Data Protection Policy
Introduction
The Institute of Energy Professionals Africa (IEPA) is a non-profit company (NPC) that collects certain information on behalf of the Association of Energy Engineers (AEE) from data subjects which includes trainees, customer companies, vendors, business contacts, business partners and employees in the regions which it is licensed to serve. The information collected is for the purposes of event registrations, certification applications, certification renewal applications, certification upgrades, international examination sittings, and the issuing of AEE certification and certificates for the purposes of the Energy and Water Sector Education and Training Authority (EWSETA) and the Engineering Council of South Africa (ECSA) as well as AEE requirements.
IEPA is bound by the AEE Data Protection Policy of May 2018 to safeguard the privacy of individuals, where applicable, and shall hold in confidence and in a secure manner the information obtained during the course of its activities under license by the AEE at all levels of the organisation, including the activities of authorised staff, and all other persons acting on behalf of IEPA, IEPA’s partners and the AEE.
Purpose of this policy
This policy describes how IEPA handles the data subjects’ information in accordance with the AEE Data Protection Policy, the South African Protection of Personal Information Act of 2013, and the EU679 of 2016’s General Data Protection Regulation – and should be read in conjunction with these documents.
The policy ensures IEPA follows good practice when processing, storing, distribution and discarding of data subject information, protects the rights of staff, certified professionals, vendors, customers and business partners, and protects itself and the AEE against risks of a data breach.
General Staff Guidelines
The only individuals who are granted access to data covered by this policy are authorised as defined by their positions of appointment, and for reasons of AEE business purposes alone.
Authorised individuals to access Billing information and Identify Proof of data subject:
a) Training Partners
b) Training Coordinator/Administrator
c) Certification Coordinator/Administrator
d) Chapter Board Members
e) Accounts Clerk
f) IT Operator
Authorised individuals to access Billing information, Identity Proof, and Certification Application information of data subject:
g) Certification Administrator
h) Certification Coordinator
i) Regional Certification Board Members
Authorised staff handle the data as per the AEE Data Protection Policy dated May 2018, and any amendments published.
Third parties and business partners
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that data subject information that we remain responsible for is kept secure.
Data subject information is by nature of the AEE’s global reach, transferred beyond the borders of the Republic of South Africa for processing and storing. We will ensure that anyone whom we pass data subject information to, agrees to treat the information with the same level of protection as we are obliged to.
Third parties and business partners whom we contract with shall only have access to Billing and Proof of Identify information of the data subjects.
Data storage
IEPA stores data both hardcopy and electronically in accordance with the AEE Data Protection Policy dated May 2018, and any amendments published.
External data handling vendor systems used for electronic data handling includes:
a) Xneelo
b) Paypal
c) Dropbox
d) GSuite
e) Microsoft Office Products
f) MailerLite
g) Sharpspring
h) Survey Monkey
i) Asana
All vendors comply with the GDPF and POPI Act requirements, have signed the data protection policies, and are tied to confidentiality and non-disclosure agreements with their contracts.
Data use
IEPA adheres to the AEE Data Protection Policy aligning data use in the promotion of the AEE’s mission.
IEPA maintains and uses its data to:
a) Communicate event registration confirmations and information upon receipt of registrations and in response to enquiries
b) Perform Certification application, upgrade and renewal verification tasks
c) Distributes data subject information to AEE Certification Board Members within South Africa and transborder information flows to regional board members for review
d) Inform its AEE certified professionals of renewal due dates, renewal opportunities, and renewal information and guidance.
Access to necessary data is provided with restrictions to:
i) AEE Africa Certification Board Members for certification application review;
ii) Board Members comply with discarding data subject information immediately after application review is concluded.
Individuals are at all times able to unsubscribe or request changes to the information and communication they receive from IEPA and all its partners.
Monitoring and control of information
The IEPA has a duty and a right to protect our rights in serving the data subjects’ information and the AEE, to act with integrity in decision-making to ensure data subject information is protected.
We will regularly monitor and verify that all authorised staff and third parties provided restricted access to information, adhere to the IEPA Data Protection Policy, and any amendments deemed necessary.