POPIA Compliance

Last updated: 27 February 2026

1. Commitment to POPIA

GrimmGear (Pty) Ltd is committed to compliance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA"). We process personal information lawfully, transparently, and for legitimate purposes only.

2. Responsible Party

Company: GrimmGear (Pty) Ltd

Information Officer: Richard Beukes

Email: privacy@grimmgear.com

3. Lawful Basis for Processing

We process personal information under the following conditions of POPIA:

  • Consent (Section 11(1)(a)): When you create an account and provide your personal details.
  • Contract (Section 11(1)(b)): To provide the services you have subscribed to.
  • Legal obligation (Section 11(1)(c)): To comply with tax and financial regulations.
  • Legitimate interest (Section 11(1)(f)): To improve our services and ensure platform security.

4. Categories of Personal Information

  • Identity information (name, email, phone number)
  • Employment information (CV data: work history, education, skills)
  • Financial information (subscription and payment records)
  • Electronic information (IP address, browser type, usage data)

5. Purpose of Processing

  • To provide job search and CV builder services
  • To process subscriptions and payments
  • To send job alerts and service communications
  • To improve and secure the platform
  • To comply with legal and regulatory obligations

6. Security Measures

We implement appropriate technical and organisational measures to protect personal information, including:

  • TLS encryption for all data in transit
  • Password hashing using PBKDF2-SHA512 with 600,000 iterations
  • Access controls and authentication on all systems
  • Regular security assessments
  • Secure hosting infrastructure with automated backups

7. Cross-Border Data Transfers

Our servers are hosted internationally. Where personal information is transferred outside South Africa, we ensure adequate protection through contractual obligations with our service providers.

8. Your Rights Under POPIA

As a data subject, you have the right to:

  • Be notified that your personal information is being collected
  • Request access to your personal information
  • Request correction or deletion of your personal information
  • Object to the processing of your personal information
  • Lodge a complaint with the Information Regulator

9. Information Regulator

If you believe your rights under POPIA have been infringed, you may lodge a complaint with:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Email: complaints.IR@justice.gov.za

10. Contact Us

To exercise any of your rights or for POPIA-related queries, contact our Information Officer at privacy@grimmgear.com.