Privacy Policy

MINT KULCA PRIVACY POLICY

Last updated: 6 August 2025

1. Introduction

At Mint Kulca, we exist to help companies hire with clarity and confidence and that includes protecting the personal information of every candidate, customer, and user who interacts with our platform.

Mint Kulca Pty Ltd (“we”, “us”, “our”) provides an Applicant Tracking System (“ATS” or the “Service”) that organisations use to manage their recruitment processes. This Privacy Policy outlines what information we collect, how we use it, who we share it with, and how we protect it, in line with the Protection of Personal Information Act, 2013 (POPIA).

This Policy applies to:

• Job applicants and candidates (“Candidates”)

• Employees or agents of customers who use our ATS (“Customer Users”)

• Visitors to our website and related online services

We take privacy seriously and we believe trust begins with transparency.

2. Our Role Under POPIA

Depending on the activity, we may act in different roles under POPIA:

Responsible Party

We act as the Responsible Party when we determine why and how personal information is processed — for example, when you interact with our website, create an account, or contact our support team.

Operator

In most recruitment workflows, we act as an Operator on behalf of our customers.
This means:

• The employer is the Responsible Party

• We process personal information strictly according to their instructions

• Our Data Processing Agreement (“DPA”) governs this relationship

3. The Personal Information We Collect

We only collect information that is necessary to support recruitment activities and provide a secure, reliable ATS experience.

3.1 Candidate Information

This may include:

• Identity details (name, ID number or passport number, demographic information where provided)

• Contact information (email, phone number, address)

• CV/resumé data, qualifications, work history and experience

• Screening results, interview notes, assessments, evaluations

• Documents uploaded by Candidates or Customer Users (certificates, supporting documents)

3.2 Customer User Information

• Identity and contact details

• Login credentials and authentication data

• Usage logs and audit trail information

3.3 Technical and Usage Information

Collected automatically through your device:

• IP addresses, browser type, device identifiers

• Operating system details

• Usage patterns and timestamps

• Cookies and similar technologies (see Section 13)

We collect only what is necessary, relevant, and aligned to recruitment workflows.

4. How We Use Personal Information

We process personal information to:

• Deliver and maintain the Mint Kulca ATS

• Support recruitment workflows: communication, scheduling, candidate evaluation, and workflow automation

• Provide customer support and technical assistance

• Authenticate users and secure the platform

• Monitor system performance and troubleshoot technical issues

• Assist with data migration, reporting, analytics and exports

• Comply with contractual, legal and regulatory requirements

We do not use personal information for unrelated purposes without consent or lawful justification.

5. When We Share Personal Information

Mint Kulca does not sell personal information - ever.

We only share personal information with:

• Third-party service providers who enable core recruitment functions (e.g., CV parsing, assessments, messaging gateways)

• Cloud hosting providers and technology partners who support system performance and security

• Integrations authorised by the customer

• Sub-operators who process information strictly on our instructions

All service providers are bound by confidentiality, POPIA-aligned data protection requirements, and contractual restrictions.

A current list of sub-operators is available on request.

6. Lawful Grounds for Processing

Under POPIA, we process personal information on one or more of the following bases:

• Performance of a contract (providing the ATS to our customers)

• Legal obligation (identity verification, audit logs, regulatory compliance)

• Legitimate interest (security, fraud prevention, platform improvement)

• Consent (where Candidates voluntarily submit information or consent to optional processing)

In most cases, the employer (our customer) is responsible for determining the legal basis for Candidate-related processing.

7. How We Protect Personal Information

We follow industry best practices to safeguard your information from:

• Loss

• Unauthorised access

• Misuse

• Alteration

• Accidental or unlawful destruction

Our safeguards include:

• Encryption (in transit and at rest, where applicable)

• Access control and role-based permissions

• Secure API communication

• Logging, monitoring, intrusion detection

• Vulnerability management and secure development practices

• Backup, redundancy and disaster recovery measures

Security documentation is available to customers as part of procurement or compliance reviews.

8. Retention

We keep personal information only for as long as:

• required to deliver our Service,

• required by law,

• instructed by the customer (when acting as Operator), or

• until a valid deletion request is received.

Customers control data retention for recruitment activities and may request deletion or export at any time.

9. Cross-Border Transfers

Our Service may be hosted in data centres outside South Africa.

Where information is transferred internationally, we ensure:

• appropriate contractual safeguards,

• equivalent privacy protection in the receiving region, or

• necessity for fulfilling our contract with the data subject.

Hosting regions and transfer safeguards can be provided on request.

10. Your Rights Under POPIA

You have the right to:

• Access your personal information

• Correct or update inaccurate details

• Request deletion where lawful

• Object to specific processing

• Withdraw consent (where processing is based on consent)

• Request a record of processing activities

If the information belongs to a customer (the employer), we will redirect your request to them and support them in responding.

11. Data Breach Notification

If a security incident affects personal information, we will:

• act immediately to investigate and contain the issue,

• notify affected customers, data subjects and the Information Regulator (where required).

We approach every incident with urgency, transparency, and responsibility.

12. Children’s Information

Our ATS is not designed for children under 18.
We do not knowingly collect children’s personal information unless authorised and legally permitted.

13. Cookies

We use cookies for:

• core system functionality

• performance and analytics

• session security

You can adjust your browser settings to manage or reject cookies. A detailed Cookie Notice is available if required.

14. Updates to This Policy

We may update this Policy periodically to keep it aligned with legislation, technology and our services.
Where changes are significant, we will communicate them through the platform or via email.

15. Contact Us

For privacy queries, POPIA requests, or concerns, please contact our Information Officer:

Email: info@mintkulca.co.za
Address: Unit 11, First Floor, Bellfour Office Park, 3 Edmar St, Bellville, Cape Town, 7750
Telephone: 082 835 6278

If you're not satisfied with our response, you may contact the South African Information Regulator:
https://www.justice.gov.za/inforeg

16. Our Commitment

• We do not sell personal information.

• We only share information with trusted service providers who support required recruitment workflows.

• We act as Operator for most recruitment data, processing information strictly on instruction.

• We maintain POPIA-aligned security, retention, and breach-response processes.

Your trust matters.
Your privacy matters.
And we will never compromise on either.