DCV - Connecting Global Workforces
Back to Home

Legal

POPIA & GDPR Compliance

Last updated: 1 June 2026

Our Commitment: Daisy CV (Pty) Ltd is fully committed to protecting the personal information of every user of our platform. We comply with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa and the General Data Protection Regulation (EU) 2016/679 (GDPR) where applicable to our operations.

1. About POPIA

The Protection of Personal Information Act (POPIA) is South Africa’s comprehensive data protection legislation, which came into full effect on 1 July 2021. POPIA regulates how organisations collect, process, store, and share personal information of individuals (known as “data subjects”).

POPIA establishes eight key conditions for lawful processing of personal information:

  1. Accountability — The responsible party must ensure compliance.
  2. Processing Limitation — Personal information must be processed lawfully and in a reasonable manner.
  3. Purpose Specification — Information must be collected for a specific, explicitly defined, and lawful purpose.
  4. Further Processing Limitation — Information must not be processed in a manner incompatible with the original purpose.
  5. Information Quality — Information must be complete, accurate, and not misleading.
  6. Openness — Data subjects must be notified when their information is collected.
  7. Security Safeguards — Appropriate measures must be in place to protect information.
  8. Data Subject Participation — Data subjects have the right to access and correct their information.

2. About GDPR

The General Data Protection Regulation (GDPR) is the European Union’s data protection regulation. It applies to DCV when we process personal data of individuals located in the EEA, or when we offer services to individuals in the EU/EEA.

GDPR grants data subjects rights including access, rectification, erasure, restriction of processing, data portability, and the right to object. DCV honours all GDPR rights for applicable users.

3. How DCV Complies

3.1 Lawful Processing

We only process personal information when we have a lawful basis to do so. Our processing is based on:

  • Your consent — which you may withdraw at any time.
  • Contractual necessity — to provide recruitment services you have requested.
  • Legitimate interests — to operate and improve our platform, provided your rights are not overridden.
  • Legal obligations — to comply with South African law and regulations.

3.2 Purpose Limitation

We collect personal information only for the specific purposes described in our Privacy Policy. Information collected for recruitment purposes is not used for unrelated purposes without your consent.

3.3 Data Minimisation

We collect only the information that is necessary for the services we provide. We regularly review our data collection practices to ensure we are not collecting more than needed.

3.4 Accuracy

We take reasonable steps to ensure personal information is accurate and up to date. Users can update their profiles and information at any time through the Platform. We encourage users to keep their information current.

3.5 Storage Limitation

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are detailed in our Privacy Policy.

3.6 Security

We implement comprehensive security measures to protect personal information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest.
  • Access Controls: Role-based access ensures only authorised personnel can access personal data.
  • Password Security: Passwords are hashed using bcrypt with appropriate salt rounds.
  • Audit Trail: All significant actions on the Platform are logged for accountability.
  • Secure Storage: Documents and files are stored in encrypted cloud storage with strict access policies.
  • Regular Reviews: We conduct regular security assessments and update our practices accordingly.

3.7 Accountability

DCV has appointed an Information Officer as required by POPIA, responsible for overseeing data protection compliance and handling data subject requests.

4. Your Rights Under POPIA & GDPR

As a user of the DCV Platform, you have the following rights:

Right to be Informed

POPIA Section 18GDPR Articles 13-14

You have the right to know what personal information we collect, why we collect it, and how it is used. This is fulfilled through our Privacy Policy and notices on the Platform.

Right of Access

POPIA Section 23GDPR Article 15

You can request a copy of all personal information we hold about you. Use the "Export My Data" feature on your Profile page or contact us directly.

Right to Rectification

POPIA Section 24GDPR Article 16

You can request correction of inaccurate or incomplete personal information. You can update most information directly through your account settings.

Right to Deletion

POPIA Section 24GDPR Article 17

You can request deletion of your personal information, subject to legal retention requirements. Contact us at [email protected] to submit a deletion request.

Right to Restrict Processing

POPIA N/AGDPR Article 18

Under GDPR, you can request that we restrict processing of your data in certain circumstances (e.g., while we verify accuracy).

Right to Data Portability

POPIA N/AGDPR Article 20

Under GDPR, you can request your data in a structured, machine-readable format. Our self-service data export provides this in JSON format.

Right to Object

POPIA Section 11(3)GDPR Article 21

You can object to processing of your personal information for direct marketing purposes or where processing is based on legitimate interests.

Right to Lodge a Complaint

POPIA Section 74GDPR Article 77

You can lodge a complaint with the Information Regulator (South Africa) or your local supervisory authority (EU/EEA).

5. Special Categories of Personal Information

In the course of providing recruitment services, we may process certain special categories of personal information as defined under POPIA (Section 26) and GDPR (Article 9), including:

  • Health Information: Medical fitness-to-work certificates submitted as part of the deployment process.
  • Criminal Records: Criminal background check results required by certain employers or industries.
  • Biometric Information: Identity verification using identity documents that may contain photographs.

This information is processed only with your explicit consent, for the specific purpose of facilitating your job placement, and is subject to enhanced security measures. You may withdraw consent at any time, though this may affect your eligibility for certain positions.

6. Cross-Border Data Transfers

As a recruitment platform connecting talent with international opportunities, we may transfer personal information across borders. Under POPIA (Section 72), cross-border transfers are permitted when:

  • The recipient country has adequate data protection legislation.
  • The recipient is bound by binding corporate rules or contractual obligations that provide adequate protection.
  • The data subject has consented to the transfer.
  • The transfer is necessary for the performance of a contract.

Under GDPR (Chapter V), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place for any transfers outside the EEA.

7. Breach Notification

In the event of a personal information breach that poses a risk to data subjects, DCV will:

  • Notify the Information Regulator of South Africa as soon as reasonably possible (as required by POPIA Section 22).
  • Notify the relevant EU/EEA supervisory authority within 72 hours (as required by GDPR Article 33), where applicable.
  • Notify affected data subjects without undue delay, providing details of the breach, potential consequences, and measures taken.
  • Document the breach and remediation steps in our internal records.

8. Automated Decision-Making & AI

DCV uses artificial intelligence (AI) to assist with candidate-job matching and provide recommendations. Important points regarding our AI processing:

  • AI matching generates compatibility scores based on skills, experience, qualifications, location, and other factors.
  • AI recommendations are advisory only — all final hiring decisions are made by human administrators and employers.
  • No candidate is automatically rejected based solely on AI scoring.
  • You have the right to request human review of any AI-assisted assessment.
  • You can object to AI-based profiling by contacting us at [email protected].

9. Self-Service Data Export

In keeping with both POPIA and GDPR requirements for data subject participation and portability, DCV provides a self-service data export feature:

  • Candidates can download a complete copy of their personal data in JSON format from their Profile page.
  • The export includes: account information, profile data, applications, documents, messages, notifications, and saved searches.
  • All data export requests are automatically recorded in our audit log for compliance tracking.

10. How to Exercise Your Rights

You can exercise your rights in the following ways:

Self-Service (Candidates)

  • • Update your profile information directly
  • • Use “Export My Data” on your Profile page
  • • Manage notification preferences
  • • Delete uploaded documents

Contact Us

11. Regulatory Contacts

Information Regulator (South Africa)

Phone: 012 406 4818

Email: [email protected]

Website: inforegulator.org.za

EU Data Protection Authorities

If you are based in the EU/EEA, you may contact your local supervisory authority.

Directory: edpb.europa.eu