The Protection of Personal Information Act, 4 of 2013 (POPIA) gives effect to the constitutional right to data privacy in terms of Section 14 of the Bill of Rights of the Constitution.

Gwirio is committed to protecting all person’s rights to privacy as prescribed under the law. Gwirio will endeavour to ensure that all  personal information is used appropriately, transparently, and according to this policy. Gwirio must also ensure that these rights to privacy are balanced with other legitimate rights such as the right to use and the responsibility to access to information to protect Data Subjects from fraud, waste, and abuse.

This Policy sets out the responsibilities and obligations of all persons who make use of, or access or receive Gwirio communication via its electronic communication facilities and resources including its website, data services platforms, email and social media platforms.

This policy also outlines how Gwirio will handle peronsal information. It is important to note that Gwirio does not trade nor share any personal information with 3rd parties. The Gwirio services are focused on compliance and the  adherence to the 8 Personal Information Processing Principles as defined under POPIA.



1.1 In order for Gwirio to carry out its aims and objectives as a Service Provider and Operator to Responsible Parties, in providing regulatory services, data validation services and transaction verification services, Gwirio will, on an ongoing basis receive, provide and process personal information.
1.2 In terms of the Protection of Personal Information Act, 4 of 2013 (POPIA) everyone has the right to privacy, including the right to the lawful collection, retention, and processing of Personal Information.
1.3 In order to give effect to these rights, Gwirio is under a duty to provide any person (known as a “Data Subject”) whose Personal Information is processed by it, with a number of details pertaining to the use of and subsequent processing of the Data Subject’s Personal Information.
1.4 In accordance with this requirement, Gwirio sets out below:
1.4.1 the reasons why Gwirio will process a Data Subject’s Personal Information,
1.4.2 the conditions under which it received and is issuing a Data Subjects Personal Information,
1.4.3 how Gwirio will use and handle this Personal Information, as well as
1.4.4 the conditions under which it will provide its own Personal Information.


2.1 The Privacy Policy of Gwirio, is applicable to:
2.1.1 all Gwirio electronic platforms and facilities, including social media, websites and / or email, whether owned by, established by, used by, hosted by and / or accessed by Gwirio, and
2.1.2 all and any Data Subject(s), who may access and make use of the aforementioned Gwirio electronic platforms and facilities, including, without detracting from the generality thereof, Gwirio’s employees and staff, consumers and customers, vendors, contractors, service providers and / or other third parties.
2.1.3 all the Personal Information which is owned by Gwirio and which is provided by Data Subjects, as Registered Users, a result of such person accessing or making use of the Gwirio social media and electronic platforms.
2.1.4 all the Personal Information which is provided to Gwirio, by Responsible Parties, and whereas Gwirio is functioning as an Operator on behalf of the Responsible Party.


3.1 Gwirio takes the privacy and protection of a Data Subject’s Personal Information profoundly serious and will only process a Data Subject’s Personal Information in accordance with POPIA and the terms of this Privacy Policy, and subject to an agreed Operator agreement, where applicable.
3.2 The Gwirio’s services are performed in accordance with POPIA and the terms of this Privacy Policy and Gwirio provides such services as an Operator to a Responsible Party and as a Responsible Party to registered Data Subjects.
3.3 In turn where Gwirio provides any of its Personal Information to a Responsible Party or Operator, then such person will be required as a condition of receiving such information, to process such Personal Information in accordance with POPIA and the terms of this Privacy Policy.
3.4 Accordingly, the relevant data privacy principles relating to the processing of Personal Information, whether that belonging to Gwirio or to a Responsible Party or that belonging to a Data Subject (including, but not limited to, the collection, handling, transfer, sharing, correction, storage, archiving and deletion) will apply without exception, save where POPI provides for such an exception, to all and any Personal Information provided by Gwirio to another or received by Gwirio as a result of the use of the Gwirio electronic platforms and facilities.


4.1 By accessing or using the Gwirio electronic platforms and facilities including all website and URL’s, any sites housed under its domain names and / or social media platforms, and / or when sending or receiving emails using the Gwirio email, the Data Subject:
4.1.1 acknowledges that it has read and understood this Privacy Policy and related provisions;
4.1.2 have read and agreed to the terms and conditions;
4.1.3 agrees to be bound by this Privacy Policy;
4.1.4 agrees to comply with this Privacy Policy.


5.1 Gwirio receives Personal Information pertaining to a Data Subject when the Data Subject registers on the GWIRIO electronic platforms or facilities, including via its website, or by way of email, telephone or via social media or;
5.2 When the Personal Information is provided by a Responsible Party, subject to an agreed Operator Agreement for compliance related services.
5.3 On receipt of the request or query, GWIRIO will thereafter use and process the Data Subject’s Personal Information for the purpose of the query or request and which without detracting from the generality thereof may include:
5.3.1 for the purposes of identifying and / or verifying the Data Subject’s details;
5.3.2 for the purposes of providing information, or services or details in connection therewith or pertaining thereto, that the Data Subject, may have requested;
5.3.3 for employment application purposes;
5.3.4 for the purpose of concluding an employment relationship with an applicant;
5.3.5 for the purposes of managing any information pertaining to the Data Subject;
5.3.6 for further processing or general administration purposes;
5.3.7 for legal or contractual purposes;
5.3.8 to help Gwirio improve the quality of the Gwirio products and services;
5.3.9 to help Gwirio detect and prevent fraud and money laundering;
5.3.10 for the purposes of recovering unpaid monies and / or any other amount due to Gwirio;
5.3.11 for the purpose of reporting to the Information Regulator;
5.4 In order to correctly handle any request or query, and in order to perform the purposes described above, Gwirio may from time to time share a Data Subject’s Personal Information with the following parties:
5.4.1 Gwirio employees, which will only be done on a need to know basis;
5.4.2 The Information Regulator of South Africa
5.4.3 The Responsible Party related to the original Personal Information
5.5 Gwirio will not share a Data Subject’s Personal Information with any third parties who have not been described above, unless:
5.5.1 Gwirio is legally obliged to provide such information to another for legal or regulatory purposes;
5.5.2 Gwirio is required to do so for purposes of existing or future legal proceedings;
5.5.3 the onward transmission or sharing of Personal Information is necessary for the pursuance or protection of Gwirio’s legitimate interests or that of the Data Subject or a third party;
5.5.4 Gwirio is involved in the prevention of fraud, loss, bribery or corruption and are using another agent or service provider under a mandate to provide such service, and the agent or service provider needs to process the Data Subject’s Personal Information for the purpose of investigating and or preventing any act of fraud, loss, bribery or corruption,
5.5.5 and under all of the abovementioned circumstances, Gwirio will take reasonable measures to ensure that such Personal Information is only provided to the recipient, if such recipient undertakes to keep the Personal Information confidential and secure and compliant to POPI.
5.6 Where Gwirio has to transfer the Data Subject’s Personal Information across the South African borders, it will before it does so, ensure that the recipient thereof agrees to be bound by POPI under and in terms of a set of binding corporate rules or binding agreements that provide an adequate level of protection and uphold the principles for the reasonable and lawful processing of such Personal Information.


6.1 Gwirio will on receipt and in response to a query or request received from a Data Subject, referred to under section 5 above, may transmit via its website, or by way of email, telephone or via social media, or our application portals, its own Personal Information. This Personal Information on receipt by the requesting or receiving party, may only be used for the purpose relating to the initiating of the request or query and for no other purpose. Furthermore, the recipient undertakes that it will not use this Personal Information of Gwirio for any other purpose or share this information with any other party, save where it has been given express permission to do so by Gwirio.


7.1 Whilst Gwirio will make every effort to ensure the integrity and accuracy of a Data Subject’s Personal Information, this may not at all times be possible. Following this, the Data Subject accepts the responsibility for keeping his / her or its Personal Information up to date, and undertakes to inform Gwirio of any changes to his / her and its Personal Information, as per POPI requirements.
7.2 A Data Subject has a right of access to any Personal Information, related to them, which Gwirio may have and where applicable may ask Gwirio to correct any inaccuracies or request access to such Personal Information. Any access request must be done by way of a formal PAIA process, which is accessible on or via an email to or via the Gwirio Data Subject Portal –


8.1 Gwirio makes all reasonable effort to keep its social media and electronic platforms including its website secure at all times, however Gwirio advises that it cannot guarantee the security of any information provided to Gwirio or by Gwirio through the Gwirio website, e-mail, internet, application portals or social media sites. Following this Gwirio cannot be held responsible for any loss or unauthorised use or interception of information transmitted via these social media and electronic platforms or sites, including its Internet, which is beyond Gwirio’s reasonable control.
8.2 The Gwirio website may contain links to other websites outside of Gwirio’s control. Gwirio is not responsible for the content, privacy or security of these other third party-controlled websites.
8.3 Gwirio has placed cookies on its website which makes contact with your / a Data Subject’s device to help make the Gwirio social media and electronic platforms website better and manage security.
8.4 Note that all Gwirio’s social media and electronic platforms including its website and telephone facilities and your use of them will be monitored on a regular basis including the recordal and interception of content placed on or stored on said facilities which is done for security, integrity and quality assessment purposes and by using such electronic platforms and facilities you expressly acknowledge notice of such monitoring and interception and give consent thereto in accordance with the Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (“RICA”),
8.5 Subject to the provisions above, Gwirio has implemented the appropriate technical and organisational security measures which are required in order to protect all Personal Information and related data which it holds from and / or against unauthorised access, accidental or wilful manipulation, loss or destruction.


9.1 If a Data Subject provides Gwirio with Personal Information on behalf of another, Gwirio will not be able to process the query or request unless such query or request is accompanied with the required permission and consent from the owner of that Personal Information.
9.2 If a Data Subject is under the age of 18, such person’s Personal Information will only be processed if the minor’s parent or legal guardian gives the required consent or permission to the processing of the provided Personal Information.


10.1 You can contact Gwirio in relation to this Privacy Policy, please do so in writing to at


11.1 Gwirio reserve the right to and may from time to time update this Privacy Notice. Any such revision will be published as an amended version on the Gwirio website.
11.2 Following this, any change to this Policy will be posted as an updated version and readers are advised to visit and re-read this policy on a regular basis.