MPC Recruitment cares about your Personal Information and how it is processed. We as a company are committed to ensuring your Personal Information is collected, processed, stored and tracked with integrity and in accordance with the Protection of Personal Information Act (No. 4 of 2013) (“POPI”) and Promotion of Access to Information Act (No. 2 of 2000) (“PAIA”)
As you read this Privacy Statement please keep in mind that MPC Recruitment (Pty) Limited (herein after reffered to as the “Company”) – includes related entities and / or wholly owned subsidiaries listed below. We have tried to make this policy easy and simple to read . If you have any further queries or questions, please submit them to firstname.lastname@example.org
1.COLLECTION OF PERSONAL INFORMATION
The company collects stores and processes personal information pertaining to data subjects including its employees, suppliers, clients and other stakeholders. The type of information collected and processed will depend on the purpose for which it is collected and will be processed for that scope of application only. Whenever appropriate, the company will inform the data subject of the information required, the purpose thereof, the rights of participation and the other relevant provisions contained at law.
The company must indicate to the data subject the consequence of failing to provide such personal information. For example, the company may not be able to employ an individual without certain personal information relating to that individual or the company may not be in a position to render services to a client in the absence of certain information which is required.
Examples of the personal information the company collects includes, but is not limited to information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person –
Information relating to the race, gender, sex, marital status, national origin, cooler, age, disability, language and birth of the person;
Information relating to the education or the medical criminal or employment history
Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person
The biometric information of the person;
Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.COLLECTION OF EMPLOYEE INFORMATION
For the purposes of this Policy, “employees” include potential, past and existing employees of the company The company will, when appointing new employees, require information, including, but not limited to that listed above, from the prospective employee in order to process the employee’s information on the company’s system. Such information is reasonably necessary for the company’s record purposes as well as to ascertain if the prospective employee meets the requirements for the position to which he or she is being appointed and is suitable for such appointment.
The company will use and process such employee information, as set out below, for purposes including, but not limited to, its employment records and to make lawful decisions in respect of that employee and its business.
3.USE OF EMPLOYEE INFORMATION
Employees’ personal information will only be used for the purpose for which it was collected and intended. This would include, but is not limited to:
submissions to the Department of Employment and Labour
submissions to the Receiver of Revenue
for audit and record keeping purposes
in connection with legal proceedings
in connection with and to comply with legal and regulatory requirements
in connection with any administrative functions of the Company
disciplinary action or any other action to address the employee’s conduct or capacity
in respect of any employment benefits that the employee is entitled to
pre-and post employment checks and screening
any other relevant purpose to which the employee has been notified of
any compliance requirements at law.
Should information be processed for any other reason that is not in the legitimate interests of the employee, the company will inform the employee accordingly.
CONDITIONS FOR PROCESSING INFORMATION
The company acknowledges that personal information may only be processed if certain conditions are met which, depending on the merits include –
The employee consents to the processing
The processing is necessary to attend to justifiable rights and obligations, for example contractual fulfilment
The processing complies with an obligation imposed by law on the company
Processing protects a legitimate interest of the employee
Processing is necessary for pursuing the legitimate interests of the company or of a third party to whom information is supplied.
5.COLLECTION OF CLIENTS AND/ OR SUPPLIER INFORMATION
For purposes of this Policy, clients include potential, past and existing clients.
The company collects and processes its clients’ personal information, such as that mentioned hereunder. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Further examples of personal information collected from clients include, but is not limited to:
The client’s identity number, name, surname, address, postal code
The client’s residential and postal address
Company registration number
Full name of the legal entity
Tax and/or VAT number
Details of the person responsible for the client’s account
6.USE OF CLIENT AND SUPPLIER INFORMATION
The client’s personal information will only be used for the purpose for which it was collected and as agreed, if any such agreement is required at law. This may include, but not be limited to:
Providing products and/ or services to clients
In connection with sending accounts and communication in respect of services rendered
Referral to other service providers
Confirming, verifying and updating client details
Conducting market or customer satisfaction research
For audit and record keeping purposes
In connection with legal proceedings
In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
The company acknowledges that personal information may only be processed if any of the conditions set out hereunder are met:
Client consents to the processing
The processing is necessary to attend to rights and obligations that are justifiable, including fulfilling contractual provisions
The processing complies with an obligation imposed by law on the company
Processing protects a legitimate interest of the party
Processing is necessary for pursuing the legitimate interests of the company or of a third party to whom information is supplied.
7.DISCLOSURE OF PERSONAL INFORMATION
Subject to legislative provisions providing the contrary, the company may share data subject’s personal information with third parties as well as obtain information from such third parties for reasons set out above.
The Company may also disclose data subject’s information where there is a duty or a right to disclose in terms of applicable legislation, a contractual obligation, the law or where it may be necessary to protect the company’s rights.
8.SAFEGUARDING PERSONAL INFORMATION AND CONSENT
It is a requirement of POPI to adequately protect the personal information the company holds and to avoid unauthorized access and use of personal information.
The company shall review its technical and operational security controls and processes on a regular basis to ensure that personal information is secure.
The Company shall appoint an Information Officer who is responsible for the encouragement of compliance with the conditions of the lawful processing of personal information and other provisions of POPI and PAIA.
INFORMATION OFFICER DETAILS
Name: Melissa Morgan
Telephone number: 079 946 98 42
Fax number: Non-Applicable
Postal address: 27 Ncondo Chambers Umhlanga Ridge Durban South Africa
Physical address: 27 Ncondo Chambers Umhlanga Ridge Durban South Africa
Email address: email@example.com
Personal Information Processing Requests: firstname.lastname@example.org
Each new employee will be required to sign an employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.
The Company’s suppliers who fall within the definition of “operators” will be required to enter into a written agreement guaranteeing their commitment to the Protection of Personal Information.
Consent to process client information is obtained from data subjects (or a person who has been given authorization from the client to provide the client’s personal information) during the introductory, appointment and needs analysis stage of the relationship.
Should the company detect a security breach on any of its systems that contain personal information, the company shall take the required steps to assess the nature and extent of the breach in order to ascertain if any information has been compromised.
The company shall activate its Incident Response Plan which includes the notification of the affected parties and the Information Regulator should it have reason to believe that personal information has been compromised. Such notification shall only be made where the company can identify the data subject to which the information relates. Where it is not possible it may be necessary to consider website publication and whatever else the Information Regulator prescribes.
Notification will be provided in writing by means of either:
place on our website.
The notification shall provide the following information where possible:
description of possible consequences of the breach
measures taken to address the breach
recommendations to be taken by the data subject to mitigate adverse effects
the identity of the party responsible for the breach.
In addition to the above, the company shall notify the Regulator of any breach and/or compromise to personal information in its possession and work closely with and comply with any recommendations issued by the Regulator.
The following provisions will apply in this regard –
The Information Officer will be responsible for overseeing the investigation.
The Information Officer will be responsible for reporting to the Information Regulator within 2 working days of a breach/ compromise to personal information.
The Information Officer will be responsible for reporting to the Data Subject(s) within 2 working days of a breach/ compromise to personal information.
The timeframes above are guidelines and depending on the merits of the situation may require earlier or later reporting.
11.ACCESS AND CORRECTION OF PERSONAL INFORMATION
Data subjects have the right to request access to any personal information that the company holds about them.
Data subjects have the right to request the Company to update, correct or delete their personal information on reasonable grounds. Requests must be submitted to email@example.com,za.
Where an employee or client objects to the processing of their personal information, the Company may no longer process said personal information. The consequences of the failure to give consent to process the personal information must be set out before the employee or client confirms his/her objection.
The data subject must provide Submitt the relevant form outlining reasons for the objection to the processing of his/her personal information to firstname.lastname@example.org
12.RETENTION OF RECORDS
The company shall ensure the safeguarding and protection of all personal information or data. The company is obligated to retain certain information as prescribed by law. This includes but is not limited to the following:
With regard to the Companies Act, No. 71 of 2008 and the Companies Amendment Act No 3 of 2011, hard copies of the documents mentioned below must be retained for 7 years:
Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act
Notice and minutes of all shareholders meetings, including resolutions adopted and documents made available to holders of securities
Copies of reports presented at the annual general meeting of the company
Copies of annual financial statements required by the Act and copies of accounting records as required by the Act.
The Basic Conditions of Employment No. 75 of 1997, as amended requires the Company to retain records relating to its staff for a period of no less than 3 years.
13.AMENDMENTS TO THIS POLICY
Amendments to this Policy will take place from time to time subject to the discretion of the Company and pursuant to any changes in the law. Such changes will be brought to the attention of employee’s clients where it affects them.
14.STANDARDS OF CONDUCT REQUIRED OF EMPLOYEES
In addition to the provisions contained within this POPI policy, the employment contract, the disciplinary code, the electronic communications, and social media policy as well as any other document relating to employees, the following standards of conduct and practice and their accompanying underlying principles must be complied with at all times and a breach thereof may result in serious disciplinary action and even dismissal for a first offence.
The employee must ensure that the conditions and all the measures that give effect to such conditions are complied with at the time of the determination of the purpose and means of the processing and during the processing itself.
Personal information must be processed
in a reasonable manner that does not infringe the privacy of the data subject.
This includes considerations of minimality, and adequacy given the purpose for which it is intended. In addition –
The data subject consents to the processing; or/ and
The purpose is to carry out actions for the conclusion or performance of a contract; or/ and
Processing complies with an obligation imposed by law on the responsible party; or/ and
Processing protects a legitimate interest of the data subject; or/ and
Processing is necessary for the proper performance of a public law duty by a public body; or/ and
Processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied; or/ and
Collection must be directly from the data subject, except as otherwise provided for unless the information is contained in or derived from a public record or has deliberately been made public by the data subject.
Personal Information is collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party (The Company)
FURTHER PROCESSING LIMITATION
Further processing of personal information must be compatible with the purpose for which it was collected and consider -
The consequences of the intended further processing for the data subject
The manner in which the information has been collected; and
Any contractual rights and obligations between the parties.
Employees must secure the integrity and confidentiality of personal information in their possession or under their control by taking appropriate, reasonable technical and organizational measures to prevent—
loss of, damage to or unauthorized destruction of personal information; and
unlawful access to or processing of personal information.
Employees must take reasonable measures to—
identify all reasonably foreseeable internal and external risks to personal information in its possession or under their control.
establish and maintain appropriate safeguards against the risks identified.
regularly verify that the safeguards are effectively implemented; and
ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
Employees must have due regard to generally accepted information security practices and procedures.
MPC Recruitment Pty Ltd; Franchises and Subsidiaries
PROMOTION OF ACCESS TO INFORMATION MANUAL
Prepared in terms of the requirements of the PROMOTION OF ACCESS TO INFORMATION ACT No. 2 of 2000
This Manual has been prepared in respect MPC Recruitment which includes related entities and / or wholly owned subsidiaries as reflected in Annexure A
The Promotion of Access to Information Act 2 of 2000 (“PAIA” or “the Act”) gives effect to the constitutional right of access to any information held by the state and any information that is held by another person and that is required for the exercise or protection of any rights. The Protection of Personal Information Act 2013 has amended the PAIA and also requires from private bodies to disclose certain information through the relevant organization’s PAIA Manual.
Specifically, section 51(1) of the Act, read with the Protection of Personal Information Act of
2013, requires a private body to compile a manual that must contain information as specified and required by both PAIA and POPI. In addition, the PAIA manual must set out the formal procedure that a person must follow in order to request to view, update or delete personal information held by the private body.
In this context, a "private body" is defined as any natural person who carries or has carried on any trade, business or profession, but only in such capacity or any partnership which carries or has carried on any trade, business or profession or any former or existing juristic person (e.g. any company, close corporation or business trust).
This organization falls within the definition of a "private body" and this Manual has been compiled in accordance with the said provisions and to fulfil the requirements of the Act.
In terms of the Act, where a request for information is made to a body, there is an obligation to provide the information, except where the Act expressly provides that the information may not be released. In this context, Section 9 of the Act recognizes that access to information can be limited. In In general the limitations relate to circumstances where such release would pose a threat to the protection of privacy, commercial confidentiality, and the exercising of efficient governance.
Accordingly, this manual provides a reference to the records held and the process that needs to be adopted to access such records..
The Managing Director of MPC Recruitment has delegated his powers to the Information Officer below in terms of the Act to handle all requests on MPC Recruitment’s behalf and ensure that the requirements of the Act are administered in a fair, objective, and unbiased manner
2. MPC Recruitment Business Details:
Information Officer:Melissa Morgan
Tel: +27 (0) 31 562 8001
Deputy Information Officer: Frans Reuvers
Physical Address: 27 Ncondo Chambers,
3. SECTION 51(1) OF THE PROMOTION OF ACCESS TO INFORMATION ACT (THE ACT)
3.1 The Act grants a requester access to records of a private body, if the record is required for the exercise or protection of any rights. If a public body lodges a request, the public body must be acting in the public interest.
3.2 Requests in terms of the Act must be made in accordance with the prescribed
procedures, at the rates provided. The forms and tariff are dealt with in regulations 6 and
7 of the Act.
3.3 Requesters are referred to the Guide in terms of Section 10 which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC.
The contact details of the Commission are:
Postal Address: Telephone Number: Fax Number: Website:
Private Bag 2700, Houghton, 2041 (011) 877 3600
4. RECORDS AVAILABLE IN TERMS OF SECTION 52(2) OF THE ACT
5. RECORDS THAT ARE HELD AT THE OFFICES OF THE BUSINESS
The following is a list of records that are held at the business’s office:
• Attendance registers
• Founding Documents
• Licences (categories)
• Minutes of Management Meetings
• Minutes of Staff Meetings
• Statutory Returns
• Employee Records
• Employment Contracts
• Employment Equity Records
• General Correspondence
• Industrial and Labour Relations Records
• Information relating to Health and Safety Regulations
• Performance Appraisals
• Personnel Guidelines, Policies and Procedures
• Remuneration Records and Policies
• Salary Surveys
• Skills Requirements
• Staff Recruitment Policies
• Statutory Records
• Training Records
• Brochures on Company Information
• Client and Customer Registry
• General Correspondence
• Information relating to Employee Sales Performance
• Information relating to Work-In-Progress
• Marketing and Future Strategies
• Marketing Records
• Production Records
• Sales Records
• Suppliers’ Registry
• Annual Financial Statements
• Asset Register
• Banking Records
• Financial Transactions
• General Correspondence
• Insurance Information
• Internal Audit Records
• Management Accounts
• Purchase and Order Information
• Employment Equity Act 55 of 1998
• Stock Records
• Tax Records (company and employee)
• IT Policies and Procedures
• Network Diagrams
• User Manuals
At present these include records (if any) held in terms of:
• Arbitration Act 42 of 1965
• Basic Conditions of Employment 75 of 1997
• Companies Act 71 of 2008
• Compensation for Occupational Injuries and Health Diseases Act 130 of 1993
• Copyright Act 98 of 1978
• Consumer Protection Act 68 of 2008
• Currency and Exchanges Act 9 of 1933
• Debtor Collectors Act 114 of 1998
• Finance Act 35 of 2000
• Financial Advisory and Intermediary Services Act 37 of 2002
• Electronic Communications and Transactions Act 25 of 2002
• Financial Intelligence Centre Act 38 of 2001
• Financial Services Board Act 97 of 1990
• Financial Relations Act 65 of 1976
• Harmful Business Practices Act 23 of 1999
• Income Tax Act 95 of 1967
• Insolvency Act 24 of 1936
• Intellectual Property Laws Amendments Act 38 of 1997
• Financial Institutions (Protection of Funds) Act 28 of 2001
• Financial Services Ombud Schemes Act 37 of 2004
• Labour Relations Act 66 of 1995
• Long Term Insurance Act 52 of 1998
• Inspection of Financial Institutions Act 80 of 1998
• Occupational Health & Safety Act 85 of 1993
• Pension Funds Act 24 of 1956
• Post Office Act 44 of 1958
• Protection of Businesses Act 99 of 1978
• National Credit Act 34 of 2005
• National Road Traffic Act 93 of 1996
• SA Reserve Bank Act 90 of 1989
• Short Term Insurance Act 53 of 1998
• Skills Development Levies Act 9 of 1999
• Promotion of Access to Information Act 2 of 2000
• Skills Development Act 97 of 1998
• Trade Marks Act 194 of 1993
• Unemployment Contributions Act 4 of 2002
• Unemployment Insurance Act 63 of 2001
• Value Added Tax Act 89 of 1991
6. PROCESSING OF PERSONAL INFORMATION
Purpose of Processing
• Fulfilling statutory obligations in terms of applicable legislation
• Historical record keeping, research and recording statistics necessary for fulfilling your business objectives.
• Keeping of accounts and records
• Marketing and advertising
• Monitoring, maintaining and managing our contractual obligations to customers, clients, suppliers, service providers, employees, directors and other third parties
• Obtaining information necessary to provide contractually agreed services to a customers and clients
• Resolving and tracking complaints
• Staff administration
• Verifying information provided to us
Categories of Data Subjects
• Clients and client’s employees, representatives, agents, contractors and service providers
• Existing and former employees (including contractors, agents, temporary and casual employees)
• Our stakeholders
• Suppliers and service providers and their respective authorized employees, representatives, agents, contractors and service providers of such suppliers and service providers
Categories of Personal Information processed
• Physical and postal addresses
• Date of birth
• ID number
• Tax related information
• Medical, dental, mental and/or other healthcare related information
• Confidential correspondence
• Email address
• Telephone number
• Online identifier or other particular assignment to the person
• Names of contact persons
• Name of Legal Entity
• Registration Number
• Physical and Postal address and contact details
• Financial information
• Founding documents
• Tax related information
• Authorised signatories, beneficiaries, ultimate beneficial owners
• BBBEE information
Categories of special information processed
• Racial / ethnic origin
• Criminal proceedings, outcomes & sentences
Possible Recipients of Personal Information
• Banks and other financial institutions.
• Claims investigators
• Collection agencies
• Credit reference agencies
• Debt collection and tracing agencies
• Educators and examining bodies
• Employees of the organisation
• Employment and recruitment agencies
• Family, associates and representatives of the person whose personal information is processed
• Healthcare, social and welfare organisations
• Ombudsman and regulatory authorities
• Police / courts where necessary
• Regulatory, statutory and government bodies
• Security organisations
• Suppliers, service providers, vendors, agents and representatives of such entities
• Third party verification agencies and credit bureau
Trans-border / cross border flows of personal information
It may be required from time to time need to share personal information of data subjects with third parties in other countries. Any sharing of personal information of data subjects with third parties in other countries will be done only if the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection which effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal
information relating to a data subject who is a natural person and, where applicable, a juristic person, as set out in the Protection of Personal Information Act and the data subject consents to the transfer.
Any such transfer will have to be shown to be necessary for the performance of a contract between the data subject and the recipient in question, or for the implementation of pre- contractual measures taken in response to the data subject’s request.
General Description of Information Security Measures
Up to date technology is employed to ensure the confidentiality, integrity and availability of the Personal Information under our care.
• Acceptable usage of personal information
• Access control to personal information
• All third parties with whom any contract exists are required to ensure that appropriate security, privacy and confidentiality obligations are observed.
• Computer and network security including Firewalls, Virus protection software and update protocols
• Governance and regulatory compliance
• Information security and HR policies including Bring Your Own Device (BYOD) policies
• Internal process to report security breach or anticipated security breach
• Investigating and reacting to security incidents.
• Logical and physical access control
• Monitoring access and usage of private information
• Physical security
• Retention and disposal of information
• Secure communications
• Security in the outsourcing of any activities or functions through appropriate contracts
• Training of staff members
We continuously establish and maintain appropriate, reasonable technical and organizational measures to ensure that the integrity of the Personal Information which may be in our possession or under our control, is secure and that such information is protected against unauthorized or unlawful processing, accidental loss, destruction or damage,
alteration or access by having regard to the requirements set forth in law, in industry practice and generally accepted information security practices and procedures applicable.
7. INFORMATION REQUEST PROCEDURE
• The requester must use the prescribed form to make the request for access to a record.
The prescribed form is available from the Head of Business named in Section 2 above. The form is also available from the website of the Department of Justice and Constitutional Development at www.doj.gov.za
• The request must be made to the Head of Business named in Section 2 above. This request must be made to the address, fax number or electronic mail address of the business.
• The requester must provide sufficient detail on the request form to enable the Head of
Business to identify the record and the requester. The requester should also indicate which form of access is required. The requester should also indicate if any other manner should be used to inform the requester. If this is the case, please furnish the necessary particulars to be so informed.
• The requester must identify the right that is sought to be exercised or to be protected and must provide an explanation of why the requested record is required for the exercise or protection of that right.
• If a request is made on behalf of another person, the requester must submit proof of the capacity in which the requester is making the request to the satisfaction of Head of Business aforesaid.
• The prescribed request fee must be attached.
• We will respond to your request within 30 days of receiving the request by indicating whether your request for access has been granted or denied.
• Please note that the successful completion and submission of a request for access form does not automatically allow the requestor access to the requested record.
Access will be granted to a record only if the following criteria are fulfilled:
• The record is required for the exercise or protection of any right; and
• The requestor complies with the procedural requirements set out in the Act relating to a request; and
• Access to the record is not refused in terms of any ground for refusal as contemplated in
Chapter 4 of Part 3 of the Act.
8. DENIAL OF ACCESS
Access to any record may be refused under certain limited circumstances. These include:
• The protection of personal information from unreasonable disclosure concerning any natural person;
• The protection of commercial information held concerning any third party (for example trade secrets);
• The protection of financial, commercial, scientific or technical information that may harm the commercial or financial interests of any third party;
• Disclosures that would result in a breach of a duty of confidence owed to a third party;
• Disclosures that would jeopardize the safety or life of an individual;
• Disclosures that would prejudice or impair the security of property or means of transport;
• Disclosures that would prejudice or impair the protection of a person in accordance with a witness protection scheme;
• Disclosures that would prejudice or impair the protection of the safety of the public;
• Disclosures that are privileged from production in legal proceedings unless the privilege has been waived;
• Disclosures of details of any computer programme;
• Disclosures that will put MPC Recruitment Pty Ltd at a disadvantage in contractual or other negotiations or prejudice it in commercial competition;
• Disclosures of any record containing any trade secrets, financial, commercial, scientific, or technical information that would harm the commercial or financial interests of MPC Recruitment Pty Ltd
• Disclosures of any record containing information about research and development being carried out or about to be carried out by MPC Recruitment Pty Ltd
If access to a record or any other relevant information is denied, our response will include:
• Adequate reasons for the refusal; and
• Notice that you may lodge an application with the court against the refusal and the procedure including details of the period for lodging the application.
The applicable fees are prescribed in terms of the Regulations promulgated under the Act. There are two basic types of fees payable in terms of the Act.
The non-refundable request fee of R 50 (excluding VAT) is payable on submission of any request for access to any record. This does not apply if the request is for personal records of the requestor. No fee is payable in such circumstances.
The access fee is payable prior to being permitted access to the records in the required form. The applicable fees are prescribed in terms of Part III of Annexure A as identified in Government Notice Number 187, Regulation 11.
10. MANUAL AVAILABILITY
A copy of this Manual may be obtained from the Information Officer referred to in Section 2 hereof
Any transmission costs or postage required in respect of hard copies of the Manual, will be for the account of the requester.
MPC Recruitment: List of Subsidiaries and Related Entities
MPC Connect Business Unit of MPC Recruitment (Pty) Limited
Staff UnLimited Recruitment