Last updated: 27/05/2024

Ubuntu Academic Institute (hereinafter referred to as “UAI,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal data collected from students, employees, and other individuals. This Data Protection Policy outlines how we collect, use, disclose, and protect personal data in compliance with data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa.

1. Scope

This policy applies to all personal data collected, processed, or stored by UAI in the course of our operations, including but not limited to student records, employee records, and any other personal data collected from individuals.

2. Collection and Use of Personal Data

a. Lawful Basis

We collect and process personal data for lawful purposes, including:

  • To fulfill our contractual obligations with students and employees.
  • To comply with legal and regulatory requirements.
  • To pursue our legitimate interests, such as improving our services and managing our operations.

b. Types of Personal Data

We may collect the following types of personal data:

  • Contact Information: Name, address, email address, phone number.
  • Identification Information: Date of birth, ID or passport number.
  • Educational Information: Academic records, course enrollment details.
  • Employment Information: Job title, work history, salary details (for employees).

c. Consent

Where required by law, we will obtain consent from individuals before collecting or processing their personal data. Individuals have the right to withdraw consent at any time.

3. Data Security

a. Safeguards

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments.

b. Confidentiality

Access to personal data is restricted to authorized personnel who need access to perform their job duties. All personnel with access to personal data are required to maintain confidentiality.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal data is no longer needed, we will securely delete or anonymize it.

5. Data Sharing and Disclosure

a. Third Parties

We may share personal data with third-party service providers, such as cloud hosting providers and payment processors, who assist us in providing our services. We require these third parties to comply with data protection laws and to implement appropriate security measures.

b. Legal Requirements

We may disclose personal data if required by law or in response to a valid legal request from a law enforcement or government agency.

6. Individual Rights

a. Access

Individuals have the right to request access to their personal data held by UAI and to receive a copy of that data.

b. Correction

Individuals have the right to request correction of any inaccuracies in their personal data held by UAI.

c. Deletion

Individuals have the right to request deletion of their personal data held by UAI, subject to certain exceptions.

7. Data Breach Response

In the event of a data breach involving personal data, we will promptly investigate the breach, mitigate its effects, and notify affected individuals and relevant authorities as required by law.

8. Training and Awareness

We provide regular training to our staff on data protection principles and their responsibilities under this policy. We also promote awareness of data protection among students and other stakeholders.

9. Compliance

We are committed to complying with all applicable data protection laws and regulations, including POPIA and the General Data Protection Regulation (GDPR) where applicable.