1. Introduction
Mvulane Tech (Pty) Ltd (“Espanini”, “we”, “us”, or “our”) operates the Espanini.com workforce
time and attendance platform. We are committed to protecting personal information in
accordance with the Protection of Personal Information Act (POPIA).
2. Roles and Responsibilities
Your employer (our client) acts as the Responsible Party.
Espanini.com acts as the Operator processing information on their behalf.
3. Personal Information We Process
Employee Information
- Full name and surname
- ID Number
- Gender
- Employee number / payroll identifier
- Department, role, and site allocation
- Wage / Rate
Attendance & Workforce Data
- Clock-in and clock-out times
- Shift records
- Device/location of attendance events
Biometric Information
- Facial biometric templates used for identity verification
- Face verification logs
Note: Espanini.com does not use biometric data for any purpose other than attendance verification.
4. Purpose of Processing
- Record and verify employee attendance
- Prepare accurate payroll inputs
- Prevent time fraud (buddy clocking)
- Provide workforce reporting and analytics
We do not sell or use employee data for marketing.
5. Legal Basis for Processing
- Processing under instruction from the employer
- Fulfilment of employment and payroll obligations
- Employee consent for biometric processing
6. Data Storage and Hosting
Data is stored securely within Espanini.com’s managed infrastructure with logical separation between clients and encrypted HTTPS transmission.
7. Data Sharing
We do not sell or share personal information.
We only share data:
- With authorised personnel of the employer
- With infrastructure providers (e.g., secure cloud hosting providers)
- Where required by law
8. Data Retention
Attendance and payroll data is retained for up to 5 years or as required by labour and tax legislation.
9. Security Safeguards
We implement appropriate technical and organisational measures, including:
- Role-based access control
- Secure authentication
- Encrypted transmission (HTTPS)
- Restricted admin access
- System audit logging
10. Data Subject Rights
Employees have the right to:
- Access personal data
- Request corrections
- Object to unlawful processing
- Lodge complaints with the Information Regulator
11. Cross-Border Transfers
Espanini.com ensures appropriate safeguards when data is processed outside South Africa.
12. Data Breaches
Espanini.com will notify affected clients without undue delay and support POPIA compliance requirements.
13. Changes to this Policy
The latest version will always be available on Espanini.com.
14. Contact Us
Email: info@espanini.com