Espanini • Privacy Policy

1Introduction

Mvulane Tech (Pty) Ltd ("Espanini", "we", "us", or "our") operates the Espanini.com workforce time and attendance platform. We are committed to protecting personal information in accordance with the Protection of Personal Information Act (POPIA).

2Roles and Responsibilities

Your employer (our client) acts as the Responsible Party.

Espanini.com acts as the Operator processing information on their behalf.

3Personal Information We Process

Employee Information

Full name and surname
ID Number
Gender
Employee number / payroll identifier
Department, role, and site allocation
Wage / Rate

Attendance & Workforce Data

Clock-in and clock-out times
Shift records
Device/location of attendance events

Biometric Information

Facial biometric templates used for identity verification
Face verification logs

Note: Espanini.com does not use biometric data for any purpose other than attendance verification.

4Purpose of Processing

Record and verify employee attendance
Prepare accurate payroll inputs
Prevent time fraud (buddy clocking)
Provide workforce reporting and analytics

We do not sell or use employee data for marketing.

5Legal Basis for Processing

Processing under instruction from the employer
Fulfilment of employment and payroll obligations
Employee consent for biometric processing

6Data Storage and Hosting

Data is stored securely within Espanini.com's managed infrastructure with logical separation between clients and encrypted HTTPS transmission.

7Data Sharing

We do not sell or share personal information.

We only share data:

With authorised personnel of the employer
With infrastructure providers (e.g., secure cloud hosting providers)
Where required by law

8Data Retention

Attendance and payroll data is retained for up to 5 years or as required by labour and tax legislation.

9Security Safeguards

We implement appropriate technical and organisational measures, including:

Role-based access control
Secure authentication
Encrypted transmission (HTTPS)
Restricted admin access
System audit logging

10Data Subject Rights

Employees have the right to:

Access personal data
Request corrections
Object to unlawful processing
Lodge complaints with the Information Regulator

11Cross-Border Transfers

Espanini.com ensures appropriate safeguards when data is processed outside South Africa.

12Data Breaches

Espanini.com will notify affected clients without undue delay and support POPIA compliance requirements.

13Changes to this Policy

The latest version will always be available on Espanini.com.

14Contact Us

Email: info@espanini.com