1.1 Deftech in order to carry out its goals and business objectives as an educational facilitator, online learning platform, online educator, extra-curricular activities provider, supplier of robotics and other educational gear, and provider of various other educational programmes does and will on an on-going basis collect, store, transfer and use personal information.
1.2 The Protection of Personal Information Act 4 of 2013 (hereinafter referred to as POPIA) aims to give effect to the constitutional right to privacy by introducing measures that regulate every step of how personal information belonging to both individuals and juristic entities is collected, stored, transferred and used by both private and public bodies from the moment of collection until the moment of destruction in order to ensure that personal information is processed and managed in a fair, transparent and secure manner.
1.3 Deftech is committed to protecting individuals and juristic entities right to privacy and in consequence, undertakes to responsibly process personal information in line with the provisions of POPIA. Deftech does this not only to comply with the provisions of POPIA but also to protect its reputation, as well as to be a good corporate citizen.
1.4 The purpose of this policy is to create a general framework aimed at setting out the manner in which Deftech processes personal information.
2.1 The following definitions apply to this policy;
2.1.2 CPA - means the Consumer Protection Act, 68 of 2008;
2.1.3 Companies Act - means the Companies Act, 71 of 2008;
2.1.4 Competent person - means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a minor;
2.1.5 Consent - means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;
2.1.6 FICA - mean the Financial Intelligence Centre Act, 38 of 2001;
2.1.7 Information Officer - means the Chief Executive Officer or the Managing Director or equivalent officer of Deftech or any person duly authorised by the Chief Executive Officer or the Managing Director to act as Information Officer;
2.1.8 Operator - means a person who processes personal information for Deftech in terms of a contract or mandate, without coming under the direct authority of Deftech
2.1.9 PAIA - means the Promotion of Access to Information Act, 2 of 2000
2.1.10 Personal Information - means information relating to an identifiable, living, natural person, and where it is applicable, and identifiable, existing juristic person, including, but not limited to—
126.96.36.199 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
188.8.131.52 information relating to the education or the medical, financial, criminal or employment history of the person;
184.108.40.206 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignments to the person;
220.127.116.11 the biometric information of the person;
18.104.22.168 the personal opinions, views or preferences of the person;
22.214.171.124 correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
126.96.36.199 the views or opinions of another individual about the person; and
188.8.131.52 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
2.1.11 POCDATARA Act - means the Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 33 of 2004
2.1.12 Processing - means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—
184.108.40.206 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
220.127.116.11 dissemination by means of transmission, distribution or making available in any other form; or
18.104.22.168 merging, linking, as well as restriction, degradation, erasure or destruction of information;
2.1.13 Responsible Party - means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
2.1.14 Special Personal Information - means information relating to—
22.214.171.124 the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
126.96.36.199 the criminal behaviour of a data subject to the extent that such information relates to—
188.8.131.52.1 the alleged commission by a data subject of any offense; or
184.108.40.206.2 any proceedings in respect of any offense allegedly committed by a data subject or the disposal of such proceedings.
2.1.15 UIF - means the Unemployment Insurance Act, 63 of 2001.
3. PURPOSE FOR WHICH PERSONAL INFORMATION IS PROCESSED
3.1 Deftech undertakes to process the personal information of the Client to the extent, and in such a manner as is necessary to provide the services agreed upon and in accordance with the written instructions of the Client, unless required to do otherwise by law.
3.2 Deftech further undertakes to, at all times reasonably process personal information and is accordingly committed to processing personal information in an adequate, relevant and non-excessive manner.
3.3 Deftech will process the personal information of its Clients for the following purposes:
3.3.1 To act on or respond to instructions or requests for the provision of educational facilitator services, online learning services, extra-curricular activities services, supplier of robotics and other educational gear, and any other educational services.
3.3.2 To fulfill any contractual obligations and/or responsibilities which may arise in terms of a contract entered into with Deftech as a Responsible Party, Operator, or Contracting Party in any other capacity.
3.3.3 In order to comply with any compulsory obligations and/or responsibilities under South African laws and regulations, including but not limited to POPIA, FICA, POCDATARA Act, CPA, UIF, and the Companies Act.
3.3.4 For Human Resources and Labour Relations purposes in the case of prospective, existing and former employees.
3.3.5 For market research, analytical and statistical purposes.
3.3.6 For general administrative purposes.
3.3.7 In limited circumstances for direct marketing purposes.
3.3.8 For the purpose of identifying other products and services which might be of interest to Clients.
3.3.9 For business transaction purposes such as but not limited to a merger, acquisition or any form of sale of any assets.
3.3.10 For the purpose of helping us improve and customise Client’s website experience, which will include but is not limited to the processing of personal information in the form of HTTP cookies; and
3.3.11 For any other purpose related to the functions and activities of Deftech.
3.4 In order to perform the purposes described above, Deftech may from time to time share a Clients’ personal information with the following parties;
3.4.1 Deftech’s employees, which will only be done on a need-to-know basis;
3.4.2 Deftech’s suppliers and vendors, which will only be done on a need-to-know basis;
3.4.3 Deftech’s carefully selected business partners who provide products and services which may be of benefit to a Client, which will only be done on a need-to-know basis;
3.4.4 Deftech’s operators such as service providers and agents who perform services on behalf of Deftech, which will only be done on a need-to-know basis and in terms of an Deftech operator agreement.
3.5 Deftech does not share or process Clients personal information with any third parties who have not been described in clause 3.4 above, unless:
3.5.1 Deftech is legally obliged to provide such information to another to comply with an obligation imposed by law.
3.5.2 It is necessary for the purpose of fulfilling the contractual obligations of a contract entered into between the Client and Deftech.
3.5.3 It is necessary for pursuing the legitimate interests of Deftech or of a third party to whom the information is supplied.
3.5.4 it is necessary in order to protect a legitimate interest of the Client; or
3.5.5 the consent of the Client has been obtained.
3.6 Under all the above-mentioned circumstances Deftech will take reasonable measures to ensure that such personal information is only provided to the recipient if such recipient undertakes to keep the personal information secure and confidential.
3.7 The duty of security and confidentiality held by the recipient will continue even after the termination or expiry of their services.
3.8 Deftech is committed to ensuring that the personal information that it processes is obtained directly from its Clients’.
3.9 Notwithstanding the provisions of clause 3.8 Deftech may and will process personal information not obtained directly for its Clients in the following circumstances:
3.9.1 The personal information is contained in or derived from a public record or has deliberately been made public by the Client;
3.9.2 The Client or a competent person where the Client is a minor has consented to the collection of the information from another source.
3.9.3 The collection of personal information from another source would not prejudice the legitimate interest of the Client.
3.9.4 The collection of the information from another source is necessary to comply with an obligation imposed by law.
3.9.5 The collection of the information from another source is necessary for the purpose of proceedings in any court of law or tribunal that has commenced or is reasonably contemplated.
3.9.6 The collection of the information from another source is necessary to maintain the legitimate interest of Deftech or of a third party to whom the information is supplied.
3.9.7 Obtaining the personal information directly from the Client would prejudice the lawful purpose for which it is collected; and where
3.9.8 Obtaining personal information directly from the Client is not reasonably practicable.
3.10 The personal information of Clients may also be further processed, but only in accordance or in a manner compatible with the purpose for which the personal information was obtained as provided for in clause 3.3 above.
4. INFORMATION OFFICER
4.1 Deftech has appointed and registered the following person as Information Officer:
4.1.1 Full Name: Scott Giles
4.1.2 Contact Details:
4.2 Deftech has appointed and registered the following person as Deputy Information Officer;
4.2.1 Name: Charne Cornelessen
4.2.2 Contact Details:
4.3 The duties of the Information Officer include the following;
4.3.1 To encourage compliance, by Deftech, with the conditions for the lawful processing of personal information.
4.3.2 To comply with any requests made to Deftech pursuant to POPIA.
4.3.3 To work with the Information Regulator in relation to investigations.
4.3.4 To ensure compliance by Deftech with the provisions of POPIA.
4.3.5 To ensure that a compliance framework is developed, implemented, monitored and maintained.
4.3.6 To ensure that a personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information.
4.3.7 To ensure that a manual is developed, monitored, maintained and made available as prescribed in PAIA.
4.3.8 To ensure that internal measures are developed together with adequate systems to process requests for information or access thereto; and
4.3.9 To ensure that internal awareness sessions are conducted regarding the provisions and Regulations of POPIA, codes of conduct, and information obtained from the Regulator.
4.4 The Information Officer has the authority to designate and delegate any power and duty to a Deputy Information Officer.
4.5 The Information Officer shall upon request by any person, provide copies of the manual to that person upon the payment of a fee.
5. SECURITY SAFEGUARDS
5.1 Deftech has implemented the appropriate technical and organisational security measures which are required in order to protect all personal information which it holds, from and against unauthorised access, accidental or willful manipulation, and loss or destruction.
5.2 While Deftech takes all reasonable efforts to safeguard the personal information which it holds, it cannot be held responsible for any loss or unauthorised processing of personal information which is beyond Deftech’s reasonable control.
5.3 Deftech’s website may contain links to another website outside of Deftech’s control, accordingly Deftech is not responsible for the content, privacy, or security of these other third party controlled websites;
5.4 Deftech has placed cookies on its website which may make contact with a Client's device to help make the Deftech’s social media and electronic platforms website better.
5.5 Deftech makes use of social plugins of social networks such as Facebook, Youtube, Twitter, Instagram, Linked In and Google. Kindly note that Deftech has no influence on or control over the extent of the data retrieved by the social networks' interfaces and Deftech can accordingly not be held responsible or liable for any processing or use of personal information transmitted via these social plugins.
6. DATA RETENTION
6.1 Deftech will not retain the personal information of Clients for longer than is necessary for achieving the purpose for which the information was collected, stored, transferred, used, or processed in any other way.
6.2 Personal information obtained for any of the purposes set out in clause 3.3 will be retained for as long as there is an active and existing relationship between Deftech and the Client.
6.3 The personal information of inactive former Clients will be retained only when it is required or authorised by law, for any lawful purposes related to Deftech’s functions or activities, by a contract between Deftech and the former Client, by consent of the former Client or a competent person where the information relates to a minor.
6.4 Should there be no valid reason as set out in 6.3 for retaining the personal information of former clients, the record of personal information will be destroyed or deleted or alternatively de-identified.
6.5 The destruction or deletion of a record of personal information in terms of clause 6.4 will be done in a manner that prevents its reconstruction in an intelligible form.
6.6 Deftech will not process personal information if its accuracy is contested by the Client.
7. CLIENT PARTICIPATION AND INFORMATION QUALITY
7.1 A Client, having provided adequate proof of identity, may request Deftech to confirm, free of charge, whether or not Deftech holds personal information about the Client.
7.2 A Client, having provided adequate proof of identity, may also request the record or description of the personal information about the Client that is held by Deftech. This record or description of the record will be provided within a reasonable time, at a prescribed fee.
7.3 Whilst Deftech will take reasonably practicable steps to ensure the integrity and accuracy of a Clients’ personal information, this may not at all times be possible. It is accordingly the responsibility of the Client to update Deftech of any changes to their personal information.
7.4 Clients have the right to access or request a correction or deletion of any personal information that Deftech may have and where applicable may ask Deftech to update any inaccuracies in such personal information. Any such requests must be done by way of completing the appropriate form and be submitted to the Information Officer.
7.5 Clients have the right to request the destruction or deletion of any record of personal information that Deftech may have. Any such request must be done by way of completing the appropriate form and must be submitted to the Information Officer.
8. PROCESSING OF PERSONAL INFORMATION BELONGING TO MINORS
8.1 If Deftech collects, stores, transfers, uses, or processes in any way the personal information of a minor, it will do so only with the consent of the minor’s parent or legal guardian, unless the processing is necessary for the establishment, exercise or defense of a right or obligation in law.
9. CROSS BORDER TRANSFER OF PERSONAL INFORMATION
9.1 Deftech will not transfer personal information about a Client to a third party who is in a foreign country unless the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that is the same or substantially similar to the level of protection offered by POPIA.
9.2 Deftech may also transfer the personal information of a Client to a third party who is in a foreign country in the following circumstances;
9.2.1 Where the Client consents to the transfer;
9.2.2 Where the transfer is necessary for the performance of a contract between the Client and Deftech;
9.2.3 Where the transfer is for the benefit of the Client and it is not reasonably practicable to obtain the consent of the Client to that transfer and if it were reasonably practicable to obtain such consent, the Client would be likely to give it.
10. REVOCATION OF CONSENT
10.1 A Client may at any time withdraw their consent to the processing of any of their personal information held by Deftech.
10.2 Clients have the right to request the withdrawal of their consent to the processing of any personal information held by Deftech. Any such request must be done by way of completing the appropriate form and must be submitted to the Information Officer
10.3 The lawfulness of the processing of personal information before the withdrawal of consent will not be affected.
11. INCIDENT RESPONSE
11.1 Deftechshall notify the Client within a reasonable time in writing and shall place a notice on its website if it becomes aware or has reasonable grounds to believe that the personal information of Clients has been accessed or acquired by unauthorised persons.
11.2 Deftech undertakes further to promptly take action, at its own reasonable expense, to investigate any such suspected breach and to identify, prevent and mitigate the effects of any such breach.
11.3 Deftech will as soon as is reasonably possible after the discovery of the compromise provided for in clause 11.1, in writing and in accordance with the provisions of POPIA notify the Information Regulator.
12. REVISION OF POLICY
12.4 By continuing to use the Deftech website or any of the other Deftech's services following any updates or amendments, the Client will be deemed to have agreed to such changes.
13.2 Notwithstanding the provisions of clause 13.1, Deftech encourages Clients to first follow internal complaints processes in order to resolve the complaint. In this regard, Clients are encouraged to contact the Information Officer.
13.3 If, thereafter, Clients feel that Deftech has not adequately resolved their complaint, kindly contact the Information Regulator, whose contact details are as follows;
13.3.1 Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
13.3.2 Postal address; P.O Box 31533, Braamfontein, Johannesburg, 2017
13.3.3 Complaints email: complaints.IR@justice.gov.za
13.3.4 General inquiries email: email@example.com
1.1 The purpose of this policy is to set out what cookies are, what Deftech uses them for, and how you can manage them during your visit to or use of the Deftech website.
1.5 The terms “we,” “us,” and “our” refer to Deftech.
2. WHAT ARE COOKIES
2.1 Cookies are pieces of information transferred from your browser to your computer’s hard drive. They store information about your activity on a browser in order to allow Deftech to recognise you when you revisit our website.
2.2 There are various kinds of cookies that Deftech may use.
2.2.1 First, session cookies which are also known as ‘temporary cookies. These cookies only exist for the duration of your site visit and are deleted on exit. These cookies, unlike other cookies, do not have an expiration date assigned to them and help Deftech recognise you as you move between pages on our website.
2.2.2 Second, permanent cookies which are also known as 'persistent cookies'. These cookies stay on your computer until they expire or are deleted. Permanent cookies are built with automatic deletion dates to help ensure your hard drive doesn't get overloaded. These cookies often store and re-enter your login information, so you don't need to remember them.
2.2.3 Kindly note that there are other kinds of cookies that may be sub-categorised within the session and permanent cookies categories. Those cookies may also be used by Deftech.
3.1 Cookies are common and Deftech uses them to make your web experience faster, convenient, and personalised.
3.2.1 granting you access to restricted content.
3.2.2 tailoring the Deftech website’s functionality to you personally by letting us remember your preferences, location or device type.
3.2.3 improving how our website performs.
3.3.4 understanding who our audience is so that we can provide content most relevant to you.
3.3.5 allowing third parties to provide services to our website; and
3.3.6 helping us deliver interest-based advertising where appropriate in compliance with the applicable laws.
4. MANAGING COOKIES
4.1 You can modify your cookies at any time by clicking on the “Manage Cookies” tab.
4.2 By clicking “I accept” on the cookies banner, you accept all cookie usage and consent to store cookies on your computer.
4.3 By clicking “I refuse” on the cookies banner, you may be prevented from accessing certain aspects of our website where cookies are necessary. Only the cookies necessary for the proper functioning of the website will be used.
5. REVISION OF POLICY
5.2 If material amendments are made in how personal information is collected, stored, transferred, used or processed in any other way, this Cookies Policy will be updated, and notices will be provided where appropriate.
5.4 By continuing to use the Deftech website or any of the other Deftech’s services following any updates or amendments, the Client will be deemed to have agreed to such changes.