BY ACCESSING AND USING THIS WEBSITE AND/OR OUR SERVICES, THE USER IS PROVIDING HIS/HER EXPRESS AND VOLUNTARY CONSENT TO THE PROCESSING OF THEIR PERSONAL INFORMATION BY THE SOUTH AFRICAN COLLEGE OF APPLIED PSYCHOLOGY (SACAP) (“THE COMPANY’) ON THE BASIS SET OUT IN THIS PRIVACY NOTICE. IF THE USER DOES NOT CONSENT, THE USER MUST IMMEDIATELY STOP ACCESSING AND/OR USING THIS WEBSITE AND OUR SERVICES.
1.1 THE COMPANY collects, uses and, in some circumstances, shares the personal information of Users in and through this website and during the provision of services to you.
1.2 THE COMPANY respects the rights of Users whose personal information is collected and used by it, including their right to protection against the unlawful collection, retention, sharing and use of such personal information.
- DEFINITIONS AND INTERPRETATION
2.2.1 the singular includes the plural and the other way around;
2.2.2 any one gender includes the other genders, as the case may be;
2.2.3 an act, regulation or other law is to the version of that law in force at the effective date of this Policy and includes any amendment or re-enactment made to that law after the effective date of this Policy.
2.3 When calculating any number of days for the purposes of this Policy, the first day must be excluded and the last day of the relevant interval included, unless the last day is not a business day, then the last day will be the next succeeding business day.
2.4 The word “include” means “include without limitation”. Use of the word ‘’include’’ or ‘’in particular’’ is for illustration or emphasis only and where followed by specific examples must not be interpreted as limiting the meaning of the general wording preceding it.
- RESPONSIBLE PARTY
3.1 THE COMPANY will be the party who will be collecting and processing a User’s personal information and as such is designated as the ‘’responsible party’’ for the purposes of this Policy. THE COMPANY undertakes at all times to comply with applicable data protection laws.
3.2 THE COMPANY‘s contact details are as follows:
3.2.1 Email: email@example.com
Website address: www.global.sacap.edu.za 3.3 THE COMPANY may instruct third party operators from time to time to undertake certain processing activities relating to the User’s personal information.
- WHAT PERSONAL INFORMATION IS COLLECTED
4.1 THE COMPANY may collect the following personal information from the User:
4.1.1 Initials, first name, surname;
4.1.2 Email address;
4.1.3 Date of birth and language preference;
4.1.6 Education details;
4.2 The supply of personal information by the User to THE COMPANY is voluntary and not mandatory. However, if the User refuses to supply any personal information, certain consequences may naturally flow from such a refusal, such as preventing THE COMPANY from concluding or performing any contract with the User, or preventing THE COMPANY from complying with one or more of its obligations in law.
4.3 There are no laws which require or authorise THE COMPANY to collect a User’s personal information.
- PURPOSE/S FOR COLLECTION AND PROCESSING OF PERSONAL INFORMATION
5.1 THE COMPANY shall only collect a User’s personal information for a specific, explicitly defined and lawful purpose relating to a function or activity of THE COMPANY‘s business.
5.2 Such purposes may include the following:
5.2.1 to enter into a contract with a User;
5.2.2 to perform any obligations under a contract with a User;
5.2.3 to comply with a legal obligation;
5.2.4 to protect a legitimate interest of a User (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);
5.2.5 to pursue its own legitimate interests or the legitimate interests of a third party who it is sharing the information with (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);
5.2.6 to process personal information for direct marketing purposes (only if the User has opted in to receiving any direct marketing material);
5.2.7 to customise and display content to the User in a way that THE COMPANY feels may interest the User or be most beneficial to them;
5.2.8 to send content including, but not limited to products, articles, listings and advertisement content to the User via email or other electronic media, where the User has consented to be contacted by THE COMPANY with such content;
5.2.9 to enable the User to voluntarily participate in interactive features;
5.2.10 to notify the User about changes to the website, application or services.
5.3 If THE COMPANY intends to process a User’s personal information for any other purpose not listed in clause 5.2 or which is otherwise not automatically permitted by law, it shall ensure that it obtains the User’s written consent to do so.
5.4 THE COMPANY will not sell a User’s personal information to any third party without the prior written consent of the User.
- COLLECTION DIRECTLY FROM USER
6.1 THE COMPANY shall, as far as possible, collect personal information about a User directly from the User, except in the following circumstances:
6.1.1 Where personal information is available on a public record;
6.1.2 where the User has given their written consent to THE COMPANY to collect their information from another source;
6.1.3 where it is more practicable to collect the information from another source;
6.1.4 where the collection of a User’s personal information from another source will not prejudice any of the User’s legitimate interests;
6.1.5 where the collection of personal information from another source is necessary to maintain THE COMPANY’s legitimate interests or those of any third party it intends sharing the information with;
6.1.6 where the collection of personal information directly from the User would prejudice the purpose for the collection;
6.1.7 where the collection of personal information directly from the User is not reasonably practicable in the circumstances.
6.2 If THE COMPANY collects personal information from a source other than the User, it shall record in writing the details of that source, including the full names and contact details of that source where applicable.
6.3 Personal information may be collected from or supplied by the User in any of the following ways:
6.3.1 through the use of an iOS or Android application;
6.3.2 through the use of the service via a computer or mobile browser;
6.3.3 when requesting further services or information from THE COMPANY;
6.3.4 when contacting THE COMPANY to report a problem with the website or the services or for any other reason;
6.3.5 when completing any forms requesting THE COMPANY’s services or information about the services whether in person or on the website.
6.4 The User may visit the website without providing any personal information. However, the website’s servers may still collect technical information regarding the use of the website, which is aggregated for analytical purposes, technical maintenance and for improving the content offered on the website. Such information may include details of the User’s visit, information about the User’s computer, including IP (Internet Protocol) address, operating system and browser type, the User’s location, and usage information. An individual User will not be identified from or by this information and THE COMPANY is entitled to copy, distribute or otherwise use such information without limitation.
7.1 “Cookies” are small text files transferred by a webserver to a User’s hard drive and thereafter stored on their computer. The types of information a Cookie collects includes a User’s username, the date and time of their visits to the website, their browsing history and preferences.
7.2.1 distinguish one User from another on the website;
7.2.2 remember the User’s last session when they return to the website;
7.2.3 estimate the website’s audience size and usage patterns;
7.2.4 store information about the User’s preferences, which allows THE COMPANY to customize the website and content according to the Users individual preferences; and
7.2.5 speed up searches on the website.
The below list details the cookies used in our website.
- GENERAL CONDITIONS FOR PROCESSING PERSONAL INFORMATION
8.1 THE COMPANY shall comply with all laws, contracts or regulations when it processes a User’s personal information.
8.2 THE COMPANY shall not act unreasonably when processing a User’s personal information. This means that it will collect and process a User’s personal information in a way that the User can reasonably expect and in a way that is fair.
8.3 THE COMPANY shall respect the User’s right to privacy at all times. If there is another way in which it can achieve the same goal without posing any risk of harm to the privacy rights of the User, then it will choose that option.
8.4 Similarly, if THE COMPANY needs to process personal information but there are less privacy-invasive methods of collecting, using and sharing that information, then it will use those methods.
8.5 THE COMPANY shall ensure that the personal information that is collected and processed is and remains relevant to the identified purpose/s for such processing, and that such information is and remains adequate, but not excessive, for achieving the identified purpose/s.
8.6 If there are any alternative ways to achieve the identified purpose/s without processing personal information, THE COMPANY shall not process that personal information.
8.7 THE COMPANY shall ensure that the processing activities it chooses to apply are proportionate to achieving the identified purpose/s and that no less privacy invasive measures are available to achieve the same purpose/s.
8.8 THE COMPANY shall ensure that, regardless of the stated purpose/s for processing personal information, the rights and interests of Users will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.
8.9 THE COMPANY shall be entitled to store the personal information of Users indefinitely unless the User objects thereto. In the event a User objects to the indefinite storage, once THE COMPANY has achieved the purpose for the collection of the User’s personal information, it will destroy or delete such information, unless the User has directed otherwise in writing, or THE COMPANY is required by law to retain the information for a longer period of time.
8.10 If THE COMPANY no longer needs to process personal information to achieve the purpose originally specified, it will stop using that information.
- DISCLOSURE AND SHARING OF PERSONAL INFORMATION
9.1 THE COMPANY may, in the course of providing any content or services on this website, or for the purposes of concluding or performing any other services or transaction with a User, share certain personal information with third party operators who perform certain processing activities on behalf of THE COMPANY.
9.2 The information shared and the categories of third party operators with whom it is shared will always be notified to you prior to being shared. Notwithstanding the aforegoing, you consent to us sharing your personal information with the following operators listed below.
9.3 Content and learning platform providers: https://solutions.openlearning.com/privacy-policy
9.4 Analytics: We may use third-party Service Providers to monitor and analyse the use of our Service.
9.4.1 Google Analytics Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
9.5 Advertising: We may use third-party Service Providers to show advertisements to you to help support and maintain our Service.
9.6.1 Google AdWords Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/adsGoogle also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
9.6.3 Facebook Facebook remarketing service is provided by Facebook Inc.You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
9.7.1 We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
9.7.3 The payment processors we work with are:
9.8 THE COMPANY may also share aggregated information about Users of this website and their usage patterns. Such aggregated information will be de-identified and the User’s personal information will not be disclosed.
9.9 Other than as stated in clause 9.1 and 9.3, THE COMPANY shall not share a User’s personal information with any third parties unless it has the User’s express consent to do so.
- USER’S RIGHTS IN RELATION TO THE PROCESSING OF THEIR PERSONAL INFORMATION
10.1 Users shall have the following rights in relation to the processing of their personal information:
10.1.1 to access and correct any personal information held by THE COMPANY about them;
10.1.2 to object to the processing of their information; and
10.1.3 to lodge a complaint with the Information Regulator (https://justice.gov.za/inforeg/).
10.2 Users may make a request in terms of clause 10.1.1 by following the process for making such a request as set out in THE COMPANY’s PAIA manual.
- FURTHER PROCESSING
11.1 THE COMPANY shall not process a User’s personal information for any purpose not previously specified except in the following circumstances:
11.1.1 where the User has consented to such further processing;
11.1.2 where the further processing is necessary for the exercise of any contractual rights or the fulfillment of any obligations between THE COMPANY and the User;
11.1.3 where the further processing activities are linked to or compatible with the original purpose;
11.1.4 where the further processing is necessary for the prevention, detection, investigation, prosecution and punishment of an offence;
11.1.5 where the further processing is necessary to enforce any law;
11.1.6 where the further processing is necessary for the conduct of legal proceedings in any court or tribunal that have commenced or are reasonably contemplated;
11.1.7 where the further processing is necessary to prevent or mitigate a serious and imminent threat to the life or health of the User or another individual;
11.1.8 where the further processing is necessary for historical, statistical or research purposes.
11.2 THE COMPANY shall ensure that if it intends processing personal information for other purposes not previously specified, it shall notify the User of such further purposes and the possible consequences of the intended further processing for the User.
- ACCURACY, CORRECTNESS AND COMPLETENESS OF PERSONAL INFORMATION
12.1 THE COMPANY shall take reasonably practicable steps to ensure that the personal information kept by it about Users is complete, accurate, not misleading and is updated when necessary.
12.2 However, if a User is aware of any personal information in THE COMPANY’s custody that is incorrect, inaccurate or which needs to be updated, the User must make a written request to THE COMPANY’s information officer at firstname.lastname@example.org to update or correct the relevant information.
12.3 If a User has contested the accuracy of any personal information being used by THE COMPANY, it shall immediately stop using that information until its accuracy has been verified, if it is reasonably practicable to do so.
12.4 THE COMPANY reserves its right to only adhere to a request from a User in terms of clause 12.2 if the correction or updating of that information will result in the personal information being correct and accurate.
- SECURITY SAFEGUARDS
13.1 THE COMPANY is committed to protecting the personal information in its custody against any loss of, damage to or unauthorised destruction of that information, and to prevent any unauthorised parties from accessing that information.
13.2 THE COMPANY takes steps to continually identify and document any risks to the personal information it has in its possession or under its control and that appropriate security safeguards are in place against those risks.
13.3 THE COMPANY shall ensure that in any contracts entered into with third party operators who process personal information on THE COMPANY’ behalf, include the following obligations:
13.3.1 the operator shall not process any personal information without THE COMPANY’s knowledge and authority;
13.3.2 the operator shall treat all personal information given to it as confidential and shall not disclose it to any unauthorised third parties;
13.3.3 the operator shall establish and maintain adequate security measures which are the same or offer similar protection over the personal information as that employed by THE COMPANY;
13.3.4 the operator shall notify THE COMPANY immediately where there are reasonable grounds to believe that any personal information has been leaked to or accessed by any unauthorised person;
13.3.5 if the operator is situated in another country, it must comply with the data protection laws in that country and be able to provide verification that it is so compliant;
13.3.6 if an operator is legally obliged to disclose any personal information processed by them on THE COMPANY’ behalf to other parties, it must notify THE COMPANY beforehand to enable THE COMPANY and/or individual Users to protect their rights if necessary.
13.4 THE COMPANY shall ensure that all personal information on its systems is properly backed-up and that back-up copies are stored separately from the live files.
- NOTIFICATION OF BREACH OF SECURITY
14.1 If personal information about a User is inadvertently leaked or THE COMPANY’s security has been unlawfully breached by any unauthorised party, THE COMPANY shall immediately identify the relevant Users who may be affected by the security breach, and shall contact them at their last known email address or contact details or by the quickest means possible.
14.2 THE COMPANY shall provide sufficient information to the User to allow him or her to take the necessary protective measures against the potential consequences of the compromise, or shall advise Users of the steps to be taken by them and the possible consequences that may ensue from the breach for them.
- CHILDREN’S PERSONAL INFORMATION
- CROSS BORDER TRANSFERS OF PERSONAL INFORMATION
The User consents that personal information (including special personal information) may be transferred transborder, even to countries without data protection laws similar to those of South Africa, for storage purposes, or if it is in THE COMPANY’s legitimate interests or those of a third party to do so.
- RETENTION OF INFORMATION
The User consents that THE COMPANY may keep record of his/her personal information for an indefinite period of time, unless User objects. In such case THE COMPANY will only keep such records if it is lawfully entitles or obliged to do so
- RETURNING, DESTROYING OR DELETING PERSONAL INFORMATION
18.1 Where THE COMPANY is no longer authorised to retain a record of any personal information, it shall either:
18.1.1 ensure that the information is permanently destroyed or deleted as soon as reasonably practicable; or
18.1.2 return the information to the User or transfer it to a third party, if requested by the User in writing to do so.
19.2.1 the types of personal information to be processed, including specifically special personal information;
19.2.2 the specific processing activities to be undertaken;
19.2.3 the specific purpose/s for such processing; and
19.2.4 the possible consequences for the User that may arise from such processing.
19.3 Should a User wish to withdraw any consent previously given by the User, they must notify THE COMPANY’s information officer in writing.
- LODGING AN OBJECTION
20.1 A User may, on reasonable grounds, object to the processing of their personal information at any time after that processing has started.
20.2 If a User wishes to object to the processing of their personal information, they should contact THE COMPANY’s information officer in writing and provide, reasons for doing so. Users may use the process and forms contained within THE COMPANY’s PAIA manual available on our website.
- CHOICE OF LAW
For more information on your rights to privacy over your information, or the information processing activities of THE COMPANY, please do not hesitate to contact us directly at email@example.com
Date of last update: 23 July 2021