0
Login

  • Home

  • Privacy Policy

Privacy Policy

Privacy Policy — Grace & Guardian eLearning Portal

Effective Date: 9 August 2025

This Privacy Policy explains how Grace and Guardian (Pty) Ltd ("Grace & Guardian", "we", "us", "our") collects, uses, discloses, and protects personal information when you use our eLearning Portal ("Portal"), websites, and related services.

Grace and Guardian (Pty) Ltd

  • Reg. No: 2014/105020/07
  • BEE Status: 100% Black-owned (BEE Level 1)
  • Address: 7 Bamboes Street Chantelle, Akasia 0182, Pretoria
  • Phone: 079 374 8645
  • Email: training@gracenguardian.co.za

1) Who This Policy Covers

  • Learners, prospective learners, employer/sponsor representatives, trainers/assessors/moderators, website visitors, and any user of our Portal and services.

2) What We Collect

  • Identity data: Name, ID/passport number, date of birth, gender, learner/employer identifiers.
  • Contact data: Email, phone numbers, physical/postal addresses.
  • Account data: Usernames, passwords (hashed), role/permissions, enrollment history.
  • Training data: Course registrations, attendance, assessments, results, certificates, portfolios of evidence, uploaded assignments, feedback.
  • Employment/sponsor data: Employer name, role, supervisor contact, sponsorship/PO details if applicable.
  • Financial/billing data: Payment records, invoices, transaction references; we do not store full card details if using a payment gateway.
  • Technical data: Device, browser type/version, IP address, approximate location, Portal usage analytics, cookies and similar technologies.
  • Compliance data: Copies of IDs, proof of address, professional/SETAs records where required, declarations, disciplinary records related to academic integrity.
  • Communications: Emails, calls, support tickets, survey responses, consent records.

3) How We Collect Data

  • Directly from you during registration, enrollment, communications, assessments, and submissions.
  • From your employer/sponsor when they enroll or manage learners.
  • Automatically via cookies, logs, and analytics when you use the Portal.
  • From third-party verifications, SETAs, or regulators where required for accreditation or certification.

4) Why We Process Your Data (Lawful Purposes)

  • Contractual: To register accounts, deliver courses, manage assessments, issue certificates, and provide learner support.
  • Legal/Regulatory: To comply with PSIRA/SASSETA, LGSETA, ETDP SETA, Services SETA, SAATCA/ISO and other statutory/recordkeeping requirements (e.g., R638 for Food Safety training).
  • Legitimate interests: To maintain platform security, improve courses and services, conduct analytics, prevent fraud/abuse, and manage business operations.
  • Consent: For optional communications, certain analytics/marketing cookies, testimonials, or where consent is required by law.

5) How We Use Your Data

  • Provide and personalize access to the Portal and courses.
  • Verify identity; manage attendance, assessments, moderation, and certification.
  • Maintain accreditation and quality assurance evidence (e.g., PoEs, assessor/moderator records).
  • Communicate about enrollments, schedules, results, certificates, updates, and service notices.
  • Billing, invoicing, and payment reconciliation.
  • Monitor performance, usage, and security; troubleshoot and improve services.
  • Meet legal, regulatory, and audit requirements; respond to lawful requests.

6) Cookies and Tracking

  • We use:
    • Strictly necessary cookies for login/session security
    • Functional cookies for preferences
    • Analytics cookies to understand usage and improve content
    • Third-party cookies where we embed tools (e.g., videos, payment, analytics)
  • See our Cookie Policy for details and consent choices. You can manage preferences via the cookie banner and your browser settings.

7) Sharing and Disclosures

  • Accreditation/regulatory bodies (e.g., PSIRA, SASSETA, LGSETA, ETDP SETA, Services SETA, SAATCA) for verification, reporting, moderation, or certification.
  • Employers/sponsors for enrollment management, attendance, progress, and billing, where they fund or manage the training.
  • Service providers for Portal hosting, communications, analytics, proctoring, payment processing, and IT/security under confidentiality and data protection obligations.
  • Assessors, moderators, verifiers, and trainers for course delivery and quality assurance.
  • Professional advisors and auditors under duty of confidentiality.
  • Authorities if required by law, court order, or to protect rights, safety, and security.
  • In a business transfer or reorganization, subject to appropriate safeguards.
  • We do not sell personal information.

8) International Transfers

  • Our Portal and service providers may process data in or outside South Africa. Where data is transferred internationally, we implement appropriate safeguards consistent with applicable data protection laws.

9) Data Retention

  • We retain personal information for as long as necessary to deliver services, meet legal/regulatory/accreditation requirements, resolve disputes, and enforce agreements.
  • Typical retention periods:
    • Training/assessment/certification records per SETA/regulatory requirements
    • Billing/financial per tax and accounting laws
    • Support/communications for operational and audit purposes
  • When no longer required, data is securely deleted or anonymized.

10) Data Security

  • We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including access controls, encryption in transit, secure hosting, backups, and staff training.
  • No system can be 100% secure; we continuously improve controls and monitor for incidents. We will notify you and regulators of significant breaches as required by law.

11) Your Rights

  • Access your personal information and request copies; request correction of inaccurate or incomplete information.
  • Request deletion, restriction, or objection to certain processing; withdraw consent where applicable without affecting prior lawful processing.
  • Request portability of data you provided.
  • Lodge a complaint with the Information Regulator (South Africa): justice.gov.za/inforeg.
  • To exercise rights, contact training@gracenguardian.co.za; we may need to verify your identity.

12) Children and Vulnerable Persons

  • Our courses generally target adults. For minors (under 18) or vulnerable persons, we process data with appropriate consents and safeguards from parents/guardians or employers, in line with legal requirements.

13) Communications Preferences

  • Service/transactional messages are necessary for course participation.
  • You can opt in/out of optional marketing and surveys at any time via links provided or by contacting us.

14) Third-Party Websites and Services

  • The Portal may link to third-party sites or include embedded tools. Their privacy practices are governed by their policies; we are not responsible for their content or handling of personal information.

15) Changes to This Policy

  • We may update this Privacy Policy periodically. The latest version will be posted with a new Effective Date. Material changes may be communicated through the Portal or email.

16) Contact Us

Grace and Guardian (Pty) Ltd

Email: training@gracenguardian.co.za
Phone: 079 374 8645
Address: 7 Bamboes Street Chantelle, Akasia 0182, Pretoria