WorkWhale Privacy Policy

Your data privacy matters to us

Last Updated: February 2026 | Effective Date: February 2026

Version: 2.0 | Compliant with POPIA, GDPR, and international best practices

1. Introduction

WorkWhale ("we," "us," "our," or "Company") operates the recruitment and job matching platform available at https://workwhale.co.za. We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains:

  • What personal information we collect from you
  • How we use, process, and protect your information
  • Your rights regarding your personal data
  • How to contact us with privacy concerns
Important: WorkWhale is a data processor and controller. We handle personal data for job seekers, recruitment agencies, and employers with strict compliance to POPIA (Protection of Personal Information Act, 2013) and GDPR (General Data Protection Regulation).

2. What Personal Data We Collect

2.1 Data You Provide Directly

When you use WorkWhale, we collect information you voluntarily provide:

For Job Seekers:

  • Account Information: Full name, email address, phone number, location, profile picture
  • Resume & Work History: Educational background, employment history, skills, certifications, LinkedIn profile URL
  • Job Preferences: Desired job titles, industries, salary expectations, work location preferences
  • AI Resume Builder Data: Career objectives, project details, achievement descriptions, technical skills
  • Application Data: Cover letters, interview responses, application timestamps
  • Communication: Messages and correspondence with recruitment agencies
  • Payment Information: Billing address, transaction history (for premium features)

For Recruitment Agencies:

  • Business Information: Company name, registration number, business address, phone number
  • Account Owner Details: Name, email, phone, role/title
  • CRM Data: Candidate information, job requisitions, interview notes, hiring decisions
  • Client Information: Client company details, contact persons, communication records
  • Payment & Billing: Invoice details, payment method information, transaction records (in USD)

2.2 Data Collected Automatically

  • Device Information: Device type, operating system, browser type, IP address
  • Usage Data: Pages visited, features used, time spent on platform, search queries
  • Location Data: Approximate location based on IP address (with your permission)
  • Cookies & Tracking: Session identifiers, preferences, analytics data
  • Performance Data: Error logs, crash reports, platform performance metrics
Sensitive Data: WorkWhale does not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, union membership, genetic data, biometric data, or health information. If such data is included in your resume or application, we handle it with special care under POPIA and GDPR.

3. How We Use Your Data

3.1 Job Seeker Data Usage

PurposeData UsedLegal Basis
Account creation & managementName, email, phoneContract / Consent
Job matching & recommendationsSkills, experience, preferencesContract Performance
AI Resume AnalysisResume content, work historyContract / Consent
Job applicationsFull profile, cover letterContract Performance
Platform improvementsUsage data, feedbackLegitimate Interest
Marketing & notificationsEmail, phone, preferencesConsent
Resume Analysis: Our AI resume builder and matching algorithms analyze your resume to extract key skills and experience, provide improvement suggestions, match you with relevant job opportunities, and identify market-relevant keywords. We do not use your data to train AI models without explicit consent. Your data is used only to provide personalized services to you.

5. How We Share Your Data

5.1 Who We Share Data With

Job Seeker Data Shared With:

  • Recruitment Agencies: Your profile, resume, and job preferences when you apply or opt into matching
  • Employers: Information about you when you apply directly to their positions
  • Service Providers: Cloud hosting, analytics, email delivery, payment processing companies
  • Legal Authorities: When required by law or court order

5.2 No Sale of Data

WorkWhale does not sell, rent, or lease your personal information to third parties for marketing purposes. We will not sell your data without your explicit consent.

6. Data Storage & Security

6.1 Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: All data transmitted via HTTPS/TLS encryption; sensitive data encrypted at rest
  • Access Controls: Role-based access control (RBAC) with strict authentication requirements
  • Firewalls: Advanced firewall protection and intrusion detection systems
  • Regular Audits: Periodic security assessments and penetration testing
  • Incident Response: Documented procedures for responding to data breaches
No Absolute Security: While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute protection against all cyber threats.

7. Your Rights

You have the following rights regarding your personal data:

  • Right to Access: Request access to the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Right to Restrict Processing: Request limits on how we use your data
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing for direct marketing or profiling
  • Right to Withdraw Consent: Withdraw consent for specific processing activities
Response Time: We will respond to rights requests within 30 days (POPIA) or 45 days (GDPR). We may request proof of identity to prevent unauthorized access to personal data.

8. Cookies & Tracking Technologies

WorkWhale uses cookies to provide essential functionality, remember preferences, analyze usage, and deliver relevant content. You can control cookies through your browser settings or our cookie consent banner.

9. POPIA Compliance (South Africa)

The Protection of Personal Information Act (POPIA), 2013, is South Africa's primary data protection legislation. WorkWhale is committed to full compliance with POPIA, following principles of accountability, processing limitation, purpose limitation, information quality, openness, security safeguards, and data subject participation.

Information Regulator (South Africa): You may lodge complaints regarding POPIA violations with the Information Regulator South Africa (IRSA) at www.inforegulator.org.za

10. GDPR Compliance (European Users)

For users in the European Union, EEA, or United Kingdom, the GDPR applies. WorkWhale acts as both Data Controller and Data Processor and implements privacy by design principles including data minimization, purpose limitation, storage limitation, and accountability.

11. Data Retention

Data TypeRetention PeriodReason
Active Account DataDuration of account + 1 yearService delivery and legal requirements
Job Application Records3 yearsLegal and employment law compliance
Transaction/Payment Records7 yearsTax and financial regulations
Cookies & Analytics13 months maximumAnalytics and site improvement
Deleted Account Data30 days (backup retention)Recovery and system integrity

12. Contact Information

For privacy concerns, data requests, or to exercise your rights, contact:

Privacy Department - WorkWhale

General Inquiries: privacy@workwhale.co.za

Data Requests: data-requests@workwhale.co.za

Info Officer (POPIA): infooffice@workwhale.co.za

DPO (GDPR): dpo@workwhale.co.za

Website: https://workwhale.co.za

Compliance & Certifications

POPIA CompliantGDPR CompliantData Security CertifiedInternational Standards