Candidate Privacy Notice
1. Introduction
1.1 We are ICDL South Africa, a company incorporated in South Africa an organisation not for gain (Section 21 Company). Co. Reg. No. 1999/026930/08 NPO 237-168 PBO 930007853 (“we”, “our” or “us”). We are the data controller of, and responsible for, your personal data collected as part of the Certification activity.
1.2 We offer a range of Certifications that allow candidates to demonstrate their knowledge skills and competence in different areas. These certifications can include components including learning content, diagnostic assessments, and certification tests. Progress and participation in the ICDL Programme by you is administered by ICDL South Africa and/or its affiliates. On successful completion of a certification test, candidates receive a certificate, which formally states that they are certified in a specific ICDL Certification Programme. (“Purpose”).
1.3 We are committed to respecting privacy and complying with all applicable data protection and privacy laws.
2. Legal Bases
2.1 We process your Personal Data as necessary (i) to deliver the Purpose outlined above, and (ii) in accordance with applicable data protection law. Based on the specific circumstances, the legal basis for our processing is one of the following:
2.1.1 Legitimate Interest. We process Personal Data where it is necessary for our legitimate interests as a provider of the Purpose. This includes activities related to learning, training, testing, invigilation, and certification as well as everyday business operations, such as administrative tasks like troubleshooting, data analysis, and data security.
2.1.2 Legal Obligation. We may process your Personal Data when we need to comply with a legal obligation, meet our ongoing regulatory and compliance obligations, including in relation to recording and monitoring communications, and regulatory or governmental bodies, and investigate security incidents and prevent crime.
2.1.3 Consent. In certain cases, where required under the law, we process your Personal Data based on your specific and informed consent. For example, we may use your information to send you news and newsletters about ICDL or to otherwise contact you about ICDL, or provide you with information you have specifically requested.
2.2 We may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using that data.
2.3 We will only use your Personal Data for the purposes for which we collected it unless we believe that we need to use your Personal Data for another reason that is compatible with the original purpose. If we intend to process Personal Data for an unrelated purpose, prior to that processing we will explain the legal basis that allows us to do so.
3. Third Party Disclosures
3.1 We will not disclose your Personal Data to third parties unless required by law to do so, or as otherwise set out in this Notice.
3.2 We may share your personal data regarding your learning or certification activities, where necessary, with relevant third parties, ICDL local office partners, regulatory authorities, training and test centres, and employers.
3.4 We may also share information with our third-party service providers who provide services to us. Categories of service providers include automated test providers, learning content providers, customer support service providers, data analytics providers, data hosting providers, digital badging and digital certification providers, records-storage companies and other IT professional service providers.
4. International Transfers
4.1 Your Personal Data may be transferred and stored in locations outside of territories administered by ICDL SouthAfrica that have different standards of data protection. We will take appropriate steps to ensure that the transfer of Personal Data is in accordance with applicable law and is managed carefully to protect your data protection rights. For your reference, ICDL South Africa complies with the requirements of the European Economic Area (General Data Protection Regulation 2016/679). If your Personal Data is stored and processed in the EEA and transferred outside the EEA, we will ensure a suitable level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
4.1.1 we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
4.1.2 we may use specific contracts approved by the European Commission that give personal data the same protection it has in Europe.
4.2 Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data.
5. Retention
5.1 We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes it is provided for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of further communications or interaction.
5.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and the applicable legal, regulatory or other retention requirements.
5.3 You have the right to request deletion of your Personal Data. Please see “Your Legal Rights” below for further information.
6. Your Legal Rights
6.1 ICDL SA is contractually bound to ICDL Foundation (parent company in Ireland) to comply with the following, you have the following rights as a data subject under European data protection law.
6.1.1 right to access the data;
6.1.2 right to rectification;
6.1.3 right to erasure;
6.1.4 right to restriction of processing or to object to processing;
6.1.5 right to data portability; and
6.1.6 right to withdraw your consent.
6.2 While some of these rights apply generally, certain rights apply only in specific circumstances and are subject to certain exemptions under applicable data protection law.
6.3 We will at all times endeavour to promptly respond to any request regarding your personal data but you may also contact the relevant authorities.
6.4 Please note that should you choose your information to be erased, all information will be removed and your certificate will not be able to be verified by a potential employer nor will it be able to be reprinted.
7. How to contact us
7.1 If you have any questions about this Notice or our data protection practices please contact us
7.2 You will not have to pay a fee to access your Personal Data or to exercise any of the other data subject rights. However, if your request is clearly unfounded, repetitive, or excessive we may charge a reasonable fee or we could refuse to comply with your request. We try to respond to all legitimate requests within one month. In some cases, it could take us longer than one month if you have made a number of requests or if your query is particularly complex. In this case, we will let you know and update you regularly.
8. Updates to privacy notice
8.1 We reserve the right to amend this Notice from time to time. We encourage you to visit and review this Notice periodically.