User GuideReference DocumentsChangelog
User Guide
Contact Us
Start typing to search…

Simplify HR Privacy Policy


Introduction and purpose

This Privacy Policy explains how Simplify HR (Pty) Ltd (“Simplify”, “we”, “us” or “our”) collects, uses, stores, shares, and protects personal information when you interact with us or make use of our platforms, products, and services. This includes our websites, applications, software platforms, communications, and any related services (collectively, the “Platforms”).

Simplify provides recruitment, onboarding, and employee management software to organisations in South Africa and, in some cases, internationally. In providing these services, we process personal information relating to candidates, employees, clients, contractors, and other users. We are committed to handling personal information responsibly, transparently, and securely.

This Privacy Policy is intended to help you understand what personal information we collect, why we collect it, how it is used, and what rights you have in relation to your personal information.

This policy is aligned with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Where personal information is processed outside South Africa or the European Economic Area, we take appropriate steps to ensure that it continues to be adequately protected.

This Privacy Policy should be read together with any other privacy notices, terms and conditions, or contractual agreements we may provide to you from time to time. These may apply to specific products, services, or circumstances and supplement (but do not override) this policy.

By using our Platforms, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal information as described herein.

If you are under the age of 18, you must obtain consent from a parent or legal guardian before using our Platforms or providing us with your personal information. We may take reasonable steps to verify that such consent has been given.


Who this policy applies to

This Privacy Policy applies to anyone who interacts with Simplify, including: • clients and client representatives; • candidates and employees whose personal information is processed through our Platforms; • contractors, consultants, and service providers; • visitors to our websites and digital platforms.

Depending on the circumstances, Simplify may act as either a responsible party or an operator (as those terms are defined in POPIA), or as a controller or processor under the GDPR. Where we act as an operator or processor, we process personal information on behalf of our clients and in accordance with their instructions and our contractual obligations to them.


Personal information we collect

We aim to collect only the personal information that is reasonably necessary to provide our services effectively, lawfully, and securely. The types of personal information we collect depend on how you interact with Simplify and may include, among other things:

  • contact details, such as name, email address, telephone number, and business details;
  • employment, recruitment, or application-related information, including CVs, work history, qualifications, and assessment information;
  • identification information, such as identity numbers or passport numbers, where required for lawful or contractual purposes;
  • documents uploaded or generated through our Platforms, including contracts, compliance documents, and onboarding records;
  • technical and usage information, such as log data, device information, IP addresses, and interactions with our Platforms.

In limited circumstances, we may also process special personal information (as defined in POPIA) or special categories of personal data (as defined in the GDPR), where this is necessary for lawful purposes and appropriate safeguards are in place.


How and why we use personal information

We process personal information for specific, explicit, and lawful purposes. These include, but are not limited to:

  • providing, operating, and maintaining our recruitment, onboarding, and employee management services;
  • enabling our clients to manage their hiring and employee processes;
  • communicating with users, clients, and service providers;
  • complying with legal, contractual, regulatory, and governance obligations;
  • protecting the security and integrity of our Platforms;
  • improving our products, services, and user experience;
  • managing our business operations and relationships.

Where required under applicable law, we rely on appropriate lawful bases for processing, such as consent, contractual necessity, legal obligation, legitimate interests, or other recognised grounds.


Sharing personal information

We do not sell personal information. We only share personal information where it is lawful and necessary to do so, including:

  • with our clients, where we process information on their behalf;
  • with trusted third-party service providers who assist us in operating our Platforms (such as cloud hosting, security, and support services), under appropriate confidentiality and data protection agreements;
  • where required by law, regulation, or a lawful request by a public authority;
  • where necessary to protect our rights, users, or the integrity of our Platforms.

All third parties with whom we share personal information are required to implement appropriate safeguards and to process personal information only for authorised purposes.


International transfers of personal information

Simplify primarily processes and stores personal information in South Africa. However, in some cases, personal information may be transferred to, stored in, or accessed from other countries, including jurisdictions outside South Africa or the European Economic Area.

Where we transfer personal information internationally, we take reasonable steps to ensure that the recipient country or organisation provides an adequate level of protection, or that appropriate safeguards are in place. These may include contractual protections, recognised transfer mechanisms, or other lawful measures required under POPIA or the GDPR.


Information security

We take the security of personal information seriously and implement appropriate technical and organisational measures to protect it against loss, unauthorised access, misuse, or disclosure. These measures include access controls, secure infrastructure, and the use of reputable service providers that meet recognised security standards. While we take reasonable steps to safeguard personal information, no system is completely secure, and we cannot guarantee absolute security.


Data retention

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, to comply with legal or contractual requirements, or to resolve disputes. Retention periods may vary depending on the nature of the information and the context in which it is processed.


Your rights

Subject to applicable law, you have certain rights in relation to your personal information, including the right to:

  • request access to your personal information;
  • request correction or updating of inaccurate or incomplete information;
  • request deletion of personal information, where legally permissible;
  • object to or restrict certain types of processing;
  • withdraw consent, where processing is based on consent.

Requests to exercise these rights can be directed to [email protected]. We may need to verify your identity before responding to a request.


**Responsibilities of users and clients **

Clients, employees, and authorised users of our Platforms are responsible for:

  • using personal information only for legitimate business purposes;
  • keeping access credentials secure;
  • ensuring that personal information is handled in accordance with applicable laws and internal policies;
  • promptly reporting any suspected data breaches or security incidents.

**Changes to this Privacy Policy **

This version of the privacy policy was updated on 26 January 2026 and replaces any preceding privacy policies. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Any updates will be published on our Platforms, and material changes will be communicated where appropriate.

**Contact details and complaints **

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal information, please contact us at: Email: [email protected]

If you are dissatisfied with how we have handled a complaint, you have the right to lodge a complaint with the Information Regulator in South Africa or, where applicable, a relevant data protection authority in your jurisdiction.

Information Regulator (South Africa): • General enquiries: [email protected] • Complaints: [email protected]


Updated about 2 hours ago