Privacy Policy

AKASHA SA (PTY) LTD (Registration Number: 2019/611292/07)

PROTECTION OF PERSONAL INFORMATION POLICY 3 FEBRUARY 2022

1. INTERPRETATION In this Policy –

  • 1.1.  clause headings are for convenience and shall not be used in its interpretation;
  • 1.2.  unless the context clearly indicates a contrary intention –
    • 1.2.1.  an expression which denotes –
      1.2.1.1. any gender includes the other genders;
      1.2.1.2. the singular includes the plural and vice versa;
    • 1.2.2.  the following expressions shall bear the meanings assigned to them below and cognate expressions bear corresponding meanings –
      • 1.2.2.1. “the Act” – shall mean the Protection of Personal Information Act 4 of 2013 and any regulation or code made under the Act;
      • 1.2.2.2. “the Company” – shall mean AKASHA SA (Pty) Ltd (Registration No: 2019/611292/07);
      • 1.2.2.3. “Client(s)” – shall mean any parent, student or client of the Company;
      • 1.2.2.4. “Consent” – shall mean any voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Information or Special Personal Information. In cases where the Data Subject is a minor child, consent shall mean any voluntary, specific and informed expression of will in terms of which a competent person and/or that minorchild’s parent(s) or lawful guardian’s permission is given for the processing of that minor child’s Personal Information or Special Personal Information ;
      • 1.2.2.5. “Data Subject” – shall mean a person to whom personal information relates including students, parents and family of the students, Company employees, Client employees and test subjects;
      • 1.2.2.6. “Deputy Information Officer” – shall mean any person who has been designated by the Information Officer to perform certain delegated duties and responsibilities of the Information Officer;
      • 1.2.2.7. “Information Officer” – shall mean the head of a private body being either the Chief Executive Officer, or an equivalent officer or any person duly authorised by that officer;
      • 1.2.2.8. “Operator” – shall mean a person who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party;1.2.2.9.  “Personal Information” – shall mean information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including but not limited to:
        • i. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
        • ii.information relating to the education or the
          medical, financial, criminal or employment history of the person;
        • iii. any identifying number, image, photograph, video recording, voice note, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
        • iv. the biometric information of the person;
        • v. the personal opinions, views or preferences of the person;
        • vi. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
        • vii. the views of opinions of another individual about the person;
        • viii. The name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
      • 1.2.2.10 “Processing” “Processes” and “Processed” – shall mean any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
        • i. the collection, receipt, recording, photographing, organisation,collation, storage, updating or modification, retrieval, alteration, consultation or use;
        • ii. dissemination by means of transmission, distribution or making available in any other form; or
        • iii. merging, linking as well as restriction, degradation, erasure or destruction of information.
  • 1.2.2.11 “Purpose” – shall mean to provide for the education of and to secure the health, happiness and safety of its students at school. To create an educational experience that supports a school community consisting of students, parents, family of the students, teachers and support staff; to engage in all facets of the business of education; and to provide for matters connected therewith;
  • 1.2.2.12 “Regulator” – shall mean the Information Regulator established in terms of Section 39 of the Act;
  • 1.2.2.13 “Responsible Party” – shall mean a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
  • 1.2.2.14 “Special Personal Information” – shall mean the Personal Information referred to in Section 26 of the Act, namely Personal Information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a Data Subject to the extent that such information relates to the alleged commission of any offence by the Data Subject or any proceedings in respect of any offence allegedly committed by a Data Subject or the disposal of such proceedings;
  • 1.2.2.15 “Record” – shall mean any recorded information regardless of form or medium, including any of the following:
    • i. writing on any material;
    • ii. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, camera, video camera, cellular telephone or other device, and any material subsequently derived from information so produced, recorded or stored;
    • iii. label, marking or other writing that identifies or
      describes any thing of which it forms part, or to which it is attached by any means;
    • iv. book, map, plan, graph or drawing;
    • v. Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
      • a) in the possession or under the control of a responsible party;
      • b) whether or not it was created by a responsible party;
      • c) regardless of when it came into existence.

 

2. RECORDAL, PURPOSE & SCOPE

  • 2.1. The Company is engaged in the business of educating children and gathers and processes Personal Information and Special Personal Information for its Purpose, to service its Clients and for its own internal employee and business administration.
  • 2.2.  This policy will regulate the processing of Personal Information and Special Personal Information by the Company and will be used to protect the rights and interests of all Data Subjects who provide Personal Information and Special Personal Information to the Company.
  • 2.3.  This policy shall apply to all Personal Information and Special Personal Information processed by the Company.
  • 2.4. Information processed through any CCTV camera(s) on the Company’s property is done so as a measure to maintain the security of the Company and its Clients and by the nature of this information, it shall not be accessible to any unauthorised person. In order to protect the Personal Information of all, access to information processed through any CCTV camera(s) shall not be disclosed to any person and/or Client except by the express written permission of the Company and/or in compliance with an issued Subpoena, order of Court or statutory obligation.

3. INFORMATION OFFICER & DEPUTY INFORMATION OFFICER

  • 3.1 The Company’s director, Mrs. Tess Rayner shall be the Information Officer for the Company and she hereby appoints 1 (one) person, being the Company’s Human Resources Manager as its Deputy Information Officer and mandates and authorises him/her to carry out the duties as listed in Section 55 (1) of the Act.
  • The Deputy Information Officer will take up his/her duties as listed in Section 55 (2) of the Act .
  • The identity and contact detail of the Company’s Information Officer
    and Deputy Information Officer may be obtained off of the Company’s Website at www.akashaschool.co.za or telephonically at +27 73 145 – 3330 or alternatively from the Regulator, as defined in the Act.

4. WARRANTY

  • 4.1 The Company warrants that:
    • 4.1.1 this policy will be made easily available on request; and
    • 4.1.2 it has the resources and capacity to implement the constructs of this policy

5. LAWFUL PROCESSING OF PERSONAL INFORMATION

The Company shall, in terms of Section 4 of the Act, process Personal
Information lawfully by adhering to the following conditions:

  • 5.1 Accountability –
    • 5.1.1 At the time that the determination of the purpose for
      which the Personal Information is being processed, the Company will ensure that effect is given to such conditions and that compliance with the Act and this policy is ensured.
  • 5.2 Processing Limitation –
    • 5.2.1 Personal Information will only be processed if it is adequate, relevant and not excessive.
    • 5.2.2 Personal Information may be processed under circumstances where lawful and informed consent is obtained from the Data Subject, either directly in person or by having given personal, written consent to a third party or one of the Company’s client’s to on-send that Personal Information
      to the Company for processing.
    • 5.2.3 Personal written consent from the Data Subject given to a third party or a client of the Company under circumstances listed in Sections 12 (2)(a), (c), (d), (e) and (f) of the Act.
    • 5.2.3 Personal Information may further be processed under circumstances where processing is necessary to carry out actions for the conclusion or performance of a contract to which the Data Subject is a party, processing complies with an obligation imposed by law on the Company, processing protects a legitimate interest of the Data Subject, processing is necessary for the proper performance of a public law duty or processing is necessary for pursuing the legitimate interests of the Company or of a third party to whom the Personal Information is supplied.
    • 5.2.4.The Company bears the onus of ensuring that the Data Subject’s consent was obtained, in circumstances not listed in clause 5.2.3 above, and the Company’s systems will cater for the recording of proof of the Data Subject’s consent.
    • 5.2.5.The Data Subject may withdraw their consent or object, at any time, to the processing of Personal Information, provided that the lawfulness of processing information in terms of clause 5.2.3 above, is not affected and provided that no legislation exists that obliges the Company to process such Personal Information. Objections or withdrawals of consent must be brought to the attention of the Deputy Information Officer by the Data Subject.
  • 5.3 Purpose Specification –
    • 5.3.1 Personal Information shall only be processed for a specific, explicit, defined and lawful purpose relating to the Company’s Purpose, business and internal administration and governance. In all forms, consents, documents, questionnaires etc…, provision will be made to ensure that the Data Subject is aware of the purpose for the collection of the Personal Information.
    • 5.3.2 Records of Personal Information of the Data Subject shall not be retained any longer than is necessary to achieve itspurpose bearing in mind considerations pertaining to retention of records required by law, requirements for lawful purposes, contractual obligations and consent by a competent person.
    • 5.3.3 Where the Company has used a record of Personal Information of a Data Subject to make a decision about that Data Subject, it will retain that record for such period as may be required by law or a code of conduct and if no law or code of conduct exists, it shall retain that record for a reasonable period of time which will afford the Data Subject the reasonable opportunity, taking all considerations relating to the use of of the Personal Information into account, to request access to the record.
    • 5.3.4 Personal Information of a Data Subject shall be destroyed or deleted in a manner that prevents its reconstruction after the Company is no longer authorised to keep it on record.

      5.3.5 The Company will restrict processing of any Personal Information under circumstances where it discovers that its accuracy is contested by the Data Subject, that it no longer needs the Personal Information for achieving the purpose for which the information was collected, the processing is unlawful and the Data Subject opposes its destruction or deletion and requests the restriction instead or the Data Subject requests to submit the Personal Information into another automated processing system.

  • 5.4 Further Processing Limitation –
    • 5.4.1 In the event that further processing of Personal Information is required, it will only be done so in accordance with the purposes for which it was initially collected and will only be further processed in strict compliance with Sections 15(2) and (3) of the Act.
  • 5.5 Information Quality –
    • 5.5.1 The Company will take all reasonable practicable steps to ensure that the Personal Information is complete, accurate, not misleading and updated where necessary. In doing so, it will have regard to the purpose for which that Personal Information was gathered and where necessary involve the Data Subject in this process.
  • 5.6 Openness –
    • 5.6.1 Whenever processing Personal Information of a Data Subject, the Company will take all reasonable steps to ensure that the Data Subject is aware of:
      • i. The information being collected and under circumstances where it is not being collected directly from the Company, the source from where it is being collected;
      • ii. the name and address of the Company, the purpose
        for which the information is being collected, whether or not the supply of information is voluntary or mandatory, the consequences on not supplying the information, any particular law requiring the collection of the information;
      • iii. whether the Company intends transferring the information to a third country or international organisation and the level of protection afforded the information by the third country or international organisation;
      • iv. any further information such as the recipient or category of recipients of the information, nature or category of the information, existence of the right of access to an the right to rectify the information collected, existence to the right to object to the processing of the information and the right to lodge a complaint to the Regulator together with the contact details of the Regulator.
    • 5.6.2 In circumstances where the Personal Information is taken from the Data Subject directly, the steps highlighted above will be taken before the information is collected from the Data Subject, by publishing same on forms, consents, documents, questionnaires etc…
  • 5.7 Security Safeguards –
    • 5.7.1 The Company will treat all Personal Information and Special Personal Information in its possession as confidential. It will not disclose it for any unlawful purpose and will take all reasonable, appropriate, technical and organisational measures to prevent loss or damage and unlawful access to or processing Personal Information in its possession.
    • 5.7.2 The Company will and has taken reasonable measures to identify all reasonably foreseeable internal and external risks to Personal Information in its possession. It has established and maintained appropriate safeguards against those risks and regularly verifies that the safeguards are effectively implemented. Furthermore, it ensures and will continue to ensure that its safeguards are continually updated in response to new risks and to deficiencies in previously implemented safeguards.
    • 5.7.3 The Company may appoint Operators to assist in
      processing Personal Information of the Data Subjects and will ensure that any Operator appointed will be contractually bound to abide by the terms of this policy, that it maintains the security measures mentioned herein and notify the Company immediately following any suspicion on
      reasonable grounds that Personal Information has been unlawfully accessed, acquired or compromised by an unauthorised person.
    • 5.7.4 Under circumstances where there is reasonable grounds to believe that Personal Information has been unlawfully accessed, acquired or compromised by an unauthorised person, the Regulator and the Data Subject shall immediately be notified in writing and will provide sufficient information notifying the Data Subject of any and all protective measures that the Company is taking.
  • 5.8 Data Subject Participation
    • 5.8.1 Upon verification of the identity of a Data Subject, the Company shall notify him or her, free of charge, of whether it holds Personal Information about the Data Subject.
    • 5.8.2 Under circumstances where the Company does have Personal Information concerning the Data Subject on record, it will, at his or her request make available the record or a description of the Personal Information about the Data Subject including information relating to the identity of all third parties or categories of third parties who have or who have had access to the Personal Information; within a reasonable time, at a prescribed fee (if any); in a reasonable manner and format and in a form that is generally understandable.
    • 5.8.3 If, at the request by a Data Subject, Personal Information is communicated to him or her, the Data Subject will be advised or their right to have the Personal Information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully corrected, destroyed or deleted. The Company will upon receipt of such request correct, destroy or delete the information and provide the Data Subject credible proof thereof.
    • 5.8.4 In respect to requests for access to health records of the Data Subject by a Data Subject, if it is the opinion of the Information Officer or Deputy Information Officer that the disclosure of the record of this Personal Information to the Data Subject might cause serious harm to their physical or mental health or well being of the Data Subject, they will consult with a health practitioner, nominated by the Data Subject.
    • 5.8.5 If after being given access to the record mentioned at clause 5.8.4 above, the health practitioner consulted is of the opinion that the disclosure of the record to the Data Subject would be likely to cause serious harm to their physical or mental health or well being; then the Information Officer or Deputy Information Officer may only give access to the record to the Data Subject, if the Date Subject proves to the satisfaction of the Information Officer or Deputy Information Officer that adequate provision has been made for such counseling or arrangements as are reasonably practicable before, during or after the disclosure of the record to limit, alleviate or avoid such harm to the Data Subject. Under such circumstances, before the record is given to the Data Subject, it shall be given to such person who is responsible for the counselling.

 

6. PROCESSING OF PERSONAL INFORMATION OF CHILDREN IN TERMS OF SECTION 34 AND 35 OF THE ACT AND OF SPECIAL PERSONAL INFORMATION IN GENERAL

  • 6.1 The Company shall not process the Personal Information or Special Personal Information concerning a child unless the processing is:-
    • 6.1.1 carried out with the prior consent of a competent person;
    • 6.1.2 necessary for the establishment, exercise or defence of a right or obligation in law;
    • 6.1.3 necessary to comply with an obligation on international public law;
    • 6.1.4 for historical, statistical or research purposes to the extent that it serves a purpose of public interest and the processing is necessary for the purposes concerned or it appear impossible or would involve a disproportionate effort to ask for consent and sufficient guarantees are provided to ensure that the processing does not adversely affect the individual privacy of the child to a disproportionate extent;
    • 6.1.5 of Personal Information which has deliberately been made public by the child with the consent of a competent person; or
    • 6.1.6 in line with Sections 34(2) and 34(3) of the Act.

 

7. PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION OF EMPLOYEES AND JOB APPLICANTS

  •  7.1 RECRUITMENT AND APPOINTMENT
    • 7.1.1 The Company will from time to time, process Personal Information or Special Personal Information, in the recruitment process, from a Data Subject who is an employment applicant. When processing such Personal Information, the Company will adhere to its obligations in terms of the Act and of this policy.
    • 7.1.2 As a consequence of any existing employment relationship that exists between a Data Subject, who is an employee of the Company, and the Company; Personal Information and Special Personal Information of that Data Subject will be processed by the Company. The Company will ensure that in processing an employee’s Personal Information and Special Personal Information, that it will adhere to its obligations in terms of the Act and of this policy.
    • 7.1.3 The Company shall take reasonable steps to ensure that any employment applicant and that all of its employees understand the purposes for the processing of their Personal Information or Special Personal Information and that Consent is obtained prior to processing any of their Personal Information or Special Personal Information.
    • 7.1.4 The Company shall endeavour to collect and process Personal Information and Special Personal Information from employment applicants and its employees directly, unless the information is derived from a public record or has been deliberately made public by the employment applicant or employee or has been made available to the Company, with the Consent of the employment or employee, by an employment agency, trade union or authorised third party.
    • 7.1.5 Notwithstanding clause 7.1.3 and 7.1.4 above, failure to obtain such Consent, will not preclude the Company from processing Personal Information and Special Personal Information, in certain circumstances where it is obligated and/or permitted to do so in accordance with the provisions of the Act.
    • 7.1.6 The Company undertakes to and will take all reasonable
      steps to ensure the an employment applicant’s Personal Information or Special Personal Information will only be used for the purposes connected with the recruitment process.
    • 7.1.7 The Company undertakes to and will take all reasonable steps to ensure the all of its employees Personal
      Information and Special Personal Information will only be used for the purposes connected with the human resource function and employment relationship.

7.2 STORAGE OF PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION OF EMPLOYEES

  • 7.2.1 Personal Information and Special Personal Information of employees of the Company is kept on record and contained in personal files which are safely kept in the Human Resources Department, to which access is secure and limited to authorised personnel only.
  • 7.2.2 Upon termination of the employment contract between the Company and an employee, Personal Information or Special Personal Information will be handed to the relevant Operators for the purposes of post-employment benefits, if any, and save as required by law, thereafter will be destroyed, deleted or de-indentified.

 

8. DISTRIBUTION OF PERSONAL INFORMATION TO THIRD PARTIES

  • 8.1 Personal Information of Data Subjects may be distributed to third parties with the express, informed, written approval of the Data Subject and for the express purposes for which the Personal Information was collected.
  • 8.2 In circumstances where Personal Information of Data Subjects is distributed to third parties, such third parties shall be contractually bound to abide by this policy and to agree to comply with same.
9. TRANSBORDER INFORMATION FLOWS

The Company shall only transfer Personal Information of a Data Subject to a third party who is in a foreign country if that third party is subject to a law, rules or policies which provides adequate protection to the same degree or to a greater degree than the Act and shall only be done so with the express, informed, written approval of the Data Subject or subject to the provisions of Section 72 of the Act.

 

10. REVIEW

This policy is a working document and will be amended, improved and expanded on in order to provide greater protection to Personal Information pertaining to Data Subjects or to comply with amendments to the Act or law. Under circumstances where any such changes are made, the updated policy will be published to the relevant parties.

Close Menu