PROTECTION OF PERSONAL INFORMATION (POPI)

POLICY MANUAL & COMPLIANCE FRAMEWORK

MANPOWER SA (PTY) LTD

Effective Date: January 2026
Policy Owners:

  • Taherah (Tai) Hoosen – Information Officer (DPO)

  • Lyndy van den Barselaar – Managing Director

1. INTRODUCTION

Manpower SA (Pty) Ltd (“Manpower SA”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of personal information processed in the course of our recruitment, staffing, workforce solutions, and business operations.

The right to privacy is a fundamental human right recognised and protected by the Constitution of the Republic of South Africa. The Protection of Personal Information Act, 4 of 2013 (“POPIA”) gives effect to this right by regulating how personal information is collected, processed, stored, shared, and destroyed.

Manpower SA acknowledges its obligation to comply with POPIA and other applicable legislation and to ensure that personal information is processed lawfully, fairly, transparently, and securely.

2. DEFINITIONS

For the purposes of this Policy:

  • Personal Information means information relating to an identifiable, living natural person or, where applicable, an identifiable, existing juristic person.

  • Special Personal Information means personal information requiring additional protection under POPIA, including but not limited to health data, criminal records, biometric data, race, or religious beliefs.

  • Data Subject means the person to whom personal information relates.

  • Processing means any operation concerning personal information, including collection, receipt, recording, organisation, storage, updating, retrieval, use, dissemination, restriction, erasure, or destruction.

  • Responsible Party means Manpower SA, as the entity determining the purpose of and means for processing personal information.

  • Operator means a third party that processes personal information on behalf of Manpower SA in terms of a contract or mandate.

  • Information Officer means the person appointed by Manpower SA to ensure compliance with POPIA.

3. POLICY PURPOSE

This Policy, read together with the Manpower SA Privacy Policy and PAIA Manual, aims to:

a) Ensure compliance with POPIA and related legislation;
b) Establish principles and standards for lawful processing of personal information;
c) Protect Manpower SA from compliance, reputational, and operational risks;
d) Create awareness of privacy and data protection responsibilities;
e) Provide guidance on the collection, use, storage, sharing, and destruction of personal information.

4. SCOPE AND APPLICATION

This Policy applies to:

  • All directors, officers, employees, contractors, and temporary staff of Manpower SA;

  • All subsidiaries, business units, and departments;

  • All service providers, operators, and third parties acting on behalf of Manpower SA;

  • All personal information processed in electronic or physical form.

This Policy must be read in conjunction with other Manpower SA policies, procedures, and contractual obligations.

5. RIGHTS OF DATA SUBJECTS

Manpower SA recognises and respects the rights of data subjects, including the right to:

a) Be notified when personal information is collected or accessed by unauthorised persons;
b) Establish whether Manpower SA holds personal information and request access to it;
c) Request correction, deletion, or destruction of personal information;
d) Object to the processing of personal information on reasonable grounds;
e) Object to direct marketing by means of unsolicited electronic communications;
f) Lodge a complaint with the Information Regulator;
g) Institute civil proceedings for damages resulting from unlawful processing.

6. GENERAL GUIDING PRINCIPLES (POPIA CONDITIONS)

6.1 Accountability

Manpower SA is accountable for POPIA compliance and for implementing measures to demonstrate such compliance.

6.2 Processing Limitation

Personal information is processed lawfully, reasonably, and in a manner that does not infringe data subject privacy.

6.3 Purpose Specification

Personal information is collected for specific, explicitly defined, and lawful purposes, primarily relating to recruitment, employment, workforce management, and business operations.

6.4 Further Processing Limitation

Further processing must be compatible with the original purpose of collection.

6.5 Information Quality

Reasonable steps are taken to ensure personal information is accurate, complete, and up to date.

6.6 Openness

Data subjects are informed of the nature, purpose, and scope of personal information processing.

6.7 Security Safeguards

Appropriate technical and organisational measures are implemented to safeguard personal information.

6.8 Data Subject Participation

Data subjects may access and correct their personal information held by Manpower SA.

7. INFORMATION OFFICER

Manpower SA has appointed an Information Officer responsible for:

a) Encouraging and ensuring POPIA compliance;
b) Developing, maintaining, and enforcing this Policy;
c) Managing data subject access requests and complaints;
d) Liaising with the Information Regulator;
e) Overseeing information security and breach response.

Information Officer:
Taherah (Tai) Hoosen
📧 tai.hoosen@manpower.co.za
📞 +27 11 465 6020

8. SPECIFIC DUTIES AND RESPONSIBILITIES

8.1 Directors and Executive Management

Responsible for:

  • Approving this Policy;

  • Ensuring adequate resources for POPIA compliance;

  • Reviewing compliance at least annually.

8.2 Management

Responsible for:

  • Implementing this Policy within their areas;

  • Supporting the Information Officer;

  • Ensuring staff training and awareness.

8.3 Employees and Contractors

Responsible for:

  • Complying with this Policy;

  • Processing personal information only where authorised;

  • Reporting suspected or actual data breaches.

8.4 IT and Service Providers

Responsible for:

  • Implementing appropriate technical safeguards;

  • Supporting access requests and incident management;

  • Ensuring systems and services comply with POPIA.

9. PROCESSING OF PERSONAL INFORMATION

9.1 Purpose of Processing

Personal information is processed for legitimate purposes, including:

  • Recruitment and placement services;

  • Workforce administration and payroll;

  • Legal and regulatory compliance;

  • Client and supplier management;

  • Marketing and communication (where consented).

9.2 Categories of Data Subjects

  • Job applicants and candidates

  • Employees and associates

  • Clients and client representatives

  • Suppliers and service providers

9.3 Types of Personal Information

May include:

  • Contact and identification details

  • Employment and education history

  • Financial and banking information

  • Background and reference checks

  • Special personal information where lawful

9.4 Recipients of Personal Information

Personal information may be shared with:

  • Clients for recruitment purposes;

  • Operators and service providers;

  • Professional advisers;

  • Regulatory or legal authorities.

Appropriate contractual safeguards are always in place.

10. INFORMATION SECURITY MEASURES

Manpower SA implements appropriate technical and organisational security measures, including:

  • Access controls and authorisation;

  • Physical and network security;

  • Encryption where appropriate;

  • Monitoring and incident detection;

  • Regular security reviews and training.

11. DATA SUBJECT ACCESS REQUESTS

Data subjects may request access to their personal information using prescribed forms or by contacting the Information Officer. Requests are handled within reasonable timeframes in accordance with POPIA.

12. POPI COMPLAINTS PROCEDURE

Complaints relating to personal information processing must be submitted to the Information Officer.
If unresolved, data subjects may lodge a complaint with the Information Regulator.

13. DISCIPLINARY ACTION

Non-compliance with this Policy may result in:

  • Disciplinary action;

  • Termination of employment or contracts;

  • Civil or criminal liability where applicable.

14. GDPR ALIGNMENT

Where Manpower SA processes the personal information of EU or UK data subjects, POPIA compliance measures are applied in alignment with GDPR principles to ensure adequate protection.

15. AMENDMENTS AND REVIEW

This Policy is reviewed periodically and updated as required to reflect legal, operational, or technological changes. Updates will be communicated to relevant stakeholders.

CONTACT DETAILS

📧 tai.hoosen@manpower.co.za
📧 info@manpower.co.za
📞 +27 11 465 6020

Privacy Webforms:

Privacy Policy:
https://www.manpower.co.za/privacy-policy