Niajiri Platform Limited — Data Protection Policy

This Data Protection Policy ("Policy") outlines Niajiri Platform Limited (Niajiri/Company)'s commitment to protecting the privacy and confidentiality of personal data collected through our platform, accessible at https://niajiri.africa/.

We are dedicated to complying with all applicable data protection laws, regulations and principles in Tanzania, including the Personal Data Protection Act, No. 11 of 2022 ("PDPA"). Niajiri serves as a global online employability and job board portal, connecting candidates with companies through online job portals while prioritizing data protection and privacy.

This Policy applies to all individuals and entities involved in the processing of personal data on behalf of Niajiri, including but not limited to:

• Employees: All permanent, temporary, and contract employees of Niajiri who handle personal data as part of their duties.
• Contractors and Service Providers: Any third-party contractors, consultants, vendors or service providers engaged by Niajiri who have access to personal data in the course of providing services or fulfilling contractual obligations.
• Agents and Representatives: Any individual or entities acting on behalf of Niajiri, including agents, representatives, or intermediaries, who process personal data on behalf of Niajiri.
• Affiliates and Subsidiaries: Any affiliated companies, subsidiaries, or other entities under the control of Niajiri that process personal data as part of their operations.
• Data Subjects: Any individuals whose personal data is collected, processed, or stored by Niajiri, including customers, clients, employees, job applicants, contractors, and other stakeholders.
• Visitors and Users: Any individual who visits Niajiri's premises, websites, or online platforms, and whose personal data may be collected or processed as part of their interactions with the Company.

This Policy applies to all stages of the data processing lifecycle, from collection, storage, use, disclosure, and deletion, and it governs the handling of personal data regardless of the format or medium in which it is stored or processed.

All individuals and entities covered by this Policy are required to comply with its provisions and adhere to applicable data protection laws and regulations, including the PDPA and any other relevant legislation or industry standards.

Failure to comply with this Policy may result in disciplinary action, termination of contracts, legal liability, and reputational damage to Niajiri. It is the responsibility of all employees, contractors, and other relevant parties to familiarize themselves with this Policy and seek guidance from the Data Protection Officer or designated compliance authority in case of any questions or concerns regarding its interpretation or application.

For the purposes of this Policy, the following terms are defined as follows:

• "Personal Data" means any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
• "Data Processing" means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, by manual or automated means (including the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data);
• "Data Controller" means an individual or entity who has the authority to determine, alone or jointly with others, the purposes, conditions and means of the processing of Personal Data on behalf of the Niajiri;
• "Recipient" means the individual, legal entity, public authority or similar body to which Personal Data are disclosed;
• "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
• "Sensitive Data" means data related to or revealing the national registration number, genetic data, judicial data (such as litigations, suspicions, prosecutions, criminal convictions etc.), data revealing racial or ethnic origin, data concerning health or sex life, political opinions, trade-union membership, and religious or philosophical beliefs;
• "Consent" means the freely given, specific, informed and unambiguous permission expressed by an individual by which he or she agrees with the processing of his/her Personal Data. This consent is given either by a written statement or by a clear affirmative action;
• "Data Protection Officer" means the Staff Member appointed by Niajiri to perform the duties listed in this Policy or assigned to him/her by decision of Niajiri; and
• "Staff Members" means any staff member of the Niajiri.

Niajiri shall collect data in its platform in various ways, including:

• Registration: During user registration, the Company collects information such as name, contact details, email address, and password. This information is necessary to create an account and access our services.
• Job Applications: Job seekers may submit CVs or profiles containing personal data for job applications. The Company only collects data relevant to the job application process, such as skills, experience, and education.
• Optional Information: Users may choose to provide additional information in their profiles, such as a profile photo. However, providing this data is entirely voluntary.
• IP Address Information: IP address information is routinely captured to determine the user's location. An IP address is a unique identifying number assigned to every device connected to the internet.
• Location-Based Services: When using the Niajiri mobile phone app, users will be asked if they want to use the geolocation service. This service uses the mobile phone's GPS signal to identify the user's location.

Niajiri shall not collect personal data from public sources without explicit consent from the data subject.

Niajiri shall not extract personal information beyond what is provided in CV or profile.

Niajiri is committed to being transparent on the type of data to be collected and the purpose of the collection and processing. In doing so, Niajiri shall always obtain Data Subject's consent before processing the personal data for any purpose beyond fulfilling the services request (e.g., job application, and account creation).

Niajiri shall process personal data for the following purposes:

• To facilitate job searching and applications: The Company shall use the data to connect the applicants/employees with relevant job openings and allow employers to review their CVs and qualifications.
• To provide customer support: The Company uses Data Subject's contact information to respond to inquiries and offer customer support.
• To improve our services: The Company uses anonymized data to analyze user behaviour and improve the functionality of our platform including data processing for statistics purposes, research and vetting on job applications.
• To comply with legal obligations: The Company may be required to process data for legal or regulatory compliance purposes.

Niajiri understands the sensitive nature of certain personal data and it is committed to protecting sensitive data. Niajiri will only collect, process, and disclose sensitive data in accordance with the provisions of PDPA and with explicit consent of the data subject.

In the course of handling sensitive data, the Company shall adhere to the following principles:

• Limited Collection: Niajiri will not request sensitive data in job applications unless it is strictly necessary and legally required for a specific position.
• Transparency: Where sensitive data will be required for job application, Niajiri will clearly explain why it is necessary and how it will be used.
• User Control: The data subject shall always have the right to refuse to provide sensitive data.
• Secure Storage: Any sensitive data collected will be stored securely using appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction.
• Retention Limitation: We will only retain sensitive data for as long as necessary for the purposes for which it was collected, and then securely dispose/delete or anonymize it.

• Niajiri shall employ or appoint a Data Protection Officer among its staff who shall be responsible to oversee Niajiri's compliance with data protection laws and regulations.
• Niajiri must ensure that the designated Data Protection Officer is registered at the Personal Data Protection Commission (the Commission).
• The duties of the Data Protection Officer shall include:
  • Ensuring Niajiri's compliance with the PDPA and its Regulations;
  • Providing information on the violation of the provision of the PDPA or its Regulations committed in the data processing by the data controller or processor and advice on rectification measures.
  • Submission of quarterly report on the compliance of Niajiri with the PDPA to the Commission.
  • The Data Protection Officer has the duty of handling complaints or application made by the data subjects, their representative or another person to the data controller or processor in relation to the data collection or processing.
  • The Data Protection Officer has the duty to perform any other duties as may be directed by Niajiri.

• Niajiri shall retain personal data for as long as necessary to fulfil the purposes outlined in this Policy. Retention periods may vary depending on the type of data and legal requirements. Once the personal data is no longer needed, it will be securely delete or anonymize.
• Niajiri reserves the right to erase all inactive and obsolete accounts that were created by the users. All accounts which shall not have any activities for a period of 3 years shall be term inactive or obsolete accounts, and shall be erased.
• Before permanently deleting an inactive or obsolete account, Niajiri shall send a notification to the respective user's registered email address. This notification shall allow the users who intend to revamp their accounts, to reactivate their accounts.
• The notification shall be issued in 30 days, 7 days and 1 day prior to the account's scheduled deletion.
• Non reactivation of accounts shall prompt secure data erasure process. This process removes profile information, communication history, and account from search results.

Niajiri shall always obtain explicit consent for certain data processing activities, such as using cookies for analytics purposes. Data Subjects have the right to withdraw their consents at any time. The Company shall also provide Data Subjects with opt-out mechanisms to manage their data processing preferences.

Niajiri shall provide regular training to its employees on data protection principles and their responsibilities on how to handle personal data. The training programs shall be regularly updated to reflect changes in legal requirements and best practices.

The Data Protection Officer shall monitor and review Niajiri's data protection practices to ensure compliance with this Policy and applicable laws in Tanzania. The monitoring and review shall go hand in hand with the updating of this Policy.

• Niajiri will conduct a Data Impact Assessment (DIA) for any new or significantly changed processing activities that may have a high impact on Data Subjects' privacy. The DIA will consider factors such as the type of data collected, the purpose of processing, and the security measures in place.
• This assessment shall assist Niajiri to identify, analyze, and mitigate potential risks associated with how we process user's personal data.
• The DIA shall be conducted in accordance with the provisions of PDPA.

• In some instances, Niajiri may use third-party vendors to process personal data on its behalf. These vendors shall carefully be selected and vetted to ensure that they meet Niajiri's data security standards and comply with data protection laws.
• The Third-Party Processing shall be governed by a contractual agreement between the third-party vendor and Niajiri.

Niajiri shall implement appropriate security measures to protect user's personal data from unauthorized access, disclosure, alteration, or destruction. This shall include technical controls like encryption and access control procedures. In the event of a data breach, Niajiri shall promptly notify the relevant authorities and affected individuals as required by law.

Niajiri will review the Data Protection Policy annually or when necessary to ensure continued compliance with relevant laws and best practices.