MyStudStats

POPIA Compliance Statement

Last updated: 6 April 2026

MyStudStats is committed to compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). This statement outlines how we fulfil our obligations as a responsible party under the Act.

1. Responsible Party

MyStudStats is the responsible party as defined in section 1 of POPIA. We determine the purpose and means of processing your personal information.

2. Information Officer

Our designated Information Officer can be contacted at info@mystudstats.co.za. The Information Officer is responsible for encouraging compliance with POPIA, dealing with requests from data subjects, and working with the Information Regulator.

3. Categories of Data Subjects

  • Members: Registered users of the MyStudStats platform (farmers, stud breeders, farm managers).
  • Buyers: Individuals whose contact details are stored by members as part of sale records.
  • Website visitors: Individuals who visit our public website.

4. Purpose of Processing

We process personal information solely for:

  • Account management and authentication.
  • Providing the stud farm management service.
  • Billing and invoicing via PayFast.
  • Sending service-related notifications.
  • Legal compliance (VAT, animal identification legislation).

5. Conditions for Lawful Processing

We adhere to all eight conditions for lawful processing as set out in Chapter 3 of POPIA:

  • Accountability: We take responsibility for all personal information in our possession.
  • Processing limitation: We collect only what is necessary for the stated purposes.
  • Purpose specification: Personal information is collected for specific, defined purposes.
  • Further processing limitation: We do not process information beyond the original purpose.
  • Information quality: We take steps to ensure information is complete, accurate, and up to date.
  • Openness: We are transparent about what information we collect and how we use it.
  • Security safeguards: We implement appropriate technical and organisational security measures.
  • Data subject participation: You can access, correct, or delete your personal information.

6. Security Measures

  • All data transmitted via HTTPS (TLS 1.3).
  • Passwords hashed using bcrypt.
  • Row-level security on all database tables.
  • JWT-based authentication with short-lived tokens.
  • No personal information stored in client-side storage or cookies beyond session tokens.

7. Cross-Border Transfers

Our hosting infrastructure may involve cross-border data transfers. Where this occurs, we ensure the receiving party provides an adequate level of protection in accordance with section 72 of POPIA.

8. Data Subject Rights

Under sections 23 to 25 of POPIA, you have the right to request access to, correction of, or deletion of your personal information. To exercise these rights, contact our Information Officer at info@mystudstats.co.za. We will respond within 30 days.

9. Complaints

If you believe your personal information has been processed in violation of POPIA, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

Questions about this policy? Email us at info@mystudstats.co.za