How we collect, use, share, and protect your personal data — in full compliance with POPIA and GDPR.
Naomii Recruitment Solutions (Pty) Ltd, trading as Naomii Talent Solutions ("we", "us", or "our"), is committed to protecting your personal data. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and what rights you have. It applies to all visitors to naomii.app, all job candidates who engage with us, and all client contacts who use our recruitment services.
We are a specialist technology and data recruitment firm headquartered in Cape Town, South Africa, operating globally. We act as a Responsible Party (under POPIA) and Data Controller (under GDPR) in relation to the personal data we process.
Naomii Recruitment Solutions (Pty) Ltd
Trading as: Naomii Talent Solutions
Cape Town, South Africa
Privacy enquiries: hello@naomii.app
We collect different categories of personal data depending on whether you are a candidate, a client contact, or a general website visitor.
| Category | Examples | How Collected |
|---|---|---|
| Identity data | Full name, nationality | Directly from you |
| Contact data | Email, phone, LinkedIn profile | Directly from you |
| Professional data | CV, employment history, skills, qualifications, salary expectations, notice period | Directly from you or publicly available sources |
| Assessment data | Results of skills assessments or aptitude tests administered by us | Generated during our process |
| Communication records | Notes from interviews and consultant calls | Recorded by our team |
| Preference data | Job type, preferred location, remote/hybrid preference, salary range | Directly from you |
| Category | Examples | How Collected |
|---|---|---|
| Identity & contact data | Name, job title, company, email, phone | Directly from you or your company website |
| Job brief data | Role requirements, salary budgets, team structure, hiring notes | Directly from you |
| Communication records | Meeting notes, email correspondence | Recorded by our team |
We only process your personal data where we have a lawful basis to do so. Under POPIA this is a "justification condition"; under GDPR this is a "legal basis". The bases we rely on are:
| Basis | When we use it |
|---|---|
| Consent | Marketing communications; sharing your CV with specific employers (we ask for explicit consent before presenting you to any client) |
| Legitimate interests | Maintaining a talent database; contacting you about relevant opportunities; improving our services; fraud prevention |
| Contract performance | Fulfilling our obligations to candidates placed in roles and to client companies |
| Legal obligation | Compliance with South African labour law, tax obligations, and any court orders |
We use your personal data for the following recruitment and business purposes:
We will never sell your personal data to any third party.
As a globally operating recruitment firm, we may transfer your personal data to client companies or service providers located outside South Africa, including in the EU, UK, US, and other countries. Where we do so, we ensure appropriate safeguards are in place, including:
We will always inform you before transferring your profile to a client company in another country and will only do so with your consent.
We share personal data only where necessary and with appropriate safeguards:
| Recipient | Purpose | Basis |
|---|---|---|
| Prospective employers (our clients) | Candidate presentation for specific roles | Consent |
| ATS & CRM platform (hosted on Supabase / Railway) | Secure storage and management of candidate and client records | Legitimate interests / Contract |
| Email communication tools | Sending role updates and marketing communications | Consent / Legitimate interests |
| Analytics providers | Anonymised website usage analysis | Legitimate interests |
| Legal and regulatory authorities | Compliance with legal obligations or court orders | Legal obligation |
All third-party processors are bound by data processing agreements that require them to protect your data to the same standard we do.
We retain personal data only for as long as necessary for the purposes set out in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active candidate profiles | 3 years from last contact | Ongoing recruitment activity |
| Placed candidate records | 5 years from placement date | Legal and contractual obligations |
| Client contact records | 5 years from last engagement | Business relationship management |
| Website enquiry data | 2 years | Legitimate business interest |
| Financial records | 7 years | South African tax law (SARS) |
You may request early deletion at any time (see your rights below), subject to any overriding legal obligation to retain the data.
You have the following rights under both POPIA and GDPR (where applicable). We will respond to all verified requests within 30 days.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete personal data.
Request deletion of your data where there is no overriding legal basis to retain it.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests, including direct marketing.
Ask us to pause processing while a dispute or complaint is resolved.
Withdraw consent at any time where processing is consent-based, without affecting prior processing.
Lodge a complaint with the relevant supervisory authority (see below).
To exercise any of these rights, contact us at hello@naomii.app. We may need to verify your identity before processing your request.
Depending on your location, you have the right to complain to the relevant supervisory authority:
| Location | Authority | Contact |
|---|---|---|
| South Africa | Information Regulator (POPIA) | inforeg.org.za |
| European Union / EEA | Your national Data Protection Authority (DPA) | edpb.europa.eu |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk |
We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority — please reach out to us first at hello@naomii.app.
Our website uses cookies and similar tracking technologies to operate correctly and to understand how visitors use the site. We use:
| Cookie Type | Purpose | Can be declined? |
|---|---|---|
| Strictly necessary | Core site functionality | No |
| Analytics | Anonymised usage statistics to improve the site | Yes |
| Marketing / tracking | We do not currently use marketing tracking cookies | N/A |
You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect your ability to use the website.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These measures include:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Regulator within 72 hours and affected individuals without undue delay, as required by law.
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@naomii.app and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email. We encourage you to review this policy periodically.
By using our website or engaging our recruitment services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with how we handle your personal data, please do not use our services and contact us to request deletion of any data we may hold about you.
This policy was prepared for Naomii Recruitment Solutions (Pty) Ltd, trading as Naomii Talent Solutions, and is intended as a good-faith effort to comply with the Protection of Personal Information Act 4 of 2013 (POPIA), the General Data Protection Regulation (EU) 2016/679 (GDPR), and the UK GDPR. This document does not constitute legal advice. We recommend periodic review with a qualified privacy attorney.