THENSA POPIA PRIVACY NOTICE
Technological Higher Education Network South Africa (hereafter referred to “THENSA”) is a representative body for Technology Focused Institutions in Africa. THENSA promotes relevant, impactful, and globally competitive qualifications, skills, research, and innovation in partnership with Business, Industry and Research Institutes locally and internationally to ensure a vibrant economy in Africa.
1. THE PURPOSE OF THE NOTICE
The purpose of this notice is to inform THENSA clients about the type and use of personal information the Organisation collects, the ways in which it is collected, the sharing, protection, and storage thereof.
2. WHAT IS PERSONAL INFORMATION?
POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The person to whom personal information relates is referred to as the “data subject”.
Examples of personal information include, but are not limited to, contact information, financial information, information relating to race, gender, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person.
3. WHO ARE THE ROLE-PLAYERS?
The POPI Act establishes several role-players with specific rights and responsibilities:
a. The Data Subject: The person (natural person or legal entity) to whom the information relates. This can be a new or existing person, a prospective partner, a supplier, or any other person whose personal information is being processed by THENSA. Data subjects can also be resident anywhere in the world and will qualify as a data subject if their personal information is processed by a responsible party in South Africa.
b. The Responsible Party: The party (THENSA) must comply with the POPI Act. The responsible party processes the personal information, determines the purpose for which the personal information is needed and can even outsource a part or all the processing of the personal information to a Third Party who is referred to as an ‘Operator’ in terms of the POPI Act. Importantly though, despite the processing being outsourced to an Operator, the responsible party remains responsible for such processing, making it imperative that processing of personal information by Operators must also be compliant with the POPI Act.
c. The Operator (third party): a person who processes personal information on behalf of the responsible party. For example, an IT vendor or an FSP.
The POPI Act places various obligations on the responsible party (THENSA), which is the body ultimately responsible for the lawful processing of personal information. All persons who collect, manage, process, transfer, store and/or retain personal information, has a responsibility to process such information in accordance with the provisions of POPIA.
THENSA requires the data subject’s permission to process the personal information.
4. WHAT IS THE PURPOSE OF THE COLLECTION OF PERSONAL INFORMATION?
The purpose for the collection of a Data Subject’s personal information by THENSA is to:
- comply with lawful obligations, including all applicable, tax and financial legislation
(including compliance with any, Consumer Protection Act, the Financial
Intelligence Centre Act 38 of 2001 (FICA), the National Credit Act, 34 of 2005
- give effect to a contractual relationship between the Data Subject and THENSA
and to ensure the correct administration of the relationship.
- facilitate various operational functions.
- perform data analyses and to share personal information with third parties for data
- to manage and protect the legitimate interests of THENSA, the Data Subject or a
All personal information which the data subject provides to THENSA will only be used for the purposes for which it is collected.
5. STORAGE, RETENTION, AND DESTRUCTION OF INFORMATION
All personal information which the data subject provides to THENSA will be held and/or stored securely and held for the purpose for which it was collected. The data subject’s personal information will be stored electronically in a centralised data base and will be accessible to authorised personnel ONLY at THENSA. Where appropriate, some information may be retained in hard copy. In either event, storage will be secure and audited regularly to confirm the safety and the security of the information. Once the data subject’s personal information is no longer required, i.e., since the purpose for which the information was held has been completed, such personal information will be safely and securely stored for a period of 5 (five) years per FICA (the Financial Intelligence Centre Act 38 of 2001). Thereafter, all the data subject’s personal information will be permanently destroyed.
6. RIGHT TO OBJECT
In terms of section 11(3) of POPIA the data subject has the right to object in the prescribed manner to THENSA.
7. HOW AND WHEN IS INFORMATION COLLECTED FROM THE DATA SUBJECT?
THENSA collects information of a data subject in the following ways, including but not limited to:
- When the data subject requests or consents to be added to THENSA’s database
- When the data subject uses the THENSA website (https://www.thensa.co.za)
- When the data subject or other parties give THENSA information verbally or in writing. This may be in the format of registration forms, attendee sheets, through correspondence or lodging a complaint or query.
- During the execution of automated THENSA application services, relying on, and referring to information shared, and consent given, as described in point number 3 above. This includes graduate employability data, with reference to the data subject’s public LinkedIn Profile shared during registration.
8. PROCESSING OF PERSONAL INFORMATION
THENSA makes use of and processes data subject’s information in various ways to comply with South African legal obligations. Ways in which the data subject’s information may be used are:
- Confirming identify, to help in the processing of an application for any one of the services provided by THENSA.
- Contacting the data subject by telephone, text message, email, post, or social media, or other means but not in a way that is contrary to the instruction of the data subject, legitimate interest or contrary to law.
- Conducting marketing activities such as direct marketing (should it not be objected by the data subject to be used) and research, including surveys, analytics, and related activities.
- Carrying out strategic planning and project management. This could include compiling and processing the data subject’s information for audit, statistical or research purposes (including, in some instances, making data anonymous) to help THENSA understand trends in its research, management information, operational and data risk management.
- Protecting THENSA’ business reputation, resources, and equipment, to manage network information and security (developing, testing, and auditing our websites) and other systems, dealing with accidental events, unlawful or malicious actions that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal data, and the security of its related services.
- Managing and administering legal and compliance matters within THENSA, including compliance and regulatory, legislative, and voluntary codes of practice to which THENSA is committed.
9. WHAT ARE THE DATA SUBJECT’S RESPONSIBILITIES?
The Data Subject is responsible for maintaining the confidentiality of their username, password, and any other security information provided to or chosen by the Data Subject and will:
- Use strong passwords (where applicable) and
- Not share account login details with any person
10. SHARING OF PERSONAL INFORMATION
THENSA will only share your personal information with third parties if the Data Subject has consented to such disclosure. If consent has been obtained, THENSA may share the personal information with persons or organisations within and outside of the Organisation. This may include:
- Statutory and Regulatory bodies and law enforcement authorities. These bodies include but are not limited to the following: The Information Regulator (South Africa), Financial Intelligence Centre (FIC), SARS, police authorities, and other designated authorities in connection with combating financial and other serious crime.
- Companies that provide support services for the purposes of protecting THENSA legitimate interests.
11. THE DATA SUBJECT’S RIGHT TO REQUEST ACCESS TO INFORMATION
The Data Subject has the right to request a copy of the personal information which THENSA holds in its possession. Communication of such a request can be done via the contact details provided below.
12. UPDATING OR CORRECTION OF PERSONAL INFORMATION
The Data Subject has a right to request for their personal information to be updated, corrected, or deleted and THENSA will process the request in accordance with its policies. Communication of such a request can be done via the contact details provided below.
13. INFORMATION OFFICER CONTACT DETAILS
Should you have any questions pertaining to personal data being collected, stored, shared, or processed by THENSA, or if you wish to exercise any of your data rights, queries can be directed to the THENSA Information Officer:
Christelle Venter +27 82 267 5125, +27 12 382 4896
Emails email@example.com or firstname.lastname@example.org
14. UPDATE OF PRIVACY NOTICE
THENSA reserve the right to and may from time to time update the Privacy Notice. Such revision shall be made available on the THENSA website. The onus is on the Data Subject to check the THENSA website periodically for any updates or changes or contact the Information Officer.
It is the policy of the THENSA to abide by and follow any rule of common or statutory law. Contents posted by individuals, member institutions, universities, students and organisations and other users to the THENSA’s websites, may reflect their own opinions, interests, and activities; they may not implicitly or explicitly represent official policies or positions of THENSA.