The Cape Peninsula University of Technology values the privacy of every individual's personal information and is committed to protecting this information.

This Protection of Personal Information and Privacy Plan applies to all personal information held by CPUT. All our stakeholders are required to collect, manage, and use personal information in accordance with this Protection of Personal Information and Privacy Plan.

Our Protection of Personal Information and Privacy Plan is designed to:

inform you of what information we collect and what we use it for;
explain your rights regarding how we collect and process your personal information;
describe the legal obligations that apply to us, how we comply with those laws and how they protect you.

The CPUT Protection of Information and Privacy Plan applies when individuals, collectives and organisations interact and transact with us, either in person, via telephone, email, on our social media channels, or our websites, and whenever we refer to or link to this Plan.

Please read our Protection of Personal Information and Privacy Plan carefully. We may change this Plan from time to time as required, when there are material changes to our practices or when there are legislative amendments made by the Legislature of South Africa. Any changes to our Protection of Personal Information and Privacy practices will be published on our website. We encourage you to check our website periodically to ensure that you are aware of these changes. We will notify you of any modifications to this Protection of Personal Information and Privacy Plan that might materially affect the way we use or disclose the personal information of any individual, collective or organisation that we interact with, prior to the change becoming effective. Non-material changes in such use or disclosure of personal information will not require notification.

If you are visiting this site from the European Economic Area (EEA), see Users from the EEA section below.

Central Academic Administration
Employees
Community Engagement and Work Integrated Learning
Alumni & Donors
Research Data and Research Participants
Student Affairs
Service Providers

Enquiries

Access and Enquiries

You can:

request information about the personal information we may hold about you or the organisation you represent;
request an amendment to the personal information held by us about you or the organisation you represent; and
request an internal review of a decision made in response to a request for access or amendment to personal information held by CPUT.

All such requests should be directed to the Deputy Information Officer. See CPUT PAIA Manual for information on how to contact the Deputy Information Officer or alternatively email privacy@cput.ac.za.

Complaints

If you believe your personal information has not been managed with in accordance with the University’s Protection of Personal Information and Privacy Plan, or relevant laws, you can complain to the Deputy Information Officer by emailing privacy@cput.ac.za.

If you do not agree with the decision of the Deputy Information Officer, you can request an internal review by writing directly to the Information Officer at info-officer@cput.ac.za.

You can also complain to the Information Regulator of South Africa without requesting an internal review if at least 45 business days have elapsed since your complaint was made to the Deputy Information Officer and has not responded to or addressed your complaint to your satisfaction.

Breach Response

We are committed to protecting your personal information and privacy. Where there has been a notifiable data breach we will follow the process detailed in our Information Breach Response Plan and:

investigate any reported actual or suspected data security breach;
where applicable, make the required report of a data breach to the Information Regulatory of South Africa within the defined timeframes; and
notify the affected data subjects, if known, as required by the Protection of Personal Information Act, 2013 (Act No. 4 of 2013).

· Tips for Protecting your Personal Information

We take reasonable steps to ensure the security of your personal information. It is important that you also take reasonable precautions to protect your personal details.

Here are some tips to assist you:

Close your browser when you have finished your user session and logout of the computer, particularly in public or common-use facilities such as Learning Centers, internet cafes, and libraries, to name a few.
Do not reveal your username, password, or student/employee identification number to anyone else. The University will never ask you for your username and password via email.
Do not allow others to use your account. This includes sharing your login username and password with others.
Do not voluntarily disclose personal information over the internet (e.g., in discussion groups, Chat rooms, online forums etc.). Should you do so, you may receive unsolicited messages in return.

You are responsible for maintaining the security of your username, passwords, and any other account information that is personal to you. Please be careful and responsible whenever using systems or services that utilise personal information.

For further information please refer to the University's Information Security Policy or contact the CTS Service Desk.

The University has legal obligations to protect the personal information it collects from students, employees, donors, alumni, Council & Senate members, and its committees, third parties, and members of the public.

These obligations arise principally from sections 14 and 32(1) of the Constitution of the Republic of South Africa; and section 9 of the Promotion of Access to Information Act 2 of 2000 which is designed to provide appropriate safeguards for the way the public sector handles an individual's personal information. All instances of processing personal information are covered by the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) and the Regulations Relating to the Protection of Personal Information.

Responsibility

Overall responsibility for the protection of personal information and privacy in the University resides with the Vice-Chancellor who is the Information Officer (IO) and has been registered with the Information Regulatory of South Africa as such. The responsibility for the day-to-day data and information management has been delegated to the Registrar as the Deputy Information Officer (DIO).

The Registrar as the Deputy Information Officer (DIO), who has also been registered with the Information Regulatory of South Africa, is the first point of contact for members of the University community and the public on protection of personal information and privacy matters including general information, requests to access and/or amend personal information, and for internal review and resolution of complaints.

Refer to the following resources for more information

Cookies and On-line Tracking
Tips for protecting your personal information

Other University policies and guidelines

Privacy Policy
Records & Archives Management Policy
Information Security Policy
PAIA Manual
Data Breach Response Plan

Other resources on Protection of Personal Information and Privacy

The website of the Universities of South Africa (USAf) provides information and resources on protection of personal information and privacy including a POPIA Industry Code of Conduct for Public Universities.

Visit the Universities of South Africa (USAf)’s website

Universities of South Africa (USAf) also has a range of resources on its website.

Cookies and site usage: What are cookies?

Cookies are small blocks of text generated by a web server which is placed on a website user’s computer by the web browser when user visits a website. Cookies allow a website to store information on a user's machine for it to be retrieved at a later time.

Cookies can only store information that is explicitly provided by the visitor in the first place, or information that the website already has about the user, such as their IP address.

Cape Peninsula University of Technology website uses cookies for:

1. Identifying unique visitors to the site. Users are allocated a visitor number, associated with their IP address, which is held in a cookie on that computer or device for a fixed period, such as 30 days.

2. Validating employee and/or students’ identity when they attempt to access a restricted part of the CPUT website. A cookie is stored on the user’s computer/device to improve the user experience the next time the user goes to access a restricted part of the website, such as student mail. The cookie contains the following information:

internal unique ID generated by CPUT website
full name and email alias

3. Marketing communication purposes with Google and other third-party vendors. Cookies allow CPUT to reach people who have previously visited the CPUT website and serve them tailored messages based on their CPUT website behaviour.

Google and third-party analytics

CPUT use Google Analytics and third parties to gather statistics about how the website is accessed and used. Google Analytics uses cookies to gather information for statistical reporting. No personally identifying information is intentionally recorded or provided and no user account information is linked to Google Analytics or other third parties except on occasions where identifiers (such as the student name or number) are dynamically included in the website's page title.

Website personalisation and remarketing

CPUT websites use third parties to collect information on individuals accessing and using the website in order to personalise their website experience and marketing communications.

Opting Out

Visitors can opt out of Google’s use of cookies by visiting Google’s Ad Settings.

Visitors can choose to accept or reject cookies in general, by adjusting their browser settings. It is important to note that occasionally, rejecting cookies can result in the loss of some website functionality. For example, you may be required to authenticate into secure areas of the website on each website visit if session cookies are disabled. It may also mean that you are prompted to verify your identity several times during a session on the CPUT website.

Tips for protecting your personal information

CPUT takes reasonable steps to ensure the security of your personal information, it is important that you also take reasonable precautions to protect your personal details.

Here are some tips to assist you:

Close your browser when you have finished your user session and logout of the computer, particularly in public or common-use facilities such as Learning Centers, internet cafes, libraries.
Do not reveal your username, password, or student/employee identification number to anyone else. The University will never ask for your username or password via email.
Do not allow others to use your account. This includes not sharing your login username and password with others.
If you voluntarily disclose personal information over the internet (e.g., in discussion groups, Chat rooms, online forums etc.) you may receive unsolicited messages in return.

You are responsible for maintaining the security of your username, passwords, and any other account information. Please be careful and responsible whenever using systems or services that utilise this and other personal information.

For further information please refer to the University's Information Security Policy or contact the CTS Service Desk.

Collection of personal information

The basis for the collection of personal information is to provide teaching, research, alumni relations management, community services and engagement activities. We cannot function in carrying out our activities without collecting and holding your personal information. The collection of the personal information is only for the intended purpose which is to carry out our activities. We do not collect personal information that does not relate to our functions and activities.

What personal information do we collect?

In providing education, research, and other services we collect, store, and use personal information.

Refer to the relevant document for more information about the information we collect: Employees, Alumni, Donors, Research, Community Engagement and Work Integrated Learning, Student Affairs or Service Providers section for more information about the information we collect.

Why do we collect, use, and disclose personal information?

We collect, hold, use, or disclose to third parties’ personal information only as reasonably necessary to provide our education, research, and other services. We may collect, hold, use, and disclose your personal information for the following purposes:

to enable you to access and use our services;
to operate, protect, improve and optimize our services, operations, and user experience, such as to perform analytics, conduct research and for advertising and marketing and communications;
to send you service, support, and administrative message, reminders, technical notices, updates, security alerts, and the information requested by you;
to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our service providers;
to comply with our legal obligations, resolve any disputes, and enforce our agreements with third parties; and
to enhance security on our campuses and to respond to security incidents (and this particularly relates to personal information collected by the CCTV and biometric networks installed upon our campuses).

We may also use or disclose your information where you are or ought reasonably to be aware of, or you have consented to, that use or disclosure.

We will also use or share personal information where required by relevant Laws. We may disclose your information to a number of South African government departments and agencies (including law enforcement bodies) where we are obliged to do so or when we consider it necessary or prudent to do so (for example, to prevent or assist in the investigation of a breach of the law or to protect the safety and wellbeing of an individual).

Do we use your personal information for direct marketing?

With your consent where required by law, we and or our carefully selected partners may send you direct marketing communications and information about our services and events. This may take the form of emails, SMS, mail, or other forms of communication. We will comply with the relevant laws. You may opt-out of receiving marketing materials from us by using the opt-out facilities provided (e.g., unsubscribe link).

You may need to opt-out of receiving marketing from third party agents affiliated with us on a different platform.

To whom do we disclose your personal information?

We may disclose personal information for the purposes described in this Protection of Personal Information and Privacy Plan to:

our employees to administer the services we offer to you;
third party suppliers and service providers who support us in providing services to you;
carefully selected advisers, and agents;
payment system operators; and
other persons, including government agencies, regulatory bodies, and law enforcement agencies, or as required, authorized, or permitted by law.

We may also collect from or disclose your personal information to trusted third parties. This includes recruitment agents, tertiary admission centres, external service providers, marketing organisations, government agencies and other educational institutions. These trusted third parties may also hold other information about you. This third party may combine that information to enable it and us to develop anonymised insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

If we share your personal information with third parties, we will ensure those third parties are subject to strict controls which protect your personal information from unauthorised use or disclosure, and any access to and right to use to your personal information is limited to the extent necessary for the purposes of providing the particular service.

We will not otherwise use or disclose personal information unless you are aware of or have consented to that use or disclosure.

Collection and or disclosure of personal information outside of South Africa

We may collect or disclose personal information outside of South Africa (for example, international students enquiring and or enrolling in the services we offer). We will, however, take reasonable steps to ensure that any international recipient will deal with such personal information in a way that is consistent with our Protection of Personal Information and Privacy Plan and the South African Protection of Personal Information Act, 2013 (Act No. 4 of 2013).

Security

We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. We use appropriate physical, administrative, personnel and technical measures in accordance with our Information Security Policy to keep personal information secure.

Storage and Retention

Most personal information held by us is stored in our systems, including student management systems, alumni management systems, donor management systems, employer management systems, project beneficiary management systems, HC management systems, finance systems and records management systems. Some of these systems may be externally hosted or managed.

Generally, personal information will be retained for as long as necessary to fulfil the purposes the University collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In all cases, personal information is retained and disposed of according to the provisions of the relevant records disposal legislation and our approved File Plan, Records Retention Schedule and Disposal Authority.

International transfer of personal information

Personal information we collect may be transferred from South Africa and the EEA to the USA, UK, the EU, and other countries. This includes transfers to our employees and third parties, particularly our third-party service providers.

These countries may not provide the same level of data protection as your home country.

CPUT takes appropriate steps to ensure that recipients of your personal information are bound to duties of confidentiality, and that the University and its employees implement measures to ensure that any transferred personal information remains protected and secure in line with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013).

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, relevant, and not misleading.

Students are responsible for providing accurate and up to date personal information to the University via student self-service portals, or directly to the relevant department. Alumni are responsible for providing accurate and up to date personal information to the University via alumni database system.

You can request access to the personal information we hold about you at any time by contacting the Deputy Information Officer. You also have a right to ask us to correct any inaccurate personal information we hold about you. Sometimes, we may not be able to provide you with access to all the personal information you require and, where this is the case, we will tell you why.

We may also need to verify your identity when you request your personal information.

Making a complaint

If you think we have breached the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), or you wish to make a complaint about the way we handle your personal information, you may contact the Deputy Information Officer.

We will acknowledge your complaint and respond to you regarding your complaint within a reasonable time.

If you think we have failed to resolve the complaint satisfactorily, you have the right to contact the Information Regulator of South Africa if at least 45 business days have elapsed since the complaint was made to the Deputy Information Officer.

You also have the right to send your complaint directly to the Information Regulator of South Africa without having to go through our internal process outlined above.

Legal basis for processing

The following section only applies if you use our website or services offered by us; and you are in a country that is a Member State of the European Economic Area (EEA). The information below supplements the information in this Protection of Personal Information and Privacy Plan.

If you are an individual in the EEA, we collect and process personal information about you only where we have a legal basis for doing so under relevant EU law. This means we collect and use your personal information only where that processing:

is necessary for the delivery of education and research services, which are tasks carried out in the public interest and the exercise of official authority vested in the University; or
satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and products, and to protect our legal rights and interests; or
is necessary to comply with a legal obligation; or
with your consent.

In some instances, you may be required to provide us with personal information for processing as described above, in order for us to be able to provide all of our services, and for you to use all the features of our website.

Several areas of our operations will come within the reach of the General Data Protection Regulation (GDPR). These include programs to attract European students to CPUT, research conducted with European participants and interactions with alumni and donors. We also appreciate that our European partners will often want to impose GDPR compliant clauses in the agreements we reach with them, to enable them to meet the GDPR requirements.

The Protection of Personal Information Act, 2013 (Act No. 4 of 2013) takes the same principle-based approach to data protection and privacy as the GDPR. Accordingly, we already have many consistent practices with the GDPR.

Your Rights

You may be able to exercise additional rights including:

to have data erased (subject to our obligations as a Public Institution to maintain and preserve public records);
to object to the processing of your personal information;
to restrict the processing of your personal information temporarily; and
to object to decision making based on automated decision-making as outlined in section 71 of Protection of Personal Information Act, 2013 (Act No. 4 of 2013).

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

Requests to exercise these rights should be submitted to the Deputy Information Officer.

If you are in the EEA and you have any concerns or complaints about how we are collecting or processing your personal information, you may lodge a complaint to your local data protection authority if you consider that our processing of your personal information violated applicable law.

To locate the data protection authority most relevant to you please refer to the website of the European Protection Advisory Board.

Lodging a complaint

If you are in the EEA and you have any concerns or complaints about how we are collecting or processing your personal information, you may lodge a complaint to your local data protection authority if you consider that our processing of your Personal information violated applicable law. Please follow this link to locate the data protection authority most relevant to you.

What personal information do we collect?

The personal information we collect about you includes, but not limited to:

contact and identification information, such as name and contact details (including, address, email address, telephone number(s), date of birth, passport and driver’s license details and images and emergency contacts; and
personal records, including educational records; financial records, employment records; citizenship and residency records and Health and Wellness data.

What is your personal information used for?

We only use personal information in relation to the provision of Teaching and Learning, Research and Work Integrated learning, and other services. We will never sell your personal information to a third party.

The uses of your information include:

providing information about the University to prospective students and the public;
administering and managing the provision of educational and support services, including admission, enrolment, scholarships, billing and collection of fees and charges, examinations, assessments and graduation, academic records, and university electoral rolls; and
reviewing, developing, optimizing, and personalizing the delivery of all our services.

Additional information about your rights and how we handle your information is included in Exercising Your Rights above.

Personal information may be collected and used to administer the following:

On-campus accommodation at one of our owned, leased, and/or accredited residences;
Delivery of library services;
School and workplace visits;
Placements and professional experiences;
Work integrated learning programmes; and
Student surveys.

We may disclose your information to a number of South African government departments and agencies (including law enforcement bodies) where we are obliged to do so or when we consider it necessary or prudent to do so (for example, to prevent or assist in the investigation of a breach of the law or to protect the safety and wellbeing of an individual).

Graduation Booklet

We maintain and publish a graduation booklet which include the name of each graduate and the degree conferred. Students may opt out from being included in the publicly published booklet by contacting info@cput.ac.za.

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, relevant, and not misleading.

Students are responsible for providing accurate and up to date personal information to the University via student self-service portals, or directly to the relevant department.

You can request access to the personal information we hold about you at any time by contacting the Deputy Information Officer. You also have a right to ask us to correct any inaccurate personal information we hold about you. Sometimes, we may not be able to provide you with access to all the personal information you require and, where this is the case, we will tell you why.

We may also need to verify your identity when you request your personal information.

What personal information do we collect?

The personal information we collect about you includes, but not limited to:

contact and identification information, such as name and contact details (including, address, email address, telephone number(s), date of birth, passport and driver’s license details and images and emergency contacts; and
personal records, including educational records; financial records, employment records; citizenship and residency records and Health and Wellness data.

What is your personal information used for?

We only use personal information in relation to the provision of Teaching and Learning, Research and Work Integrated learning, and other services. We will never sell your personal information to a third party.

The uses of your information include:

providing information about the University to prospective students and the public;
administering and managing the provision of educational and support services, including admission, enrolment, scholarships, billing and collection of fees and charges, examinations, assessments and graduation, academic records, and university electoral rolls; and
reviewing, developing, optimizing, and personalizing the delivery of all our services.

Additional information about your rights and how we handle your information is included in Exercising Your Rights above.

Personal information may be collected and used to administer the following:

On-campus accommodation at one of our owned, leased, and/or accredited residences;
Delivery of library services;
School and workplace visits;
Placements and professional experiences;
Work integrated learning programmes; and
Student surveys.

We may disclose your information to a number of South African government departments and agencies (including law enforcement bodies) where we are obliged to do so or when we consider it necessary or prudent to do so (for example, to prevent or assist in the investigation of a breach of the law or to protect the safety and wellbeing of an individual).

Graduation Booklet

We maintain and publish a graduation booklet which include the name of each graduate and the degree conferred. Students may opt out from being included in the publicly published booklet by contacting info@cput.ac.za.

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, relevant, and not misleading.

Students are responsible for providing accurate and up to date personal information to the University via student self-service portals, or directly to the relevant department.

You can request access to the personal information we hold about you at any time by contacting the Deputy Information Officer. You also have a right to ask us to correct any inaccurate personal information we hold about you. Sometimes, we may not be able to provide you with access to all the personal information you require and, where this is the case, we will tell you why.

We may also need to verify your identity when you request your personal information.

What personal information do we collect?

The personal information we collect about our current and prospective employees including job candidates includes:

recruitment information including job applications, criminal history checks, reference reports and reference checks, results of assessments and evaluations, copies of qualifications and security clearances;
employment contracts and conditions of employment, including records relating to previous employment;
criminal record checks, which the employer may, in line with operational requirements, with the knowledge and consent of the employee conduct from time to time;
personal information such as address, contact details, dependents’ and next-of-kin details
employee records relating to attendance and overtime, leave applications and approvals, records relating to personal development and training and graduate, volunteer and work experience scheme participation, performance appraisals and promotions and records relating to discipline matters, complaints, and grievances and investigation;
Financial information including payroll and pay related records, banking details, tax numbers and retirement fund details; and
Health and Wellness information including medical records and records of accidents, incidents, and injuries suffered during the course of duty to the employer, along with records relating to compensation and rehabilitation.

What is your personal information used for?

We only use your personal information in relation to the services and functions of the University. The University will never sell your information to a third party.

The uses of your information include:

to maintain accurate and up-to-date employment records and contact details (including emergency contact details), leave details, and records of employee contractual and statutory rights;
to manage performance including disciplinary and grievance processes and to ensure acceptable conduct within the workplace and planning for career development;
to obtain occupational Health and Wellness advice, to ensure the University complies with duties in relation to individuals with disabilities, meets its obligations under the Occupational Health and Safety Act, and ensures that employees are receiving the pay or other benefits to which they are entitled;
to administer and enhance employee services and employee benefit schemes; and
to ensure effective general Human Capital and business administration.

Additional information about your rights and how we handle your information included in Exercising Your Rights above.

Privacy by design

Our employees must consider privacy at the initiation of a process or service and throughout the complete development process or service that involve processing personal information.

Employee responsibilities

Our employees, collectively and individually are responsible for:

ensuring that when they collect, manage, and use personal information that they do so in accordance with this Protection of Personal Information and Privacy Plan;
following the personal information collection protocol published here mandated by the Information Officer and the Deputy Information Officer when collecting personal information;
complying with our privacy by design commitment when developing new products, processes or services that involve processing personal information; and
promptly informing their manager/supervisor if they become aware of an actual or suspected privacy breach and emailing privacy@cput.ac.za relevant details of the actual or suspected privacy breach.

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, relevant, and not misleading.

Employees are responsible for providing accurate and up to date personal information to the University via MIS Portal.

You can request access to the personal information we hold about you at any time by contacting the Deputy Information Officer. You also have a right to ask us to correct any inaccurate personal information we hold about you. Sometimes, we may not be able to provide you with access to all the personal information you require and, where this is the case, we will tell you why.

What personal information do we collect?

The personal information we collect about our Community Engagement and Work Integrated Learning Participants includes:

Curriculum vita of students and graduates.

For a detailed list of the type of personal information we collect, please see DATA SUBJECT: Community Engagement and Work Integrated Learning Participants.

What is your personal information used for?

We only use your personal information in relation to the services and functions of the University. The University will never sell your information to a third party.

The uses of your information include:

to maintain accurate and up-to-date records and contact details (including emergency contact details), and records of employee contractual and statutory rights;
to manage performance Community Engagement and Work Integrated Learning processes and to ensure acceptable conduct within the projects and planning for career development;
to obtain occupational Health and Wellness advice, to ensure the University complies with duties in relation to individuals with disabilities, meets its obligations under the Occupational Health and Safety Act; and
to ensure effective general Human Capital and operational administration.

Additional information about your rights and how we handle your information included in Exercising Your Rights above.

Privacy by design

Our employees must consider privacy at the initiation of a process or service and throughout the complete development process or service that involve processing personal information.

Community Engagement and Work Integrated Learning Participants responsibilities

Our participants, collectively and individually are responsible for:

ensuring that when they collect, manage, and use personal information that they do so in accordance with this Protection of Personal Information and Privacy Plan;
following the personal information collection protocol published here mandated by the Information Officer and the Deputy Information Officer when collecting personal information;
complying with our privacy by design commitment when developing new products, processes or services that involve processing personal information; and
promptly informing their manager/supervisor/project leader if they become aware of an actual or suspected privacy breach and emailing privacy@cput.ac.za relevant details of the actual or suspected privacy breach.

Accessing or correcting your personal information

We will take reasonable steps to ensure the personal information we hold about you is accurate, up to date, complete, relevant, and not misleading.

Participants are responsible for providing accurate and up to date personal information to the University.

You can request access to the personal information we hold about you at any time by contacting the Deputy Information Officer. You also have a right to ask us to correct any inaccurate personal information we hold about you. Sometimes, we may not be able to provide you with access to all the personal information you require and, where this is the case, we will tell you why.

We maintain relationships with alumni and donors and with other interested parties, including the local community, business, industry, and professional organisations concerned with or supporting the core functions of the University (education, research and community engagement).

As part of maintaining these relationships, we may collect personal information of:

Donors or scholarship providers;
Alumni and their friends and family;
Members of any of our official social media groups;
Subscribers to any of our newsletters; and
Other participants in out-reach or marketing campaigns or attendees at University events.

This information may be used:

to inform you about University courses and/or events;
to inform you of and provide alumni benefits; and
to inform you of opportunities to engage with and support the University.

The University will never sell your personal information to a third party. Additional information about your rights and how we handle your information included in Exercising Your Rights above.

We collect, store, and use research participant’s personal information to administer research programmes.

Before collecting or using personal information in research, the researcher must have obtained approval from the University Research Integrity. The University requires researchers to demonstrate that potential research participants have given voluntary, informed consent consistent with the Human Sciences Research Council (HSRC) and Academy of Science of South Africa (ASSAf) standards. Researchers are also required to keep a record of that consent.

It is the responsibility of the researcher and the relevant Faculty to ensure compliance with all relevant information protection laws and standards.

Additional information about what personal information is handled as part of research programmes and can be located on our website at Research. Alternatively, please contact the Unit of Research Integrity (URI) at CPUT: Dr HM Burger Burgerh@cput.ac.za .

The University provides a range of services to students including:

Student Health

Student Health provides a range of health services to students including:

Campus Clinic
Student Counselling;
Disability Unit;
HIV/AIDS Unit;
Nursing;

As part of these services, we collect, store, and use personal information, including health information.

What personal information do we collect?

The personal information we collect about people who use our Health services includes:

name, address, and contact information of the individual, dependents, and other family members, and of health professionals who are currently or have previously provided treatment;
medical aid details;
records such as patient records including assessments and treatments;
medical records, including medications, and any current or past medical conditions;
x-rays, video/audio/digital recordings and images;
financial records related to the treatments given and associated fees charged; and
notes on the consultations and treatments given and correspondence that may take place between you and the clinic, or any health service provider and the clinic.

What is your personal information used for?

We only use your personal information collected in relation to the provision of Health services and to contribute to the University’s teaching, research, and development activities in relevant fields.

The University will never sell your personal information and health information to a third party.

Should there be a dispute with a patient over the University’s ability to disclose records outside the University, any agreement or contract that the University may have with an external party for provision of treatment which requires or permits the disclosure of records will prevail.

Patients may request access to view their clinic record; however, the record remains the property of the University. Such viewings by patients of clinic records will be conducted in accordance with the process set down by the University and may involve the presence of a senior staff member or the treating specialists.

Residential Services

Residential Services provides a range of services to students including:

Accommodation
Personal development
Academic support
Social development
Health and wellness

As part of these services, we collect, store, and use personal information, including health information.

What personal information do we collect?

The personal information we collect about people who use our services including Health and Wellness services includes:

Name, address and contact information of the individual, dependents, and other family members;
Financial records related to the services given and associated fees charged; and
Notes on the consultations and services given and correspondence that may take place between you and Residential Services.

What is your personal information used for?

We only use your personal information collected in relation to the provision of Residential Services and to contribute to the University’s teaching, research, and development activities.

The University will never sell your personal information to a third party.

Should there be a dispute with a patient over the University’s ability to disclose records outside the University, any agreement or contract that the University may have with an external party for provision of services which requires or permits the disclosure of records will prevail.

Governance and Leadership Development

Governance and Leadership Development provides a range of services to students including:

Improving the quality and increasing student leadership participation in Student Governance.
Co-ordinate the co- curricular programmes and community service activities on and off campus, for SRC’s.
Plan and co-ordinate induction, strategic and financial planning programmes with student leaders.
Develop and review policies and constitutions governing student governance structures.
Serve as a support structure for students by providing them with information, rules, and procedures.
Ensure that the budget is adhered to and that action plans are implemented.
Facilitate and support the conducting of SRC elections.
Ensure that student leadership receives the necessary training so that they can be effective in executing their responsibilities.

As part of these services, we collect, store, and use personal information, including health information.

What personal information do we collect?

The personal information we collect about people who use our Health and Wellness services includes:

Name, address, and contact information of the individual;
Training and development needs
Course information

What is your personal information used for?

We only use your personal information collected in relation to the provision of Governance and Leadership Development services and to contribute to the University’s teaching, research, and development activities in relevant fields.

The University will never sell your personal information to a third party.

Should there be a dispute with a patient over the University’s ability to disclose records outside the University, any agreement or contract that the University may have with an external party for provision of services which requires or permits the disclosure of records will prevail.

Sports, Arts and Culture

Sports, Arts and Culture provides a range of services to students including:

Regulating, organizing and coordination of student sport and cultural activities within the institution.
Holistic development of CPUT students.

As part of these services, we collect, store, and use personal information, including health information.

What personal information do we collect?

The personal information we collect about people who use our services includes:

Name, address and contact information of the individual, dependents, and other family members,
Medical aid details;
Records such as patient records including assessments and treatments;
Medical records, including medications, and any current or past medical conditions;
X-rays, video/audio/digital recordings, and images.
Information relating to participating in previous/current sporting codes and arts and cultural activities.

What is your personal information used for?

We only use your personal information collected in relation to the provision of Sports, Arts and Culture services and to contribute to the University’s teaching, research, and development activities in relevant fields.

The University will never sell your personal information to a third party.

Should there be a dispute with a patient over the University’s ability to disclose records outside the University, any agreement or contract that the University may have with an external party for provision of services which requires or permits the disclosure of records will prevail.

View Document here