1. Introduction
    • Purpose
      This Recruitment Data Privacy and Information Security Management Policy outlines the principles and procedures governing the handling of personal data throughout the recruitment process at People Shop (Pty) Ltd. It aims to ensure compliance with the Protection of Personal Information Act (POPIA) and other applicable data protection laws to protect the confidentiality, integrity, and security of candidate information.
    • Scope
      This policy applies to all employees, contractors, and third parties involved in the recruitment process at People Shop (Pty) Ltd. It covers the collection, processing, storage, and disposal of personal data related to job applicants, including resumes, cover letters, interview notes, and background checks.
    • Definitions
      • Personal Information: Any information relating to an identifiable, living natural person or juristic person as defined in POPIA.
      • Special Personal Information: Personal information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, biometric information, or criminal behaviour.
  1. Data Privacy Principles
    • Compliance with POPIA
      We adhere to the principles set out in POPIA, including lawful processing, purpose specification, data minimization, accuracy, storage limitation, security safeguards, and accountability.
    • Lawful Basis for Processing
      Personal information will be processed lawfully, fairly, and transparently based on one or more lawful grounds such as consent, legitimate interest, or contractual necessity as provided for in POPIA.
    • Transparency and Fairness
      Candidates will be informed about the purposes for which their personal information is collected and processed, and their rights regarding their information under POPIA.
  1. Data Collection and Processing
    • Types of Data Collected
      We collect and process personal information necessary for the recruitment process, including contact details, employment history, educational qualifications, skills, and other relevant information.
    • Collection Methods
      Personal information may be obtained directly from candidates or through recruitment agencies, background check providers, and publicly available sources as permitted by POPIA.
    • Purpose of Data Processing
      Personal information is processed for the purposes of assessing candidates’ suitability for employment, conducting interviews, verifying qualifications, and making hiring decisions in compliance with POPIA.
  1. Data Security Measures
    • Access Control
      Access to personal information is restricted to authorized personnel on a need-to-know basis, and access controls are implemented to prevent unauthorized access, modification, or disclosure.
    • Data Minimization
      Only necessary personal information required for the recruitment process will be collected, processed, and retained in accordance with POPIA principles.
    • Encryption and Anonymization
      Sensitive personal information is encrypted where appropriate to protect confidentiality and anonymization techniques are used where feasible to enhance security and protect candidate identities.
  1. Retention and Deletion
    • Retention Period
      Personal information will be retained only for as long as necessary for the recruitment process or as required by law, and in compliance with POPIA retention periods.
    • Data Deletion
      Upon completion of the recruitment process, personal information will be securely deleted in accordance with established retention schedules and POPIA requirements.
  1. Candidate Rights
    • Right to Access
      Candidates have the right to request access to their personal information and information regarding how their information is processed as provided for in POPIA.
    • Right to Rectification
      Candidates may request the correction of inaccurate or incomplete personal information in accordance with POPIA.
    • Right to Erasure
      Candidates have the right to request the deletion of their personal information under certain circumstances, subject to legal obligations and exceptions under POPIA.
  1. Sharing of Data
    • Third-Party Processing
      Personal information may be shared with third-party service providers involved in the recruitment process, subject to appropriate data protection agreements and compliance with POPIA.
    • International Transfers
      Transfers of personal information to countries outside South Africa will comply with POPIA requirements for cross-border transfers of personal information.
  1. Training and Awareness
    • Training
      Employees involved in the recruitment process receive training on data privacy and security practices, including their obligations under POPIA.
    • Responsibilities
      Personnel handling personal information are responsible for ensuring its confidentiality, integrity, and availability in compliance with POPIA and this policy.
  1. Incident Response
    • Reporting Breaches
      Procedures are in place for reporting and investigating data breaches involving candidate personal information in accordance with POPIA requirements.
    • Mitigation and Notification
      Immediate action will be taken to mitigate the impact of data breaches, and affected candidates will be notified as required under POPIA.
  1. Monitoring and Review
    • Audits Regular audits of data privacy and security practices are conducted to ensure compliance with this policy, POPIA, and other applicable laws and regulations.
    • Policy Review
      This policy is reviewed periodically and updated as necessary to reflect changes in legislation, technology, or business practices and to maintain alignment with POPIA requirements.
  1. Compliance
    • Non-compliance with this policy and POPIA may result in disciplinary action, up to and including termination of employment or contract.
  1. Policy Acceptance
    • All employees, contractors, and third parties involved in the recruitment process are required to acknowledge and comply with this policy and POPIA requirements.
  1. Contact Information
    • For questions or concerns regarding data privacy and security in the recruitment process under POPIA, please contact Chantal Kading – Managing Director on 021 462 2828.
Back to top