Policies and agreements

Site Policy

The purpose of this privacy policy (or privacy notice/summary) for JA South Africa's Moodle LMS is:

To comply with South Africa's Protection of Personal Information Act (POPIA) by transparently informing users (especially parents/guardians of primary school children) about how their personal information—and crucially, children's data—is collected, used, shared, protected, and retained.
To give effect to the constitutional right to privacy while enabling lawful processing of data for educational purposes (delivering courses, tracking progress, communication, etc.).
To obtain and document verifiable parental/guardian consent for processing children's personal information (required under POPIA for anyone under 18), ensuring it is only done when necessary, minimal, and with clear understanding of rights.
To build trust with families, schools, and users by clearly explaining practices, limiting data use, outlining security measures, and detailing rights (e.g., access, correction, deletion, or complaints to the Information Regulator).
To meet POPIA's "openness" requirement (Section 18): notifying data subjects at or before collection about the responsible party (JA South Africa), purposes, voluntary nature, consequences of non-provision, and more.

Privacy Policy for JA South Africa Moodle Learning Management System

Introduction

JA South Africa ("we", "us", or "our") is a non-profit organization dedicated to inspiring and preparing young people to succeed in a global economy through entrepreneurship education. This Privacy Policy outlines how we collect, use, disclose, and protect personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and other relevant South African laws.Our Moodle Learning Management System (LMS) is integrated with our Squarespace website to provide educational services, particularly to primary school children. Given that our programs target young children (under 18 years), we place special emphasis on protecting their privacy. We recognize the constitutional right to privacy under Section 14 of the South African Constitution and commit to processing personal information lawfully, transparently, and securely.This policy applies to all users of the LMS and website, including learners (children), parents/guardians, educators, and other stakeholders. By using our services, you consent to the practices described herein. For children, consent must be provided by a parent or legal guardian.

Definitions

Personal Information: Information relating to an identifiable, living natural person, including name, contact details, identification number, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
Special Personal Information: Data concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behavior.
Child: A natural person under the age of 18 years who is not legally competent to take actions or decisions without the assistance of a competent person (e.g., parent or guardian).
Data Subject: The person to whom personal information relates, including children and their parents/guardians.
Processing: Any operation concerning personal information, such as collection, storage, use, dissemination, or destruction.
Responsible Party: JA South Africa, as the entity determining the purpose and means of processing personal information.
Information Officer: The designated person at JA South Africa responsible for POPIA compliance (contact details below).

Scope

This policy covers personal information processed through our Moodle LMS and integrated Squarespace website. It includes data from user registrations, course interactions, assessments, and communications. We do not process personal information beyond what is necessary for educational purposes.

Information We Collect

We collect the following categories of personal information:

Category	Examples	Applies To
Identification Information	Full name, date of birth, gender, ID number (for guardians), nationality	Learners, parents/guardians, educators
Contact Information	Email address, phone number, physical/postal address	All users
Educational Data	School name, grade level, academic progress, quiz scores, course completions	Learners
Technical Data	IP address, browser type, device information, login timestamps	All users
Special Personal Information	Health information (if relevant to accommodations), racial/ethnic data (for diversity reporting, with consent)	Learners (where necessary)
Children's Information	All above, plus guardian consent details	Primary school learners

We do not collect sensitive data unless strictly necessary and with explicit consent.

How We Collect Information

Directly from You: Through registration forms, profile updates, course enrollments, or communications on the Moodle LMS or Squarespace website.
Automatically: Via cookies, logs, and analytics tools on the platforms (e.g., Moodle tracking user activity, Squarespace site visits).
From Third Parties: With consent, from schools or partners providing learner details.
Integration: Data may flow between Moodle and Squarespace for seamless user experience, such as single sign-on.

For children, all collection requires verifiable parental/guardian consent.

Purpose of Processing

We process personal information for the following legitimate purposes:

Providing and improving educational services, including course delivery, progress tracking, and certification.
Communicating with users (e.g., newsletters, updates).
Ensuring platform security and preventing misuse.
Complying with legal obligations, such as reporting to the Department of Basic Education or other authorities.
Statistical analysis and research to enhance programs (anonymized where possible).
Administrative tasks, like billing (if applicable) or event management.

Processing is limited to what is necessary and aligned with POPIA's eight conditions for lawful processing.

Lawful Processing

We adhere to POPIA's eight conditions:

Accountability: We appoint an Information Officer and maintain records of processing.
Processing Limitation: Information is collected only for specific, explicit purposes with consent (or parental consent for children).
Purpose Specification: Purposes are clearly stated at collection; data is not retained longer than necessary.
Further Processing Limitation: Any new use requires fresh consent.
Information Quality: We ensure data is accurate, complete, and up-to-date.
Openness: We notify data subjects of collection and provide this policy.
Security Safeguards: Measures to protect against loss, damage, or unauthorized access (detailed below).
Data Subject Participation: Rights to access, correct, or delete data (detailed below).

For special personal information or children's data, processing occurs only with consent, for legal compliance, or if publicly disclosed by the data subject.

Sharing and Disclosure

We may share personal information with:

Sponsors and JA Stakeholders are bound by confidentiality and POPIA compliance.
Educators or schools for program delivery.
Regulatory authorities, if required by law.
In mergers or acquisitions, with notice.

We do not sell personal information. International transfers (e.g., if data is stored on servers outside South Africa) occur only to jurisdictions with adequate protection or under binding agreements. For children's data, we assess adequacy and may seek prior authorization from the Information Regulator if needed.

Security Measures

We implement reasonable technical and organizational safeguards:

Encryption for data in transit and at rest.
Access controls, firewalls, and regular audits in Moodle and Squarespace.
Staff training on data protection.
Breach response: We notify affected data subjects and the Information Regulator within reasonable time if a breach occurs.

Despite these measures, no system is infallible; users should protect their credentials.

Retention of Information

Personal information is retained only as long as necessary for the purpose collected, or as required by law (e.g., educational records for 5 years post-program). Thereafter, it is securely deleted or anonymized.

Rights of Data Subjects

Under POPIA, you have the right to:

Be notified of collection.
Access your personal information (free once per year).
Request correction, deletion, or destruction (if inaccurate or unnecessary).
Object to processing on reasonable grounds.
Withdraw consent (may affect service access).
Lodge a complaint with us or the Information Regulator.
Be informed of breaches.

For children, these rights are exercised by parents/guardians. Requests should be submitted in writing to our Information Officer.

Children's Privacy

As our LMS targets primary school children, we prioritize their protection:

We do not process children's personal information without verifiable parental/guardian consent.
Consent forms detail the information collected, purposes, and rights.
Children under 18 cannot register independently; guardians must approve.
We avoid direct marketing to children.
Special personal information (e.g., health data) is processed only if essential for educational accommodations, with explicit consent.
If transferring children's data internationally (e.g., via cloud services), we ensure adequate safeguards and comply with POPIA Section 57 (prior authorization if required).
Parents/guardians are encouraged to monitor children's online activity and discuss privacy.

We align with the Information Regulator's Guidance Note on Processing Children's Personal Information, ensuring lawful, minimal processing.

Changes to This Policy

We may update this policy to reflect legal changes or service updates. Changes will be posted on our website and LMS, with notice via email where feasible. Continued use constitutes acceptance.

Contact Information

For questions, requests, or complaints:

Information Officer
Email:it.support@jasouthafrica.org or popia@jasouthafrica.org
Address: 29 Scott Street, Waverley, Johannesburg, 2090
Phone: 010 825 8465

I agree to the Site Policy.