Specifying Techniques CC – Data Protection, Privacy & Terms of Use Policy

Effective Date: 24 July 2024

Company: Specifying Techniques CC (Reg. No. 98/052094/23) ("ST", "we", "us", "our")
Website: www.spectechonline.com
Contact: office@spectechonline.com | +27 (0)31 561 5812

1. Purpose and Scope

This Policy governs all aspects of personal information handling by ST and establishes the complete terms of engagement for our Website and Services. It ensures compliance with:

The Protection of Personal Information Act, 2013 (POPIA)
The Cybercrimes Act, 2020
The Electronic Communications and Transactions Act, 2002 (ECT Act)
All applicable South African consumer protection legislation

This Policy applies to all users, visitors, customers, and third parties interacting with ST's digital platforms, services, or communications.

2. Definitions

"Personal Information" means information as defined in POPIA relating to an identifiable, living, natural person, and juristic person.

"Processing" means any operation performed on personal information, including collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, alteration, consultation, use, dissemination, merging, linking, restriction, degradation, erasure, or destruction.

"Services" means all products, services, content, training, consultancy, and digital offerings provided by ST.

"User" means any person accessing or using the Website or Services.

3. Terms & Conditions

3.1 Binding Agreement and Acceptance

By accessing, browsing, or using our Website or Services in any capacity, you:

Acknowledge reading and understanding this entire Policy
Agree to be legally bound by all terms herein
Consent to our data processing practices as described
Accept that continued use constitutes ongoing agreement to any updates

Disagreement with any provision requires immediate cessation of all use.

3.2 User Obligations and Warranties

Users warrant and undertake to:

Provide only accurate, complete, and lawful information
Maintain absolute confidentiality of login credentials and account access
Implement reasonable security measures on their devices and networks
Use Services only for lawful, legitimate business or educational purposes
Refrain from any conduct that may compromise system integrity or security
Immediately notify ST of any suspected security breaches or unauthorised access
Indemnify ST against losses arising from user conduct or information provided

3.3 Intellectual Property Protection

All content, including but not limited to:

Proprietary methodologies, processes, and systems
Course materials, documentation, and training content
Software, algorithms, and technical implementations
Trademarks, logos, and branding elements
Database structures and compiled information

Are exclusively owned by ST and protected by copyright, trademark, and trade secret laws. Users are granted a limited, non-exclusive, non-transferable license solely for authorised use. Any reproduction, reverse engineering, or unauthorised use constitutes intellectual property infringement and will result in immediate termination and legal action.

3.4 Prohibited Activities and Enhanced Enforcement

Strictly prohibited activities include:

Any form of system intrusion, penetration testing, or vulnerability exploitation
Introduction of malicious code, viruses, or disruptive technologies
Automated data extraction, scraping, or harvesting
Circumventing access controls or authentication mechanisms
Creating derivative accounts or sharing access credentials
Commercial use of information without explicit written authorisation
Any activity potentially violating the Cybercrimes Act

Violations will result in immediate account termination, potential legal action, and cooperation with law enforcement authorities.

3.5 Age and Capacity Verification

Services are restricted to persons 18 years or older with full legal capacity. By using our Services, you represent and warrant that you meet these requirements. ST reserves the right to verify age and capacity and terminate access for non-compliance.

4. Information Collection Framework

4.1 Categories of Information Collected

Technical Data such as:

IP addresses, device identifiers, browser fingerprints
Network information, connection details, and geolocation data
Usage patterns, session duration, and interaction analytics
Performance metrics and error logs

Account Information such as:

Registration details, profile information, and preferences
Transaction history, payment information, and billing details
Communication history and support interactions
Certification records and course completion data

Behavioural Data such as:

Navigation patterns and content preferences
Search queries and resource access patterns
Engagement metrics and learning analytics
Marketing response and communication preferences

4.2 Advanced Collection Methods

Information is collected through means such as:

Direct user input and form submissions
Automated technical collection (cookies, pixels, analytics)
Third-party integrations and partner platforms
Communication monitoring and recording systems
Inference and profiling based on usage patterns

5. Processing Purposes and Legal Bases

Personal information is processed for the following purposes under specific legal grounds:

Contractual Necessity:

Service delivery and account management
Payment processing and transaction completion
Course administration and certification issuance
Customer support and technical assistance

Legitimate Interests:

Security monitoring and fraud prevention
System optimisation and performance improvement
Business analytics and reporting
Relationship management and service enhancement

Legal Compliance:

Regulatory reporting and audit requirements
Tax and financial record maintenance
Legal proceeding support and evidence provision
Law enforcement cooperation when required

Consent-Based:

Marketing communications and promotional activities
Optional service enhancements and personalisation
Third-party integrations and data sharing
Research and development initiatives

6. Comprehensive Data Security Framework

6.1 Technical Safeguards

End-to-end encryption for data transmission and storage
Multi-factor authentication and role-based access controls
Advanced intrusion detection and prevention systems
Regular penetration testing and vulnerability assessments
Secure cloud infrastructure with redundant backups
Data segregation and compartmentalisation protocols

6.2 Organisational Measures

Comprehensive staff security training and certification
Background checks and security clearance procedures
Incident response and business continuity planning
Regular security audits and compliance assessments
Vendor security assessment and management programs
Data handling protocols and procedure documentation

6.3 International Data Transfers

Data may be processed in South Africa, Namibia, Botswana, Mozambique, Angola, United Arab Emirates, Ireland, USA, and other jurisdictions with adequate protection measures. All international transfers comply with POPIA requirements through appropriate safeguards including standard contractual clauses and adequacy decisions.

7. Data Sharing and Disclosure

7.1 Authorised Disclosures

Personal information may be shared with:

Service Providers: Under strict data processing agreements including:

Cloud hosting and infrastructure providers
Payment processors and financial institutions
Analytics and marketing technology providers
Certification and accreditation bodies
Legal, accounting, and professional service providers

Legal Authorities: When required by law or legal process:

Court orders, subpoenas, and regulatory investigations
Law enforcement requests under proper authority
Tax and regulatory compliance requirements
National security and public safety obligations

Business Transfers: In connection with:

Mergers, acquisitions, or corporate restructuring
Asset sales or business dispositions
Insolvency or bankruptcy proceedings
Due diligence processes with confidentiality protections

7.2 Disclosure Restrictions

ST will never sell personal information for commercial gain and maintains strict controls over all authorised disclosures including contractual privacy protections, data minimisation principles, and purpose limitation requirements.

8. Data Retention and Lifecycle Management

Personal information is retained based on:

Active Account Period: For the duration of the customer relationship
Legal Requirements: As mandated by applicable laws (minimum 5 years for financial records)
Course Records: 7 years from completion for certification and accreditation purposes
Marketing Data: Until consent withdrawal or 3 years of inactivity
Security Logs: 2 years for investigation and compliance purposes

Data is securely destroyed using industry-standard methods upon retention period expiry, unless legal obligations require continued storage.

9. Enhanced Data Subject Rights

Under POPIA, data subjects have comprehensive rights including:

9.1 Access and Transparency Rights

Request confirmation of processing activities
Obtain copies of personal information held
Receive information about processing purposes and recipients
Understand data retention periods and deletion criteria

9.2 Correction and Control Rights

Rectify inaccurate or incomplete information
Update personal details and preferences
Restrict processing for specific purposes
Object to processing based on legitimate interests

9.3 Withdrawal and Deletion Rights

Withdraw consent for consent-based processing
Request data deletion (subject to legal retention requirements)
Obtain data portability in structured formats
Lodge complaints with the Information Regulator

Request Process: Submit written requests to data@spectechonline.com with identity verification. Responses provided within 30 days, with possible extension for complex requests.

10. Incident Management and Breach Response

10.1 Breach Detection and Assessment

ST maintains continuous monitoring systems to detect potential breaches, with immediate assessment of:

Nature and scope of compromised information
Risk to affected individuals and business operations
Potential for ongoing or additional compromise
Required containment and remediation measures

10.2 Response and Notification Protocol

Upon breach confirmation:

Immediate containment and investigation initiation
Information Regulator notification within 72 hours (where required)
Affected individual notification without unreasonable delay
Law enforcement cooperation under the Cybercrimes Act
Comprehensive incident documentation and reporting
Post-incident review and control enhancement

11. Comprehensive Disclaimers and Risk Allocation

11.1 Security Limitations and Shared Responsibility

While ST implements industry-leading security measures, users acknowledge that:

No digital system provides absolute security guarantees
Internet transmission inherently involves security risks
User devices and networks may introduce vulnerabilities
Social engineering and phishing remain user responsibilities
Third-party service dependencies may create additional risks

11.2 Service Availability and Performance

ST provides Services on a "best efforts" basis but does not guarantee:

Continuous, uninterrupted access or availability
Error-free operation or complete accuracy
Compatibility with all devices or software configurations
Performance meeting specific user requirements or expectations
Protection against all forms of cyber threats or data loss

11.3 Third-Party Interactions and Dependencies

ST disclaims responsibility for:

Third-party website content, services, or privacy practices
Integration failures or data synchronisation issues
External service provider performance or availability
Third-party security breaches or data compromises
Regulatory changes affecting external service operations

11.4 User Responsibility Framework

Users accept full responsibility for:

Implementing appropriate device and network security
Maintaining confidentiality of access credentials
Providing accurate, complete, and lawful information
Compliance with applicable laws and regulations
Monitoring account activity and reporting irregularities
Understanding and accepting inherent digital service risks

12. Limitation of Liability

12.1 Maximum Liability Cap

ST's total liability for any claims arising from or related to this Policy or Services is strictly limited to the lesser of:

Direct damages actually incurred by the claimant
The total fees paid by the user in the 12 months preceding the claim
R30,000 (Thirty Thousand Rand) in aggregate

12.2 Excluded Damages

ST shall not be liable under any circumstances for:

Indirect, incidental, consequential, or punitive damages
Lost profits, revenue, data, or business opportunities
Reputational damage or loss of goodwill
Third-party claims or cross-claims
Damages arising from user negligence or misconduct
Force majeure events or circumstances beyond reasonable control

12.3 Time Limitation

All claims must be brought within 12 months of the incident giving rise to the claim, failing which such claims are forever barred.

12.4 Comprehensive Indemnification

Users indemnify and hold ST harmless from all claims, damages, costs, and expenses (including reasonable legal fees) arising from:

User breach of this Policy or applicable laws
User-provided information or content
Unauthorised use of user accounts or credentials
Third-party claims related to user conduct
Violation of intellectual property or other rights
Regulatory fines or penalties resulting from user actions

13. Electronic Communications and Evidence

Under the ECT Act, users acknowledge that:

Electronic communications constitute valid legal notices
Digital records serve as prima facie evidence in legal proceedings
Electronic signatures and timestamps are legally binding
System logs and audit trails are admissible as evidence
ST's electronic records are authoritative for transaction verification

14. Governing Law and Dispute Resolution

14.1 Exclusive Jurisdiction

This Policy is governed exclusively by South African law. All disputes shall be resolved solely in competent South African courts, and users submit to such jurisdiction.

14.2 Alternative Dispute Resolution

Prior to litigation, parties may engage in mediation through the applicable industry ombudsman or professional mediation service, with costs shared equally unless otherwise agreed.

15. Policy Updates and Version Control

15.1 Modification Rights

ST reserves the right to modify this Policy at any time to reflect:

Changes in applicable laws or regulations
Evolution of business practices or service offerings
Enhanced security measures or technological developments
Clarification or improvement of existing provisions

15.2 Notification and Acceptance

Policy updates will be communicated through:

Website posting with effective date notification
Email notification to registered users (where applicable)
In-app notifications or system messages
Direct communication for material changes

Continued use of Services after the effective date constitutes acceptance of updated terms.

16. Information Officer and Contact Details

Information Officer: Information Officer
Email: data@spectechonline.com
Phone: +27 (0)11 615 5423
Address: 27A Nicol Road, Bedfordview

For all privacy-related inquiries, data subject requests, incident reports, or policy clarification, contact the Information Officer through the designated channels above.

17. Severability and Interpretation

If any provision of this Policy is found invalid or unenforceable, the remainder shall remain in full force and effect. Invalid provisions shall be reformed to reflect the parties' original intent while ensuring enforceability. This Policy represents the complete agreement regarding data protection and privacy matters, superseding all previous communications or agreements on these topics.

Document Classification: Legal Policy Document
Version: 2.0
Review Date: December 2026