Data Protection & Privacy Compliance

AfriPath Global is committed to protecting your personal information in accordance with South Africa's Protection of Personal Information Act (POPIA) and the European Union's General Data Protection Regulation (GDPR).

POPIA Compliance (South Africa)

The Protection of Personal Information Act (POPIA), 2013 regulates how South African organizations process personal information. AfriPath Global fully complies with all eight POPIA conditions:

Accountability

We take responsibility for all personal information under our control

Processing Limitation

We process data lawfully, with your consent, and only for specified purposes

Purpose Specification

We clearly communicate why we collect your information

Further Processing

We don't use your data for purposes incompatible with the original intent

Information Quality

We ensure your data is complete, accurate, and up-to-date

Openness

We're transparent about how we process your personal information

Security Safeguards

We implement appropriate technical and organizational measures

Data Subject Participation

You have the right to access, correct, and delete your information

GDPR Compliance (European Union)

The General Data Protection Regulation (GDPR) protects EU citizens' personal data. As AfriPath Global partners with European universities (Route A), we ensure full GDPR compliance for all students, regardless of location.

Your Rights Under GDPR

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Opt out of certain data processing activities
  • Right to Withdraw Consent: Revoke consent at any time
How We Protect Your Data

Encryption

All data is encrypted in transit (TLS/SSL) and at rest (AES-256)

Access Control

Role-based permissions ensure only authorized personnel access your data

Audit Logging

Every data access and modification is logged for accountability

What Data We Collect & Why
Data CategoryPurposeLegal Basis
Personal Details (name, DOB, nationality)Application processing, identity verificationConsent, Contractual necessity
Contact Information (email, phone)Communication, application updatesConsent
Academic Records (grades, transcripts)Pathway matching, university applicationsConsent, Contractual necessity
Financial Information (budget preferences)Route recommendation, scholarship matchingConsent
Supporting Documents (ID, certificates)Application submission to institutionsConsent, Contractual necessity
Who We Share Your Data With

We only share your personal information when necessary and with your explicit consent:

  • Partner Universities & Institutions: Your application data is shared with institutions you apply to (Routes A, B, C)
  • School Counsellors: Your assigned counsellor can view your profile and application progress
  • Service Providers: Cloud hosting (secure servers), payment processors (if applicable)
  • Legal Authorities: Only when required by law or to protect rights and safety

We NEVER sell your personal information to third parties.

Data Retention & Deletion

We retain your personal information only as long as necessary for the purposes outlined:

  • Active Applications: Retained until application cycle completion or withdrawal
  • Successful Placements: Archived for 7 years for audit and compliance purposes
  • Inactive Accounts: Automatically deleted after 3 years of inactivity (with prior notice)

You can request immediate deletion of your data at any time by contacting our Data Protection Officer.

Contact & Complaints

Data Protection Officer

For any privacy-related questions or to exercise your rights:

Email: [email protected]

Phone: +27 83 677 6356

Address: 72 Jamie Uys, Midrand, South Africa

Regulatory Authorities

If you're not satisfied with our response, you have the right to lodge a complaint with:

South Africa (POPIA)

Information Regulator (South Africa)

inforeg.org.za

European Union (GDPR)

Your national Data Protection Authority

edpb.europa.eu

Last Updated: February 26, 2026

This compliance statement is reviewed and updated regularly to reflect changes in legislation and our practices.