Purpose
This Recruitment Data Privacy and Information Security Management Policy outlines the principles and procedures governing the handling of personal data throughout the recruitment process at People Shop (Pty) Ltd. It aims to ensure compliance with the Protection of Personal Information Act (POPIA) and other applicable data protection laws to protect the confidentiality, integrity, and security of candidate information.
Scope
This policy applies to all employees, contractors, and third parties involved in the recruitment process at People Shop (Pty) Ltd. It covers the collection, processing, storage, and disposal of personal data related to job applicants, including resumes, cover letters, interview notes, and background checks.
Definitions
Personal Information: Any information relating to an identifiable, living natural person or juristic person as defined in POPIA.
Special Personal Information: Personal information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, biometric information, or criminal behaviour.
Data Privacy Principles
Compliance with POPIA
We adhere to the principles set out in POPIA, including lawful processing, purpose specification, data minimization, accuracy, storage limitation, security safeguards, and accountability.
Lawful Basis for Processing
Personal information will be processed lawfully, fairly, and transparently based on one or more lawful grounds such as consent, legitimate interest, or contractual necessity as provided for in POPIA.
Transparency and Fairness
Candidates will be informed about the purposes for which their personal information is collected and processed, and their rights regarding their information under POPIA.
Data Collection and Processing
Types of Data Collected
We collect and process personal information necessary for the recruitment process, including contact details, employment history, educational qualifications, skills, and other relevant information.
Collection Methods
Personal information may be obtained directly from candidates or through recruitment agencies, background check providers, and publicly available sources as permitted by POPIA.
Purpose of Data Processing
Personal information is processed for the purposes of assessing candidates’ suitability for employment, conducting interviews, verifying qualifications, and making hiring decisions in compliance with POPIA.
Data Security Measures
Access Control
Access to personal information is restricted to authorized personnel on a need-to-know basis, and access controls are implemented to prevent unauthorized access, modification, or disclosure.
Data Minimization
Only necessary personal information required for the recruitment process will be collected, processed, and retained in accordance with POPIA principles.
Encryption and Anonymization
Sensitive personal information is encrypted where appropriate to protect confidentiality and anonymization techniques are used where feasible to enhance security and protect candidate identities.
Retention and Deletion
Retention Period
Personal information will be retained only for as long as necessary for the recruitment process or as required by law, and in compliance with POPIA retention periods.
Data Deletion
Upon completion of the recruitment process, personal information will be securely deleted in accordance with established retention schedules and POPIA requirements.
Candidate Rights
Right to Access
Candidates have the right to request access to their personal information and information regarding how their information is processed as provided for in POPIA.
Right to Rectification
Candidates may request the correction of inaccurate or incomplete personal information in accordance with POPIA.
Right to Erasure
Candidates have the right to request the deletion of their personal information under certain circumstances, subject to legal obligations and exceptions under POPIA.
Sharing of Data
Third-Party Processing
Personal information may be shared with third-party service providers involved in the recruitment process, subject to appropriate data protection agreements and compliance with POPIA.
International Transfers
Transfers of personal information to countries outside South Africa will comply with POPIA requirements for cross-border transfers of personal information.
Training and Awareness
Training
Employees involved in the recruitment process receive training on data privacy and security practices, including their obligations under POPIA.
Responsibilities
Personnel handling personal information are responsible for ensuring its confidentiality, integrity, and availability in compliance with POPIA and this policy.
Incident Response
Reporting Breaches
Procedures are in place for reporting and investigating data breaches involving candidate personal information in accordance with POPIA requirements.
Mitigation and Notification
Immediate action will be taken to mitigate the impact of data breaches, and affected candidates will be notified as required under POPIA.
Monitoring and Review
Audits Regular audits of data privacy and security practices are conducted to ensure compliance with this policy, POPIA, and other applicable laws and regulations.
Policy Review
This policy is reviewed periodically and updated as necessary to reflect changes in legislation, technology, or business practices and to maintain alignment with POPIA requirements.
Compliance
Non-compliance with this policy and POPIA may result in disciplinary action, up to and including termination of employment or contract.
Policy Acceptance
All employees, contractors, and third parties involved in the recruitment process are required to acknowledge and comply with this policy and POPIA requirements.
Contact Information
For questions or concerns regarding data privacy and security in the recruitment process under POPIA, please contact Chantal Kading – Managing Director on 021 462 2828.