Protection of Personal Information

PRIVACY POLICY 

in accordance with the requirements as prescribed in 

the Protection of Personal Information Act No. 4 of 2013 (POPIA).

SECTION 1: PURPOSE

Parklands College is committed to protecting the privacy of personal information in accordance with the requirements as prescribed in the Protection of Personal Information Act No. 4 of 2013 (POPIA).  The Act introduces measures to ensure and safeguard the right to privacy weighed up against the right to access of information as well as the sharing of personal information.  It furthermore aims to provide everyone’s right to privacy as enshrined in the Constitution and offers protection and recourse to those whose personal information rights are infringed.

The standards set out in the Act require companies to protect personal information obtained for administrative purposes and impacts the collection, handling, retention, dissemination and disposal of such data. 

The eight conditions or guiding principles that must be complied with are:

  • Accountability: the College must assign responsibility for overseeing and managing compliance with POPIA
  • Processing limitation: processing of personal information must be transparent, lawful, reasonable, minimal, justified and requires explicit consent unless certain exemptions apply
  • Purpose specification: personal information must only be processed for specific, defined and legitimate reasons relating to the functions or activities of the College and the Data Subject should be made aware of the purposes. It must also be retained and those records restricted in terms of the provisions of POPIA
  • Further processing limitation: the College should only use personal information for the reasons specified.  Additional consent must be obtained for any further processing
  • Information quality: the College must take steps to ensure that the personal information is complete, reliable, accurate, up to date and relevant to the purposes for which it was collected
  • Openness: information must be processed in a fair and transparent manner.  Individuals must be aware of the personal information held about them and the purpose for which the information is being retained (Where information is collected from another source, the Data Subject must be informed)
  • Security safeguards: integrity and confidentiality of the personal information must be secured.  Personal information must be protected against the risk of loss, unauthorised access, interference, modification, destruction or disclosure.  Clear processing protocols should be in place
  • Data Subject participation: individuals, having adequately identified themselves, have the right to request and access information about their personal information and may also require a Responsible Party to correct or destroy personal information that may be inaccurate, misleading, outdated or no longer necessary for the purpose for which it was collected.

This policy covers all information collected by the College in order to carry out normal school operations as dictated by the various Acts governing educational institutions. In terms of POPIA, we are required to take reasonable practicable steps to inform all data subjects as to certain matters relating to their personal information, which is set out in this policy. By engaging with us and providing us with your personal information you acknowledge that you have read and understood this policy, agree to its contents and permit and consent us to take the actions set out herein in relation to your or your child’s personal information submitted.  

SECTION 2: DEFINITIONS

The complete list of definitions is to be found in the Protection of Private Information Act No. 4 of 2013.

Biometrics Personal identification based on physical, physiological or behavioural characterization, eg. fingerprinting, retinal scanning and voice recognition
Child (learner) A natural person under the age of 18 years
Consent Any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information
Data subject Means the person to whom personal information relates.  Data subjects may include, but are not limited to:  learners and students; prospective learners and students; applicants; alumni; employees and employee candidates; visitors; suppliers and members of the public.
Electronic communication Means any text, voice, sound or image sent over a network
Information Officer or Deputy Information Officer Relating to a public body means an information or deputy information officer as contemplated in terms of section 1 or 17; or Relating to a private body means the head of a private body as contemplated in section 1 of the Promotion of Access to Information Act.  The Information Officer may appoint Deputy Information Officers to assist in complying with the Act.
Operator Means a person who processes personal information for a responsible party
College (School) Means Parklands College and Christopher Robin Pre-Primary
PAIA Promotion of Access to Information Act, 2000 (Act No. 2 of 2000)
Person Means a natural person or a juristic person
Personal Information and Special Personal Information Means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, included but not limited to:

•Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
•Information relating to the education or the medical, financial, criminal or employment history of the person;
•Any identifying number, symbol, email address, physical address, telephone number, location, online identifier or other particular assignment to the person;
•Biometric information of the person;
•Personal opinions, views or preferences of the person;
•Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
•The views or opinions of another individual about the person;
•The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal personal information about the person; and
•With regard to Special Personal Information, personal information as set out in section 36 of POPIA
Processing Refers to any act that can be performed when handling personal information.  POPI defines processing to include collecting, recording, organizing, updating, storing, distributing, destroying or deleting personal information.
Record A record is a form of collating information, regardless of the medium on which it is recorded, that is under the control of a responsible party
Regulator The Information Regulator established in terms of section 39 of the Act
Responsible party Refers to a public or private body and any other person who determines the purpose and means of processing personal information in their possession

SECTION 3: COLLECTION OF PERSONAL INFORMATION

Personal information is gathered from submissions to the College.  This applies to learners via their parents/guardians, students, employees, candidate employees and other data subjects.

The personal information is collected in order to conduct and meet the minimum standards required for the function and activity of the day-to-day operation of the College and is specific for the purpose for which it is collected. Only the personal information that is adequate, necessary, relevant and not excessive will be collected in terms of the provisions of POPIA. 

The collection and processing of personal information for data subjects may include the following:

  • Names, ID’s, gender, nationality, addresses, telephone numbers
  • Parent/Guardian details including addresses, contact numbers, email addresses
  • Education and employment data

The collection and processing of special personal information includes:

  • Biometrics
  • Race
  • Medical information including Medical Aid Membership
  • Behavioral information
  • Special Needs Education
  • Marital status 
  • Police Clearance (educators)
  • Video and photographic images, including CCTV footage and live streaming of events

The data subject personal information (including prospective learners, students and employees) is collected from the data subjects and could be in the form of paper-based or electronic information, recorded on application forms, emails, CV’s and website enquiries.

The College shall ensure that all agreements in place with suppliers and other third parties in terms of which they are required to collect and use personal information shall adhere to the terms of this policy and that there will be a mutual understanding regarding the protection of such personal information.  

SECTION 4: PROCESSING OF PERSONAL INFORMATION 

Personal information is processed in order to conduct and meet the minimum standards required for the function and activity of the day-to-day operations of the College. This will be done lawfully and in a reasonable manner that does not infringe on the privacy of a data subject.

Parent/guardian, learner and student information is processed for the purposes of, not limited to:

  • Compliance with legislative and administrative requirements
  • Ensuring admission criteria is met
  • Biometrics for access control and internal procurement
  • Recording learner/student assessment and examination results
  • To aid learner support (internally and externally, i.e physiotherapy, assessment, medical, etc.)
  • To maintain parent/guardian contact details for learner progress updates, emergencies, notifications regarding school activities, sharing newsletters, etc.
  • Storing/saving College milestones and achievements, including videos and photographs, etc., for historical College collection, annual yearbook publications, social media platforms and website upgrades 
  • Recording and updating education department educational management systems
  • Applications for external scholarships 
  • Applications relating to special learner support and concessions
  • Completing educational statistics and surveys (unique identifiers are removed and information is aggregated)
  • Applications for education related accreditations and certifications
  • Applications for and enrolment in school related Olympiads and Competitions

Employee information is processed for the purposes of, not limited to:

  • Job application selection process and suitability of the candidate
  • Administration of staff records and human resource records
  • Biometrics for access control
  • Administration of payroll records
  • Provident Fund Membership
  • Medical Aid Membership
  • Personal and Company Insurance
  • Staff appraisals
  • Disciplinary procedures
  • Recording and updating education department educational management systems
  • Completing educational statistics and surveys (unique identifiers are removed and information is aggregated)
  • Applications for education related accreditations and certifications
  • Applications for and enrolment in school related Olympiads and Competitions

Parent/guardian consent is required for all information pertaining to a learner.  Any identifiable information regarding a person under the age of 18 years is considered Special Personal Information.

Other data subject information is processed for the purposes of, not limited to, performing business activities such as buying, services or installation bookings, deliveries, payments and marketing.

The processing of information is not used for any other purpose other than for the purpose for which it was specifically collected without the written permission and consent of the data subject.

SECTION 5: RETENTION OF DOCUMENTS

In general, personal information is retained as per the prescribed norms and applicable restriction is placed upon archived information and records.

The College will retain data subject personal information in its databases and systems for a period of seven years from the last day of enrolment/termination of services.  After this period, only basic information will be retained, such as parent/guardians, learners and students names, system identification numbers and academic records. This is in order to retain the integrity of our historical data.

Data subject biometric data will be removed from College biometric attendance systems at the end of the last day of a data subject’s enrolment/employment at the College pending outstanding Finance department queries. 

After the above-mentioned retention periods, the College will destroy and/or render unusable the personal information that is no longer required, unless the provisions of section 14 of POPIA apply.

SECTION 6: THE INFORMATION OFFICER(S) 

In compliance with the requirements of the Act, Parklands College is required to appoint an Information Officer (and Deputy Information Officers) and register the individuals with the Information Regulator.

The duty of these officers is, but not limited to, ensuring that the College complies with the provisions of the Act by monitoring and implementing codes of conduct issued by the Information Regulator.

The officer will deal with any requests made under the Act as well as the Promotion of Access to Information Act (PAIA) (Act No 2 of 2000) and assist the Information Regulator with any investigations conducted in respect of the College.

Furthermore, they are required to develop, implement, monitor and maintain a compliance framework within the College to ensure lawful processing and create internal awareness amongst relevant staff with regard to the requirements of the Act.

Data subjects have the right to request correction or deletion of personal information or destruction or deletion of record of personal information by submitting the applicable forms contained in the POPIA and PAIA regulations.  The Information Officer can offer assistance in this regard. 

SECTION 7:  THE RIGHTS OF DATA SUBJECTS 

Data subjects have the right to have their personal information processed lawfully and should be informed of the purpose for which the information is being collected.

They have the right to establish what information the College holds and request the correction of the personal information where necessary.

Data subjects have the right to be informed if their information has been accessed/acquired by an unauthorized person.

The College strives to safeguard personal information in its possession through policies and procedures and technical measures that have been put in place.  It remains the objective of the College to identify all reasonably foreseeable internal and external risks and to continuously verify the effectiveness of those measures against new risks that may arise.

SECTION 8: PRIVACY QUERIES

If you would like to discuss anything regarding this privacy notice, or have any queries relating to POPIA you can:

  • Complete and submit the “Privacy Contact Form” below.

Should you believe we are processing your personal data with disregard to the data protection regulations in force, any claim can be sent to our Information Officer (as listed above) or to the Information Regulator who can be contacted below:

Telephone number +27 (0) 10 023 5200, Cell No. +27 (0) 82 746 4173 or by email at: complaints.IR@justice.gov.za or inforeg@justice.gov.za.

SECTION 9: PRIVACY POLICY UPDATES

The College may need to update this privacy notice periodically. Please review this information frequently.