MCS POPIA PRIVACY POLICY

South Africa's Protection of Personal Information Act (POPIA) took effect on July 1 2020 with a grace period of 12 months, meaning it will come into full effect from 1 July 2021. The scope of the Act includes schools as entities that handle personal information for administrative purposes.

South African Protection of Information Act, 2013, also known as POPI Act

To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic, and to provide for matters connected therewith.

This policy details how we collect, store, protect and use personal information - that is information that can be used to identify an individual or a company (juristic person) - in connection with the services we may offer through our maranathaschool.co.za and mcsonline.co.za websites (referred to as the "Site") and through your dealings with us (referred to as the "Services").

1. What is personal information

Personal information includes:

  • certain information collected on engaging our services;
  • certain information collected on submission;
  • optional information that you provide to us voluntarily.

Additional information captured that does not classify as personal information may also be collected and processed, including but not limited to:

  • anonymised information,
  • de-identified information that cannot be associated with an individual,
  • statistical information,
  • information that is public knowledge, which has been publicly and voluntarily disclosed.

2. Who is processing your data

As the Responsible Party, data processing is processed by us, an entity incorporated within the laws of South Africa, with the following contact details:

General Email: mcschool@maranathaschool.co.za
Data Related Queries: privacy@maranathaschool.co.za

We are committed to protecting your privacy and ensuring that your personal information is collected and used properly, lawfully and transparently.

3. What are we processing and why

There are various ways in which we may process your data. This section details our purposes for processing, our legal basis for the processing, and our storage periods.

We will process your data for as long as the contractual relationship is in place, and for 5 years following the end of the relationship. In order to fulfil our obligations to you in terms of the agreement you have engaged us for, we will need to process your data. Data, such as application forms and learner profiles, will be discarded after 5 years. Unsuccessful application forms will be kept for 12 months and then be discarded. We use a professional shredding company to collect the data and shred all relevant paperwork on campus annually.

We may also process your data in terms of legitimate interest, as long as the data being processed is strictly necessary, proportional, and does not infringe on your individual rights to privacy. Processing may take place in terms of the following necessary scenarios:

  • To monitor and analyse how to improve our service, as well as to keep the same secure and free from abuse.
  • This may include communications such as surveys or direct electronic communications.
  • To keep active communications with you while you are contracted with us.
  • Certain communications are necessary during delivery of our services, and we have a legitimate interest in keeping you informed about our services.

We collect information directly from you where you provide us with your personal details. When registering or re-enrolling your child, you may be asked to enter personal details.

4. How we are processing your data

We collect information directly from you where you provide us with your personal details. This includes instances where you register or sign up for our D6 School Communicator/D6 Connect Application, respond to a survey, use our website contact/application forms or use social media pages. We may use the information in the following ways:

  • To personalize the user's experience and to allow us to deliver a good service.
  • To improve our website.
  • To allow us to respond to your requests.
  • To administer a promotion or survey.
  • To quickly process your requests.
  • To send periodic emails or notifications.

We will ensure that our employees are subject to confidentiality agreements and any statutory privacy obligations.

To provide you with the Services, we may need to use other service providers, as well as hire new providers in the future. Those companies will only process the data to the extent necessary to render the Services, and we will enter into written agreements with them to make sure that said companies comply with the obligations included in "09-Privacy Policy.pdf" and implement all necessary security measures to ensure adequate protection of the data.

Upon conclusion of our Services, we will limit or remove your personal data, dependent on statutory requirements, our agreement with you, or as per the retention periods set out in "09-Privacy Policy.pdf".

5. Where is your data processed

In some cases, your information may be stored and processed outside of the country or region where it was originally collected in order to complete our obligations to you, such as management systems. In some of these countries, you may have fewer rights in respect of your information than you do in your country of residence. In these cases, we will enter strict agreements with these providers in order to ensure safety and security of data. Learner details are not transferred to countries with fewer rights than South Africa.

Your agreement to the terms of "09-Privacy Policy.pdf", followed by your submission of information in connection with our Services, represents your agreement to this cross-border transfer of personal data.

Our primary region for storing and processing data is South Africa.

Website usage information may be collected using "cookies" which allows us to collect standard internet visitor usage information. Our website is scanned regularly for security purposes. Your personal information submitted is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

6. Disclosing third-party services that collect or utilize personal data

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include website hosting partners and other parties who operate our website, management system service providers, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others' rights, property, or safety. We do not include or offer third-party products or services on our website.

We may disclose your information:

  • Where we have a duty or a right to disclose in terms of law or industry codes;
  • Where we believe it is necessary to protect our rights.

7. Information Security

We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. On an ongoing basis, we will continue to review our security controls and related processes to ensure that your personal information remains secure.

Our security policies and procedures cover:

  • Physical security on our premises;
  • Computer and network security;
  • Access to personal information;
  • Secure communications;
  • Security in contracting out activities or functions;
  • Retention and disposal of information;
  • Acceptable usage of personal information;
  • Governance and regulatory issues;
  • Monitoring access and usage of private information;
  • Investigating and reacting to security incidents.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.

We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.

8. What happens in the event of a breach

In the event of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data, we shall promptly assess the risk to people's rights and freedoms and without undue delay, report this breach to the appropriate authorities, responsible parties, and persons as required by law.

We will cooperate with you and take such reasonable commercial steps, as are directed by you, to assist in the investigation, mitigation and remediation of each such data breach.

Should a data breach occur:

  • We will notify the users via email.
  • Within 7 business days.
  • We will notify the users via in-site notification.
  • Within 7 business days.

9. Updating your information

You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to the personal information we may hold about you. We would recommend it if you would keep your personal information accurate.

Name change of parent - we require copies of the marriage certificate or official change of name document issued by Home Affairs.

Name change for learners - we require copies of the amended unabridged birth certificate/ID document or official change of name document issued by Home Affairs.

Users can change their personal information submitted:

  • By emailing us.
  • By calling us.

In addition, personal details are updated annually via re-enrolment forms sent to parents via the learners/via email.

10. Your rights

You have the right to request access to, and rectification or erasure of your personal information. You may also restrict processing, or object to processing in accordance with relevant data protection regulation.

In cases where consent was given, you have the right to withdraw consent at any time.

If you do request that your information is deleted, and should your request be accepted, all information will be permanently erased, except for information that we are required to keep by law or by other exception in line with data privacy regulation. You may exercise your rights at any time by lodging a request with our Information Officer.

11. Changes to this policy

This policy may be updated from time to time. We may post non-material changes to "09-Privacy Policy.pdf" on our website, with a notice advising of the effective date of the changes. We may notify you of material changes to "09-Privacy Policy.pdf" by email (or otherwise) prior to the effective date of the changes.

12. Contacting Us

If there are any questions regarding "09-Privacy Policy.pdf", you may contact us using the information below. If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website.

Maranatha Christian School
www.maranathaschool.co.za