HR Policies

This Privacy Statement sets out the purpose and manner in which personal information is processed by IsoMetrix during its recruitment process as a potential employer and serves as processing notification to candidates who apply for positions (the data subjects) at IsoMetrix.

The IsoMetrix group of companies¹ (‘’IsoMetrix’’, ‘’us’’, ‘’we’’, ‘’our’’) are bound by Data Protection laws and regulations to collect and process personal information of persons² (‘’you’’, ‘’your’’) in a compliant and responsible manner. Personal information (also referred to as ‘personal data’) includes information such as your name, contact details, employment related information and financial information. IsoMetrix may collect and process information relating to health and biometrics, but such processing is always aligned with governing laws, regulations and subject to technical security safeguards. (These examples of personal information is not an exhaustive list. A comprehensive list of the types of personal information that is included in the above definition, can be found in the Protection of Personal Information Act 4 of 2013, as well as the General Data Protection Regulations under the definition of ‘personal data’).

The information in this statement is not an exhaustive explanation but gives you an indication of what processing activities you can expect from us regarding your personal information.

We will be the responsible party (also referred to as the ‘controller’) of your personal information. This means that we are responsible for deciding how we hold and use your personal information.

How we obtain your personal information:

The information we have about you is, or was provided by you in the course of applying for one or more job vacancies with us, and during your initial or ongoing recruitment related engagement with us.

Personal information that we collect varies by country to comply with local requirements, but may include information gathered from publicly available sources. Whenever we collect personal information from other sources, we will do so with your prior knowledge and you will receive information about the nature of any such collection before it begins.

Why we process personal information:

The personal information that we collect from you, will be used for purposes of selection of candidates and potential recruitment activities. Your personal information will only be used for purposes that the law allows us to. These are typically the following:

• • Where we need to enter into or perform a contract with you;
  • Where we need to comply with a legal obligation, including health administration in the workplace or health and safety legislation;
  • Where it is necessary for legitimate interests pursued by us or a third party, and your interests and fundamental rights do not override those interests;
  • Where we need to protect your interest; and
  • Where it is needed in the public interest or official purposes.
  • We may process special categories of information about you for statistical purposes, or strictly necessary for purposes of employment or applicable legislation.

Do we share the personal information, and with whom?

We do share personal information, where necessary, for compliance with other applicable laws, regulations or to give effect to the requirements of a valid contract. Such third parties are contractually bound to the same confidentiality undertakings as us. We limit access to this information to those who need to access it to give effect to the purpose. Where possible, we will remove all personal identifiers from data sets.

Categories of recipients include:

• • Group entities or affiliates;
  • Outsourced service providers;
  • Law enforcement agencies and tax authorities.

When we do share personal information with a third party, then we will ensure that we have a lawful basis for doing so and will assess the third party’s ability to secure such personal information. We will also ensure (where applicable) that we have a written contract in place with them to apply appropriate safeguards to protect personal information to a standard and in a manner that provides us with sufficient guarantees as to the security of that personal information.

Sharing of personal data with other countries:

In some instances, personal information is transferred to a different country from where it has been collected. Such instances would include the requirement for us to perform contractual or regulatory obligations or other circumstances permitted by law.

How do we keep your personal information secure?

We use appropriate technical and organizational measures to keep your personal information secure taking into account the sensitivity of the personal information, the technologies available to secure it and their costs.

Our security systems are designed to prevent loss, unauthorized destruction, damage and/or access of your personal information from unauthorized third parties.

All IsoMetrix staff are further obliged to adhere to comprehensive written policies and procedures and undertake data privacy training. Certain staff also have assigned roles and responsibilities to help ensure the security and integrity of our information. We restrict access to our IT systems to those personnel that require it in the performance of their roles and where possible endeavor to anonymize the personal information held.

Our IT systems are inherently designed and regularly updated to try to ensure they remain as secure as possible. We use secure servers, firewalls, virus and ransom scanning software, and employ a team of IT professionals to support these systems.

We have a framework in place for undertaking data protection impact assessments whenever a proposed new project or initiative involving the use of personal information is likely to result in a high risk to the person whose personal information is affected and in order to identify, manage and address any privacy risks posed.

For how long do we keep personal information?

Personal information is retained for as long as necessary to achieve the purpose for which it has been collected. After the purpose has been served, the personal information will be destroyed. Certain applicable laws may require that personal information of a certain type and purpose should be retained for a particular period. These periods will then be the minimum period for which we will retain the personal information.

Your rights in respect of your personal information that we hold:

You have the right:

• • of access to your personal information;
  • to take action to rectify inaccurate personal information;
  • to erase your personal information;
  • to restrict the processing of your personal information;
  • to data portability;
  • to object to processing of personal information (including direct marketing)
  • not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal effects that significantly affects you;
  • to seek compensation for any material or non-material damage caused by a breach of our statutory obligations to protect your personal information;
  • to lodge a complaint with a data protection supervisory authority; and
  • to an effective judicial remedy against us.

In certain circumstances, we may not be able to process any of your abovementioned requests, including:

• • a compelling legitimate grounds for processing of the personal information;
  • the exercise or defense of a legal claim;
  • the public interest;
  • compliance with our legal obligations, or
  • our legitimate interests.

Legal disclaimer:

We reserve the right to disclose your personal information if required by law.

Changes to this Privacy Statement:

This Statement is subject to periodic change. Any changes to this Privacy Statement will be posted on this page. It is your responsibility to read the information contained in this Statement and ensure you are familiar with it.

¹ Metrix Software Solutions (Pty) Ltd; IsoMetrix Software UK LTD; IsoMetrix USA, Inc.; IsoMetrix Australia (Pty) Ltd; Metrix Software North America, Inc.

² Person(s) means the data subject(s) as defined by applicable laws, namely natural persons and juristic persons, as the context require.

Contact details of our Data Protection officer

Att: The Data Protection Officer
Metrix Software Solutions (Pty) Ltd
Fourways Office Manor
Block 7
Macbeth Street
Fourways
Johannesburg SA

Phone: +27 11 465 6944
E-mail: legal@isometrix.com