SayPro

SayPro SAYPRO POPI ACT POLICY AND STANDARD OPERATING PROCEDURE

Written by

in

Buy the SayPro POPI Act Policy now for your organisation, department, municipality company by clicking here https://69.16.196.80/product/saypro-popi-act-policy-development/

1.    Scope and Purpose

The POPI Act stipulates 8 conditions for the lawful processing of data. These include:

  1. Accountability
  2. Processing limitation
  3. Purpose specification
  4. Further processing limitation
  5. Information quality
  6. Openness
  7. Security safeguards
  8. Data subject participation

This document outlines the process followed on SayPro (Connect) to ensure compliance with the POPI Act.

2.    Training and Non-Disclosure

All employees of SayPro are to be trained on POPI Act Awareness by July 2021. 

3.    Condition 1: Accountability

SayPro will ensure conditions for lawful processing of Personal Information – especially when it comes to the electronic processing of such information on SaPro.

4.    Condition 2: Processing Limitation

The second condition handles the processing of data on the system. This include processing data in such a way that it doesn’t risk the subject’s privacy, that only relevant data is processed, that the subject gives consent for this data to be used. Proof of this consent must be kept on the system and the subject should be able to withdraw this consent at any given time.The following data is processed on the system:

4.1.    Personal Information

Sign up

Only relevant personal information, which is required for identification purposes, is asked from the client upon signing up:

  • Name
  • Surname
  • Email address
  • Organisation

Further biographical information is required for qualification requirements by Academic Bodies for qualification purposes

  • ID Number
  • Citizenship
  • Disability status code
  • Disability rating
  • Immigrant status
  • Home address
  • Postal address
  • Highest qualification
  • ID Number
  • Copy of certified ID document (proof of student’s existence)
  • Equity
  • Gender

A full list of Personal Information that is processed, and the reason for processing, can be found under Annexure A of this document.

From browser

Automatic Internet usage information is logged on the system, such as Internet Protocol address (IP address), browsing habits, click patterns, cookie preferences, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).

Cookies

Small text files called ‘cookies’ are put on the client’s device when they visit the site. These files do contain a personal identifier allowing SayPro to associate personal data with a certain device. These files ensure the tailoring of the website’s functionality to the client’s personal preferences, e.g. allowing quick access links to most recently used areas of the site.

5.    Privacy Policy Agreement

All clients must accept a privacy policy when logging in the first time and thereby giving consent for personal data to be processed and used to complete services rendered by SayPro. 

6.    Condition 3: Purpose Specification

Condition 3 details the reasons for collecting data and specifies that this data should only be kept on the system for as long as necessary to process what the clients do on the system.There are two aspects around this. The first one is that the learner should be identified, and that proof of this identity should be uploaded to the system. SayPro is an online learning system, whereby clients on the system completes learning activities and records of these activities are linked to the clients. The law requires that this information is kept for 5 years and SayPro keeps them on an integrated cloud based system.Certain information is required by governing bodies, e.g. the Quality Council for Trades and Occupations (QCTO), various SETAs, CIPS and Clints of SayPro.Other information is required for Alumni Communication, Notification of Professional Development Events, Training and Further Education.

7.    Condition 4: Further Processing Limitation

The following measures are put in place to ensure clients’ privacy:There are three options available on the SayPro system when it comes to clients’ information:

  • Not visible
  • Visible to client and administrator
  • Visible to everyone with limited access and information based on client role

All data fields are set to “Visible to client”, so that only the client and the Systems Administrator can access their own personal data. Relevant information may be sent to our qualifications department and authorities and be viewed by our Chief Client Officer to support our Client in their studies. 

8.    Condition 5: Information Quality

When a client signs up for an Accredited Programme, proof of ID is required for registration with the relevant Academic Body or Authority. Therefore, along with personal information entered on the system, a verified proof of ID should also be uploaded to the system (Only for Client studying towards an Accredited Programme. ID Documents are not required for non-accredited short courses or other services). The client receives a clientname and password, which is used to log in to SayPro

  • SayPro will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
  • In taking the steps referred to above, SayPro must have regard to the purpose for which personal information is collected or further processed

SayPro provides all clients with the ability to update and ensure correctness of their own personal information through the “Update my profile” functionality.

9.    Condition 6: Openness

SayPro will take reasonably practicable steps to ensure that Client are made aware of:

  • the information being collected and if not directly from the data subject, the source from which it is collected
  • the name and address of SayPro
  • the purpose for which the information is being collected (Available in Annexure A)
  • whether or not supply of this information by the data subject is voluntary or mandatory
  • the consequences of failure to provide such information
  • any particular law which authorizes or requires the collection of the information
  • the intention of SayPro to transfer the information to a third country or international organization and the level of protection provided to this information by that country or organization
  • any further information necessary to enable processing in respect of the learner to be reasonable, taking into account the specific circumstances in which the information is to be (or not to be). For example:
  • recipient or category of recipients of the information
  • nature or category of the information
  • existence of the right of access to and right to rectify the personal information collected
  • the existence of the right to object to the processing of the information
  • the right to lodge a complaint to the Information Regulator

The client should be made aware of the above information prior to collection or in the instance where the information is collected from a source other than the data subject, as soon as reasonably practicable after the personal information is collected.

10.         Condition 7: Security safeguards

SayPro works with system roles and capability security. Thus, only individuals who should have the capability to view certain information, has that capability.SayPro subscribes to industry standards for information technology security as per the POPI Act.

11.         Condition 8: Data subject participation

SayPro provides all clients with the ability to update and ensure correctness of their own personal information through the “Update my profile” functionality. Client can at any time access their profiles to view the information that we keep on them. 

12.         Data Request Standard Operating Procedure

When a SayPro Client submits a request for their information to be removed, the following process should be followed:

  1. Establish account purpose and history
    1. If the account was used for Internal Training (Employee), or short course training, then the account can be deleted – given that the certificates have been backed up
    2. If the account was used for an accredited course, SETA or QCTO qualification for studies, then the account cannot be deleted and the following steps need to be taken:
  2. Log ticket/request with SayPro Learning Department support desk
  3. Since the account needs to be kept for learning history purposes and data archiving, redact personal information and suspend account
  4. The following fields need to be changed on the client’s profile:
    1. First Name – Redacted (Editted)
    2. Last Name – Redacted (Editted)
    3. Email – Redacted and add {NationalIDNumber} field in the email field. Should the learner ever need to retrieve academic history, this will be the identifier used
    4. If uploaded, delete ID document
    5. If uploaded, delete profile picture
    6. If completed, all address fields to be redacted
    7. Keep National ID number field
  5. SayPro resolves request with links to the client confirming that the request was successful
  6. SayPro to confirm the action with requesting client

Buy the SayPro Popi Act Policy document now at https://69.16.196.80/product/saypro-popi-act-policy-development/

Comments

Leave a Reply

More posts