Privacy Policy
Last updated: 21 November 2025
1. Introduction
This Privacy Policy (“Policy”) describes how Academy for Organisational Change (Pty) Ltd (Registration No. 2021/HE07/004), trading as “The Academy” or “AOC” (“we”, “us”, or “our”), collects, protects, and uses the Personal Information you (“User”, “Student”, “Applicant”, or “you”) provide on the https://www.organisationalchange.co.za website and through our educational products or services (collectively, “Website” or “Services”).
We are committed to protecting your privacy and ensuring that your Personal Information is collected and used properly, lawfully, and transparently in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA").
2. Who We Are (The Responsible Party)
For the purposes of POPIA, Academy for Organisational Change (Pty) Ltd is the Responsible Party. This means we define the purpose and means of processing your Personal Information.
3. Personal Information We Collect
We collect information necessary to provide higher education services, process applications, and manage our relationship with you. This includes:
General Identification: Name, surname, title, gender, date of birth.
Contact Details: Email address, physical address, postal address, telephone numbers.
Statutory Information: South African ID number or Passport number (mandatory for DHET/SAQA reporting), ethnicity/race (for B-BBEE and statutory reporting purposes).
Academic & Professional Info: Previous qualifications, employment history, CVs, academic records, and assessment results generated during your studies with us.
Financial Information: Billing details, VAT numbers, banking details (for processing refunds or payments), and payer details if a company is sponsoring your studies.
Technical Usage Data: IP address, browser type, operating system, and access times (collected automatically via cookies).
4. How We Collect Information
Directly from you: When you fill out an enquiry form, submit an application for enrollment, register for a course, make a purchase, or communicate with us via email.
Automatically: Through cookies and analytics tools when you navigate our Website.
From Third Parties: We may receive information from employers (sponsors), recruitment partners, or credit bureaus (where applicable and with consent).
5. Purpose and Legal Basis for Processing
We process your Personal Information for the following reasons, based on the listed legal grounds:
| Purpose | Legal Basis |
|---|---|
| Enquiry & Application Processing | To take steps at your request prior to entering into a contract. |
| Student Enrollment & Education Delivery | Performance of a contract (the Student Agreement). |
| Statutory Reporting (NLRD, HEQCIS) | Legal Obligation: As a registered Private Higher Education Institution, we are required by law to submit student data to the Department of Higher Education & Training (DHET) and the South African Qualifications Authority (SAQA). |
| Invoicing & Debt Collection | Performance of a contract / Legitimate Interest. |
| Communication & Support | Legitimate Interest to ensure you receive course updates and support. |
| Marketing & Newsletters | Consent (for new leads) or Legitimate Interest (for existing students/alumni, with opt-out options). |
6. Sharing of Personal Information
We do not sell your Personal Information. However, we may share your information with:
Regulatory Bodies: The Department of Higher Education and Training (DHET), the Council on Higher Education (CHE), and the South African Qualifications Authority (SAQA). Submission of student data to the National Learners' Records Database (NLRD) is a mandatory statutory requirement for all accredited institutions.
Service Providers (Operators): Trusted third parties who provide services on our behalf, such as Learning Management Systems (LMS), IT support, cloud hosting, and payment processors. We ensure these operators enter into written agreements to protect your data.
Sponsors: If your employer pays your fees, we may share your academic progress and attendance records with them, provided you have consented to this in your student agreement.
7. Transborder Information Transfer
Some of our service providers (e.g., cloud storage or software providers) may be located outside of South Africa. If we transfer your Personal Information outside of South Africa, we ensure that:
- The recipient is subject to a law, binding corporate rules, or a binding agreement which provides an adequate level of protection strictly similar to POPIA;
- Or you have consented to the transfer.
8. Information Security
We secure the information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards to protect against loss, misuse, or alteration of data.
However, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your Personal Information, you acknowledge that there are security limitations on the Internet beyond our control.
9. Retention of Data
We will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy.
Academic Records: As a Higher Education Institution, we are required to keep a permanent record of student achievements and qualifications awarded.
Financial Records: Retained for 5 years as required by the Tax Administration Act.
Marketing Data: Retained until you opt-out or unsubscribe.
10. Your Rights (Data Subject Rights)
Under POPIA, you have the right to:
- Access: Request a copy of the Personal Information we hold about you.
- Correction: Request that we update, correct, or delete your Personal Information.
- Objection: Object to the processing of your Personal Information on reasonable grounds.
- Unsubscribe: Opt-out of receiving direct marketing communications from us at any time.
To exercise these rights, please contact our Information Officer at admin@organisationalchange.co.za.
11. Cookies and Tracking
The Website uses "cookies" to help personalize your online experience and analyze traffic. You can choose to decline cookies through your browser settings. However, declining cookies may limit your ability to use certain features of our Website.
12. Privacy of Children
We do not knowingly collect Personal Information from children under the age of 18 without the explicit consent of a parent or legal guardian. If you are under 18, you must not submit any information to us unless your guardian has co-signed your application or provided written consent.
13. Data Breaches
In the event of a security compromise where your Personal Information has been accessed or acquired by an unauthorized person, we will notify the Information Regulator and the affected Data Subjects (you) as required by Section 22 of POPIA, unless directed otherwise by law enforcement.
14. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this page. Your continued use of the Website or Services after the effective date of the revised Privacy Policy will constitute your consent to those changes.
15. Contact Us & Information Officer
If you have questions about this Policy or our treatment of your Personal Information, please contact us:
Email: admin@organisationalchange.co.za
Phone: +27 010 880 3980
Physical Address: 150 Kelvin Drive, Woodmead, Johannesburg, South Africa, 2091
16. The Information Regulator (South Africa)
If you are not satisfied with how we handle your Personal Information, you have the right to lodge a complaint with the Information Regulator.
Website: https://inforegulator.org.za/
Email (Complaints): POPIAComplaints@inforegulator.org.za
General Enquiries: enquiries@inforegulator.org.za