Skip to main content
Rapid Safety Files
Legal

Privacy Notice

Last updated: 11 May 2026

This notice explains how Rapid Safety Files collects, uses, stores, and shares your personal information. It is aligned to the Protection of Personal Information Act 4 of 2013 (POPIA). Plain English first; if anything is unclear, email hello@rapidsafetyfiles.co.za and we'll explain.

Full notice

1. Who we are.

Rapid Safety Files is a trading name of Business Made Simple Holdings (Pty) Ltd, a company registered in South Africa. We are the “responsible party” under POPIA for the personal information we collect from contractors who buy a safety file from us, and from the personnel those contractors nominate inside that file (e.g. the Section 16(2) appointee, the Construction Manager, the Health and Safety Representative).

2. What personal information we collect.

Only what we need to compile your safety file and run the transaction. Categories:

  • Contractor identification: registered company name, trading name, CIPC registration number, VAT number, CIDB grading, physical and postal addresses.
  • Contact details: contact person name, role, email address, mobile number, landline (optional).
  • Site and project data: site address, principal contractor (where you are a sub-contractor), scope of work, estimated duration, headcount on site.
  • Nominated personnel: full names, ID numbers, qualifications, and signatures of the people you appoint into statutory roles (Section 16(2), CR8(1) Construction Manager, CR10.1 Fall Protection Plan Developer, etc.). We receive these from you at intake.
  • Payment data: processed by our payment provider. We see the transaction reference and amount; we do not store card numbers.
  • Technical data: IP address, browser, device, and pages visited — collected via standard server logs and used only for security, abuse prevention, and aggregate analytics.

3. Why we process it (legal grounds).

Under POPIA §11, processing must rest on at least one of the specified grounds. Ours are:

  • Performance of a contract with you — to compile, review, and deliver the safety file you ordered.
  • Compliance with a legal obligation — record retention required by the Companies Act, the Tax Administration Act, and SARS VAT rules.
  • Legitimate interest — securing our site against abuse, preventing fraud, and improving the service.
  • Consent — when you nominate personnel into a safety file, you confirm to us that you have their permission to hand their details over for that purpose.

4. Who we share it with.

We do not sell personal information. We share it only with the third parties needed to run the service:

  • Hosting: Vercel Inc. (United States) hosts the website and the file-delivery infrastructure. Data is processed under standard cross-border safeguards.
  • Database: Supabase (EU region) stores form submissions, order records, and the compiled file index.
  • Payments: our South African payment provider processes card and EFT transactions and holds the payment record under FICA.
  • Email delivery: our transactional email provider sends the file download link and order confirmations.
  • Professional advisors and regulators where law requires disclosure (SARS, the Department of Employment and Labour, the Information Regulator, courts).

5. How long we keep it.

Tax and accounting records: at least five years from the end of the relevant tax year, as required by SARS. The compiled file and its metadata: seven years, which matches the standard inspector-recall window for OHS Act records. Marketing-list email addresses (where you opted in): until you unsubscribe. Server logs: 90 days.

6. Your POPIA rights.

Under POPIA §23–§25 you have the right to:

  • Ask whether we hold personal information about you.
  • Request a copy of that information.
  • Ask us to correct or delete it where you can show it is inaccurate, irrelevant, excessive, out of date, or unlawfully obtained.
  • Object to processing based on legitimate interest.
  • Lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.

To exercise any of these, email hello@rapidsafetyfiles.co.za. We respond within 30 days.

7. Security.

We apply technical and organisational measures appropriate to the risk: TLS in transit, encryption at rest, role-based access, audited backups, and a documented incident-response process. If a security compromise affects your personal information, we notify you and the Information Regulator as soon as reasonably possible, per POPIA §22.

8. Cookies.

We use a small number of strictly necessary cookies (session, CSRF). We do not run third-party advertising or behavioural-tracking cookies. Analytics, where present, are configured to anonymise IP addresses and respect “Do Not Track” signals.

9. Changes to this notice.

We update this notice when the service changes materially or when the law requires. The “last updated” date at the top reflects the most recent change. Material changes are also communicated by email to customers with active orders.

10. Contact.

Information Officer: hello@rapidsafetyfiles.co.za
Business Made Simple Holdings (Pty) Ltd
Cape Town, South Africa

See also Terms of Service and Refunds & Rework Policy.