Neftaly Staff

NeftalyApp COURSES Partner INVEST Corporate CHARITY Divisions

[Contact SayPro] [About SayPro][Services] [Recruit] [Agri] [Apply] [Login] [Courses] [Corporate Training] [Study] [School] [Sell Courses] [Career Guidance] [Training Material[ListBusiness/NPO/Govt] [Shop] [Volunteer] [Internships[Jobs] [Tenders] [Funding] [Learnerships] [Bursary] [Freelancers] [Sell] [Camps] [Events&Catering] [Research] [Laboratory] [Sponsor] [Machines] [Partner] [Advertise]  [Influencers] [Publish] [Write ] [Invest] [Franchise] [Staff] [CharityNPO] [Donate] [Give] [Clinic/Hospital] [Competitions] [Travel] [Idea/Support] [Events] [Classified] [Groups] [Pages]

Email: info@neftaly.net Call/WhatsApp: + 27 84 313 7407

Neftaly Human Capital GDPR Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP214

Written by

Siphesihle Tshabalala

in


Document Code: NeftalyP214
Approved By: Chief Executive Officer (CEO)

Date Approved: 29 October 2025

Review Date: 28 November 2026

Policy Owner: Neftaly Chief Human Capital Officer, NeftalyCHCR

1. Overview

The Neftaly Human Capital GDPR Management Policy (NeftalyP214) outlines the principles, standards, and procedures that Neftaly follows to ensure compliance with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

This policy governs the collection, storage, processing, and sharing of personal data belonging to Neftaly Human Capital, clients, students, partners, and stakeholders. The policy ensures that Neftaly protects privacy, maintains transparency, and upholds individuals’ rights in accordance with GDPR requirements.

2. Purpose

The purpose of this policy is to:

  • Ensure full compliance with GDPR and related data protection regulations.
  • Protect the personal data of all Neftaly Human Capital and stakeholders.
  • Establish clear procedures for data processing, consent, and breach management.
  • Define responsibilities for safeguarding data and maintaining accountability.
  • Build trust through ethical, transparent, and lawful data management practices.

3. Scope

This policy applies to:

  • All Neftaly Human Capital, including Officers, Deputy Chiefs, Royal Directors, and Non-Executive Members.
  • All personal data processed by Neftaly, regardless of storage format (digital, paper, or cloud-based).
  • All internal systems, applications, websites, and platforms that collect or store personal data.
  • All third-party processors acting on behalf of Neftaly.

4. Policy Statement

Neftaly is committed to safeguarding all personal data by applying GDPR principles of lawfulness, fairness, transparency, data minimization, accuracy, integrity, and confidentiality. All Human Capital must handle data responsibly and in compliance with this policy to protect Neftaly’s integrity and the rights of individuals.

5. Core Principles

  1. Lawfulness, Fairness, and Transparency: Personal data is processed legally and openly.
  2. Purpose Limitation: Data is collected only for legitimate purposes and not reused inappropriately.
  3. Data Minimization: Only the minimum necessary data is collected.
  4. Accuracy: Personal data must be kept accurate and up to date.
  5. Storage Limitation: Data is retained only for as long as necessary.
  6. Integrity and Confidentiality: Data must be stored securely to prevent unauthorized access or loss.
  7. Accountability: Neftaly maintains documentation and evidence of compliance.

6. Procedures and Processes

6.1 Data Collection and Consent

  • Obtain explicit consent before collecting personal data.
  • Use the NeftalyF214-01 Data Collection Consent Form to record permission.
  • Inform individuals about how their data will be used, stored, and shared.

6.2 Data Processing and Access Control

  • Personal data is processed only by authorized Human Capital.
  • Access is granted on a need-to-know basis by the Chief Human Capital Officer (CHCO).
  • Maintain an access log using NeftalyD214-01 Data Access Register.

6.3 Data Storage and Security

  • Store all data in secure, encrypted systems.
  • Physical files must be stored in locked cabinets in authorized offices.
  • Regularly back up critical data and restrict access to approved personnel.
  • Maintain a NeftalyR214-01 Data Storage Log for audit purposes.

6.4 Data Subject Rights

  • Neftaly ensures compliance with all GDPR rights, including:
  • Right to Access
  • Right to Rectification
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Data Portability
  • Right to Restrict Processing
  • Right to Object
  • Requests must be logged and processed within 30 days using the NeftalyF214-02 Data Subject Request Form.

6.5 Data Breach Management

  • Any suspected or confirmed breach must be reported immediately using NeftalyF214-03 Data Breach Report Form.
  • The CHCO and IT Security Team investigate breaches and notify relevant authorities within 72 hours if required.
  • Maintain a NeftalyR214-02 Data Breach Register for documentation and audit.

6.6 Data Retention and Disposal

  • Data must be retained only for the period specified in the Neftaly Data Retention Schedule (NeftalyD214-02).
  • Securely delete or destroy expired data using approved methods (digital shredding or physical destruction).

6.7 Third-Party Data Processing

  • Third parties handling Neftaly data must sign a NeftalyF214-04 Data Processing Agreement.
  • Vendors must comply with Neftaly’s data protection requirements and undergo annual compliance checks.

7. Roles and Responsibilities

RoleResponsibilities
Chief Executive Officer (CEO)Ensures GDPR compliance across Neftaly and approves key data management decisions.
Chief Human Capital Officer (CHCO)Oversees GDPR policy implementation, reporting, and staff training.
Royal DirectorsEnforce GDPR procedures within their divisions.
Deputy ChiefsSupport compliance monitoring and reporting.
OfficersEnsure correct handling of data and maintain compliance documentation.
All Human CapitalAdhere to GDPR procedures and report potential data risks or breaches.

8. Documentation and Templates

  • NeftalyF214-01: Data Collection Consent Form
  • NeftalyD214-01: Data Access Register
  • NeftalyR214-01: Data Storage Log
  • NeftalyF214-02: Data Subject Request Form
  • NeftalyF214-03: Data Breach Report Form
  • NeftalyR214-02: Data Breach Register
  • NeftalyD214-02: Data Retention Schedule
  • NeftalyF214-04: Data Processing Agreement

9. Compliance and Monitoring

  • The CHCO conducts quarterly audits to ensure GDPR compliance.
  • Non-compliance may result in disciplinary actions or legal penalties.
  • Annual GDPR awareness and training sessions are mandatory for all Human Capital.
  • Neftaly will cooperate fully with data protection authorities during audits or investigations.

10. Review and Evaluation

This policy will be reviewed annually or after significant regulatory updates. The CHCO and IT Security Team will assess the effectiveness of GDPR procedures and recommend updates for CEO approval.

11. Frequently Asked Questions (FAQs)

Q1: What is personal data under GDPR?
A: Any information that identifies an individual, such as names, contact details, ID numbers, or digital identifiers.

Q2: Who do I contact about data protection concerns?
A: The Chief Human Capital Officer (CHCO) serves as Neftaly’s Data Protection Officer.

Q3: How should I handle a data breach?
A: Report it immediately using NeftalyF214-03 Data Breach Report Form and inform your Officer.

Q4: Can I share data with external partners?
A: Only with prior authorization and a signed Data Processing Agreement (NeftalyF214-04).

Q5: How long can Neftaly keep personal data?
A: Only for as long as necessary according to the NeftalyD214-02 Data Retention Schedule.

Approved By:
Neftaly Malatjie
Chief Executive Officer

Post Date

Modified Date

Comments

Leave a Reply

More posts