privacy

POPIA COMPLIANCE AND SECURITY POLICY

ABC AU PAIRS PTY (LTD)


1. Introduction and Overview 

This policy explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”). At ABC Au Pairs PTY (LTD) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently. 


1.1 About the Company 

ABC Au Pairs PTY (LTD) ta ABC Au Pairs PTY (LTD) 


1.2 The information we collect 

If you use our placement services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you (your business) and the company. 

We collect the following (if applicable to your specific service requirements): 

  • Name 
  • Identification Number 
  • Location Information 
  • Banking Details 
  • Details pertaining to your children 
  • Email, Social Networks 
  • Financial details
  • Telephone contact details 
  • Previous work references 
  • Education information
  • Criminal record


We collect and process your personal information mainly to verify and match suitable candidates with vacant positions.  We collect information directly from you where you provide us with your personal details or additional data. Where possible, we will inform you what information you are required to provide to us and what information is optional. 


ABC Au Pairs PTY (LTD) Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information. 


1.3 What we do not collect 

We do not collect or process personal data for any other purposes than what is outlined in this policy or instructed by data subjects and controllers (the client). 


We do not collect or process personal data from minors. 


We do not collect or process any sensitive personal data such as: 

  • political opinions 
  • religious or philosophical beliefs 
  • trade-union membership 
  • genetic or biometric data 
  • data concerning sex life 


1.4 Responsibilities 

In compliance with POPIA, ABC Au Pairs PTY (LTD) has three roles and responsibilities: 

  • We are the responsible party, or operator, regarding your (our client’s) personal information, such as email addresses, phone numbers, billing details, and other personal information used to do business with or deliver quality customer service to you. 
  • We are the service provider, or operator regarding the personal information that the client provides in the form of an email or application form.
  • For certain services, such as bulk email communication, we make use of POPIA compliant third-party applications to distribute newsletters, notifications and information related to our industry, – it is our responsibility to ensure all third-party applications and bulk distribution procedures comply with POPIA standards. 


1.5 How do we look after your personal data? 

We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. 


We retain personal data only for as long as is required to deliver our service to you, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data. 


2. Privacy Principles 

Management of your data is critical to us and a responsibility that we embrace. We will abide by the following principles when collecting, recording, storing, disseminating, and destroying personal information, and responding to government requests for our users’ data: 


2.1 Choice and Consent 

We will not contact/solicit you unless you have given permission to do so, or unless you have previously been a client with ABC Au Pairs PTY (LTD) and have engaged in direct contact with your relationship manager in the past 18 months. 


2.2 Cancellation 

If you cancel your services with the company, we will delete your personal information, except for statistics and invoicing records which we store in a de-identified and aggregated manner. 


Please note that after cancellation, your invoicing records are normally kept for up to 7 years in accordance with legislation. Cancelled accounts will be archived by the accounts administrator and classified as inactive. 


2.3 Accountability and Security 

We take measures to ensure data is kept safe and prevent loss of, damage to, or unauthorised destruction of personal information, and unlawful access to or processing of personal information. 


2.4 Access 

We will give you access to any of your personal information that you request, unless the request is unlawful. Any required NDAs from our clients are generally accepted without issue. Client data is always treated as confidential and for the sole purpose of rendering services to you. 


2.5 Information Request 

If your personally identifiable information changes (e.g. your email address, your surname or cell phone number), or if you no longer desire to use our service, we encourage you to correct, update, or remove the personal information that you provided. 


2.6 How to Contact Us 

Our Information Officer is: Charmaine Lindique, Operational Director

  • Billing/account information update: info@abcaupairs.co.za 
  • Information updates related to bulk email, website, other digital tools can be submitted via ABC AU Pairs website – the request will then be completed by the department representative. 


Please relay any concerns, complaints or questions you may have pertaining to our above-stated policies by emailing us at info@abcaupairs.co.za.

Address: 130 Swart Renoster Street, The Wilds Estate, Pretorius Park, 0081.


3. Physical Access to ABC Au Pairs PTY (LTD) Office 

We employ the following physical safety measures within our office: 

  • 24 hour Guarded Security Estate
  • Double Gated / Boomed security
  • Gated front-door access. 
  • Access code required for staff 

These access records and procedures are reviewed by management regularly. 


4. ABC Au Pairs PTY (LTD) Staff 

In general, the recruiter will have access to client data in order to support their clients. These employees are moderated by their employment contracts, and the gravity of their access rights is reenforced during induction. 


Staff members can only access client data if they have permission to do so. All ABC Au Pairs PTY (LTD) staff and contractors attest to terms and conditions that specifically outline privacy, information security, and confidentiality. 


ABC Au Pairs PTY (LTD) staff are also trained yearly and have immediate access to the following policies: 

  • General operational procedures 
  • Equipment, property and software restrictions and requirements 

Laptops 

Storage devices 

Data transfer 

Personal use 

Loss and/or damage 

 Data storage 

Breach management 


Staff who retire, transfer from any internal department, resign etc. are removed immediately from mailing lists and access control lists. Relevant changes also occur when staff transfer to other internal assignments. 


New staff are carefully coached and trained before being allowed to access confidential or personal files. 


Contractors, consultants, and external service providers employed by ABC Au Pairs PTY (LTD) are subject to strict a formal contract in line with the provisions of POPIA. 


ABC Au Pairs PTY (LTD) has an up-to-date Company Property and Equipment Policy in relation to the use of any office technology and software (e.g. telephone, mobile phone, fax, email, internet, intranet, and remote access, etc.) by its staff. This policy is understood and signed by each user of such technology at ABC Au Pairs PTY (LTD). 


Staff ensures that callers to the office or other unauthorised persons are unable to view personal or sensitive information, whether held on paper documents or information displayed on PC monitors, etc. 


All staff ensures that PCs are logged off or ‘locked’ when left unattended for any period of time. Where possible, staff is restricted from saving files to the local disk. Users are instructed to only save files to their allocated network drive. 

Breach of this policy will lead to serious disciplinary consequences for ABC Au Pair staff.


5. ABC Au Pairs PTY (LTD) Policies and Controls for Unauthorised Access to Client Information


5.1 Paper records 

No paper records are kept but should there be any the following will apply:

Paper records and files containing personal data are handled in such a way as to restrict access to only those persons with business reasons to access them. 


ABC Au Pairs PTY (LTD) shreds all discarded paper records that contain confidential information. Other secure disposal methods are in place and properly used for confidential material not on paper. 


Facsimile technology (fax machines) is not used for transmitting documents containing personal data. 

Papers with confidential data are locked away when not in use. 


5.2 Laptops and Other Mobile Storage Devices 

Passwords used to access PCs, applications, databases, etc. are of sufficient strength to deter password cracking or guessing attacks. 


Passwords are created for employees via our Operations Director, this ensures that passwords are securely managed and comply with best practices. 


  • Personal, private, sensitive, or confidential data are not stored on portable devices. 
  • Laptops are physically secured if left in the office overnight. When out of the office, the device is kept secure at all times. 
  • When replacing or selling laptops, hard drives are formatted. 


5.3 Data Transmissions 

Data transfers only take place via secure on-line channels where the data is encrypted rather than copying to media for transportation. In general, we do not employ manual data transfers using removable physical media (e.g. memory sticks, CDs, tapes, etc.). However, in the event it is absolutely necessary, any such encrypted media will be accompanied by our Operational Director and secured from any and all threats to ensure usage will not cause security breach or damage to data. 


5.4 Monitoring 

Audit trails are used where technically possible, to capture instances of inappropriate access (whether internal or external), addition, deletion, or editing of data. 


Access to files containing personal data is monitored by supervisors on an ongoing basis. Staff is made aware that this is being done. IT systems are in place to support this supervision. 


5.5 ABC Au Pairs PTY (LTD) also takes the below precautions: 

  • Privileges are allocated on a need-to-use basis, and only after authorisation. 
  • Staff access rights are reviewed at regular intervals. 
  • Staff are advised on how to select and maintain secure passwords. 
  • Staff and sub-contractors are made aware of the security requirements and procedures for protecting unattended equipment. 


5.6 Reports & Incidents 

We have a breach management plan to follow should an incident occur. There are five elements: 

  • Identification and Classification 
  • Containment and Recovery 
  • Risk Assessment 
  • Notification of Breach 
  • Evaluation and Response 


5.7 Identification and Classification 

Though ABC Au Pairs PTY (LTD) does everything technologically to ensure data security, we have also put in place procedures that will allow any staff member to report an information security incident. Staff are aware they should report such an incident to the Information Officer.


This allows for early recognition of the incident so that it can be dealt with in the most appropriate manner. The report is then reviewed by the Information Officer to confirm if a breach has actually occurred.

 

5.8 Containment and Recovery 

This step limits the scope and impact of the breach of data protection procedures. If a breach occurs, the Information Officer:

  • Investigates the breach and ensures that the appropriate resources are made available for the investigation. 
  • Establishes who in the organisation needs to be made aware of the breach and begins the containment exercise. 
  • Establishes whether there is anything that can be done to recover losses and limits the damage the breach can cause. 


5.9 Risk Assessment 

In assessing the risk arising from a data security breach, the Information Officer will consider what would be the potential adverse consequences for individuals, i.e. how likely it is that adverse consequences will materialise and, in the event of materialising, how serious or substantial are they likely to be. 


5.10 Notification of Breaches 

If inappropriate release/loss of personal data occurs it is reported immediately internally, and, if appropriate in the circumstances, to the persons whose data it is. When notifying individuals, ABC Au Pairs PTY (LTD) will consider using the most appropriate medium to do so. 


5.11 Evaluation and Response 

Subsequent to any information security breach a thorough review of the incident will occur. The purpose of this review is to ensure that the steps taken during the incident were appropriate and to identify areas that may need to be improved. 


6. ABC Au Pairs PTY (LTD) systems, applications and software 


6.1 Email software 

We use the third-party services of Google to download our emails.


6.2 Data storage 

All intellectual property, such as ID documents, Certificates etc are securely saved in separate client folders using Google Drive cloud storage. 


The following safeguard precautions are followed to ensure security of all client project files: 

  • Strong passwords. Google account passwords are regularly updated. 
  • Additional phone number confirmation security for all authorized users. This additional security measure ensures that no unauthorised users/hackers can breach access without secure verification. 
  • We use two-factor verification. This helps protect our Google Drive account by requiring a user to enter an extra security code whenever they sign in on a device that isn’t trusted. 
  • Complete Google subscription. The Google subscription gives us advanced protection from viruses and cybercrime, and ways to recover all files from malicious attacks. 


6.3 Bulk email application 

We make use of POPIA compliant bulk mail platform with dedicated secure data centers. The following measures apply to the platform used for bulk email distribution. The product has been designed to prevent and withstand attacks common to web-based applications. The application makes use of industry-standard safeguards to stand up to the following types of attacks: 


  • SQL Injection Attacks - Data filtering and escape mechanisms prevent attack via SQL malware scripts. 
  • Cross-site Scripting Attacks - All input is validated and type cast to ensure input data is valid. Additionally, all queries run on the database use bound parameters (a method of escaping input) or MySQL escaped strings to prevent SQL injections. 
  • File System Monitoring - Attackers commonly target the file system on an application server. To counter these attacks we have mechanisms in place that monitor for any unauthorised file system changes. If any change is detected, the application is shut down and we are alerted to the problem so that we can investigate the issue. 
  • Session Management - We use PHP session management. It is a robust, trusted mechanism. Furthermore, we namespace and segregate all session data. 


Recipients of bulk email communication have had to express a legitimate interest and have either: 

  • Opted in to receive newsletters, or; 
  • Established a clear business relationship or interest by being a customer or; 
  • Previously received regular opt-out communication or; 
  • Engaged with bulk email communication in the past 18 months. 


6.4 Intelligent Business Email 

We make use of first-class email Signature software, accompanied by services and support recognised for dedication and excellence. This is also reflected in their commitment to safeguard data and privacy as security is an imperative and integrated part of the platform. 


For this specific service, key elements for which your personal data may be collected are: 

  • To enable us to deliver our services to you in the capacity recruiter/finding and matching
  • Where you have consented to doing so and only for the purpose for which they are collected. 
  • Where it is in our legitimate interests to do so. 


Our intelligent business email platform allows us to help track interest in features through interactive branding, in order to further improve services with pertinent content. Users and Recipients of emails are businesses who engage with each other and already have an established connection and route of communication. 


Apart from normal information needed to send emails (such as an email address), the following data is stored for analytical purposes only: 

  • IP address 
  • Time of click 
  • URL served – i.e. where the branding redirects the recipient as defined by the Client. 


6.5 Training

When rendering this service, you will be required to submit the following personal information to register: 

  • Name 
  • ID number 
  • Contact number 


The information is required for statistical data as well as personal identification used on course completion certificates. 


It is the responsibility of the company rendering the training solution to inform their staff of the information that will be processed on their behalf. This practice is also encouraged and shared during the implementation communication. 


6.6 Secure Login 

We take every possible precaution to ensure that only authorised parties can log into our unique service-related applications. 


7. Changes to This Policy 

If we make any material changes, we will notify you by email or by providing the revised privacy policy on our website. Your continued use of our services following the update means that you accept ABC Au Pairs PTY (LTD)s updated POPIA Compliance & Security Policy.

Share by: