Data Protection Notice

Information about how we protect and manage your personal information in compliance with POPIA.

POPIA Compliance: This platform complies with the Protection of Personal Information Act 4 of 2013 (POPIA). We are committed to protecting your personal information and ensuring it is processed lawfully, fairly, and transparently.

Data Controller

SML4Change (Workplace Capability Partners)

As the data controller, SML4Change is responsible for ensuring your personal information is processed in accordance with POPIA and other applicable data protection laws.

Contact: privacy[at]sml4change[dot]com

Purpose: Capability Maturity Assessment Services

Lawful Basis for Processing

Legitimate Interest

We process your personal information based on legitimate interest to:

• Provide capability maturity assessment services
• Maintain and improve the assessment platform
• Generate insights and recommendations for workforce development

Consent

By creating an account and using this platform, you consent to the collection and processing of your personal information as described in our Privacy Policy.

Categories of Personal Information

Identity Information

• Full name
• Email address
• Job title/role
• Region/location

Assessment Data

• Assessment responses
• Capability scores
• Completion timestamps
• Progress tracking

POPIA Processing Principles

Lawfulness

Personal information is processed lawfully and fairly with appropriate legal basis

Minimality

We collect only the minimum personal information necessary for assessment purposes

Purpose Specification

Personal information is collected for specific, explicit and legitimate purposes

Further Processing

Information is not processed in a manner incompatible with the initial purpose

Information Quality

We ensure personal information is complete, accurate, not misleading and updated

Openness

We maintain documentation and provide clear information about processing activities

Security Safeguards

Appropriate technical and organizational measures protect personal information

Data Subject Participation

We respect and facilitate the exercise of your rights regarding personal information

Technical & Organizational Security Measures

Technical Safeguards

• End-to-end encryption (HTTPS/TLS)
• Secure password hashing (bcrypt)
• Database encryption at rest
• Regular security updates and patches
• Access logging and monitoring

Organizational Safeguards

• Data protection policies and procedures
• Staff training on data protection
• Access controls and user permissions
• Regular security audits and reviews
• Incident response procedures

Data Retention

Retention Periods

• Account information: Retained while account is active
• Assessment data: Retained for historical tracking and trend analysis
• Session data: Automatically expired based on system settings
• Deleted accounts: Personal information removed within 30 days

We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations.

Your Rights as a Data Subject

Right to Access

Request confirmation of processing and access to your personal information

Right to Correction

Request correction or completion of inaccurate/incomplete information

Right to Deletion

Request deletion of personal information where legally permissible

Right to Restrict Processing

Request restriction or objection to processing in certain circumstances

Right to Data Portability

Request personal information in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

Exercise Your Rights: Contact us at privacy[at]sml4change[dot]com to exercise any of these rights. We will respond to your request within the timeframes specified by POPIA.

Data Breach Notification: In the unlikely event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by POPIA, typically within 72 hours of becoming aware of the breach.