- Protecting our clients’ personal information is important to USB Executive Development (Pty) Ltd (“the Organisation”). To do so, it follows general principles in accordance with applicable privacy laws (“Applicable Laws”).
- This privacy notice applies to Personal Information processed by or on behalf of the Organisation where we act as the Responsible Party.
Collection of Personal Information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
- Personal information is data that can be used to identify you. This information includes but is not limited to names, ages, identity numbers, registration numbers, addresses and other contact details, income and payments records, financial information, and banking details. It does not include data where the identity has been removed (anonymous data).
- We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together.
- Identity Data includes first name, last name, alias, username or similar identifier, title, date of birth, identity number, passport number, photographic material, gender, ethnicity, languages, and geographical information.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes banking details, credit bureau information, arrears information, tax information, company registration information.
- Educational and professional background such as academic/professional qualifications, education, CV/resumé, work experience, accreditations and accolades, memberships, and affiliations, including professional bodies, nationality, immigration status, demographic data, and similar data.
- Transaction Data includes details about payments to and from you and other details of services and transactions with us, records of correspondence or enquiries from you or anyone acting on your behalf, details of contracts, sales, or leases you have concluded with us.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Specific identifiers, known as Special Personal Information, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, such as your race and disability related information (B-BBEE related).
- Biometric information, such as images, fingerprints, and voiceprints.
- Other information you choose to share with us.
WE COLLECT YOUR PERSONAL INFORMATION IN THE FOLLOWING WAYS:
- Directly from you when you complete an application form or conclude an agreement with us and/or provide a quote to us, whether electronically or on hard copy.
- Directly from other sources, such as public databases, and third parties, as well as other financial institutions or
- Indirectly through your interactions with third parties. Where permitted by law, we collect or receive information about you from companies to whom you indicate that you would like to learn more about the Programme, companies that are our partners, or other entities within the Stellenbosch University umbrella or our partner companies (collectively “Other Sources”) in order to update or supplement the information that you provide or that we collect automatically. We may use this information to help us maintain the accuracy of the information we collect, to target our communications so that we can inform you of products, services or other offers that may be of interest to you, and for internal business analysis or other business purposes. We may combine the information we receive from and about you, via the Websites and from Other Sources to help us tailor our communications to you and to improve the Websites.
Should you wish not to be included in such recordings during a programme or an event, kindly inform the host or your Programme Manager, where reasonably possible, we shall provide mechanisms to exclude you.
Our Contact Particulars.
Organisation Name: USB Executive Development (Pty) Ltd
E-Mail us: firstname.lastname@example.org
Call us: +27 (0)21 918 4488
Visit us: Carl Cronjé Drive, Bellville 7530
Purpose for which the information is being collected.
- We will only use Personal Information within the framework of the law. Most commonly, we will use your personal information in the following circumstances:
- The processing is necessary to perform a contract with you or take steps to enter into a contract at your request, including:
- providing our services to individuals and companies
- verifying your identity
- taking payments
- communicating with you.
- The processing is necessary for us to comply with a relevant legal obligation. This includes:
- in response to requests by government or law enforcement authorities conducting an investigation;
- using personal information in connection with legal claims, compliance, regulatory and investigative purposes as necessary, including disclosure of such information in connection with legal process or litigation.
- The processing is necessary for our legitimate interests (or those of a Third-party) ensuring that we conduct our business in line with our objectives, improving and developing our products and services, and keeping our records accurate and up to date and your interests and fundamental rights do not override those interests, including:
- using your information to provide products and services you have requested and responding to any comments or complaints you may send us;
- assessing and dealing with complaints and requests;
- personalising your experience on the Websites and in any Programme in which you choose to enrol and to help us to better respond to your individual needs;
- targeting advertising to groups of individuals with similar interests or characteristics through services offered by third-party Service Providers;
- developing new products or services or conducting analyses to enhance current products and services;
- reviewing the usage and operations of the Websites and analysing and improving the Websites;
- conducting market research and alumni/client-related customer experience surveys;
- providing you with information about SBS-ED’s products or services from time to time via email, telephone or other means (for example, events);
- protecting the security and functionality of the Websites, including using personal information you provide to investigate any complaints received from you or from others about our Websites or our products and services.
- You have consented to the processing. This includes:
- where consent is required by Applicable Law, sending you direct marketing in relation to our relevant products and services, or other products and services provided by SBS-ED, its partner companies and affiliate entities within the Stellenbosch University umbrella;
- on other occasions where we ask you for consent, using the data for the purpose which we explain at that time.
- We may also use your personal information in the following situations:
- Where we need to protect your interests (or someone else’s interests). This includes:
- if you provide a credit or debit card as payment, using third parties to check the validity of the sort code or routing number, account number and card number you submit in order to prevent fraud;
- monitoring customer accounts to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime, in accordance with Applicable law
Where it is needed in the public interest or for official purposes.
- We only collect Personal Information for the specific, explicitly defined, and lawful purpose of conducting our business.
- Note that we may process Personal Information for more than one lawful ground depending on the specific purpose for which we are using the data. Please contact us if you need details about the specific legal ground, we are relying on to process your Personal Information where more than one ground has been set out.
- We are taking reasonable technical and operational measures to prevent unauthorised access to and disclosure of your personal information, as well as to maintain its accuracy, and to safeguard appropriate use thereof. However, we do not guarantee that your information shall be 100% secure. It is important that you take all necessary and appropriate steps to protect your personal information yourself (for example, by ensuring that all passwords and access codes are kept secure). SBS-ED will not be held responsible for any unauthorised access to or acquisition of your information.
- Direct Marketing
- We may use your personal information to periodically send you direct marketing communications about products or our related services that we think may be of interest to you. This will be in the form of email, SMS, or targeted online advertisements. We limit direct marketing to a reasonable and proportionate level, based on the information we have about you.
- Where opt-in consent is required, we will ask for your consent.
- You have a right to stop receiving direct marketing at any time – you can do this by following the opt-out or unsubscribe links located in the electronic communications (such as emails) you receive from us, on our website via our “Manage your subscriptions” form, by contacting us, or by emailing us.
Use of de-identified, aggregate, or anonymised information
Is the supply of the information voluntary or mandatory?
Supplying of certain types of information is mandatory in terms of legislation and regulations. For example, in terms of the Consumer Protection Act, a supplier of goods or services must provide a written record of each transaction to the consumer to whom any goods or services are supplied.
Any particular law authorising or requiring the collection of the information.
- If your Personal Information is collected in terms of a particular law authorising or requiring the collection of the information, we will take steps to ensure that you are aware of that. Legislation applicable include:
- The following are examples of laws that require us to collect and keep personal information:
- The Electronic Communications and Transactions Act (ECT)
- The Financial Intelligence Centre Act (FICA)
- The Financial Advisory and Intermediary Services Act (FAIS)
- The National Credit Act (NCA)
- The Consumer Protection Act (CPA)
- Long-term Insurance Act (LTIA)
- Financial Sector Regulation Act (FSRA)
Failure to provide the requested information.
This personal information is required to enter into a contract with you (such as in anticipation of a services level agreement) or to perform a contract with you (such as to provide services at your request), and failure to provide any information may result in our inability to provide you the requested services or products.
Failure to provide certain information may make it difficult or impossible for you to access some services through the Websites (for example, to register for and complete Programmes).
You should ensure that personal information submitted to us is accurate and up-to-date.
Transfer the information to a Third-party and cross-border transfers.
If your Personal Information is transferred outside the Republic of South Africa to Third-party service providers, we will take steps to ensure that your Personal Information receives the same level of protection as if it remained within the Republic.
However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect personal information, we cannot guarantee its absolute security.
Recipient or category of recipients of the information
Your Personal Information will be treated as prescribed by the 8 Conditions for the Lawful Processing of Personal Information in the POPI Act. We may share your Personal Information with:
- Stellenbosch University– Where you have expressed interest and given your consent, we share your information with our major shareholder, Stellenbosch University, to provide you with information about other educational / development programmes and/or opportunities.
- Third-Party Service Providers– We share your information with third parties that provide business, professional, or technical support functions for us. In particular, we use third-party providers for website hosting, maintenance, marketing services, courier services, certification services, business operations, payment services, and identity verification services (“Service Providers”). These Service Providers are only given access to your information to the extent necessary to process your information and/or provide services to SBS-ED, and they are prohibited from using or sharing your information for any other purposes. Where permitted by law, SBS-ED discloses limited information about you to Service Providers to serve relevant advertising on third-party platforms to you or to other audiences.
Third Parties and International transfers – We may transfer your information to another of SBS-ED’s entities, a learning partner or a third-party who carries on business in another country, including one which may not have data privacy laws similar to those of the Republic. If this happens, we will ensure that anyone to whom we pass your information agrees to treat your information with the same level of protection as if we were dealing with it. If you do not wish us to disclose this information to third parties, please reach out to us. We may, however, not be able to provide products or services to you if you do not agree with such disclosure.
- Your employer / our client– We share your information with your employer, in the event that the employer is paying for your Programme (“Your Employer / Our Client”). Information disclosed in this case shall include Programme performance information, unless otherwise expressly agreed in writing with SBS-ED.
- Legal matters; safety– We access or share your information to satisfy any Applicable Law, regulation, legal process, or governmental request; in connection with an investigation on matters related to public safety; as permitted by law; or otherwise as required by law. We may disclose your information to protect the security of the Programme, the Websites, servers, network systems, and databases. We may disclose the information we collect from you in order to comply with the law, a legal proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- Fraud; security– We access and disclose your information to detect, prevent, or otherwise address fraud, security or other technical issues.
- Consent; other– We share information with third parties when we have your consent, or otherwise as described to you at the point of information gathering.
- Government– Government bodies, regulators, and any other third-party necessary to meet our legal and regulatory obligations.
- Professional Advisors– our own professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities.
Publicly Available Content
Any information you may disclose through the Websites, such as on message boards, in chat rooms, or on other public areas, such as on webinars / virtual learning sessions that you may attend about the Programmes, may be viewed by others, such as your fellow participants and facilitators. Please exercise caution when disclosing personal information in these public areas. If you do not want SBS-ED to store metadata associated with your content, please remove the metadata before uploading your content.
Retention of Personal Information
We may retain your personal information indefinitely, unless you object, in which case we will only retain it if we are permitted or required to do so in terms of Applicable Laws. However, as a general rule, we will retain your information in accordance with retention periods set out in Applicable Laws, unless we need to retain it for longer for a lawful purpose. (For example, for the purposes of complaints handling, legal processes, and proceedings.)
YOUR RIGHTS AS A DATA SUBJECT.
As a Data Subject in terms of the POPI Act, you do have the following rights:
- Right to be Notified:
The right to be notified that –
- your Personal Information has been accessed or acquired by an unauthorised person;
- Right of Access:
The right, under the Promotion of Access to Information Act, 2000 (“PAIA”), to establish whether we hold Personal Information of you and to request access to your Personal Information – use our form 03.8_PAIA Form C_ Request for Access to Record of Private Body. Please also refer to SBS-ED‘s PAIA Manual.
- Right to Correction, Destruction or Deletion:
The right, under the Promotion of Access to Information Act, 2000 (“PAIA”), to request, where necessary, the correction, destruction or deletion of your Personal Information – use our form 03.7_Request Correction Deletion Personal Information; If you are enrolled in a Programme, you may access and/or update your personal information via your user profile on our Learner Management System or your subscription preferences on www.sbs-ed.com. Please also refer to SBS-ED‘s PAIA Manual.
- Right to Objection:
The right to object –
- on reasonable grounds relating to your particular situation to the processing of your Personal Information;
- to the processing of your Personal Information –
- at any time for purposes of direct marketing; or
- for purposes of direct marketing by means of unsolicited electronic communications – use our form 6_Objection to the Processing of Personal Information.
- Right with regards to Automated Processing:
The right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of your Personal Information intended to provide a profile of you.
- Right to Complain:
The right to –
- submit a complaint to the Regulator regarding the alleged interference with the protection of the Personal Information of any Data Subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator as; and
- to institute civil proceedings regarding the alleged interference with the protection of your Personal Information.
If you believe that this office has not replied to your access request or has not handled your Personal Information in a reasonable manner, please address your concerns first with our Information Officer. You may also choose to make a complaint to the Information Regulator.
Our Information Officer:
Information Officer: Dr Chris van der Hoven
Deputy Information Officer: Kaashiefa Johnson
E-Mail Address: email@example.com
Contact Number: +27 21 918 4159
You can contact the Information Regulator if you have any complaints about this privacy notice or information, we hold about you.
Address Physical: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Address Postal: P.O Box 31533, Braamfontein, Johannesburg, 2017
Tel No: +27 (0) 10 023 5200
Web Address: https://www.justice.gov.za/inforeg/contact.html
- You acknowledge that you understand why your Personal Information needs to be processed;
- You accept the terms which will apply to such processing, further processing, including the terms applicable to the transfer of such Personal Information cross border;
- Where consent is required for any processing as reflected in this Policy, you agree that we may process this particular Personal Information;
- Furthermore, should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and / or the required permissions in respect of the processing of that Organisation or entities’ Personal Information.
Last Updated: 29 June 2021