Privacy Policy


This Privacy Policy should be read and understood together with the PAIA Manual (The Promotion of Access to Information Act Manual) and our general terms and conditions of business for Clients, Suppliers, Employees, Assignees and Candidates seeking employment. It applies to all the companies within the Shaloom Outsourcing Staff namely Shaloom Outsourcing Staff Pty Ltd The purpose of this policy is to advise clients and data subjects of the Shaloom Outsourcing Staff of companies, why data is collected and processed by the companies within the group, what data is collected and how it is processed. The Group is committed to full compliance with the POPI Act insofar as the utilisation and disclosure of data subject personal information (PI) is concerned. Hence, technical and operational measures have been put in place to protect data subject privacy and the Group invites all data subjects and/ or requesters of (PI) to engage with its Information Officer (IO) in respect of any matter related hereto. This Privacy Policy:

  • Outlines the Shaloom Outsourcing Staff’s practices and commitment to complying with POPIA;
  • Sets out the categories of personal information companies within the Shaloom Outsourcing Staff may collect from third parties or other sources;
  • Outlines how the Shaloom Outsourcing Staff processes personal information; and is fully binding on all stakeholders


This policy applies to data subjects under the POPI Act and its principles extend to the Promotion of Access to Information Act (PAIA) in respect of requesters of records held by the Shaloom Outsourcing Staff of Companies. PI applies to both natural and juristic persons. Data subjects and requesters are invited to engage with the Group’s Information Officer about any matter pertaining to the POPIA and PAIA, including but not limited to updating PI, deletion of PI, complaints in respect of how PI is being processed and updating consent for electronic direct marketing. The “Information Officer” details are contained herein below for these types of engagement.


POPIA was promulgated to regulate the constitutional right to privacy and aims to protect the free-flow of information and advance the right of access to information whilst giving effect to the right to privacy. The purpose of POPIA is to ensure that when a responsible party is in possession of “personal information”, certain protective measures are taken to ensure that the information is protected


The general purpose of The Promotion of Access to Information Act, No. 2 of 2000 (PAIA) was enacted to give effect to the constitutional right of access to information is to promote transparency. It is intended to give effect to the access of information and to provide for different criteria and processes for when information is being sought from public bodies and/or private persons. Details regarding the access to information is available below.


‘Personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person; (e) the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person


Companies within the Shaloom Outsourcing Staff process and use PI for various purposes including for:

  • Performing its duties in pursuance of any agreement or contract
  • Carrying out market research, business and statistical analysis
  • Engaging in various forms of direct marketing
  • Facilitating transactions with data subjects
  • Collecting data for business intelligence purposes to improve its services by using cookies
  • Fulfilling its contractual obligations to its clients and client contacts
  • Providing recruitment services
  • Streamlining the job application process by enabling candidates to submit their applications and CV’s via its website
  • To send out candidate information to clients in order to apply for employment or to assess eligibility for employment
  • To disclose information to third parties in order to verify details provided by candidates, through reference checks, qualification checks, credit checks, criminal checks and psychometric or skills assessments
  • Complying with the provisions of statute and regulations
  • Attending to the legitimate interests of data subjects
  • Identifying prospects for enhanced service delivery and business sustainability
  • Making contact, if and when required, to promote its services or in relation to a customer care query
  • Tracking data subject activity on the website and its links as well as their transactions with the Shaloom Outsourcing Staff
  • Providing data subject information to the Group’s partners in order for them to use the information to market their services to data subjects who are current clients and/ or who have consented as envisaged in the POPI Act. These Group partners who are recipients of PI are business organizations who are permitted to use the information only for lawful sales, marketing and engagement and with the permission of the data subject
  • Confirming and verifying data subject identity or to verify that they are authorised users for security purposes
  • Conducting market research
  • Auditing and record keeping purposes
  • In connection with legal proceedings
  • Carrying out any other reasonable business operations
Information may also be used for other purposes for which permission is given, if required to by law, or if it is of public interest to disclose such information. The Shaloom Outsourcing Staff undertakes to only process information that is required and relevant for the purposes set out above. The Company will not intentionally collect information about children and will only process information about children with the consent of a parent or guardian, or if otherwise required to do so by law. The Company does not intend to process any “special personal information” as defined in POPIA, which includes for example political, religious or health-related information, and will only process special personal information with the stakeholders’ consent, or if otherwise allowed to do so in law if for a specific operational reason. Stakeholders may on reasonable grounds object to the processing of information, after which the Group undertakes not to continue to process, except when required to do so


In respect of the processing of PI as provided for above, The Shaloom Outsourcing Staff will adhere to all conditions for the lawful processing of PI, based on its desire to provide its data subjects with services in their best interests as well as a legitimate interest of the Group to achieve its business objectives


Data subjects have the right to request that the Shaloom Outsourcing Staff provides them with access to their PI, to rectify or correct their personal information, erase PI or restrict the processing of PI, including refraining from sharing it or otherwise providing it to any third parties. Data subjects also have the right to raise complaints with the Information Regulator. The afore-going rights may be subject to certain limitations pursuant to applicable law. In order to access any of these rights, they may contact the Information Officer.


All companies that fall under the Shaloom Outsourcing Staff endeavour to provide the most accurate information as possible to their stakeholders, including their data subjects. The Group seeks to verify the accuracy of its information as frequently as possible and to remove information that it learns to be inaccurate. Thus, the Group intends to process the information it has about data subjects for as long as it is legally specified or until the data subject gives any instruction to refrain from processing it. In order to instruct any company within the Shaloom Outsourcing Staff to refrain from collecting and/ or processing their PI, data subjects may contact the Information Officer. Notwithstanding the above, the Shaloom Outsourcing Staff shall hold PI for such period as may be required in terms of statutes such as the Companies Act and various labour laws


The supply of PI to any company within the Group by any of its stakeholders is at the stakeholders’ discretion. By supplying their information, stakeholders are accepting the practices and terms contained in this privacy policy. The Shaloom Outsourcing Staff will not process stakeholders’ PI without obtaining stakeholders’ consent. In respect of other activities, consent to collect or use will be obtained via acknowledgement by the stakeholder concerned, that a company within the Group is collecting his or her PI. This acknowledgment will be contained in all documents where PI is collected, including any agreements and/or contracts concluded between the relevant company and the stakeholder, where the stakeholder will be specifically requested to sign an acknowledgment of the collection of PI. If PI is collected through a third party, the third party will be requested to sign a declaration that they comply with POPIA requirements. Shaloom Outsourcing Staff processes and shares stakeholder information internally and will only share PI relating to that stakeholder internally in instances where operationally required or where it is obliged to disclose certain categories of information relating to regulatory, statutory and legal purposes.


The Shaloom Outsourcing Staff collects information about data subjects who may be clients or prospective clients. It also collects information on its employees, assignees, candidates, consultants, agents and suppliers as well as third parties that are part of its scope of operations. In respect of clients and prospective clients, the Shaloom Outsourcing Staff profiles business organizations and the contacts who work for said organisations and it may have some or all of the following categories of personal information on data subjects, historical or current:

  • • Name and Surname
  • • Identity Number
  • • Equity, Gender & Disability Status
  • • Contact Details (email, contact numbers)
  • • Birth date
  • • Position held and responsibilities
  • • Areas of interest in respect of any of the Shaloom Staffing offerings
  • • Sales and transaction history
  • • Record of services used
  • • Email correspondence and attachments
  • • Organisation details
  • • Office address
  • • Office contact details
  • • Organisation email address
  • • Organisation and data subject Social media URL’s
  • • Other information that is available in the public domain
\ We collect and process personal information mainly to contact data subjects for the purpose of understanding their requirements and delivering services accordingly. Where possible, we will inform data subjects what information they are required to provide to the Shaloom Outsourcing Staff and what information is optional, as well as the consequences of not providing said information. Website usage information may be collected using “cookies” which allows the Shaloom Outsourcing Staff to collect standard internet visitor usage information


A cookie is essentially a piece of code saved by a website onto the cookie file of the data subject’s web browser (onto the specific device they are using) when a browsing session is initiated, so that the website can remember who they are and create a better experience for the data subject. They have many uses but the most important ones are session management, user personalisation and tracking. Cookies are not programs; they do not perform any functions. These are simple text files that help a website to arrange content to match preferred interests quicker. Cookies alone cannot be used to identify a data subject. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie and a value, usually a randomly generated unique number. The Shaloom Outsourcing Staff’s website uses two types of cookies:

  • Session Cookies: These are temporary cookies that remain in the cookie file of the data subject’s browser until he/she leaves the site. They also allow the data subject to carry information across pages of the website and avoid having to re-enter information.
  • Persistent Cookies: These remain in the cookie file of the data subject’s browser for longer (though how long depends on the lifetime of the specific cookie) and help to recognise the data subject as a unique visitor (using a number, he/she cannot be identified personally) when returning to the website. These cookies are also used to compile anonymous, aggregated statistics that allow the Group to understand how data subjects use the website in order to improve the structure of it. Data subjects cannot be identified personally in this way.
A data subject can delete any cookies that have been installed in the cookie folder of their browser. To do this using Microsoft Windows Explorer:
  • - Open 'Windows Explorer'
  • - Click on the 'Search' button on the tool bar
  • - Type "cookie" into the search box for 'Folders and Files'
  • - Select 'My Computer' in the 'Look In' box
  • - Click 'Search Now' * Double click on the folders that are found
  • - 'Select' any cookie file
  • - Hit the 'Delete' button on your keyboard
\ If Microsoft Windows Explorer is not being used, then one can select "cookies" in the "Help" function or device manual for information on where to find their cookie folder.? Upon using the Groups website a data subject has a choice whether or not to allow cookies.


The type of information collected varies. Information includes any personal information as defined in POPIA, but is not limited to details such as company information, partner agreements, name, age, ID numbers, registration numbers, addresses and other contact details, previous employment history, educational information, salary information, liabilities, income and payment records, financial information and banking details such as account numbers and biometric details such as fingerprints


The Shaloom Outsourcing Staff will only share information with third parties with a stakeholder’s consent or if otherwise required to do so by law. The Group may disclose data subject PI to its service providers who are involved in the delivery of products or services. In this case, the Group has trusted relationships with selected third parties who perform services on its behalf. All service providers are bound by contract to maintain the security of the Groups stakeholders’ information, ensure that it complies with the privacy requirements as required by the POPI Act and to use it only as permitted. Companies within the Shaloom Outsourcing Staff may also disclose data subject PI:

  • • Where they have a duty or a right to disclose in terms of law and/ or industry codes;
  • • Where they believe it is necessary to protect their rights.


The Shaloom Outsourcing Staff understands the value of information and will take all reasonable steps to protect the information from loss, misuse, or unauthorised access. As such, all Companies within the Group are legally obliged to and take responsibility for:

  • • Protecting and managing the PI that it holds about its stakeholders;
  • • Making use of electronic and computer safeguards, such as firewalls and data encryption, to secure stakeholders’ information;
  • • Ensuring physical and electronic access control to its premises; and
  • • Only authorising access to information to those employees who require it to fulfil their designated responsibilities;
  • • Reviewing their security controls and related processes on a regular basis to ensure that the PI of data subjects remains secure.
The Group has conducted an impact assessment across all of its operations and used the findings thereof to manage risk optimally as well as to provide imperative improvements on an ongoing basis. Its policies and procedures cover the following aspects:
  • • Physical security;
  • • Computer and network security;
  • • Access to personal information;
  • • Secure communications;
  • • Security in contracting out activities or functions;
  • • Retention and disposal of information;


Stakeholders have the right to access information, including certain personal information held by Shaloom Outsorcing Staff. Requests for information must be made to the Information Officer at our Head Office:

  • Telephone number: +2787 012 6195
  • Address: 2'a Floor, The Workspace, 44 Melrose Boulevard - Birnam Metrose Arch, Johannesburg 2076
  • Email address: information.officer@shaloomstaffing.co.za
Access to information in terms of the PAIA must be obtained in accordance with the Access to Information Manual, which is available on Shaloom Outsourcing Staff website at www.shaloomstaffing.co.za