GRI CC - PRIVACY POLICY
Gourmet Recruitment International CK 2005/095114/23
SAMSA Registration Numbers: SM14/2/7/4 2005/095114/23
Privacy Policy and Practices
Introduction
This Privacy Policy sets out how GRI collects, handles and processes data of its customers. It describes how information is protected and kept confidential, how it is shared with third parties and further sets out the rights of a party (data subject) should they object to their information being disclosed or if their privacy be breached.
In terms of the Protection of Personal Information Act (POPI Act) we are required to:
-Keep all information obtained from clients confidential
-Keep all information obtained from clients secure and safe from unauthorised access
-Keep all information obtained from clients only for the required time
-Ensure that all information obtained from clients is processed only as permitted and required by law
-Ensure that clients are able to contact us to change or update the information provided -Have a process in place to communicate to clients if/when their privacy has been breached
-Ensure ease of access to our Complaints Process should a client seek redress for any breach
1.Personal Information
GRI is committed to your right to privacy and we undertake to keep your personal information confidential. In order to offer advice and services to you it is necessary for GRI to request all relevant information to compile reports application forms as well as request information to allow us to communicate with you, unless expressly directed by you not to do so. While provision of information is voluntary, GRI will be unable to offer advice or services without your provision of relevant information and contact details. By signature of the applicable authorisation forms you undertake to provide information that is correct, up to date and complete. Should information provided not comply, please note that failure to supply correct information may result in any job offers being withdrawn. Where you provide information on behalf of a spouse, dependant or beneficiary you warrant that you have the necessary permission to share that information with us and for the purposes of providing advice and service. If you inform GRI that you do not want us to use your personal information as a basis for further contact with you or for any other purpose, we will not do so. Our Information Officer is Ms Samantha Hurley and you may contact her on at samantha@grisa.co.za
2.Information security and quality
GRI intends to protect the quality and integrity of your personal information. GRI has implemented appropriate information security measures and we outsource our principal data protection to Exact Hire. We have a detailed service level agreement with which ensures that your information is protected, securely backed up and safe from unauthorised access by third parties. We have implemented reasonable security safeguards to protect the personal information that you provide and we undertake to regularly monitor our systems for possible vulnerabilities. However, as no system is infallible and due to the increasing unpredictability of cyber attacks, GRI cannot guarantee the security of any information you transmit to us online and you do so at your own risk. GRI will make all reasonable efforts to respond to your requests to correct inaccuracies in your personal information in a timely manner. To assist GRI in correcting inaccuracies in your personal information please contact us with details of the correction requested.
3.Information collection
By signature to our authorisation you allow GRI and our affiliates to collect information pertaining to your personal details including but not limited to your name, identity number, passport information and contact details, medical information, criminal clearance
4.Sharing of information
GRI will only disclose information when lawfully required to do so to comply with
- Relevant legislation (inter alia The Financial Intelligence Centre Act (FICA),
- Any legal process; and oA request from a regulatory authority
- GRI will not sell or trade your personal information to any third party.
GRI will not disclose your personal information to third parties save with your consent or as provided in this privacy statement.
Information will be shared with our affiliates in order to:
- Offer advice, and service
- Offer ongoing servicing
Information may be transferred outside South Africa in the following instances:
- You use an email address that is hosted outside South Africa;
- Our IT information and retention services require that information be stored outside SA e.g. cloud services;
- Where the administration of a specific service is located outside of SA e.g. the administration and communication is required.
GRI will make every attempt to ensure that the third parties with whom your information is shared also treat your information with the same level of confidentiality and respect. To this extent we have detailed contracts and service level agreements in place for your protection. These are available for inspection on request at our offices. We do however bring to your attention that we cannot entirely control the collection or use of personal information by third parties and this privacy statement does not apply to third parties who individually may breach the POPI Act. 5.
Information storage and retention
GRI will collect and store your information on our server for as long you require our services and remain a consenting client. In the event of your death, termination of our services or should you revoke your consent, we are required by law to keep your information for a period of five years from the applicable date. Thereafter your information will be removed from our server (de-identified) and any applicable archived paper files will be permanently destroyed. All applicable access rights in terms of the Promotion of Access to Information Act will apply. A copy of our PROATIA Policy and manual is available on request from our offices.
6.Change to data
Please notify our Information Officer of any inaccuracies in information provided to us as soon as possible and we will ensure that the required corrective measures are implemented. It remains the responsibility of the client to check all, application forms and all disclosures and compliance forms.
7.Complaints process
In the event of a breach or transgression of your privacy, please immediately contact our Information Officer. We will provide you with our Complaint Management Framework & Process which sets out the complaints procedure to be followed and the forms to be completed. While we will make every endeavour to ensure protection of your information, should we suspect or confirm a breach of your privacy we will immediately inform you of this. In both instances above, we will make full investigation into the nature of the breach, the extent of the breach and the responsible parties. Further to our investigation we may also pursue civil and criminal redress where applicable. We undertake to keep you informed throughout the investigation process.
If you are not satisfied after this process, you have the right to lodge a complaint with the Information Regulator, under the POPI Act.
The contact details are:
The Information Regulator (South Africa)
JD House
27 Stiemens Street
Braamfontein
Johannesburg
2001
P.O. Box 31533
Braamfontein
Johannesburg
2017
inforeg@justice.gov.za
complaints.IR@justice.gov.za
8.Questions regarding this statement
Should you have any queries or questions regarding this policy or any of your rights set out herein, please direct them to our Information Officer for clarification.