← Back

Operator (data processing) agreement

Between Werktyd (“Operator”) and the registered business using it (“Responsible Party”). Template — have it reviewed by your attorney before relying on it.

  1. Roles. The Responsible Party determines the purpose; the Operator processes employee attendance data only on the Responsible Party’s documented instructions (POPIA ss.20–21).
  2. Purpose limitation. Processing is limited to time-and-attendance. No secondary use; no sale of data.
  3. Security. The Operator applies reasonable safeguards (POPIA s.19): identifying data encrypted at rest, access control, audit logging, and biometric data stored as numeric templates only (no raw photographs).
  4. Sub-operators. Hosting is in Germany (EU/GDPR). Where the Responsible Party enables Telegram clock-in, worker selfies are transmitted via Telegram (a third-party messaging service), which may process them outside South Africa; the Operator converts them to numeric templates and deletes the images. The Operator stays responsible for its sub-operators.
  5. Cross-border transfer. The Responsible Party authorises EU processing (GDPR adequacy, POPIA s.72) and, if Telegram clock-in is enabled, the incidental transfer of selfies via Telegram — both disclosed in the worker notice. The Responsible Party is responsible for obtaining worker consent to the Telegram channel.
  6. Breach. The Operator notifies the Responsible Party without undue delay of any security compromise so it can meet its POPIA s.22 duties.
  7. Data-subject rights. The Operator assists the Responsible Party with access, correction, deletion and objection requests.
  8. Retention & deletion. Biometric templates are deleted on a worker’s termination (after a short buffer); time records are kept per the BCEA (3 years) then deleted. On termination of this agreement, data is returned or deleted.

© Werktyd. This is a template, not legal advice.