THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA)
CLIENT/ USER PRIVACY PROTOCOLS POLICY
The purpose of this policy is to advise the client/ user (data subject) of GAAP Recruitment PTY Ltd (THE COMPANY) services, both electronic and otherwise, why data is collected and processed, what data is in focus as well as how it is processed. THE COMPANY is committed to full compliance with the POPI Act insofar as the utilisation and disclosure of data subject personal information (PI) is concerned. Hence, technical and operational measures have been put in place to protect data subject privacy and THE COMPANY invites all data subjects and/ or requesters to engage with its Information Officer (IO) in respect of any matter related hereto.
Scope of application
This policy applies to data subjects under the POPI Act and its principles extend to the Promotion of Access to Information Act (PAIA) in respect of requesters of records held by THE COMPANY. PI applies to both natural and juristic persons. Data subjects and requesters are invited to engage with the THE COMPANY Information Officer about any matter pertaining to the POPIA and PAIA, including but not limited to updating PI, deletion of PI, complaints in respect of how PI is being processed and updating consent for electronic direct marketing. The “Information Officer” portal on the website facilitates these types of engagement.
About THE COMPANY
THE COMPANY is a market-leading bespoke recruitment service occupying a position between large agencies and executive search companies. THE COMPANY strives to make a positive impact on our clients’ business and candidates’ lives by offering a personalised consulting service with the aim to form long-term relationships thereby increasing value.
We don’t merely fill a position – WE CHANGE LIVES.
We specialise in:
More details in this regard can be obtained in the “About THE COMPANY” link to its website.
Definition of Personal Information (PI)
‘‘Personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) the biometric information of the person; (e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
Purpose of Collecting and Processing PI
THE COMPANY processes PI for various purposes including for –
In respect of the processing of PI as provided for above, THE COMPANY will adhere to the conditions for the lawful processing of PI, based on its desire to provide data subjects services in their best interests as well as a legitimate interest of THE COMPANY to achieve its business objectives.
Period of holding Personal Information
THE COMPANY endeavours to provide the most accurate information possible to stakeholders, including data subjects. THE COMPANY seeks to verify the accuracy of its information as frequently as possible and to remove information that it learns to be inaccurate. Thus, THE COMPANY intends to process the information it has about data subjects for so long as it is accurate or until the data subject instructs THE COMPANY to refrain from processing it – in order to instruct THE COMPANY to refrain from collecting and/ or processing PI click here to access the Information Officer portal.
Notwithstanding the above, THE COMPANY shall hold PI for such minimum period as may be required in terms of statutes such as the Companies Act and various labour laws.
Data Subject Rights
Data subjects have the right to request that THE COMPANY provide them with access to their PI, to rectify or correct their personal information, erase PI or restrict the processing of PI, including refraining from sharing it or otherwise providing it to any third parties. Data subjects also have the right to raise complaints with the Information Regulator. The afore-going rights may be subject to certain limitations pursuant to applicable law and/ or binding contracts. In order to access any of these rights, access the Information Officer portal.
Sources of Personal Information (PI)
THE COMPANY gathers PI from several sources, which include directly from data subjects, publicly available sources such as websites, social media, commercial transactions with THE COMPANY, referrals, prospects, partner agreements, training engagements, conferences and the like. Given that PI can be extracted and/ or obtained from several sources and consolidated into one CRM or other similar systems of record, it may be difficult or impossible to identify the exact source of one particular piece of information.
Categories of Personal Information (PI) collected and processed
THE COMPANY collects information about data subjects who may be clients, client contacts, prospective clients and prospective client contacts as well as job applicants and candidates. It also collects information on its employees and suppliers as well as third parties that are part of its scope of operation.
In respect of clients, client contacts, prospective clients and prospective client contacts THE COMPANY profiles business organizations and the contacts who work for the said organisations and it may have some or all of the following categories of personal information on data subjects, historical or current –
THE COMPANY collects and processes personal information mainly to contact data subjects for the purpose of understanding their requirements and delivering services accordingly. Where possible, it will inform data subjects what information they are required to provide to THE COMPANY and what information is optional, as well as the consequences of not providing the said information.
Website usage information may be collected using “cookies” which allows THE COMPANY to collect standard internet visitor usage information.
Disclosure of information
THE COMPANY may disclose data subject PI to its third-party service providers who are involved in the delivery of products or services data subjects. THE COMPANY has agreements in place to ensure that it complies with the privacy requirements as required by the POPI Act.
THE COMPANY may also disclose data subject PI:
Furthermore, the Company may from time to time be required to disseminate Personal Information across South Africa borders. In such instances it shall ensure that the recipient country/ corporate is subject to similar personal information protections as is the case in South Africa.
THE COMPANY is legally obliged to provide adequate systems, technical and operational protection for the PI that it holds and to prevent unauthorized access to as well as prohibited use of PI. THE COMPANY will therefore on a regular basis review its security controls and related processes to ensure that the PI of data subjects remains secure.
THE COMPANY has conducted an impact assessment across all of its functions and used the findings thereof to manage risk optimally as well as to provide iterative improvements on an ongoing basis. THE COMPANY policies and procedures cover the following aspects –
THE COMPANY also ensures that it contracts with Operators as required by POPI and it requires appropriate security, privacy and confidentiality obligations of these operators in order to ensure that personal information is kept secure. The same protocols apply to any party to whom THE COMPANY may pass PI on to for the purposes mentioned herein.
How to contact us – South African office and Information Officer
Our physical address is –
GAAP Recruitment (PTY) Ltd
377 The Business Centre
CNR Rivonia Road and 12th Avenue
The information officer is –
Email – email@example.com
Mobile – 0027 11 568 2324
Or please go to our website: www.gaptalent.com to access specific engagement options.