Table of Contents

Privacy Policy

Protection of Personal Information Act (POPIA) Compliance

Last Updated: 14 May 2026

1. Introduction

Welcome to the Hostel Management System ("we", "us", "our"). We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") of South Africa.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our hostel management website. Please note: This system is a web-based application only and does not include any mobile applications.

By using our services, you consent to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our services.

2. Responsible Party

In terms of POPIA, the "Responsible Party" for your personal information is:

Organization: Not yet configured

Information Officer: Not yet designated

3. Information We Collect

We collect the following categories of personal information:

Student Information
  • Full name and student number
  • Email address and phone number
  • Gender (for room allocation purposes)
  • Room allocation and building information
  • Emergency contact information
Note: We do not collect government-issued ID numbers (e.g., SA ID, passport numbers) or photographs/images of students.
Visitor Information
  • Visitor name and contact details
  • ID number and relationship to student
  • Vehicle registration (where applicable)
  • Check-in and check-out times
Parcel Information
  • Sender information and tracking details
  • Parcel collection records
Maintenance Records
  • Maintenance requests and issue descriptions
  • Digital signatures for service confirmation
Technical Information
  • IP addresses and browser information
  • Login timestamps and session data
  • Cookies and usage analytics

5. How We Use Your Data

We use your personal information for the following purposes:

Accommodation Management

Room allocation, check-in/out processes, and residence administration

Security & Access Control

Building access, visitor management, and emergency procedures

Maintenance Services

Processing and tracking maintenance requests

Parcel Management

Receiving, storing, and distributing parcels

Communications

Important notices, announcements, and emergency alerts

6. Data Sharing & Third Parties

We may share your personal information with:

  • Emergency Services: In case of emergencies affecting your health or safety (ambulance, fire, police)
  • Legal Authorities: When required by law, court order, or legal process
Your Data Stays With Us: We do not share your personal information with educational institutions, third-party service providers, or any external vendors. All data processing is handled internally.
Important: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6b. Direct Marketing (POPIA Section 69)

In terms of POPIA Section 69, we may only conduct direct marketing if:

  • You are an existing resident/customer and we market similar services
  • We have obtained your explicit consent (opt-in) for marketing communications
  • You have been given a reasonable opportunity to object at no cost
Your Right to Opt-Out

You can opt-out of direct marketing at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Visiting your Data Privacy settings in your account
  • Contacting our Information Officer

6c. Data Breach Notification (POPIA Sections 21-22)

In the event of a security compromise where your personal information may have been accessed by unauthorized persons, we will:

  1. Notify the Information Regulator as soon as reasonably possible
  2. Notify you (the data subject) in writing as soon as reasonably possible, unless:
    • A public body or the Information Regulator determines notification would impede a criminal investigation
    • We have implemented sufficient security safeguards rendering the information unintelligible
Notification will include: Description of the breach, consequences, measures taken to address it, and recommendations for you to mitigate potential adverse effects.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption
Data encrypted in transit and at rest
Access Control
Role-based access restrictions
Audit Logs
Comprehensive activity tracking
Secure Hosting
Enterprise-grade infrastructure
Regular Backups
Automated backup systems
Staff Training
POPIA awareness training

8. Your Rights Under POPIA (Chapter 5)

Under POPIA, you have the following rights regarding your personal information:

You have the right to request confirmation of whether we hold personal information about you and to access that information.

You have the right to request that we correct or delete your personal information if it is inaccurate, irrelevant, excessive, out of date, misleading, or obtained unlawfully.

You have the right to request the deletion of your personal information when it is no longer necessary for the purpose for which it was collected.

You have the right to object to the processing of your personal information for direct marketing purposes.

You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed.
Exercise Your Rights

To exercise any of these rights, please:

  1. Log into your account and visit the Data Privacy section
  2. Contact the designated Information Officer
  3. Submit a written request to our Information Officer

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Data Category Retention Period Action After Period
Student Records 5 years after departure Anonymized or Deleted
Visitor Logs 2 years Deleted
Parcel Records 1 year after collection Deleted
Maintenance Records 3 years Archived
Audit Logs 7 years Archived
Login History 90 days Deleted

10. Cookies & Tracking

Our website uses cookies to enhance your experience. As this is a web-only application (no mobile apps), cookies are only used on this website. These include:

Essential Cookies

Required for authentication, security, and basic website functionality. Cannot be disabled.

Functional Cookies

Remember your preferences such as language, theme, and layout settings.

Analytics Cookies

Help us understand how visitors use our website (anonymized, aggregated data).

Manage Your Cookie Preferences
You can change your cookie settings at any time. Note that disabling certain cookies may affect website functionality.
Manage Cookies

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

  • We will notify you via email or prominent notice on our website
  • The "Last Updated" date at the top of this policy will be revised
  • Where required by law, we will obtain your consent to material changes

We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Us

Information Officer

Our Privacy Officer is available to assist you with any privacy-related inquiries, including data access requests, correction requests, or any questions about how we handle your personal information.

Contact details not yet configured.
Use the form below to contact us
Information Regulator

If you are not satisfied with our response, you may lodge a complaint with:
The Information Regulator (South Africa)
Woodmead North Office Park, 54 Maxwell Dr, Woodmead, Johannesburg, 2191
Phone: 010 023 5200 | Toll Free: 0800 017 160
Email: enquiries@inforegulator.org.za
Website: inforegulator.org.za

Contact Privacy Officer

We will respond to your inquiry within 5 business days as required by POPIA.

By continuing to use our services, you acknowledge that you have read and understood this Privacy Policy.

Version 1.0 | Effective Date: 14 May 2026