POPIA Compliance
MyEncore is fully compliant with the Protection of Personal Information Act (POPIA), South Africa's data protection legislation.
Our Role Under POPIA
Under POPIA, schools are "responsible parties" who determine why and how personal information is processed. MyEncore acts as an "operator" processing data on behalf of schools according to their instructions and our service agreement.
How We Support POPIA Compliance
Lawful Processing
We only process data as necessary to provide our services. We don't use school data for other purposes without consent.
Security Measures
We implement appropriate technical and organizational security measures as required by POPIA Section 19.
Data Subject Rights
Our platform supports schools in responding to data subject access requests, corrections, and deletions.
Breach Notification
If a data breach occurs, we notify affected schools promptly so they can fulfill their notification obligations.
Privacy Practices
Our approach to privacy:
Minimal Data Collection
We collect only information necessary to provide our services. We don't collect data for advertising or marketing to learners.
Purpose Limitation
Data is used only for the purposes disclosed to schools and their users. We don't repurpose data without proper authorization.
No Data Selling
We never sell personal information. School and learner data is not a product we monetize.
Transparency
We're clear about what data we collect, why we collect it, and how it's used. No hidden practices.
Children's Privacy
Schools handle data about children (learners under 18). We recognize the special sensitivity of children's data:
- Learner data is only accessible to authorized school staff and parents/guardians
- We don't allow direct marketing to learners
- Age-appropriate access controls ensure learners only see information relevant to them
- Schools control what information is shared with learners versus kept for staff only
Data Processing Agreement
Our service agreement with schools includes data processing terms that:
- Define MyEncore as an operator acting on behalf of the school
- Specify the types of data processed and purposes
- Commit to appropriate security measures
- Address breach notification procedures
- Cover data return/deletion at end of service
Schools requiring specific contractual terms should contact us to discuss.
Third-Party Services
We use some third-party services to provide our platform. These include:
- Cloud hosting providers - for infrastructure and data storage
- Payment processors - for handling school fee payments (PCI-DSS compliant)
- Communication services - for SMS delivery
We ensure third parties meet appropriate security and compliance standards before engaging them.
Contact for Legal Matters
For legal inquiries, data protection questions, or to exercise data subject rights:
- Email: [email protected]
- Or use our contact form
Policy Documents
The following policy documents are available:
- Privacy Policy - How we handle personal information
- Terms of Service - Terms governing use of MyEncore