PRIVACY POLICY

Last updated: September 2022

1.          INTRODUCTION 

In this policy, “Instill Education”, “us” or “we” refers to either or both of (i) Instill Education (Company No.: C134352), incorporated in Mauritius; and (ii) Instill Education (Pty) Ltd (Registration No.: 2015/443219/07), incorporated in South Africa. The right to privacy is important to Instill Education and we are committed to processing your personal information in compliance with applicable data protection laws, including the Protection of Personal Information Act 4 of 2013 (“POPI”), the Mauritian Data Protection Act 20 of 2017 (“Mauritian DPA”), the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Kenyan Data Protection Act, 2019 (“Kenyan DPA”) and Ghana Data Protection Act, 2012 (“Ghana DPA”) (collectively “Applicable Law”). This privacy policy applies to all processing of personal information of customers, potential customers, suppliers or other relevant third parties. 

“personal information” means personal information as defined in Applicable Law, being information that may identify you. 

The purpose of this policy is to explain your and our rights and obligations in respect of your personal information. “you” means any natural or legal person whose personal information we process and may include individuals employed or otherwise associated with one or more of our clients, as received from our client(s). We may change the terms of this policy if the law (including any Applicable Law) or our business processes require it. The latest version of this policy will always apply.

2.           COLLECTING YOUR PERSONAL INFORMATION

We collect Personal Information about you from the following sources:

  • directly from you or from our client where the individual user is not our client when you provide it to us, such as when you apply or become our customer, contact us or through the course of our relationship with you;
  • from your web browser when you visit our website, subject to the settings of your web browser;
  • from public sources where you have made your personal information public, such as on social media or online platforms;
  • from your use of our services or use of any features or resources available on or through our services; and
  • from third parties if the law allows for it, for example, school districts that volunteer educator information and in which case the school district must also comply with their obligations under Applicable Law.

 

3.             CATEGORIES OF PERSONAL INFORMATION THAT WE PROCESS 

We collect various categories of personal information depending on the reason for processing.  The categories may (but will not necessarily) include: 

  • General personal details: for example, for individuals, we collect name and surname, date of birth, age, nationality, race, gender, sex, pregnancy status, ethnic or social origin, colour, sexual orientation, physical and mental health, well-being, disability, religion, conscience, belief, culture, language preferences, email address, physical address, contact information, biometric information, marital status, place of birth, education, financial history, medical history, employment history, criminal history, personal views, preferences and opinions, another’s views or opinions about you, and identifying number (such as an employee, identity or passport number); and for juristic persons, we collect registered name, registration number, address, and VAT details.
  • Contact details: your address, contact number, email address, public social media profiles.
  • User information: personal information included in correspondence, transaction documents, use of the services or other materials that we process when providing the services.
  • Account details: for example, username, password (note that we cannot view this), usage data, and aggregate statistical information.
  • Consent records: records of any consents you have given us, as well as any records of your withdrawal or refusal of consent.
  • Payment details: for example, payment method, information provided by payment gateway service providers, payment amount, date and reason for payment and related information.
  • Data relating to our services: for example, your device type, the operating system and browser, browser settings, IP address, dates and times of connecting to and using the website and other technical communications information, including cookies and other technologies.
  • Content and advertising data: records of your interactions with our online advertising on the various websites which we advertise and records relating to content displayed on webpages displayed to you.
  • Views and opinions: any views and opinions that you choose to share with us, or publicly post on social media platforms or elsewhere.
  • Children’s Personal Information: Although our services are not aimed at persons under the age of 18, where we collect personal information of any person that qualifies as a child in terms of Applicable Law which is necessary for us to render the services, it will be with the consent of a parent or guardian as required by Applicable Law.

 

4.             PURPOSES OF PROCESSING PERSONAL INFORMATION

We only process adequate and relevant personal information for the following purposes and legal bases: 

  • for our agreement with you or for our client where the individual user is not our client;
  • to operate and manage your application, account or relationship with us;
  • to monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes;
  • to contact you by email, phone, SMS, push notifications or other means to inform you about our products or services. You can opt-out of such communications at any time;
  • to form a view of you as an individual/juristic person and to identify, develop or improve our website or offerings;
  • to carry out market research and surveys, business and statistical analysis and necessary audits;
  • for fraud prevention;
  • to perform other administrative and operational tasks like testing our processes, systems and security measures; and
  • to comply with our regulatory, legal or other obligations.

We may also use your personal information for other purposes if the law allows for it, you consent to it, or if it is in the public interest to do so. All purposes for the processing of your personal information will be legal in terms of Applicable Law.

 

5.          DIRECT MARKETING 

If you are a customer, we may contact you to provide information about our products or services. If you are not a customer, we will only send you electronic direct marketing communications if you consented to it, or otherwise in compliance with Applicable Laws.

You may unsubscribe from any direct marketing at any time if you click on the unsubscribe link included in the communication or if you contact us and request to unsubscribe. We will not send you any direct marketing if you unsubscribe, but may still contact you for purposes of the services we render or our business relationship with you. 

We will not sell your personal information or provide it to third parties for their marketing purposes.

 

6.            DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

We will keep your personal information confidential and only share it with others in terms of this policy, if you consent to it, or if the law (including the Applicable Law) allows or requires us to share it.  We will typically share or disclose your personal information to:

  • Our business partners or third party processors to provide you with our services, such as data storage providers, third party payment processors, software licensors or partners etc. in accordance with written agreements with those third parties;
  • Our client, where the individual user is not our client;
  • legal and regulatory authorities, upon their request, or for the purposes of reporting as prescribed or for purposes of any breach of legislation;
  • accountants, auditors, lawyers and other external professional advisors;
  • any relevant party to the extent necessary for the establishment, exercise or defence of legal rights, criminal offences, threats to public security, etc.;
  • any relevant third party in the event that we plan to or sell or transfer all or any portion of our business or assets; and
  • any relevant third party provider where we use third party advertising, plugins or content in our services.

If we engage third parties to process your personal information for us, these processors will be appointed in terms of a written agreement which will require them to only process personal information on our written instructions, use appropriate measures to ensure the confidentiality and security of it and comply with any other requirements set out in the agreement and required by Applicable Law. 

 

7.            INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Due to the nature of the services and our business purposes, we may need to transfer personal information to and from recipients in different countries and will always do so in compliance with Applicable Laws. We will only transfer personal information to third parties in countries with adequate data protection laws or transfer it in terms of a written agreement with the recipient which imposes data protection requirements as required by Applicable Law. 

Please note that when you transfer any personal information directly to a third party in another country, we are not responsible for that transfer and such transfer is not based on or protected by this policy. 

 

8.          SECURITY 

We have implemented appropriate technical and organisational security measures in accordance with Applicable Law, designed to protect personal information against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing. 

The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect personal information, we cannot guarantee the security of your personal information that you transfer to us using the internet and you use the internet at your own risk.

 

9.          YOUR LEGAL RIGHTS

You have the following rights in relation to your personal information, but note that they are not absolute and may be limited under Applicable Law (meaning that we may not be able to honour your requests in all instances):

  • right of access: you have the right to be informed of and request a copy of your personal information records that we hold;
  • right to rectification: you may request that we amend or update your personal information if it is inaccurate or incomplete;
  • right to erasure: you may request that we delete your personal information;
  • right to restrict processing: you may request that we temporarily or permanently stop processing your personal information;
  • right to object: you may object to us processing your personal information, including for direct marketing purposes (in which case we will stop marketing);
  • right to information portability: where you are a data subject under the GDPR, you may request that your information be transmitted for use by another person; and
  • right not to be subject to automated decision-making: where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your personal information not be processed in that manner.

Where you have provided consent for us to process your personal information, you may also withdraw your consent. Note however, we may continue to process your personal information if another legal justification exists for the processing despite consent having been withdrawn.

You can send any request or comment in respect of your privacy rights or this policy to io@instill.clients.filtereddigital.com

 
10.          USE OF COOKIES AND SIMILAR TECHNOLOGIES

When you use our website, we automatically receive and record information on our server logs from your browser. This information may for example include browser type, language preference, referring site, the date and time of each visitor request, your location, IP address, cookie information and Google Analytics information. This is statistical data about browsing actions and patterns. We may also receive information about your general internet usage through a cookie file which is stored on your hard drive. Cookies enable us to improve our website and services, estimate our audience size and usage patterns, store information about preferences and recognise when you return to our website.

In some instances, we may collect and store information about your location through cookies (other than when you share your location with us). We convert your IP address into a rough geo-location, and we may use location information to improve and personalise our website and services for you. 

You can set your web browser to refuse cookies, but if you do this you might not be able to enjoy the full use of the website or services and you may not be able to take advantage of certain promotions we may run. 

Please note that third parties may also use cookies, but we do not have access to, or control over them, and therefore cannot take responsibility for them. 

 

11.         LINKS ON OUR WEBSITE 

Our website may include links to other apps or third party websites which do not fall under our supervision. We do not accept any responsibility for your privacy if you use these links or for the content of these sites. We display these links to make it easier for you to find information about specific subjects. If you use or rely on these links, it is at your own risk.

 

12.       CHILDREN’S INFORMATION AND SENSITIVE/SPECIAL PERSONAL INFORMATION 

We do not intentionally collect or use children’s personal information without the consent of a parent or guardian of the child. 

We may, however, collect and/or process special personal information as a result of our business relationship with you, but will only do so with consent or if allowed by Applicable Law.

 

13.         RETENTION OF INFORMATION

We take reasonable steps to ensure that we only process personal information for the minimum period necessary for the purposes set out in this policy, including any period necessary to establish, exercise or defend any legal rights.

We therefore retain personal information in accordance with the required retention periods in terms of Applicable Laws, for legitimate business purposes or if an obligation is imposed on us to retain information for a certain period of time. We may retain information indefinitely in a de-identified format for research and statistical purposes, which may include for example statistics of how you use the website and services. 

 

14.        SECURITY BREACH

We will report any security breach to the applicable regulatory authority in terms of Applicable Laws and to the data subjects whose personal information is involved in the breach. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, please send an email to io@instill.clients.filtereddigital.com.

 

15.        LODGING A COMPLAINT

If you want to raise any objection or have any queries about our privacy practices, you can contact our information officer Thomas Peter Parry on tom@instill.clients.filtereddigital.com.

You also have the right to formally lodge a complaint as follows:

Applicable Law
Regulatory authority name
Contact details
POPI
The Information Regulator
Website: https://inforegulator.org.za/ Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Postal address: P.O. Box 31533, Braamfontein, Johannesburg, 2017Complaints (complete form 5) POPI: POPIAComplaints@inforegulator.org.za PAIA: PAIAComplaints@inforegulator.org.za General enquiries: enquiries@inforegulator.org.za
Mauritian DPA
Data Protection Office
Website: https://dataprotection.govmu.org/SitePages/Index.aspx Address: 5th Floor, SICOM Tower, Wall Street, Ebene, Contact number: (230) 460-0251 Fax number: (230) 489 7346 Email: dpo@govmu.org
GDPR
The European Data Protection Supervisor
Online complaint procedure: https://edps.europa.eu/dataprotection/ our-role-supervisor/complaints_en
Kenyan DPA
The Data Protection Commissioner
Website: https://www.odpc.go.ke/ Address: 12th floor, Britam Tower, Hospital Road, Upperhill Contact number: +254796954269 Email: info@odpc.go.ke
Ghana DPA
The Data Protection Commission
Website: https://www.dataprotection.org.gh/ Address: East Legon, Paw Paw Street, GPS: GA-414-1469, P.O.Box CT7195, Accra Contact number: +233-(0)302222927 Email: info@dataprotection.org.gh Fax number: +233-(0)299016149 +233-(0)506177975