The objective of this policy is to protect the information assets of the Kailo Training Institute (KTI) against threats, be it internal or external, whether with intent or accidental. This is necessary to ensure business continuation, curbing of losses and maximising of business opportunities.
This policy sets the standard for the suitable protection of personal information in KTI. It provides the principles regarding the right of individuals to privacy and reasonable protection of personal information.
The policy is applicable to KTI, Associated Service Providers, their sole owners, key persons, representatives and other personnel in KTI. The sole owners, key personnel and management of KTI are eventually responsible for proper control of information security.
KTI’s Information Control Officer
The responsibilities of the KTI Information Officer are as follows:
- the development and updating of this policy,
- ensuring that this policy is supported with applicable documentation and procedural instructions,
- assuring that documentation is relevant and kept up to date,
- communicating the content of the policy, and consequential updating, to the relevant managers, representatives, personnel, and associates concerned.
The company, key personnel, representatives, and personnel of KTI are obliged to comply with the provisions of this policy. Any deviations from this policy or breach thereof or incidents that may relate to such a possibility, must be reported to the Information Officer.
External individuals, involved in information technology under contract to KTI, will be subjected to the same information security policy as applicable to KTI. A separate contract will have to be signed confirming commitment to the policy and will include assurance that security measures are in place when personal information is processed.
The company, key personnel, representatives as well as personnel of KTI are committed to the following principles:
- KTI will always maintain and develop reasonable protective measures against risks such as loss, unauthorised access, destruction, use, alteration, or revelation of personal information.
- KTI will at all times comply with restrictions and other requirements applicable to the international transfer of information.
KTI upholds the requirements of the legislation on POPI and maintains an approach of transparency of operational procedures that control the collection and processing of personal information.
- KTI is committed to complying with all applicable regulatory requirements related to the collection and processing of personal information.
- KTI undertakes to collect personal information in a legal and reasonable way and to process the personal information obtained from clients only for the purpose for which it was obtained in the first place.
- Processing of personal information obtained from clients will not be undertaken in an insensitive or wrongful way that can intrude on the privacy of the client.
- KTI undertakes not to request or process information related to race, religion, medical situation, political preference, trade union membership, sexual certitude, or criminal record. KTI will also not process information about juveniles.
- KTI will ensure that correct and sufficient information is on record of its clients. Non-relevant information will be removed. Only the latest information related to the training process will be recorded.
- Information will be directly obtained from the client.
- KTI also undertakes not to provide any documentation to a third party or service provider without the consent of the client except where it is necessary for the proper execution of the service as expected by the client, in compliance with the education provided, with the proviso that KTI will at all times ensure that the third party also complies with the stipulations and requirements of the POPI legislation as well as when documents are requested by institutions as prescribed by law.
- KTI is compelled to keep an effective record of personal information and undertakes not to keep information for a period longer than that prescribed by the relevant educational legislation. Information will be destroyed at the end of the prescribed period in such a way that it cannot be reconstructed.
- KTI will provide the necessary security of data and keep it in accordance with prescribed legislation.
- Should information be lost, that is not under the control of KTI anymore, it will immediately be brought to the attention of the client and the regulator.
- In the event of data loss, the client will receive sufficient information to restrict possible risks that may result from the loss.
- Clients may at all times inquire about information kept and may also request the removal or destruction of information that is not relevant anymore.
- KTI will ensure that all service providers and other role-players involved, comply with the expectations of the POPI legislation of 2013.
- The management of KTI gives the assurance that representatives and staff understand the requirements and expectations of the act and comply with the content thereof and that training will take place on an ongoing basis.
- KTI’s policy regarding private information will continuously be updated to comply with legislation, thereby ensuring that personal information will be secure.
The management as well as the information officer of KTI, are responsible for the implementation, administration, and supervision of this policy. This function includes the provision of supporting guidelines, standardised operational procedures, notices, applicable documents, and processes.
The sole owner, key personnel, representatives, and staff of KTI will be trained to be conversant with their functions regarding the regulatory requirements, policy and guidelines related to the protection and control of personal information. The Facilitators, Assessors and Moderators of KTI will undertake periodic revision and auditing to ensure compliance with the policy, guidelines, and the application of the principle of privacy of information.
KTI will implement suitable operational controls to ensure the privacy of information in compliance with this policy and the regulatory requirements. These control measures will comprise:
- allocation of responsibilities for information security
- incident reporting and management
- user ID inclusion or removal
- information security training and education
- data backup.
This policy is implemented by the Management, Facilitators, Assessors, Moderators, and staff of KTI. All stakeholders namely shareholders, directors, key personnel, representatives and staff of KTI as well as the Facilitators, Assessors, and Moderators assigned with the duty to collect and process personal information, must comply with the requirements of the policy.
Non-compliance to this policy will lead to disciplinary action such as a possible change of mandate or dismissal.
“Browser” means an application used to access and view this website, including, but not limited to, Internet Explorer, Google Chrome, and Mozilla Firefox.
“Cookies” are small text files created by a website and that is stored in the user’s computer, either temporarily for that session only or permanently on the hard disk (called a persistent cookie). Cookies provide a way for the website to recognise you and keep track of your preferences.
“Data” means information in electronic form.
“IP address” means a unique address that identifies a device on the Internet or local network.
“Personal information” means information relating to an identifiable, living, natural person and, where it is applicable and identifiable, existing juristic person, including, but not limited to:
- a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person,
- b) information relating to the education or the medical, financial, criminal or employment history of the person,
- c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or another assignment to the person,
- d) the biometric information of the person,
- e) the personal opinions, views or preferences of the person,
- f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence,
- g) the views or opinions of another individual about the person; and
- h) the name of the person, if it appears with other personal information relating to the person, or if the disclosure of the name itself would reveal information about the person.
“POPIA” means the Protection of Personal Information, 2013 (Act No. 4 of 2013) in the Republic of South Africa.
“Social Networking Services” means web-based services that allow people to communicate, collaborate or connect. Examples are Facebook, Instagram, Twitter, LinkedIn etc.
“Tracking pixel” means a 1×1 image created with a small piece of HTML coding that is used to track behaviour when a user lands on a website page or clicks on an email.
“Traffic data” means any data processed for the purpose of the conveyance of a communication on an electronic communications network in respect of that communication, and includes data relating to the routing, duration, or time of communication.
“User / you / your” means a person who uses a computer or other device to access this website.
Personal information collected using our websites
Kailo Training Institute collects the personal information that you input when you submit an enquiry, make a request, use the live chat function, request a quotation, join a mailing list, submit an online application, or use any form available on our websites. Some information may be collected automatically – please refer to the Sections below for more information on this.
Information collected on the website will only be used for the purpose for which you provide it, including any associated processes that support that purpose, or as otherwise consented to by you, or as allowed for by law.
On our websites, mandatory data fields will be indicated and are necessary to process the requests that can be made on our websites. Should you wish not to provide mandatory data fields, we will not be able to process your request from our websites.
Information that is collected on our website is generally hosted and processed locally, but where service providers are used in other territories, we choose and/or contract with them in such a manner that a similar level of protection is provided as in South Africa. Where this is not reasonably practicable, our applicable Privacy Notices, Terms and Conditions, or requests for consent will inform you as needed.
We respect your right to privacy, and we will only share your information with third parties if (a) you have consented to the sharing, (b) it is required by law, or (c) it is necessary to fulfil the purpose for which you provided it, or (d) other legitimate reasons as provided for in law.
Student applicants should refer to the Student Privacy Notice and the Student Terms and Conditions for information regarding the transborder flow of student information, other parties with whom information is shared, and other important information.
We may share your personal information with:
- other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services)
- our goods suppliers or service providers under contract who help supply certain goods or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods suppliers or service providers only use your information in connection with the goods they supply or services they perform for us and not for their own benefit)
- credit bureaus to report account information, as permitted by law
- banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you utilise the services to receive payments and you meet their criteria); and
- other third parties who provide us with relevant services where appropriate.
We may share your personal information with third parties for the purposes of fulfilling our obligations to you among other purposes.
We may disclose your personal information as required by law or governmental audits.
We may disclose personal information if required:
- by a subpoena or court order
- to comply with any law
- to protect the safety of any individual or the general public; and
- to prevent violation of our customer relationship terms.
We may disclose personal information to third parties if required for legal reasons.
Cookies and tracking pixels
Kailo Training Institute may use tracking technologies (such as cookies and tracking pixels) on our websites and digital adverts on third-party platforms to collect information about website use. The information collected may include, but is not limited to:
- IP address
- Search terms used
- Application (browser) used to access our website
- Location information
- Activity on our website (pages visited, time spent etc.)
- Language used
- Date and time stamps
The information listed above is collected for the following purposes:
- Advertising and the measurement of performance of advertising campaigns
- To investigate technical errors or other issues with our website, applications, and services
- Site features and services – e.g. to store preferences
- To optimise performance and improve the website’s user experience
- Security reasons
Kailo Training Institute uses google analytics and Facebook tracking to analyse non-identifiable traffic data, in order to improve our services and marketing campaigns.
We may place small text files called ‘cookies’ on your device when you visit our website. These files do not contain personal information, but they do contain a personal identifier allowing us to associate your personal information with a certain device. These files serve a number of useful purposes for you, including:
- granting you access to restricted content
- tailoring our website’s functionality to you personally by letting us remember your preferences
- improving how our website performs
- allowing third parties to provide services to our website; and
- helping us deliver targeted advertising where appropriate in compliance with applicable laws.
We collect certain information from cookies that we may send to your computer to try and give you a personalised experience.
Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor, or share any of your personal information. We merely use them to compile anonymous information about our website.
We collect certain information from web beacons on our website to compile anonymous information about our website.
You may also provide additional information to us on a voluntary basis (optional information). This includes content or products that you decide to upload or download from our website or when you enter, train, take advantage of promotions, respond to surveys, order certain additional goods or services, or otherwise use the optional features and functionality of our website.
We collect certain optional information, that you provide when you upload or download content from our website or when you enter training, take advantage of promotions, respond to surveys or register and subscribe for certain additional services.
We may monitor and record any telephone calls that you make to us.
Purpose of collection
We may use or process any goods information, services information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal information, disclosing it, and combining it with other personal information. We generally collect and process your personal information for various purposes, including:
- sales purposes - such as collecting orders for, supplying, and supporting our clients
- training purposes – such as collecting orders for, supplying, and supporting our training
- services purposes – such as collecting orders for and providing our services
- marketing purposes – such as pursuing lawful related marketing activities
- business purposes – such as internal audit, accounting, business planning, joint ventures, disposals of business, or other proposed and actual transactions; and
- legal purposes – such as handling claims, complying with regulations, or pursuing good governance.
We may use your usage information for the purposes described above and to:
- remember your information so that you will not have to re-enter it during your visit or the next time you access the website
- monitor website usage metrics such as total number of visitors and pages accessed; and
- track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
We may use any of your personal information that you provide to us for the purposes that you indicated when you agreed to provide it to us.
Consent to collection
We will obtain your consent to collect personal information:
- in accordance with applicable laws of South Africa
- when you provide us with any registration information or optional information.
We will get your consent to collect your personal information in accordance with applicable law when you provide us with it.
Social networking services and other third-party platforms
Where you interact with Kailo Training Institute via social networking services or websites belonging to third parties, those parties may collect information about you for their purposes, in accordance with their privacy and cookie policies, over which Kailo Training Institute does not have control.
Social networking services may track your use of Kailo Training Institute’s website on those pages where their links are displayed. If you are logged in to those services (including any Google service) while using Kailo Training Institute’s website, their tracking will be associated with your profile with those service providers, over which Kailo Training Institute exercises no control.
Transfer to another country
We may transmit or transfer personal information outside of the country in which it was collected to a foreign country and process it in that country. Personal information may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal information may not be as stringent as the laws in the country in which it was collected. You consent to us processing your personal information in a foreign country whose laws regarding the processing of personal information may be less stringent.
We may not transfer your personal information outside the country in which it was collected to a foreign country without your permission. OR We may transfer your personal information outside the country in which it was collected to a foreign country.
Users of our websites are free to choose whether you opt-in (that is, consent to) to receive further marketing messages from us (beyond a response to your initial enquiry), by selecting the relevant tick box. You may change your mind at any time, and the options for opting out are described below. Note that checking the tick box serves as your signature, as per the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002).
Should you opt-in (that is, provide consent) to receive direct marketing messages from us, we will save this instruction against your provided email address or telephone number, since we do not collect other unique identifiers for users who are not students, applicants, or pre-screening candidates. Should you change your consent status using a different email address or telephone number, the new status will reflect those contact details only. To change your consent status on the original contact details, you may use the ‘stop’ or ‘unsubscribe’ links or function that will be included in the messages, or you may send an email to
Pre-screening candidates, applicants and students are considered customers of Kailo Training Institute, since service is delivered to them, and so, are automatically opted in to direct marketing, and may opt out by using the ‘stop’ or ‘unsubscribe’ link or function contained in direct marketing messages, or sending an email to
Note that the following messages are not considered direct marketing and are not affected by your marketing consent status:
- Responses to enquiries made on our websites; and
- Messages to pre-screening candidates, applicants, students, and alumni related to academic administration, application and registration processing, and student journey management.
Your duties and responsibilities
Users of our websites have the following responsibilities:
- Website users may only input their own personal information onto our websites.
- You may only input your personal information on our websites if you are 18 years or older.
- The data you input on our websites must be accurate, complete, and not misleading.
You may choose to correct or update the personal information you have submitted to us, by clicking the relevant menu on any of the pages on our website or by contacting us by phone or email.
Please let us know if your information changes. Students and alumni may update their information on the Student Portal. If you are not a student or alumnus, please email our Information Officer at
If you are visiting kailo.co.za and/or kailo.org.za from a location outside of the Republic of South Africa, your connection will be through and to servers located in South Africa
Last updated: 07 April 2022