- Midstream College recognises the constitutional rights of a person/s to privacy and acknowledges that it is of the utmost importance, as required by law, to protect the personal information pertaining to the relevant parties concerned.
- At Midstream College we are committed to protecting the privacy of our clients and to ensure that their personal information is collected and used properly, lawfully and transparently.
- Personal Information as described by POPIA ’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
2. THE AIM OF THIS POLICY
- This policy explains how we obtain, use and disclose personal information, in accordance with the requirements of the Protection of Personal Information Act (POPIA).
- Midstream College undertakes to respect and protect the privacy of all persons who are associated with the school whether they are employees of this company or persons who are business partners or other entities, who for various reason of interest, are related to Midstream College.
3. SCOPE OF THE POLICY
- This policy is applicable to all employees of Midstream College, and has been introduced in order to encourage the protection and confidentiality of all personal information as collected and stored by Midstream College.
- The information officer is the custodian of this policy, as it is the responsibility of the information officer to ensure that this policy is incorporated and implemented in the various divisions of Midstream College, and that workshops and training is provided to all parties concerned regarding the contents of the Protection of Personal Information Act (POPIA).
- This policy applies to all permanent and temporary positions held by persons within Midstream College and is applicable to all temporary and permanent employees. Midstream College will make employees aware of this procedure by discussing it during induction sessions, and by distributing it to the workforce.
- However, it remains the duty and responsibility of all employees to make themselves aware of, and to familiarise themselves with, the content and application of this document.
4. PURPOSE OF THE POLICY
- The purpose of this policy is to incorporate the requirements of the Protection of Personal Information Act (4/2013) (hereafter referred to as ‘PoPIA’) into the daily operations of Midstream College and to ensure that these requirements are documented and implemented in the business processes.
- The objective of this policy is to ensure the constitutional right to privacy, with regards to the:
- safeguarding of personal information;
- regulation and processing of personal information;
- execution of the prescribed requirements for the legal processing of personal information; and
- protection of free flow of personal information.
- Midstream College and its employees shall adhere to this policy concerning the management of all personal information received from, but not limited to natural persons, employees, clients, suppliers, agents, representatives and partners of Midstream College, to ensure compliance is applied to this Act and the applicable regulations and rules relating to the protection of personal information is adhered to.
5. PROVISION OF THE POLICY
- Midstream College acknowledges that it is mandatory to comply with the provisions of the Protection of Personal Information Act; (POPIA).
- There are eight (8) conditions that shall apply, and which are relevant for the lawful processing of personal information:
- Processing limitation;
- Purpose specification;
- Further processing limitation;
- Information quality;
- Transparency (honesty and integrity);
- Security safeguards; and
- Data subject participation.
6. PROCESSING OF PERSONAL INFORMATION
- The procedure of processing the personal information, refers to the collection, recording, organisation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, including inaccessibility, erasure or destruction of personal information.
- Midstream College will collect personal information directly from you. All personal information must only be collected for a specific, explicitly, defined and lawful purpose, related to the function or activity of Midstream College.
- Midstream College will use your personal information only for the purposes for which it was collected.
- Midstream College may disclose your information:
- Where we have a duty or a right to disclose in terms of law or industry codes;
- Where we believe it is necessary to protect our rights.
- Midstream College undertakes to ensure that any additional processing of personal information will be in accordance for the purpose for which it was collected.
7. RETENTION AND RESTRICTION OF RECORDS
- Records of personal information should not be retained for longer periods than is necessary for achieving the purpose for which the information was collected, unless:
- the retention of a record is required or authorised by law;
- Midstream College, reasonably requires a record for legal or other purposes related to its functions or activities;
- Midstream College will destroy or delete a record of personal information as soon as it is reasonably practical once it has no further authority to retain a record for a further period;
- The deletion of a record of personal information should be processed in a manner that prevents its reconstruction in an intelligible/understandable form;
8. SECURITY SAFEGUARDS
- Midstream College will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable, technical and organisational measures to prevent loss of, damage to, or unauthorised destruction of personal information; and unlawful access to or processing of personal information;
- Midstream College will take responsible measures to:
- identify all reasonable predictable internal and external risks to personal information in its possession or under its management;
- establish and maintain appropriate safeguards against the risks identified;
- regularly verify that the safeguards are effectively implemented; and
- ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguarding methods.
9. RIGHTS OF THE DATA SUBJECT
- A data subject, having provided adequate proof of identity, has the right to:
- request Midstream College to confirm, free of charge, whether it holds personal information regarding the data subject; and
- request from Midstream College a record or a description of the personal information relevant to the data subject held by Midstream College ,
- This must be processed within a reasonable period, at a fee prescribed as determined by the Information Officer.
- A data subject may request Midstream College, to correct personal information in its possession or under its management which is inaccurate, irrelevant or out of date.
- You can opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt out.
10. MONITORING AND ENFORCEMENT
- All employees will be responsible for administering and overseeing the implementation of this policy including the supporting of guidelines, standard operating procedure, notices, consents and appropriate related documents and processes.
- Employees who violate the guidelines and standard operating procedures of this policy may be subjected to disciplinary action, being taken against him/her.
- The point of contact for requests, disclosures, questions, complaints and any other inquiries relating to the processing, collection, or re-identifying of personal information shall be directed to the information officer or deputy information officer(s).
11. PROCESSING OF ELECTRONIC INFORMATION
- Midstream College is legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information.
- Midstream College will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
- Our security policies and procedures cover:
- Physical security;
- Computer and network security;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Governance and regulatory issues;
- Monitoring access and usage of private information;
- Investigating and reacting to security incidents.
- When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
- We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
- Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
12. COLLECTION OF PERSONAL INFORMATION
- Midstream College will collect and process your personal information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for specific use.
- The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
- We collect information directly from you where you provide us with your personal details, for example when you purchase or supply a product or services to or from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
- Examples of information we collect from you are:
- email address
- telephone/cell number
- user-generated content, posts and other content you submit to our web site
- Midstream College may also collect information about you from other sources as explained below (see 13).
13. COLLECTION OF NON-PERSONAL INFORMATION
- Midstream College may automatically collect non-personal information about you such as the type of internet browsers you use or the website from which you linked to our website.
- You cannot be identified from this information and it is only used to assist us in providing an effective service on this web site.
- We may from time to time supply third parties with this non-personal or aggregated data for uses in connection with our website.
14. COOKIES POLICY
- We use the term “cookies” to refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications.
- Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
15. HOW WE USE YOUR INFORMATION
- We will use your Personal and Non-Personal Information only for the purposes for which it was collected or agreed to with you, for example:
- Analyse the effectiveness of our advertisements, competitions and promotions
- Collect information about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your Personal Information so as to ensure that the site presents the best web experience for you
- Evaluate the use of the site, products and services
- For audit and record keeping purposes
- For market research purposes
- For monitoring and auditing site usage
- Help speed up your future activities and experience on the site. For example, a site can recognise that you have provided your Personal Information and will not request the same information a second time.
- In connection with legal proceedings
- Make the site easier to use and to better tailor the site and our products to your interests and needs
- Personalise your website experience, as well as to evaluate (anonymously and in the aggregate) statistics on website activity, such as what time you visited it, whether you’ve visited it before and what site referred you to it
- Suggest products or services (including those of relevant third parties) which we think may be of interest to you
- To assist with business development
- To carry out our obligations arising from any contracts entered into between you and us
- To conduct market or customer satisfaction research or for statistical analysis
- To confirm and verify your identity or to verify that you are an authorised customer for security purposes
- To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
- To notify you about changes to our service
- To respond to your queries or comments
16. RIGHT TO OBJECT
- In terms of the POPI Act (POPIA) section 18. (h) (iv) you have the right to object to the processing of personal information as referred to in section 11(3) of the POPIA.
17. RIGHT TO LODGE A COMPLIANT
- In terms of the POPI Act (POPIA) section 18. (h) (v) you have the right to lodge a complaint to the Information Regulator (South Africa) (IRSA).
- The IRSA contact details are:
33 Hoofd Street
Forum III, 3rd Floor Braampark
P.O Box 31533
Braamfontein, Johannesburg, 2017
Chief Executive Officer
Tel No. +27 (0) 10 023 5207, Cell No. +27 (0) 82 746 4173
18. CHANGES TO THIS NOTICE
- Please note that we may amend this notice from time to time. Please check our website periodically to inform yourself of any changes.
19. HOW TO CONTACT US
- If you have any queries about this notice or believe we have not adhered to it, or need further information about our privacy practices, exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our contact page.
Approved: June 2021
Next evaluation: June 2023