Privacy Policy
Protection of Personal Information Act (POPIA) Compliance
1. Introduction
Cornerstone Performance Solutions (Pty) Ltd (“CPS”, “we”, “us”, or “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection legislation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website, programmes, and services.
2. Information We Collect
We may collect the following categories of personal information:
- Identity information: Full name, ID number, date of birth, gender, and nationality.
- Contact information: Email address, phone number, physical address, and postal address.
- Educational information: Qualifications, academic history, assessment results, and programme enrolment data.
- Employment information: Employer name, job title, and work-related details relevant to your programme.
- Financial information: Payment details and billing information for programme fees.
- Technical information: IP address, browser type, device information, and website usage data collected through cookies and similar technologies.
3. How We Use Your Information
We process your personal information for the following purposes:
- To process applications, enrolments, and registrations for our educational programmes.
- To deliver and administer learning programmes, assessments, and certifications.
- To communicate with you about your programme, including updates, schedules, and results.
- To process payments and manage financial transactions.
- To comply with regulatory and accreditation body requirements, including reporting to SETAs and QCTO.
- To improve our services, website, and user experience.
- To send marketing communications where you have provided consent.
4. Legal Basis for Processing
We process your personal information on one or more of the following lawful grounds: your consent; the performance of a contract to which you are a party; compliance with a legal obligation; protection of your legitimate interests; or the pursuit of our legitimate interests in providing quality education services, provided that your rights are not overridden.
5. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission, secure server infrastructure, access controls, and regular security reviews. While we strive to protect your personal information, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Third-Party Sharing
We may share your personal information with the following third parties where necessary:
- Regulatory and accreditation bodies: SETAs, QCTO, SAQA, and other bodies as required for programme registration and compliance.
- Employer sponsors: Where your employer has sponsored your enrolment, we may share programme progress and results.
- Service providers: Trusted third-party service providers who assist us with IT infrastructure, payment processing, and communication services, subject to appropriate data processing agreements.
- Legal requirements: Where required by law, regulation, or legal process.
We do not sell your personal information to third parties.
7. Data Retention
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Educational records may be retained for extended periods to comply with accreditation and regulatory requirements.
8. Your Rights
Under POPIA, you have the following rights regarding your personal information:
- Right of access: You may request confirmation of whether we hold your personal information and request access to it.
- Right to correction: You may request that inaccurate or incomplete personal information be corrected or updated.
- Right to deletion: You may request that your personal information be deleted where it is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
- Right to object: You may object to the processing of your personal information for direct marketing purposes.
- Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.
- Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator if you believe your personal information has been mishandled.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and understand user preferences. You can manage your cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of certain parts of our website.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy, wish to exercise any of your rights, or have concerns about how your personal information is being processed, please contact our Information Officer:
- Email: info@cps.co.za
- Phone: +27 11 789 1957
- Address: 39 Grove Street, Randburg, Johannesburg, Gauteng, South Africa
12. Information Regulator
If you are not satisfied with our response to your request or complaint, you may contact the Information Regulator of South Africa:
- Website: inforegulator.org.za
- Email: enquiries@inforegulator.org.za