Privacy Policy

1. Introduction

StaffGrid SA ("we", "us", or "our") is committed to protecting the privacy and personal information of our users, including staffing agencies, their candidates, clients, and temporary workers. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African legislation.

2. Information We Collect

We collect and process the following categories of personal information:

2.1 Account Information

• Full name, email address, and contact details
• Agency name and registration details
• Login credentials (passwords are stored in hashed form only)

2.2 Candidate and Worker Information

• Identity number (SA ID or passport number)
• Tax reference number
• Banking details (bank name, account number, branch code)
• Skills, qualifications, and work experience
• Documents such as ID copies, proof of address, and qualifications
• Leave records and timesheet data

2.3 Financial Information

• Payroll data including earnings, deductions (PAYE, UIF, SDL), and net pay
• Invoice and billing records
• Subscription and payment information (processed by PayFast)

2.4 Technical Information

• IP address and browser information
• GPS location data (when clock-in/clock-out features are used)
• Device information and usage logs

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and maintaining the StaffGrid platform and its features
• Processing payroll, generating payslips, and calculating statutory deductions
• Generating invoices and managing billing
• Managing candidate placements and timesheets
• Ensuring compliance with South African labour legislation (BCEA, LRA, EEA, Section 198)
• Sending transactional notifications (SMS and email)
• Processing subscription payments via PayFast
• Improving our services and user experience

4. Legal Basis for Processing

We process personal information on the following lawful grounds under POPIA:

• Consent: Where you have given explicit consent, such as POPIA consent tracking for candidates
• Contractual necessity: To fulfil our obligations under the service agreement with your agency
• Legal obligation: To comply with SARS tax requirements, BCEA, UIF, SDL, and other statutory obligations
• Legitimate interest: To improve our services and ensure platform security

5. Data Sharing

We do not sell your personal information. We may share information with:

• PayFast: For processing subscription payments
• SMS providers: For sending transactional notifications (e.g., clock-in confirmations)
• Your agency: Candidate and worker data is accessible to the agency that manages the account
• Regulatory authorities: Where required by law (e.g., SARS, Department of Labour)

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of sensitive data (ID numbers, tax numbers, banking details) at rest and in transit
• Secure password hashing
• Role-based access controls
• Regular security reviews and updates
• Audit logging of data access and modifications

7. Data Retention

We retain personal information in accordance with legal requirements and our POPIA policy:

• Financial records: 5 years as required by the Tax Administration Act and Companies Act
• Audit logs: 2 years
• Inactive candidate data: Reviewed after 12 months of inactivity, after which data may be anonymised or deleted

8. Your Rights

Under POPIA, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)
• Object to the processing of your personal information
• Withdraw consent where processing is based on consent
• Lodge a complaint with the Information Regulator

9. Cookies and Tracking

StaffGrid uses session cookies that are essential for the platform to function. These cookies do not track you across other websites. We do not use third-party advertising or analytics cookies.

10. Children's Information

StaffGrid is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the platform. Continued use of StaffGrid after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

• Email: support@staffgrid.co.za