POPIA. Trade Shield has a Data Processing Agreement that can be used; however, the responsibility for obtaining a signed version lies with the client.
Trade Shield is the Responsible Party for personal information it generates or acquires independently (e.g., derived credit insights, enriched risk data, aggregated behavioral indicators, or third-party data obtained through authorized sources). When this information is shared back with the Client, Trade Shield does so under its own obligations as a Responsible Party.
Trade Shield uses consent as justification for data processing before the buyer signs the client's terms and conditions. This is not the primary method of justification, as it can be revoked and leave the client unaware of risk changes. It is in the client's interest (and we expect it) that buyer contracts include conditional permission that is bound to the account as primary justification.
Summarized view of POPIA requirements for consent.
Our client's privacy policy must include the necessary information for a Data Subject to know how to request changes to their information, revoke consent, and lodge a complaint to the Information Regulator.
This is the normal information Trade Shield will need to configure the consent collection based on the default template.
{Customer Name}, located at {Customer Address}, requires your consent to collect and process your personal information in connection with {Customer Purpose}. Trade Shield (Pty) Ltd, located in Woodmead, Johannesburg, requires your consent to collect and process your personal information for Credit Risk Insights, Credit Assessments, Financial Analysis, and Due Diligence as part of the application and ongoing monitoring should your application be approved on behalf of {Customer Name}.
This consent applies to your data as it appears in this application, as well as any corrections you make before submission. Additionally, credit reports and checks from authorized sources, such as credit bureaus and Credit Resellers, may be requested during the process.
The information collected may include your contact details, business registration data, financial information, credit history, bank statement analysis, Audited Financials, Credit Reports, and any additional information provided below.
Your personal information may be shared with trusted third parties within the boundaries of the described purpose. Where legally permitted, your data may be transferred or accessed outside of South Africa, in accordance with Section 72 of POPIA, which includes adequate protection mechanisms, contractual assurances, or recognized jurisdictional adequacy.
If you are a sole proprietor or single director, you explicitly consent to your credit data being accessed as part of this process, including credit reports/checks.
Here are the other parties with whom your data could be shared.
Additional categories of personal data are collected for this process.
You have the right to:
For details on how your information will be protected and your rights managed, please refer to:
Trade Shield clients' contracts with their buyers must reflect lawful grounds for processing personal information. In your case, the lawful basis is "contractual necessity" and "legitimate interest", combined with disclosure to third parties (i.e., Trade Shield and other financial services).
Important Notice: This is an example, and Trade Shield does not take any liability for this recommendation and our client's POPIA justification. Each party is responsible for ensuring their specific business context and purpose are properly articulated and approved by their Information Officer and Legal Team. This explains the Trade Shield requirement in our client's contracts and may need to be supplemented or modified to ensure holistic compliance.
By accepting these terms and conditions, the Buyer acknowledges and agrees that [Client Company Name] may collect, process, and share personal and financial information on the Buyer as necessary to assess and manage the Buyer's creditworthiness and ongoing credit risk profile.
This includes the right to disclose Buyer Information to trusted third-party service providers, including but not limited to Trade Shield (Pty) Ltd and authorized financial institutions, such as credit bureaus, for purposes such as credit risk evaluation, credit limit recommendations, trade behavior analysis, and related financial services.
The Buyer acknowledges that such processing is necessary to perform the obligations of this agreement and is further justified by the legitimate interest of [Client Company Name] in managing credit risk responsibly.
Buyer Information may include contact information, payment behavior, financial records, trade references, public registry data (e.g., CIPC), legal judgments, and other relevant indicators.
Processing of this information will continue for as long as the Buyer maintains a credit facility with [Client Company Name], and thereafter only as reasonably required for legal, audit, or credit record-keeping purposes.
All processing will be conducted in compliance with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA). The Buyer may review the applicable PAIA Manual at [Client PAIA URL] and the PAIA Manual of Trade Shield.
The Buyer retains the right to access their personal information, request corrections, or raise reasonable objections to the processing of their information, subject to applicable law. Where information originates from external or public sources, the Buyer will be supported in addressing inaccuracies at the source.
The Buyer acknowledges that this processing is a condition of receiving and maintaining access to a credit facility, and that consent is not the sole basis for such processing where lawful contractual or legitimate interests apply.