Privacy Policy

1. Introduction

Mvulane Tech (Pty) Ltd (“Espanini”, “we”, “us”, or “our”) operates the Espanini.com workforce time and attendance platform. We are committed to protecting personal information in accordance with the Protection of Personal Information Act (POPIA).

2. Roles and Responsibilities

Your employer (our client) acts as the Responsible Party.

Espanini.com acts as the Operator processing information on their behalf.

3. Personal Information We Process

Employee Information

• Full name and surname
• ID Number
• Gender
• Employee number / payroll identifier
• Department, role, and site allocation
• Wage / Rate

Attendance & Workforce Data

• Clock-in and clock-out times
• Shift records
• Device/location of attendance events

Biometric Information

• Facial biometric templates used for identity verification
• Face verification logs

Note: Espanini.com does not use biometric data for any purpose other than attendance verification.

4. Purpose of Processing

• Record and verify employee attendance
• Prepare accurate payroll inputs
• Prevent time fraud (buddy clocking)
• Provide workforce reporting and analytics

We do not sell or use employee data for marketing.

5. Legal Basis for Processing

• Processing under instruction from the employer
• Fulfilment of employment and payroll obligations
• Employee consent for biometric processing

6. Data Storage and Hosting

Data is stored securely within Espanini.com’s managed infrastructure with logical separation between clients and encrypted HTTPS transmission.

7. Data Sharing

We do not sell or share personal information.

We only share data:

• With authorised personnel of the employer
• With infrastructure providers (e.g., secure cloud hosting providers)
• Where required by law

8. Data Retention

Attendance and payroll data is retained for up to 5 years or as required by labour and tax legislation.

9. Security Safeguards

We implement appropriate technical and organisational measures, including:

• Role-based access control
• Secure authentication
• Encrypted transmission (HTTPS)
• Restricted admin access
• System audit logging

10. Data Subject Rights

Employees have the right to:

• Access personal data
• Request corrections
• Object to unlawful processing
• Lodge complaints with the Information Regulator

11. Cross-Border Transfers

Espanini.com ensures appropriate safeguards when data is processed outside South Africa.

12. Data Breaches

Espanini.com will notify affected clients without undue delay and support POPIA compliance requirements.

13. Changes to this Policy

The latest version will always be available on Espanini.com.

14. Contact Us

Email: info@espanini.com