IEPA Data Protection Policy

Version 1: January 2020

1. Introduction

IEPA collects certain information on behalf of the AEE from data subjects which include trainees, customer companies, vendors, business contacts, business partners and employees in the regions which it is licensed to serve. The information collected is for the purposes of event registrations, certification applications, certification renewal applications, certification upgrades, international examination sittings, and the issuing of AEE certification and certificates for the purposes of the Energy and Water Sector Education and Training Authority (EWSETA) and the Engineering Council of South Africa (ECSA).

IEPA is bound by the AEE Data Protection Policy of May 2018 to safeguard the privacy of individuals, where applicable, and shall hold in confidence and in a secure manner the information obtained in the course of its activities under license by the AEE at all levels of the organization, including the activities of authorized staff, and all other persons acting on behalf of IEPA, AEE, and the NCPC-SA.

2. Purpose of this policy

This policy describes how IEPA handles the data subjects’ information in accordance with the AEE Data Protection Policy, the South African Protection of Personal Information Act of 2013, and the EU679 of 2016’s General Data Protection Regulation – and should be read in conjunction with these documents.

The policy ensures IEPA follows good practice when processing, storing, distribution and discarding of data subject information, protect the rights of staff, certified professionals, vendors, customers, and business partners, and protects itself and the AEE against risks of a data breach.

3. General Staff Guidelines

The only individuals who are able to access data covered by this policy are authorized Responsible Persons and designated Operators as defined by their positions of appointment and for reasons of AEE business purposes alone. Authorized staff is:
a) All Directors– Responsible Person
b) Certification Renewal Administrator – Responsible Person
c) Training Coordinator – Operator
d) Training Administrator – Operator
e) Accounts Administrator – Operator
f) Marketing Coordinator – Operator
g) IT manager – Operator

Authorized staff handles the data as per the AEE Data Protection Policy dated May 2018, and any amendments published.

4. Third parties and business partners

When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that data subject information that we remain responsible for is kept secure.

Data subject information is by nature of the AEE’s global reach, transferred beyond the borders of the Republic of South Africa for processing and storing. We will ensure that anyone whom we pass data subject information to agrees to treat the information with the same level of protection as we are obliged to.

5. Data storage

IEPA stores data both hardcopy and electronically in accordance with the AEE Data Protection Policy dated May 2018, and any amendments published.

External data handling vendor systems used for electronic data handling includes:
a) Oak Technologies
b) Paypal, Payfast
c) Xneelo
d) Sharpspring

All vendors comply with the GDPF and POPI Act requirements, have signed confidentiality and non-disclosure agreements.

6. Data use

IEPA adheres to the AEE Data Protection Policy aligning data use in the promotion of the AEE’s mission.

IEPA maintains and uses its data to:

a) Communicate event registration confirmations and information upon receipt of registrations and in response to inquiries
b) Perform Certification renewal verification tasks
c) Inform its AEE certified professionals of renewal due dates, renewal opportunities, and renewal information and guidance

Individuals are always able to unsubscribe or request changes to the information and communication they receive from the IEPA.

7. Monitoring and control of information

The IEPA has a duty and a right to protect our rights in serving the data subjects information and the AEE, to act with integrity in decision making to ensure data subject information is protected.
We will regularly monitor and verify that all authorized staff and third parties that are provided restricted access to information, adhere to the IEPA Data Protection Policy, and any amendments deemed necessary.

8. Copyright

IEPA subscribes to all partner confidentiality and Copyright requirements.