For the purposes of the Protection of Personal Information Act, 4 of 2013 ("POPIA"), the Responsible Party for personal information collected through the Remunera platform is:
As required by POPIA and the 2025 POPIA Amendment Regulations, Syntera Labs has appointed and registered an Information Officer with the Information Regulator of South Africa. Our Information Officer is responsible for ensuring compliance with POPIA and handling all privacy-related requests and complaints.
To contact our Information Officer: info@synteralabs.co.za
Our PAIA (Promotion of Access to Information Act) Manual is available on request at info@synteralabs.co.za.
We collect personal information only to the extent necessary to provide the Remunera HR and payroll service. Below is a full breakdown of the categories of personal information we process:
The following categories constitute Special Personal Information under POPIA Section 26 and are processed only where a specific legal basis exists:
| Category | When Collected | Legal Basis |
|---|---|---|
| Race / ethnic origin | Employment Equity Act reporting only, if applicable | Legal obligation (EEA Section 21) |
| Health / disability information | Only if relevant to leave or payroll accommodation | Explicit employee consent |
| Gender | Employment Equity reporting and statutory leave calculations | Legal obligation (BCEA, EEA) |
⚠ Special Personal Information is never collected without a valid legal basis and is stored with additional access controls. We do not collect biometric data of any kind.
We process personal information only for the specific, explicit, and legitimate purposes set out below. We will not process information for any purpose incompatible with those listed here without obtaining fresh consent or having another lawful basis.
| Purpose | Description |
|---|---|
| Payroll Processing | Calculating gross pay, statutory deductions (PAYE, UIF, SDL), and net pay per payroll period |
| Statutory Submissions | Generating and filing EMP201 monthly returns, EMP501 reconciliations, and IRP5/IT3(a) certificates with SARS on behalf of the employer |
| UIF Administration | Calculating and declaring UIF contributions to SARS (via EMP201) and the Department of Employment and Labour (via uFiling) |
| Leave Management | Recording, approving, and tracking employee leave entitlements, requests, and balances per the BCEA |
| Payslip Generation | Generating compliant digital payslips containing all information required by the BCEA |
| HR Administration | Maintaining accurate employee records as required by the BCEA and other applicable legislation |
| Employment Equity Reporting | Generating EEA2 and EEA4 reports for designated employers (where applicable) |
| SARS Compliance Reports | Generating EMP201 summaries, IRP5 reports, and EMP501 reconciliation data |
| Account Management | Creating and maintaining user accounts, authenticating users, and managing subscription billing |
| Customer Support | Responding to enquiries, troubleshooting issues, and providing technical assistance |
| Security & Audit | Maintaining audit logs to detect and prevent unauthorised access, fraud, or misuse |
| Legal Compliance | Meeting our obligations under the Income Tax Act, BCEA, UIF Act, SDL Act, EEA, POPIA, and any other applicable South African law |
Under POPIA, every processing activity must have a lawful basis. Our processing is based on the following grounds:
We share personal information only to the extent strictly necessary and only with parties who are contractually bound to protect it:
| Recipient | Information Shared | Legal Basis |
|---|---|---|
| South African Revenue Service (SARS) | PAYE, UIF, SDL amounts; IRP5/IT3(a) certificates; EMP501 data | Income Tax Act, UIF Act, SDL Act |
| Department of Employment and Labour | UIF employer declarations; UI-19 termination forms | UIF Act |
| Compensation Fund | COIDA submissions (where applicable) | Compensation for Occupational Injuries and Diseases Act |
We use the following categories of sub-processors to deliver the Remunera service. Each sub-processor is bound by a written data processing agreement:
| Category | Purpose | Location |
|---|---|---|
| Cloud Infrastructure | Hosting platform data and databases | USA / EU (adequacy safeguards applied) |
| Email Delivery | Sending payslips, notifications, and system alerts | USA (standard contractual clauses) |
| PDF Generation | Generating payslip PDF documents | In-browser (no data transmitted to third party) |
| Analytics | Aggregated, anonymised platform usage metrics only | EU / USA |
✓ We do not sell, rent, or trade personal information to any third party for marketing, advertising, or any commercial purpose unrelated to the Remunera service.
In the event of a merger, acquisition, or sale of substantially all of Syntera Labs' assets, personal information held in the Remunera platform may be transferred to the acquiring entity. We will provide 30 days' written notice to affected clients before any such transfer occurs and will require the acquirer to honour this Privacy Policy.
Some of our infrastructure sub-processors (cloud hosting, email delivery) operate servers outside the Republic of South Africa. Any cross-border transfer of personal information is conducted in compliance with POPIA Section 72, which requires that the recipient country or organisation provides substantially equivalent protection to POPIA, or that we have implemented binding contractual safeguards (standard contractual clauses).
Specifically, transfers to sub-processors in the United States are governed by standard contractual clauses approved under applicable data protection law. No personal information is transferred to a jurisdiction that does not meet the POPIA Section 72 threshold without your explicit consent or an applicable legal exemption.
We retain personal information only for as long as is necessary for the stated purposes and to comply with our statutory obligations. The following retention periods apply:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Payroll records (payslips, calculations) | 5 years from date of processing | SARS requirement — Income Tax Act |
| IRP5 / IT3(a) certificates | 5 years from tax year end | Income Tax Act |
| EMP201 / EMP501 submissions | 5 years from submission date | Income Tax Act |
| Employee personnel records | 3 years after termination of employment | BCEA Section 31 |
| UIF declarations and records | 5 years | UIF Act |
| Leave records | 3 years after employment ends | BCEA |
| Audit logs (system access) | 2 years | Legitimate interest — security |
| Support correspondence | 2 years after resolution | Contractual / legitimate interest |
| Subscriber account data (post-termination) | 30 days, then deleted/anonymised | Contractual — post-termination clause |
Upon expiry of the applicable retention period, personal information is securely deleted or irreversibly anonymised. Where a client terminates their Remunera subscription, they have 30 days to export their data. After 30 days, non-statutory data is deleted. Statutory records (payroll, IRP5, EMP201) are retained for the legally required 5-year period in a secure, restricted-access archive.
We implement appropriate technical and organisational measures to protect personal information against loss, theft, unauthorised access, disclosure, copying, use, or modification. Our security measures include:
⚠ No method of electronic transmission or storage is 100% secure. While we use industry-leading measures to protect your information, we cannot guarantee absolute security. We commit to notifying you promptly if a breach occurs that affects your data.
Under POPIA, every data subject (individual whose personal information is processed) has the following rights. These rights apply to employees whose information is processed through the Remunera platform, as well as to Remunera clients (employer-subscribers).
You have the right to request confirmation of whether we hold your personal information, and to obtain a copy of that information. We will respond within 30 days of receiving a valid request (a hard statutory deadline under the 2025 POPIA Amendment Regulations).
You have the right to request that we correct inaccurate, misleading, or out-of-date personal information. Employees should first raise corrections with their employer (the Responsible Party for their data), who will update the information in the Remunera platform.
You have the right to request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, and where no statutory retention obligation applies. Payroll and tax records cannot be deleted during their mandatory 5-year retention period.
You have the right to object to the processing of your personal information on grounds of legitimate interest, and to object to processing for direct marketing purposes (which we do not conduct). We will cease processing upon a valid objection unless we have compelling legitimate grounds that override your interests.
Where consent is the legal basis for processing (Special Personal Information), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where consent withdrawal would prevent us from delivering statutory payroll services, we will notify you of this consequence.
Per the 2025 POPIA Amendment Regulations, we accept data subject requests through multiple channels:
We will acknowledge receipt within 3 business days and respond fully within 30 days. Identity verification is required before we release any personal information.
✓ Accessing your personal information is free of charge. We will never charge a fee for responding to a data subject access request.
In the event of a security compromise that affects personal information, we are committed to the following response:
Our breach notification will include: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, measures taken or proposed, and contact details for further information.
Our marketing website (remunera.co.za) uses cookies. Under POPIA, cookies that collect personal information require your explicit consent.
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary | Session management, security tokens, login state | No — essential for the service to function |
| Analytics | Aggregated, anonymised usage statistics (no personal identification) | Yes — opt-in consent required |
| Preference | Remembering your display and language preferences | Yes — opt-in consent required |
We do not use third-party advertising cookies or behavioural tracking cookies. You may withdraw consent for non-essential cookies at any time by clearing your browser cookies and declining consent on your next visit.
The Remunera HR application (app.remunera.co.za) uses only strictly necessary session cookies required for authentication and security. No analytics or marketing cookies are deployed within the application.
It is important to understand that Remunera operates as an Operator under POPIA — not as the Responsible Party — in respect of the personal information of your employees.
As required by POPIA Section 21, a written Operator Agreement governs our processing of employee data on your behalf. This Operator Agreement is incorporated into and forms part of your Remunera Terms of Service. By accepting the Terms of Service, you enter into the Operator Agreement.
As Responsible Party, you are responsible for:
The Remunera platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18 without verifiable parental or guardian consent, we will delete such information promptly. If you believe a child's information has been processed through our platform in error, please contact us at info@synteralabs.co.za.
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. We will:
Your continued use of the Remunera service after the effective date of updated terms constitutes acceptance. If you object to any material changes, you have the right to terminate your subscription per the Terms of Service.
For all privacy-related enquiries, data subject rights requests, or POPIA compliance questions, please contact our Information Officer:
We aim to acknowledge all privacy requests within 3 business days and resolve them within 30 days as required by POPIA.
If you are not satisfied with how we have handled your personal information or responded to your request, you have the right to lodge a complaint with the Information Regulator of South Africa — the statutory body that enforces POPIA.