NeftalyApp Courses Partner Invest Corporate Charity Divisions

Neftaly Staff

Neftaly Email: sayprobiz@gmail.com Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital Privacy Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP370

Document Code: NeftalyP370
Approved By: Neftaly Malatjie, Chief Executive Officer
Last Reviewed: 21 November 2025
Next Review Date: 21 May 2026
Policy Owner: Neftaly Chief Human Capital Officer (NeftalyCHCR)

NeftalyP370-1: CEO Statement on the Launch of the Policy

To the Neftaly Chairperson, Neftaly Board, Neftaly Royal Chiefs, and the entire Neftaly Human Capital Community,

I am honoured to launch the Neftaly Human Capital Privacy Management Policy (NeftalyP370).

Privacy is a fundamental right and a critical component of Neftaly’s Human Capital governance. This policy ensures that all personal, sensitive, and organisational information is collected, processed, stored, and shared in a manner that respects confidentiality, complies with legal obligations, and safeguards the integrity of our data. By adhering to this policy, Neftaly strengthens trust with employees, stakeholders, and partners while ensuring compliance with privacy laws and regulations.

My message shall end here.

Signed:
Neftaly Malatjie
Chief Executive Officer
Neftaly

NeftalyP370-2: Scope

NeftalyP370-2-1: This policy applies to:

  • NeftalyP370-2-1-1 All Neftaly Human Capital staff and departments handling personal or organisational data.
  • NeftalyP370-2-1-2 All data collection, storage, processing, sharing, and disposal activities.
  • NeftalyP370-2-1-3 Digital, physical, and verbal information, including HR records, emails, reports, and communications.

NeftalyP370-3: Definitions

TermDefinition
PrivacyThe right of individuals and entities to control their personal or sensitive information.
Personal DataAny information relating to an identifiable person.
Sensitive DataInformation requiring higher protection, e.g., health, financial, or legal records.
Data ProcessingCollection, storage, retrieval, use, or sharing of information.
Data SubjectAn individual whose personal data is collected or processed.
Data BreachUnauthorized access, disclosure, or loss of personal or sensitive information.

NeftalyP370-4: Objectives

  • NeftalyP370-4-1 Protect personal and organisational data from unauthorized access, disclosure, or misuse.
  • NeftalyP370-4-2 Ensure compliance with privacy laws, regulations, and Neftaly governance standards.
  • NeftalyP370-4-3 Establish clear procedures for handling, storing, and sharing information.
  • NeftalyP370-4-4 Promote a culture of confidentiality and data protection across all Human Capital units.
  • NeftalyP370-4-5 Minimize risks associated with data breaches and privacy violations.

NeftalyP370-5: Roles and Responsibilities

NeftalyP370-5-1 Neftaly Chief Executive Officer (NeftalyCER)

  • NeftalyP370-5-1-1 Approves major privacy management strategies and policies.

NeftalyP370-5-2 Neftaly Chief Human Capital Officer (NeftalyCHCR)

  • NeftalyP370-5-2-1 Oversees implementation of privacy practices across all Human Capital operations.
  • NeftalyP370-5-2-2 Ensures compliance with privacy laws and organisational standards.

NeftalyP370-5-3 Neftaly Human Capital Privacy Unit

  • NeftalyP370-5-3-1 Develops and monitors privacy procedures, tools, and controls.
  • NeftalyP370-5-3-2 Conducts regular audits and risk assessments to prevent breaches.

NeftalyP370-5-4 Neftaly Officers / Supervisors

  • NeftalyP370-5-4-1 Ensure privacy procedures are followed within their departments.
  • NeftalyP370-5-4-2 Train and guide staff on proper handling of personal and sensitive information.

NeftalyP370-5-5 Human Capital Staff

  • NeftalyP370-5-5-1 Maintain confidentiality of all information accessed.
  • NeftalyP370-5-5-2 Report any suspected or confirmed privacy breaches immediately.

NeftalyP370-6: Procedures

NeftalyP370-6-1 Data Collection and Use

  • NeftalyP370-6-1-1 Collect only necessary data relevant to Human Capital operations.
  • NeftalyP370-6-1-2 Use Neftaly Data Collection Form (NeftalyT370-01) to document data origin and purpose.

NeftalyP370-6-2 Data Storage and Protection

  • NeftalyP370-6-2-1 Store information securely using approved digital or physical methods.
  • NeftalyP370-6-2-2 Apply encryption, access control, and regular backups for sensitive data.

NeftalyP370-6-3 Data Sharing and Disclosure

  • NeftalyP370-6-3-1 Share personal or sensitive data only with authorised parties.
  • NeftalyP370-6-3-2 Use Neftaly Data Sharing Approval Form (NeftalyT370-02) for any external disclosure.

NeftalyP370-6-4 Data Retention and Disposal

  • NeftalyP370-6-4-1 Retain information according to Neftaly Data Retention Schedule.
  • NeftalyP370-6-4-2 Dispose of outdated or unnecessary data securely using Neftaly Data Disposal Checklist (NeftalyT370-03).

NeftalyP370-6-5 Incident and Breach Management

  • NeftalyP370-6-5-1 Report breaches immediately using Neftaly Data Breach Report Form (NeftalyT370-04).
  • NeftalyP370-6-5-2 Investigate incidents, mitigate risks, and notify affected parties as required by law.

NeftalyP370-6-6 Training and Awareness

  • NeftalyP370-6-6-1 Conduct regular staff training on privacy and data protection practices.
  • NeftalyP370-6-6-2 Maintain records of all privacy training sessions.

NeftalyP370-7: Templates, Documents and Forms

  • NeftalyP370-7-1 NeftalyT370-01: Data Collection Form
  • NeftalyP370-7-2 NeftalyT370-02: Data Sharing Approval Form
  • NeftalyP370-7-3 NeftalyT370-03: Data Disposal Checklist
  • NeftalyP370-7-4 NeftalyT370-04: Data Breach Report Form
  • Extended list includes privacy audit forms, consent templates, staff confidentiality agreements, and compliance checklists.

NeftalyP370-8: Compliance

NeftalyP370-8-1 All Human Capital privacy management must comply with:

  • NeftalyP370-8-1-1 Neftaly Governance and Operational Manuals
  • NeftalyP370-8-1-2 Data Protection Laws (e.g., POPIA, GDPR where applicable)
  • NeftalyP370-8-1-3 Neftaly Code of Conduct
  • NeftalyP370-8-1-4 Legal and regulatory obligations

NeftalyP370-8-2 Non-compliance may lead to corrective measures, administrative action, or disciplinary procedures.

NeftalyP370-9: Frequently Asked Questions (Preview)

  1. What is Privacy Management at Neftaly?
  2. Who is responsible for ensuring data protection?
  3. How should personal data be collected and stored?
  4. What constitutes a data breach?
  5. How are privacy incidents reported and managed?
  6. Can staff share information with external parties?
  7. How long should Human Capital data be retained?
  8. What training is required for privacy compliance?
  9. How is compliance monitored?
  10. What are the consequences of violating privacy policies?