Norovari (Pty) Ltd

Last Updated: 19 April 2026

---

1. Purpose

​

This Data Processing Agreement (“DPA”) outlines how Norovari (Pty) Ltd (“Processor”) processes personal information on behalf of clients (“Responsible Party”) in compliance with POPIA and aligned international data protection standards.

​

---

​

2. Scope of Processing

​

We process personal information only:

• To deliver agreed services

• According to documented instructions from the Responsible Party

• In accordance with applicable law

​

---

​

3. Security Measures

​

We implement appropriate safeguards including:

• Encryption of data in transit

• Access control restrictions

• Secure infrastructure hosting

• Monitoring and incident detection practices

---

4. Sub-Processors

​

We may engage third-party service providers to assist in delivering services.

All sub-processors are bound by written agreements requiring:

• Confidentiality

• Security safeguards

• POPIA-compliant processing obligations

---

5. Cross-Border Processing

​

Where data is transferred outside South Africa, we ensure adequate protection through:

• contractual safeguards, or  

• jurisdictional adequacy standards  

---

6. Data Breach Notification

​

We will notify the Responsible Party without undue delay upon becoming aware of a personal data breach affecting processed data.

---

 7. Return or Deletion of Data

​

Upon termination of services, personal data will be:

• returned, or  

• securely deleted, unless legally required to retain it  

---

8. Contact

​

Email: info@norovari.com