PRIVACY POLICY

1.1 Direct Hire, a division of MCi Consultants (Pty) Ltd (“MCi”), respects your privacy and is committed to keeping your information confidential. This Privacy Policy describes how we handle the Personal Information we process about you.

1.2 This Privacy Policy applies to any of our Products or Services which you use on any of our Platforms, including our Websites, mobile sites, mobile applications, emails or any other technology or service you use to access our Products and Services.

1.3 By using our Platforms you agree to our collection and use of your Information as set out in this Privacy Policy.

2.1 Personal Information means information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; information relating to the education or the medical, financial, criminal or employment history of the person; any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; the biometric information of the person; the personal opinions, views or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; the views or opinions of another individual about the person; and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

2.2 Special Personal Information means information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a Data Subject; or the criminal behaviour of a Data Subject to the extent that such information relates to (i) the alleged commission by a Data Subject of any offence; or (ii) any proceedings in respect of any offence allegedly committed by a Data Subject or the disposal of such proceedings.

2.3 Processing of Personal/Special Personal Information means the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; or merging, linking, as well as restriction, degradation, erasure or destruction of information; POPI only kicks in when a Data Subjects’ Personal Information is being processed.

3.1 This Privacy Policy aims to give you information on how we collect and process your Personal Information through any form of your engagement with us. This Privacy Policy complies with, and facilitates the obligations required from, the South African Protection of Personal Information Act, No. 4 of 2013 (“POPIA”), as amended.

3.2 It is important that you read this Privacy Policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Information about you, so that you are fully aware of how and why we are using your Personal Information. This Privacy Policy supplements the other notices and is not intended to override them.

3.3 MCi is the “Responsible Party” in all situations where we collect and process PII. We maintain the strictest level of protection over such Personal Information whilst it is under our care.

3.4 However, due to the nature of our Services, we process special categories of Personal Information of a Data Subject on behalf of our Clients who use our Services.

3.5 In these instances, we operate as an “Operator” of Personal Information on behalf of our Client who has hired us. Our Client is therefore the Responsible Party over your Personal Information. In that case, that applicable Client’s Privacy Policy (and legal policies) will apply to you.

4.1 We collect Personal/Special Personal Information that is necessary for us to provide you with our Services as advertised. We only collect and use the minimum Personal Information/Special Personal Information we need to provide our Services.

4.2 Before any of your Personal Information is processed, you will be asked to CONSENT to our Terms and Conditions and this Privacy Policy. CONSENT is not the only legal basis under which we may process your Personal Information (this is discussed below), but request this from you as a first step to allow you the opportunity to inform yourself of our Terms and Conditions and Privacy Policy BEFORE you submit your Information to us and use our Services voluntarily.

4.3 Notwithstanding the above, where we need to collect Personal Information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we also may not be able to perform in terms of the contract we have or are trying to enter into with you (for example, to provide you with Services or allow you to provide us with your services). In this case, we may have to cancel your access to our sites or access to our Services, but we will notify you if this is the case at the time.

4.4 We use different methods to collect Personal Information from and about you which includes, through direct, automated and third-party interactions.

4.5 We collect and receive Information you give us through direct interactions with you and when you:

• Complete forms, sign up for an account, or subscribe or register to access or use our Services.
• Enter promotional competitions or complete surveys.
• Post comments or content on our websites.
• Buy one of our Products or Services.
• Contact us.

4.6 We automatically collect and/or receive Information when you use our Websites, Products or Services.

4.7 We may automatically collect Information about your equipment and browsing actions and patterns and do this using cookies, web beacons and other technologies. A cookie is a small text file that our server sends to your hard drive when you visit our Websites. These cookies hold modest amounts of data specific to you and our Websites. They allow our system to recognise you when you visit our Websites again.

4.8 We use all features of analytics for “Display Advertisers” which allows us to collect certain information and to provide visitors (you) with tailored information upon each visit. This includes obtaining specific visitor cookie data, such as the source, medium and keyword used to visit our Website.

4.9 Google Analytics however does not store any visitor specific data, and we will not use visitor specific data in any way related to analytics, Google Ad-words, and remarketing. Cookies are a common part of many commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive as recognition for repeat visits to the site. Every time you visit this Website, our servers, through cookies, pixels and/or GIF files, collect basic technical information as described.

4.10 You do not need to enable cookies to visit this Website; however, some parts of this Website and some Services may be more difficult or impossible to use if cookies are disabled. We may also use cookies on this Website to identify an index key with Our e-cards (online postcards). The web servers may also automatically identify your device by identifiers like IP or MAC addresses. We may use this information for a variety of business purposes, including to analyse trends, administer this Website, track users’ and unique users’ movements and gather broad demographic information for aggregate use.

4.11 We use remarketing with ad-words and analytics to display content specific advertisements to visitors that have previously visited this Website when those visitors go to other websites that have the Display network implemented.

4.12 MCi and other third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimise, and serve ads based on visitor’s past visits to our Website.

4.13 We take our users’ privacy very seriously. We feel that certain Personal Information should always be kept private, so we have developed restrictions around the types of ads where we don’t allow remarketing. When creating remarketing lists, we cannot use any sensitive information about users.

4.14 As ad-word advertisers, we are restricted from and will NOT perform the following actions:

• Running ads that collect Personally Identifiable Information (PII) including, but not limited to, email addresses, telephone numbers, and credit card numbers; and
• Creating a remarketing list or creating ad text that specifically targets users in ways that are outlined as “prohibited” in the categories below.

4.15 Visitors / users can opt out of analytics for display advertisers and opt out of customised Google Display Network ads by visiting the Ad Preferences Manager.

4.16 We must have all rights necessary to create or otherwise obtain remarketing lists, migrate remarketing lists to, and use remarketing lists or similar audience lists on the properties. Google will not allow another advertiser to use your information in the remarketing lists or similar audiences lists without your consent.

4.17 We may receive other information about you that is publicly or commercially available and combine it with the information we have collected about or received from you in other ways. We may also receive information about you when you log into our Platforms using your social networking log-in details.

5.1 We may collect, use, store, and transfer (“process”) different kinds of Personal Information about you which we have grouped together as follows:

• Identity Data including full name and any other identifying information provided by their employer such as ID number, race, citizenship, sex, disability, race, biometric information such as photographs and educational history and qualifications.
• Contact Data including email address, physical/registered addresses, and contact phone numbers.
• Social Media Data including all the data publicly available on your social media account.
• Financial Data including bank account details.
• Transaction Data including details about payments (salaries), contracts, contractual terms, contract fees, signups, subscriptions, and other details of Products and Services you have obtained from us, or provide to us.
• Technical Data including internet protocol address/es, login data, browser type and version, time zone setting and location, cookies, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
• Usage Data including information about how you use our Website, surveys, and Services; and
• Marketing and Communications Data including message sent to our chatbot and/or via WhatsApp, your preferences in receiving notices and marketing from us and our third parties and your communication preferences as well as details of which communications were sent to you and how they were sent.

6.1 We will only use your Personal Information when the law allows us to and for legitimate reasons, which you hereby expressly understand and agree to.

6.2 We will rely on the following lawful grounds of processing to process your Personal Information:

• where we have your express informed consent to do so.
• where we need to consult with you or perform on the Services contract we are about to enter or have entered into with you.
• where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
• where we need to comply with a legal or regulatory obligation.

7.1 We use the Personal / Special Personal Information we collect and receive to:

• Enable us to provide the Services offered on the Websites.
• Enable you to create a personal profile on the Websites and thereby access the Websites.
• Enable you to make use of the Websites in the manner described on the Websites.
• To contract with Clients and provide our Services to our Clients directly through the Websites.
• Enable other website users to find you on the sites and connect to you.
• Communicate requested information to you, for example through user alerts.
• Communicate information to you regularly, for example through newsletters.
• Compile and maintain the Website member databases.
• Share your Personal Information with our Authorised Service Providers and third parties who need your Personal Information to provide their services to you or to provide their services to MCi or our Clients.
• To process and service your payment for any services rendered by us or a third party.
• To manage payments, fees, and charges.
• Register and/or authenticate users of and/or visitors to the Websites.
• Identify and take reasonable measures to prevent fraudulent uses of or access to the Websites.
• Compile non–personal statistical information about browsing habits, click patterns and access to the Websites.
• Attract advertisers by showing anonymised information about the database, for example demographics.
• Track database size and growth; and
• Track compliance of registrants and third parties with this Policy.
• To meet our regulatory and compliance requirements.
• To manage our relationship with you which may include notifying you about changes to our Terms and Conditions, Privacy Policy, or Services.
• To administer and protect our company, Website and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
• To use data analytics to improve our Website, Services, and Client Relationships and experiences.
• To communicate with you for any support queries, provide you with direct marketing, make suggestions about services that may be of interest.

7.2 We also use your Personal Information for research and statistical purposes. The research and statistics we get from this process do not include your Personal Information and cannot be linked to you, nor can you be identified from these statistics.

7.3 We collect and process information about your religious beliefs, race or ethnic origin, political persuasion, health, sex life, biometric information and criminal behaviour ONLY if you have CONSENTED to us collecting and processing this Personal Information and subject to the allowable exclusions specified in the applicable laws.

7.4 We will NOT use your Personal Information for any other purpose unless it aligns with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7.5 We keep your Information for as long as we need it to provide our Websites, Products or Services to you, and are required or allowed by law or the contract between you and us, or you have agreed to us keeping your Information.

8.1 We need to keep your Personal Information accurate. We will provide you with access to your Information, including making every effort to provide you with online access to your registration data so that you may view, update or correct your Information on the Website where it was submitted.

8.2 To protect your privacy and security, we will also take reasonable steps to verify your identity before granting you access or enabling you to make corrections. To access your Information, return to the web page where you originally entered it and follow the instructions on that web page. Certain areas of our Websites may limit access to specific individuals through the use of passwords.

8.3 Links to third party websites on our Websites are provided solely as a convenience to you. If you use these links, you will leave our Website. We have not reviewed all of these third-party sites and do not control and are not responsible for any of these sites, their content or their privacy policy. Thus, we do not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to our Websites, you do so at your own risk.

8.4 Should your Personal Information change or if you would like to review or delete your Personal Information you should do this directly on our Websites through the registration section.

8.5 You may contact us at support@mcidirecthire.com to correct or de-identify your Personal Information. Upon receipt of such request, we shall, as soon as is reasonably practicable:

• Correct your Personal Information.
• De-identify your Personal Information; and / or
• Provide you with evidence in support of the Personal Information held by us.

9.1 It is your responsibility to choose a password and to keep it safe. You agree and warrant that your Username and Password shall:

• Be used for personal use only; and
• Not be disclosed by you to any third party.

9.2 For security purposes you agree to enter the correct Username and Password whenever accessing your account on our websites, failing which you will be denied access.

9.3 You agree that you will be granted access to our Websites once the correct Username and Password have been entered, irrespective of whether the use of the Username and Password is unauthorised or fraudulent.

9.4 MCi cannot be held responsible for Personal Information being compromised due to a non-secure, disclosed or stolen password.

9.5 You agree to notify MCi immediately upon becoming aware of or reasonably suspecting any unauthorised access to or use of your Username and Password and to take steps to mitigate any resultant loss or harm.

10.1 We may have to share your Personal Data with the parties set out below for the purposes set out above:

• Internal third parties including other entities or parties in MCi acting as operators.
• External third parties such as:
  • The Client who has hired us to provide our Services to them (making employment opportunities available through website and other means) and thereby directly to you who acts as the Responsible Party.
  • Authorised third parties under contract with MCi who need your Personal Data to contact and transact with you pursuant to your use of the Services.
  • Service providers acting as operators such as payment processors, customer relationship management software, social media platforms, cloud storage providers, and marketing providers.
  • South African or other national governments and/or their respective authorities pursuant to our adherence with applicable legislative requirements; and/or
  • Professional advisers acting as including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services as required.
  • Other parties that provide content, advertising services or functionality on our Platforms, including advertising providers which help our Clients provide advertisements that are tailored to users’ interests and understand how users respond to these advertisements, audience-measurement companies which help us measure the overall usage of our Platforms and compare that usage with other online services.
  • Social networking services such as Facebook, X, and LinkedIn that enable you to register for and log into some of our Services and share things you find on our Platforms with your social network.
• Third parties to whom we may choose to sell, transfer, or merge parts of our company or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our company, we may continue to use your Personal Data in the same way as set out in this Privacy Policy.

10.2 We also share our research and statistical information with various third parties. However, this information DOES NOT include your Personal Information, cannot be linked to you and you cannot be identified from these statistics.

10.3 We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We DO NOT allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data in accordance with our instructions and standards.

10.4 Please note, some of the people or companies who have access to your Personal Information are located outside South Africa. We will NOT share your Personal Information with these parties unless they are bound by privacy laws and corporate rules or agreements with us that protect the privacy of your Personal Information and limit their ability to share your Personal Information with other parties.

11.1 You have the right to ask us not to contact you for marketing purposes, and you can do this at any time by using any of the various “OPT OUT” options that we always provide you with when we send you marketing communications.

11.2 We manage several separate marketing distribution lists across our various Business Units and OPTING OUT of one distribution list does not automatically remove you from all the other lists.

11.3 You will receive marketing communications from MCi if you have requested our Services, requested information from us, or provided us with your details in any other circumstance and, in each case, have NOT OPTED-OUT of receiving that marketing communication.

11.4 You can ask us to STOP sending you marketing messages at any time by using the built-in prompts or contacting us and requesting us to cease or change your marketing preferences. Where you OPT-OUT of receiving these marketing messages, this OPT-OUT will NOT apply to other Personal Data of yours which we process for another lawful basis or necessary communications we send when you use our Services.

12.1 We have put in place administrative, technical and physical safeguards to protect your Personal Information and prevent loss, damage or unauthorised access to or disclosure of your Information.

12.2 These security safeguards are based on generally accepted information security practices and procedures which apply to the Platforms, Products and Services we provide. We regularly check that these safeguards are correctly implemented and continually updated in response to new risks or any identified deficiencies.

12.3 Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of information transmitted to us through the internet. Any information you submit to us through the internet is at your own risk. Once we receive your Personal Information, we do our best to protect it and use the security safeguards we have put in place to secure it.

12.4 If we outsource any Services to a third party that require the collection or use of your Personal Information, we put in place contracts that require these companies or people to respect the security of your Personal Information, treat it in accordance with the law, and collect and use it only for the purposes authorised by us.

12.5 Security over the Internet

• No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Information in accordance with data protection legislative requirements.
• All Information you provide to us is stored in South Africa and the United States of America, on secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website and/or Service, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

12.6 Data Retention

• We will retain your Personal Information for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such data). If information is used for two purposes, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period one that period expires.
• We restrict access to your Personal Information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your Information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.

13.1 Our Websites contain links to and from websites, mobile applications and/or services of third parties, advertisers and/or affiliates. Clicking on these links or enabling these connections may allow third parties to collect or share information about you.

13.2 Please note, MCi does not control these third parties and are not responsible for the privacy practices of such other parties when you leave our Websites.

13.3 We advise you to read the privacy statements of every website you visit which collects personal information.

14.1 If you share MCi’s Websites or Website Content on any social media (such as LinkedIn, Facebook or X) your Personal Information (e.g. your name and the fact that you are interested in anything advertised or displayed on the Website) will be visible to all the visitors of your personal webpage on Facebook and/or X. When you use social media websites the terms and conditions (including the privacy policies) of such social media website/s will apply to you.

14.2 MCi is not responsible for the processing of Personal Information or the privacy policies of such social media website/s. This Privacy Policy is therefore not applicable to such social media website/s.

14.3 If you disclose your Personal Information to a third party such as LinkedIn, Facebook or X, MCi will not be liable for any loss or damage, howsoever arising (whether direct, indirect or consequential), suffered by you as a result of the disclosure of your Personal Information to such third parties. This is because MCi DOES NOT regulate or control how such third parties use your Personal Information.

14.4 You should always ensure that you read and understand the privacy policies of such third parties / social media website/s.

15.1 MCi is based in South Africa and, regardless of where you use or access our Platforms, Products or Services, your Information may be transferred to and maintained on servers located in South Africa or elsewhere in the world.

15.2 Any of the Information that we collect about you or receive from you is stored in line with South African privacy laws, regulations and standards, which may not be equivalent to the laws in your country of residence.

16.1 This version of our Privacy Policy was last updated on 12th June 2025 and replaces any preceding privacy policies.

16.2 We may change our Privacy Policy in our sole discretion and at any time without informing you thereof in writing and any changes we make will be posted on this page. When you use our Websites the version of the privacy policy posted on this page applies to you. We encourage you to review this Privacy Policy whenever you access our Websites.

16.3 It is your responsibility to review the Privacy Policy to which you are bound.

16.4 It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.

We have appointed an Information Officer at MCi who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our information officer using the details set out below.

Legal entity: MCi Consultants (Pty) Ltd

Information Officer: Aliki Droussiotis

Email address: support@mcidirecthire.com

Telephone number: +27 11 454-3420

You have the right to make a complaint at any time to the South African regulator’s office (Information Regulator’s Office of South Africa). We would, however, appreciate the chance to deal with your concerns before you approach any such regulator, so please contact us in the first instance.

18.1 You have rights in relation to your Personal Data and how we are able to process it. Please contact us to find out more about, or manifest, these rights:

• request access to your personal data.
• request correction of your personal data.
• request erasure of your personal data.
• object to the processing of your personal data.
• request a restriction of processing your personal data.
• request transfer of your personal data; and/or
• right to withdraw consent.

18.2 You will NOT have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

18.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

18.4 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.