Your Data,
Your Rights
Your trust matters. Here's how we protect your personal information under POPIA and international data protection standards.
Responsible Party (POPIA Section 1)
In terms of the Protection of Personal Information Act 4 of 2013 ("POPIA"), the responsible party for processing your personal information is:
ForgeForth Africa (Pty) Ltd
Registration Number: 2024/123456/07
Johannesburg, Gauteng, South Africa
Information Officer: privacy@forgeforth.africa
Quick Navigation
At ForgeForth Africa, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa, the EU General Data Protection Regulation (GDPR), and other applicable international data protection laws.
Key Definitions (POPIA Section 1)
Data Subject
You, the individual whose personal information is being processed.
Personal Information
Any information relating to an identifiable person, including name, ID number, contact details, employment history, and online identifiers.
Special Personal Information
Sensitive data including race, health, biometrics, religious beliefs, trade union membership, political affiliation, sexual orientation, or criminal history.
Processing
Any operation performed on personal information, including collection, storage, use, modification, dissemination, or destruction.
Responsible Party
ForgeForth Africa (Pty) Ltd, who determines the purpose and means of processing.
Operator
A third party who processes data on our behalf under contract.
Consent
Voluntary, specific, and informed expression of will by you agreeing to the processing of your data.
Information Officer
The person responsible for ensuring POPIA compliance within our organization.
Information We Collect
Information You Provide Directly
- Identity Information: Full name, date of birth, ID/passport number, nationality
- Contact Details: Email address, phone number, physical address
- Professional Information: Skills, qualifications, work experience, education history, portfolio
- Documents: CV/resume, certificates, identification documents for verification
- Communications: Messages, feedback, support requests, survey responses
Automatically Collected Information
- Usage Data: Pages visited, features used, time spent, interaction patterns
- Device Information: Browser type, operating system, device type, screen resolution
- Location Data: General geographic region based on IP address (not precise GPS location)
- Cookies & Similar Technologies: See our Cookie Policy for details
Special Personal Information (POPIA Section 26-33)
We generally do not collect special personal information. If required for specific services (e.g., verification), we will:
- Obtain your explicit consent
- Clearly explain why it's needed
- Apply enhanced security measures
Legal Basis for Processing (POPIA Section 11)
Under POPIA and GDPR, we process your personal information only when we have a lawful basis:
Consent
You have given clear consent for us to process your personal information for a specific purpose.
Contract
Processing is necessary to perform or enter into a contract with you (e.g., providing our services).
Legal Obligation
Processing is necessary to comply with South African law or other applicable legal requirements.
Legitimate Interest
Processing is necessary for our legitimate business interests, provided your rights are not overridden.
How We Use Your Data
Service Delivery
To create your account, manage your profile, and connect you with opportunities, employers, or programs.
Matching & Recommendations
To analyze your skills and preferences and suggest relevant opportunities using our AI-powered matching engine.
Communication
To send you important updates, notifications about opportunities, and respond to your inquiries.
Verification
To verify your identity, qualifications, and credentials when required.
Platform Improvement
To analyze usage patterns and improve our platform, features, and user experience.
Security & Fraud Prevention
To protect your account, detect suspicious activity, and prevent fraud or abuse.
Legal Compliance
To comply with applicable laws, regulations, and legal processes.
Data Sharing & Third Parties
We NEVER sell your personal information.
We only share information when necessary to provide our services, with your consent, or when required by law.
Employers & Partners (With Your Consent)
When you apply for opportunities, employers see your profile and application details. You control what information is visible.
Service Providers (Operators under POPIA)
Trusted third parties who help us operate (cloud hosting, analytics, email services). They are bound by strict data processing agreements and can only use your data as we instruct.
Verification Services
Background check providers when you consent to verification of credentials or identity.
Legal Requirements
Law enforcement, courts, or regulators when required by law, court order, or to protect safety, rights, or property.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any changes.
Cross-Border Data Transfers (POPIA Section 72)
As a Pan-African platform, we may transfer your data to countries outside South Africa. When we do, we ensure:
The recipient country has adequate data protection laws
Standard contractual clauses or binding corporate rules are in place
You have given explicit consent for the transfer
Transfer is necessary for legal proceedings or to protect vital interests
Data Security (POPIA Section 19)
We implement appropriate technical and organizational measures to protect your data:
Encryption
Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls
Role-based access with multi-factor authentication
Regular Audits
Security assessments and penetration testing
Incident Response
24/7 monitoring with breach notification procedures
Data Retention (POPIA Section 14)
We retain your data only as long as necessary:
- Active accounts: Data retained while your account is active
- Deleted accounts: Data deleted within 30 days, except where legally required
- Legal requirements: Some data may be retained longer for tax, legal, or regulatory purposes
Your Rights Under POPIA (Section 23-25)
Right to Access
Request a copy of your personal information we hold
Right to Correction
Request correction of inaccurate or incomplete data
Right to Deletion
Request deletion of your data in certain circumstances
Right to Object
Object to processing for direct marketing
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent
Right to Complain
Lodge a complaint with the Information Regulator
Children's Privacy
Our services are not intended for children under 18. We do not knowingly collect personal information from minors. If you believe we have collected data from a child, please contact us immediately and we will delete it.
Complaints & Regulator
If you are not satisfied with our response to a privacy concern, you may lodge a complaint with:
Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za
Contact Us
For questions about this Privacy Policy or to exercise your rights: