POPIA Processing and Consent Policy
Consent capture, withdrawal, and auditable POPIA processing controls.
# POPIA Processing and Consent Policy **Last updated:** 2026-03-04 ## 1. Purpose This policy defines consent collection, consent withdrawal, and processing controls for personal information handled in SocialDesk. ## 2. Consent Types - **Mandatory:** Processing consent required for core lawful operations where consent is the lawful basis. - **Optional:** Third-party sharing and communication preferences where applicable. ## 3. Consent Capture Requirements Consent records must include: - Consent type and action (grant/revoke). - Policy/disclaimer version. - Timestamp and actor context. - Supporting metadata for auditability. ## 4. Withdrawal and Objection Data subjects may withdraw optional consent or object to processing where legally permissible. Operational impacts are communicated before confirmation. ## 5. Transparency Notice Consent interfaces must clearly disclose purpose, sharing context, and rights. ## 6. Special Information Controls Special personal information requires additional protections, restricted access, and documented necessity. ## 7. Audit and Verification All consent events are logged, reportable, and reviewable by authorized compliance roles. ## 8. Related Policies This policy must be read with the Privacy Policy (POPIA), PAIA Manual, and Data Retention policy.