Legal

Privacy Policy

Last updated 1 January 2025 ? How we collect, use and protect your data

1. Introduction

PeopleCore HR (Pty) Ltd ("we", "us", "our") operates the PeopleCore HR platform. This policy explains how we collect, use, store and protect personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).

Last updated: 1 January 2025. Contact us at legal@peoplecore.co.za with any questions.

2. Information We Collect

We collect information you provide directly: company details, employee names, ID numbers, employment information, salary data, leave records and contact details.

We also collect technical data: IP addresses, browser type, access timestamps and usage patterns to maintain security and improve the platform.

3. How We Use Your Information

  • Providing and operating the PeopleCore HR platform
  • Processing payroll and leave management functions
  • Sending transactional emails (password resets, leave notifications, payslips)
  • Complying with South African labour law (BCEA, PAYE, UIF, SDL)
  • Maintaining security, fraud prevention and audit trails
  • Improving platform features and performance

4. Data Storage & Security

All data is stored on encrypted servers. We use AES-256 encryption for sensitive fields (ID numbers, banking details), bcrypt for passwords, and TLS 1.2+ for all data in transit.

Access is strictly role-based. Only authorised personnel within your organisation can access employee data, based on the permissions you configure.

5. Data Retention

We retain employee data for the duration of your subscription and for 5 years thereafter to comply with South African tax and labour law requirements (SARS, UIF, BCEA).

You may request deletion of non-legally-required data at any time by contacting us at legal@peoplecore.co.za.

6. Third Party Sharing

We do not sell personal data. We share data only with: (1) SARS/UIF as required by law, (2) our infrastructure providers (database, email) under strict data processing agreements, (3) you, upon request via data export.

All third-party providers are bound by confidentiality obligations and POPIA-compliant data processing agreements.

7. Your Rights Under POPIA

You have the right to: access your personal information, correct inaccurate data, request deletion (subject to legal retention requirements), object to processing, and lodge a complaint with the Information Regulator (inforegulator.org.za).

To exercise any of these rights, contact our Information Officer at legal@peoplecore.co.za.

8. Cookies

We use only essential cookies for authentication (JWT session tokens). We do not use tracking, advertising or analytics cookies. No third-party cookies are set.

9. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email. Continued use of the platform after changes constitutes acceptance.