Privacy Policy

1. Introduction

Healthcare Protection Academy ("we", "us", "our") is committed to protecting your personal information in compliance with the Protection of Personal Information Act (POPIA) of South Africa. This Privacy Policy explains how we collect, use, store, and protect your personal information.

2. Information We Collect

We collect the following personal information:

• Identity Information: Full name, SA ID number or Passport number
• Contact Information: Email address, phone number, province
• Professional Information: Employer name, PSIRA number (optional)
• Account Information: Login credentials (password stored encrypted)
• Payment Information: Transaction records (card details handled by payment provider)
• Course Progress: Lesson completions, exam attempts, scores
• Technical Data: IP address, browser type, access times

3. Purpose of Processing

We process your personal information for the following purposes:

• To create and manage your account
• To verify your identity for certificate issuance
• To process payments and maintain financial records
• To provide access to course materials
• To track course progress and examination results
• To generate and issue certificates
• To enable certificate verification by third parties
• To communicate with you about your enrollment
• To comply with legal and regulatory requirements

4. Legal Basis for Processing

We process your personal information based on:

• Contract: Processing necessary for course enrollment and delivery
• Legal Obligation: Processing required for tax and financial reporting
• Legitimate Interest: Processing for fraud prevention and security
• Consent: Processing for marketing communications (where applicable)

5. Data Retention

We retain your personal information for the following periods:

• Account Data: For the duration of your account plus 5 years
• Payment Records: 7 years (tax compliance requirement)
• Certificate Records: Indefinitely (for verification purposes)
• Exam Attempts: 5 years after last activity
• Technical Logs: 12 months

6. Data Sharing

We may share your information with:

• Payment Providers: To process transactions (Yoco)
• Certificate Verification: Limited data (name, cert number, issue date) for public verification
• Legal Authorities: When required by law

We do not sell your personal information to third parties.

7. Data Protection Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Secure password hashing
• Access controls and authentication
• Regular security assessments
• Employee training on data protection

8. Your Rights Under POPIA

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to retention requirements)
• Objection: Object to processing in certain circumstances
• Complaint: Lodge a complaint with the Information Regulator

To exercise these rights, contact our Information Officer at [email protected]

9. Cookies and Tracking

We use essential cookies for:

• Session management and authentication
• Remembering your preferences
• Security and fraud prevention

10. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our platform.

11. Contact Information

Information Officer:
Healthcare Protection Academy
Email: [email protected]

Information Regulator (South Africa):
Website: www.justice.gov.za/inforeg/
Email: [email protected]