Data Protection Policy  

This policy outlines A24Group’s commitment to safeguarding and managing personal data in compliance with South African data protection laws, particularly the Protection of Personal Information Act (POPIA), and where applicable, the General Data Protection Regulation (GDPR). Our primary focus is on ensuring the secure and responsible handling of all personal data throughout its lifecycle.

Purpose

The purpose of this policy is to: 

  • Define strict protocols for the secure handling and protection of personal data. 

  • Ensure the confidentiality, integrity, and availability of personal data during collection, processing, storage, and sharing. 

  • Guarantee compliance with relevant data protection laws and regulations. 

  • Cultivate a robust culture of data security and protection within the organisation. 

Scope 

This policy applies to all employees, agency workers, and any third-party processors who handle personal data on behalf of A24Group Staffing Ltd. 

Data Protection Principles 

A24Group ensures the secure management of personal data by adhering to the following key principles: 

  1. Confidentiality: Personal data will be treated with the utmost confidentiality and will only be accessible to authorised personnel. 

  2. Integrity: We will ensure that personal data is accurate, complete, and protected from tampering or unauthorised modification. 

  3. Availability: Personal data will be readily available to authorised individuals as needed for legitimate purposes, without unnecessary delays. 

  4. Minimisation: We will collect and process only the minimum amount of personal data necessary for the intended purpose. 

  5. Purpose Limitation: Data will be collected and used only for specific, legitimate purposes and not for any unrelated activities. 

  6. Lawful Processing: All data handling will comply with applicable data protection laws and legal bases for processing. 

Data Collection and Handling

  1. Data Collection Protocols: Personal data will only be collected through secure methods, ensuring that individuals are aware of the purpose and consent to the collection. 

  2. Consent Management: Explicit consent will be obtained from data subjects before their personal data is collected, with clear information on how the data will be used. 

  3. Data Classification: Personal data will be classified based on sensitivity, and appropriate levels of security will be applied to protect sensitive information such as medical or financial data. 

Secure Data Processing

  1. Controlled Access: Access to personal data is restricted to authorised personnel only, with access rights granted based on the principle of least privilege. 

  2. Data Handling Protocols: Personal data will be processed in a secure environment, following stringent handling protocols to ensure that data is not exposed to unauthorised individuals or entities. 

  3. Third-Party Processors: Any third-party processors must comply with A24 Group’s data protection standards, and data sharing agreements will ensure the security of shared personal data. 

Data Storage and Security Measures 

  1. Secure Storage: All personal data will be stored in encrypted databases or systems with robust security measures, including firewalls, multi-factor authentication, and intrusion detection systems. 

  2. Data Retention: Data will only be retained for the necessary duration as required by legal, regulatory, or business needs, and will be securely deleted or anonymised thereafter. 

  3. Backup and Disaster Recovery: Regular backups will be performed to ensure that personal data can be recovered in the event of a system failure, disaster, or breach. 

Data Security Practices

  1. Encryption: Personal data in both transit and storage will be encrypted using industry-standard encryption protocols to prevent unauthorised access or interception. 

  2. Access Control: Data access will be tightly controlled using role-based access management, ensuring that only authorised personnel can view or process personal data. 

  3. Monitoring and Auditing: Continuous monitoring of systems and regular security audits will be conducted to detect and address vulnerabilities or security breaches. 

Data Subject Rights and Handling Requests 

A24Group is committed to respecting and facilitating the rights of data subjects under POPIA and GDPR, including: 

  • Access Requests: Individuals can request access to their personal data, which will be handled securely and provided in a timely manner. 

  • Rectification Requests: If data is inaccurate or incomplete, we will take immediate steps to correct or update the information. 

  • Erasure Requests: Individuals can request the deletion of their personal data under certain conditions, which will be handled with strict security protocols to ensure that data is permanently erased. 

  • Processing Restrictions: Upon request, individuals can restrict the processing of their data, which will be complied with unless legal or contractual obligations dictate otherwise. 

  • Data Portability: When requested, we will securely transfer personal data to another entity in a structured, machine-readable format, ensuring its security during the transfer. 

Data Breach Management 

In the event of a data breach, A24Group will: 

  1. Immediate Response: Take immediate steps to contain and assess the breach, ensuring that the exposure of personal data is minimised. 

  2. Notification Protocol: Notify the relevant authorities and affected individuals promptly as required by POPIA and GDPR. 

  3. Remediation: Implement corrective measures to prevent future breaches, including strengthening security protocols and conducting additional employee training. 

Policy Review and Maintenance 

This policy will be reviewed annually or as necessary to reflect changes in data protection laws or organisational practices, ensuring ongoing compliance and the highest standards of data protection. 

Contact Information

For any questions or concerns about data protection or to exercise your rights as a data subject, please contact risk@a24group.com or our Data Protection Officer at dpofficer@a24group.com