Privacy & Data Protection
Data Protection Policy
What Personal Information Do We Collect?
Personal Information is normally collected directly from our job applicants, potential employees and employees, a CLIENT or a potential CLIENT. We may also use other sources, subject to restrictions under applicable law, to assist in obtaining relevant Personal Information about you, including – Identification data – such as your name, surname, gender, photograph, date of birth, identification number, languages. Contact details – such as home address, telephone, email addresses, and emergency contact details. Employment details – such as employment history, performance and disciplinary records, grievance procedures, sickness/holiday records. Educational and professional background – such as academic/professional qualifications, education, CV/resumé, reference letters and interview notes. Spouse, beneficiary & dependents information, marital status. Financial information – such as banking details, tax information, payroll information, salary, benefits, expenses, company allowances. IT information – information required to provide access to our IT systems and networks such as IP addresses, log files, login information, software/hardware inventories.
Automatic Data Collection: We may also have access / collect Personal information that we collect automatically when you visit our website.
Third Party Data Collection: We may also collect information about you through our trusted third-party sources to assist us in providing product and service offerings to you, including Recruitment information (including references and other information included in a CV or cover letter or as part of the application process). Employment records (including job titles, work history, working hours, training records and professional memberships).
Purpose For Which The Information Is Being Collected.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract, we have entered with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Is The Supply Of The Information Voluntary Or Mandatory?
Any Particular Law Authorising Or Requiring The Collection Of The Information.
If your Personal Information is collected in terms of a particular law authorising or requiring the collection of the information, we will take steps to ensure that you are aware of that.
| CLIENT Personal Data: | any personal data comprised within CLIENT Data. |
|---|---|
| Data Controller: | has the meaning given to that term in the Data Protection Legislation. |
| Data Processor: | has the meaning given to that term in the Data Protection Legislation. |
| Data Retention: | We will keep your personal information for as long as is needed to carry out the purposes we’ve described, or as otherwise required by law. |
| Data Protection Legislation: | (Respective to Local Applicable Law) |
As a Data Subject You Do Have The Following Rights:
RIGHT TO BE NOTIFIED: The right to be notified that – Personal Information about you is being collected – And your Personal Information has been accessed or acquired by an unauthorised person. RIGHT OF ACCESS: The right to establish whether we hold Personal Information of you and to request access to your Personal Information.
Right To Correction, Destruction Or Deletion:
Right To Objection:
The right to object – on reasonable grounds relating to your particular situation to the processing of your Personal Information; to the processing of your Personal Information – at any time for purposes of direct marketing; or for purposes of direct marketing by means of unsolicited electronic communications.
Right With Regards To Automated Processing:
The right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of your Personal Information intended to provide a profile of you.
Right To Complain:
Complaint’s Process:
- Objection To The Process Of Personal Information
- Request For Correction Of Deletion Of Personal Information Or Destroying Of Record Of Personal Information
Our Contact Particulars
| Tel No: | +27 87 231 0311 | +44 20 3890 5455 | +353 6 1548017 |
|---|---|
| Email: | compliance.info@numata.co |
GDPR
Numata Business IT complies with all applicable requirements of the Data Protection Legislation and thus acknowledge that: If NUMATA processes any personal data on a CLIENT’s behalf when performing its obligations under any agreement, The CLIENT shall be deemed the data controller and NUMATA the data processor for the purposes of the Data Protection Legislation (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). Personal data may be transferred or stored outside the EEA or where applicable the country where a CLIENT is located in order for NUMATA to carry out the Services and NUMATA’s obligations under any agreement. The CLIENT ensures that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to NUMATA for the duration and purposes of this agreement so that NUMATA may lawfully use, process and transfer the Personal Data in accordance with any agreement on CLIENT’s behalf. NUMATA shall, in relation to any Personal Data processed in connection with the performance of its obligations under any agreement:
- Process Personal Data only on the written instructions from a CLIENT unless NUMATA is required by the laws of any member of the European Union or by the laws of the European Union applicable to NUMATA to process Personal Data (Applicable Laws). Where NUMATA is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, NUMATA shall promptly notify the CLIENT of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit NUMATA from so notifying the CLIENT;
-
Not to transfer any Personal Data outside of the EEA unless the following conditions are fulfilled:
- The CLIENT or NUMATA has provided appropriate safeguards in relation to the transfer;
- The data subject has enforceable rights and effective legal remedies;
- NUMATA complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
- NUMATA complies with reasonable instructions notified to it in advance by the CLIENT with respect to the processing of the Personal Data;
-
Notify the CLIENT without undue delay on becoming aware of a Personal Data breach;
- At the written direction of the CLIENT, delete or return Personal Data and copies thereof to the CLIENT on termination of all agreement unless required by Applicable Law to store the Personal Data; and
- Maintain complete and accurate records and information to demonstrate its compliance with legislation.
POPI and PAIA
In terms of section 18 of the POPIA Act, Data Subjects must be aware of certain information and rights in terms of the POPIA Act. In terms of the POPIA Act we must have accurate and up to date information about you. We typically collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We typically collect personal information of a CLIENT or a potential CLIENT through an application process
- We may sometimes collect additional information from third parties.
-
We may also use your personal information in the following situations:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
- If your Personal Information is transferred outside the Republic of South Africa to third party service providers, we will take steps to ensure that your Personal Information receives the same level of protection as if it remained within the Republic.
- Service Providers - We may disclose the information we collect from you to third party vendors, technology and other service providers, contractors or agents who perform functions on our behalf, or are engaged with us. These service providers are allowed to access and use the information we make available to them only as needed to perform their functions and for no other purposes, subject to appropriate contractual restrictions and security measures.
- In Response to Legal Process - We may disclose the information we collect from you in order to comply with the law, a legal proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others - We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notification, or as evidence in litigation in which we are involved.
- Legal Obligation - To carry out our obligation arising from current legislation and legal processes.