Welcome to the ETA College KPI Dashboard (“ETA”, “we”, “us”, or “our”),
a mobile and web application owned and operated by ETA College, South Africa. The ETA KPI Dashboard is designed to provide
owners and senior management with real-time visibility into key performance indicators including enrolments, student numbers,
revenue, retention rates, graduate output, and strategy execution.
This Privacy Policy outlines how we collect, use, process, disclose, and secure personal information obtained through our
mobile application and web portal. By installing, accessing, or utilizing the ETA KPI Dashboard, you acknowledge that your
personal data will be handled strictly in accordance with this policy.
2. Legislative & Compliance Framework
ETA College operates under the following data protection framework:
POPIA Compliance (South Africa): As a South African institution, ETA College acts as the
“Responsible Party” under the Protection of Personal Information Act, No. 4 of 2013 (POPIA).
We are legally bound to protect the personal information of data subjects and to process such information strictly
within the lawful boundaries set out by the eight statutory Conditions for Lawful Processing.
GDPR Alignment (International Users): To the extent that we process data of individuals residing
within the European Union or United Kingdom, we provide corresponding protections, including clear lawful bases for
processing, data portability rights, and transparent mechanisms for data erasure.
3. Information We Collect
The ETA KPI Dashboard is a login-gated application for authorized personnel only. The following personal data is collected:
3.1. User Account Data
To provide access to the platform, we collect the following information during account creation:
Full Name: First name and surname of the authorized user.
Email Address: Used as the login credential and for system communications such as password resets.
Password: Stored in an encrypted (hashed) format. We never store plaintext passwords.
Role & Access Level: Whether the user has full access or dashboard-only viewing rights.
3.2. Device & Usage Data
When using the mobile application, we may collect:
Device Information: Device model, operating system version, and unique device identifiers for biometric authentication.
Usage Analytics: Login timestamps, session duration, and application interaction data for performance monitoring.
Biometric References: If biometric login is enabled, authentication is handled locally on the device. We do not store fingerprint or facial recognition data on our servers.
4. How We Use Your Information
ETA College processes personal data strictly for defined and lawful purposes:
Data Field
Purpose
Legal Basis (POPIA / GDPR)
Name & Email
User authentication, account management, and system communications.
Performance of a Contract / Legitimate Interest
Password (hashed)
Secure authentication to the platform.
Performance of a Contract
Role & Access Level
Enforcing role-based access controls within the application.
Legitimate Interest
Device & Usage Data
Monitoring application stability, performance, and security.
Legitimate Interest
5. Data Sharing, Disclosures, and Third Parties
Core Guarantee: ETA College does not sell, rent, trade, or commercially exploit the personal
information of its users to any third-party organizations.
Data may be shared only under the following conditions:
Infrastructure Providers: The application is hosted on secured servers managed by Netgen (Pty) Ltd,
our appointed technology partner. All data is processed within secured environments with appropriate access controls.
Email Services: Transactional emails (account creation, password resets) are sent via SendGrid,
a PCI-DSS compliant email delivery service. Only the recipient email address and message content are transmitted.
Mandatory Legal Disclosures: We reserve the right to disclose personal data if required to do so
by South African law enforcement, the Information Regulator, or a court of competent jurisdiction.
6. Information Security Measures
To secure the integrity and confidentiality of personal information, ETA College implements robust technical and
organizational measures aligned with POPIA Section 19:
End-to-end encryption using Transport Layer Security (TLS/SSL) for all data in transit.
Password hashing using industry-standard algorithms (ASP.NET Core Identity).
Role-based access controls (RBAC) restricting data access to authorized personnel only.
Automatic session timeouts and inactivity-based logouts on the mobile application.
Regular security assessments and patch management of hosting environments.
7. Data Retention Standards
We do not retain personal information for longer than is necessary to fulfill the purposes for which it was collected:
User Account Data: Retained for the duration of the user’s active account. Upon deactivation
or removal, personal data is soft-deleted and purged within 30 days.
KPI Snapshot Data: Operational performance data is retained indefinitely for historical reporting
and trend analysis purposes. This data does not contain personal information.
Usage & Device Data: Retained for up to 12 months for performance monitoring, after which
it is automatically purged.
8. Data Subject Rights
Under POPIA (and in alignment with GDPR), all data subjects possess enforceable rights regarding their data.
You have the right to:
Request Access: Confirm whether we hold any of your personal information and request a copy of that record.
Request Correction: Request the modification, update, or correction of inaccurate or outdated personal data.
Request Deletion: Object to ongoing processing and request the deletion of your personal data,
subject to overriding statutory retention requirements.
Lodge a Formal Complaint: If you believe your data has been handled unlawfully, you have the right
to submit a complaint to the South African Information Regulator.
9. Contact & Information Officer Details
For any privacy-related inquiries, data access requests, or exercises of statutory rights, please contact us
using the details below: