JUMPCO DIGITAL (PTY) LTD PRIVACY NOTICE
During your interactions with us, it may happen that we need to gather some information from you which may constitute personal information for purposes of the Protection of Personal Information Act 4 of 2013 (“POPIA”) and that we need to process such information, which may include accessing it, storing it and possibly sharing it with third parties.
In terms of s18 of POPIA, we are required to bring to your attention certain matters relating to your personal information, which we set out in this notice document. By engaging our services, you acknowledge that you have read and understood this notice and have agreed to the contents hereof. You furthermore authorize us to take any of the actions described herein insofar as your personal information is concerned.
KEY DEFINITIONS USED IN THIS PRIVACY NOTICE
“Customer” (“you”) means the subscriber of, or visitor to the website, user of our services, or of the Platform. Depending on this context, this may include schools, parents, learners, government institutions, service providers or any other users of our services.
“Data Subject” means the individual or corporate entity whose Personal Information we process either as the Responsible Party or as an Operator on behalf of the Customer, and may include the Customer itself. Depending on the context, this may include learners, parents, schools, government institutions, service providers, or any users of our services or the Platform.
“GDPR” means the European Union’s General Data Protection Regulation.
“Information Officer” means the person designated as our information officer, as required in terms of POPIA. This is referred to as a “Data Protection Officer” in the GDPR.
“Information Regulator” means the office of the Information Regulator, as established in terms of POPIA.
“Operator” means any person or organization that processes Personal Information on our behalf. This is referred to as a “Processor” in the GDPR.
“Personal Information” means information relating to a specific juristic or natural person which is classified as personal information in the Protection of Personal Information Act 4 of 2013 (“POPIA”). This may include a wide variety of information types, such as your name, address, telephone number, credit card information, and any other information that is connected with you and may identify you personally.
“the Platform” means “JumpTrak”, a digital education solution provided by us.
“POPIA” means the Protection of Personal Information Act 4 of 2013 of the Republic of South Africa. You may access a copy of POPIA on the Information Regulator’s website, which, at the time of publication of this Privacy Notice, is at http://www.justice.gov.za/inforeg/.
“Processing” of Personal Information means any operation or set of operations which is performed in respect of such information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Responsible Party” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Information. This role is also referred to as the “Controller” in the GDPR.
COMPLIANCE WITH POPIA AND THE GDPR
Our processing of Personal Information is subject to, and in compliance with, the provisions of POPIA.
In addition to compliance with POPIA, we have voluntarily undertaken to comply with the provisions of the GDPR insofar as they are applicable to us and where reasonably practicable, should such provisions differ from those stipulated in POPIA.
INFORMATION THAT WE MAY PROCESS
In order to provide you with our services, including the use of the Platform, we need to obtain and process certain types of Personal Information relating to Data Subjects, including:
- First and last name;
- Date of birth;
- Grade (if applicable);
- Username and password;
- Student identification number (if applicable);
- Details of school (if applicable);
- Details of parent or guardian providing consent (if applicable);
- Email address of the user (if the user is 18 years or older); and
- Email addresses of schools and parents or guardians (in the case of learners).
- Users’ responses to questions, activities, assignments, tests and assessments; and
- Time spent by users on completing the questions, activities, assignments, tests and assessments.
- Customer’s billing information.
REASONS FOR PROCESSING PERSONAL INFORMATION AND CONSEQUENCES OF NOT DOING SO
The above-mentioned information is processed by us in order to allow for the full functionality of the Platform and the provision of our services to you. This enables us to identify users, provide activities, assessments, and tests, track users’ use and progress, and generate reports for use by them and/or their school and/or their parent or guardian.
If requested personal information is not provided, we may not be able to complete such services. If the information is not provided initially, we may choose not to perform the services at all. Where information is not provided during the course of an ongoing matter, we may terminate our appointment and in such cases, you will be liable to settle any of our fees (which will include any costs or expenses incurred by us) in respect of work done up to the date of termination.
Additionally, in order to improve our services and to notify you of our other services in the future, we may process some of your personal information for marketing purposes, if you authorize us to do so in writing by way of an opt-in via our website, the Platform or other means. You may withdraw such authorization at any time by opting out in writing using the means provided on the website or the Platform or by e-mail to email@example.com. We may also retain some of your personal information for statistical purposes, but in such instances, the information will be anonymized.
WHERE WE MAY OBTAIN PERSONAL INFORMATION FROM
In most cases, we act as an Operator in respect of Personal Information, in that we process it on behalf of the Customer and the information processed mostly relates to a Data Subject other than the Customer. As such, by using our services and the Platform, you specifically warrant and undertake that you have obtained the legally required consent from the applicable Data Subjects or their authorized representatives, parents or guardians, to allow us to process their Personal Information at your behest, for the intended purpose as described above. You indemnify and hold us harmless in the event that you have failed to obtain such consent.
We may also be legally required to independently verify some of the information provided to us in terms of applicable anti-terrorism and anti-money laundering legislation (including, but not limited to, the Financial Intelligence Centre Act 38 of 2001, as amended), which may include our accessing government or public directories in order to obtain certain personal information relating to users.
SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
We may need to share your Personal Information, or the Personal Information of third party Data Subjects that we process on your behalf, with third parties. In general, this is limited to transmitting or storing such information through, or on, electronic communication and storage infrastructure administered by third-party service providers. However, depending on the specific context, we may need to share some Personal Information with other third parties, which may include, but are not limited to, our sub-contractors, agents, employees, correspondents or other service providers; public forums such as courts or other tribunals; or law enforcement agencies or regulatory bodies (only if legally required or on your instructions).
INFORMATION LEAVING THE COUNTRY
We may need to transmit Personal Information to a location outside of South Africa, where it may be processed by third parties. This may happen while we are communicating with you, or any other party or where you or such party are not in the country. It may also happen where our digital infrastructure is located in, or administered from another country. In such cases, the transmission and processing of such information is subject to the provisions of s72 of POPIA, meaning that the third party to which we may transmit your information will either be subject to laws, or a contract with us, or corporate binding rules, which requires them to employ the same reasonable safeguards in respect of such Personal Information that we are required to comply with in terms of POPIA.
RETENTION OF PERSONAL INFORMATION
In general, we only retain your personal information for the duration of our services to you.
However, we may be required in terms of legislation to retain such information for prescribed periods. This usually means that we need to retain Personal Information for periods of up to 5 years, although in some instances it may be longer. Where possible, we anonymise such information.
Information that we retain for marketing or statistical purposes may be retained indefinitely, provided that you have authorised us to use the information for marketing purposes or, in the case of use for statistical purposes, that the information has been anonymised.
As required by s19 of POPIA, the confidentiality and integrity of any Personal Information processed by us is subject to reasonable technical and organisational safeguards to prevent loss, damage, destruction or unauthorised access, having due regard to generally accepted information security practices and procedures. However, we are not liable to you, or any other person, for any such loss, damage, destruction or unauthorisation access that occurs despite our implementation of such reasonable safeguards.
If we become aware of any breach of security which may potentially lead to unauthorisation access, loss, destruction or processing of Personal Information processed by us, we will, as soon as is reasonably possible, investigate the matter and notify you, the Data Subjects and other affected parties, as well as the Information Regulator of such breach, in the prescribed manner and form, and will take reasonable steps to mitigate against any risks resulting from such breach.
Please note that no data breach notification made by us will constitute an admission of any liability in respect of any matter referred to in such notice.
DATA SUBJECT RIGHTS
In terms of ss23 and 24 of POPIA, you, and the Data Subjects whose Personal Information you have shared with us, have the right to access, and to request us to correct, any Personal Information retained by us, subject to the provisions of those sections. This may be done by sending us a written request to firstname.lastname@example.org.
You, or the Data Subjects whose Personal Information we process on your behalf, furthermore have the right, in terms of s11(3) of POPIA, to object to our holding of your personal information and to withdraw our authorisation to do so, in which event we will delete or anonymise such information within a reasonable period of no longer than 10 (Ten) days.
Should you wish to lodge a complaint, you may contact the office of the Information Regulator, whose contact details may be found on their website (currently at http://www.justice.gov.za/inforeg/ )
OUR CONTACT DETAILS
Should you have any questions regarding our information collection, handling or storage processes, please contact us at the following address and mark your query for the attention of the Information Officer:
JumpCO Digital (Pty) Ltd
Tel: +27 11 431 1666
Suite 106, Block B
Cnr Judges and Beyers Naudé Drive