INTRODUCTION

We are committed to comply with The Protection of Personal Information (POPI) Act and will always:

• Sufficiently inform Data Subjects (candidates/applicants/work-seekers hereafter referred to as “Candidate/s”), the specific purpose for which we will collect and process their personal information;
• Protect Personal Information from threats, whether internal or external, deliberate or accidental, to ensure business continuation, minimise business damage and maximise business opportunities.

This Policy establishes measures, processes and standards for the protection and lawful processing of personal information.

The Information Officer, Warren Wood, is responsible for:

• Monitoring this policy;
• Ensuring that this policy is supported by appropriate documentation;
• Ensuring that this policy and subsequent updates are communicated to relevant managers, representatives, staff and associates, where applicable.
• All employees, are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.
• IT and Off-site Data Storage Service Providers/Operators must satisfy us that they provide adequate protection of the data they hold on our behalf.

POLICY PRINCIPLES

Accountability for data to be collected:

• We shall take reasonable steps to safeguard all Data and Personal Information collected from Candidates for the purpose of Permanent or Temporary recruitment.

Processing Limitation/Purpose for Data Collection

• We will collect personal information directly from candidates.
• Personal Information from Social Networks and Job-seeker portals will be collected with express consent of the Candidate/s.
• Once in our possession we will only process or further process candidate information with their consent, except where we are required to do so by law. In the latter case we will always inform the candidate.

Specific Purpose

• Personal information collected from candidates will be used to secure Permanent or Temporary employment on behalf of Candidates

Limitation on Further Processing

• Personal information may not be further processed in a way that is incompatible with the initial purpose for which it was collected and will only be done with the express consent of the Candidate.

Information Quality

• We shall ensure that candidate information is complete, up to date and accurate before we use it. We will request candidates, at least once annually, to update their information and confirm that we may continue to store/retain same. If we are unable to contact a candidate their information will be deleted from our records.

Transparency/Openness

Where personal information is collected from a source other than directly from a candidate (EG Social media, Job portals) we will make candidates aware:

• That their information is being collected and the specific reason;
• Who is collecting their information by giving them our details?

Data Security

We will implement sufficient measures to guard against the risk of unlawful access, loss, damage or destruction of personal information that is held:

• Physically;
• In our electronic data base;
• By a Data Storage Service Provider;
• In any electronic devices (that will be Password protected).

Data encryption of storage devices will be installed.

We are committed to ensuring that information is only used for legitimate purposes with candidate consent and only by authorised employees of our agency.

Participation of Individuals/Complaints

• Candidates are entitled access to, and to correct any information held by us.
• Complaints should be submitted in writing to the Information Officer for Resolution.
• Requests to Access, Correct or Delete information must be made on the attached Annexures 1 and 2 and submitted to the Information Officer.

OPERATIONAL CONSIDERATIONS

Monitoring

• The Board/Management and Information Officer are responsible for ensuring adherence to Standard Operating Procedures.
• All employees and individuals directly associated with recruiting activities will be trained in the regulatory requirements governing the protection of Personal Information.
• We will conduct periodic reviews and audits, where appropriate, to ensure compliance with this policy and guidelines.