PRIVACY POLICY

At ASP School Projects, we are committed to maintaining the trust and confidence of visitors to our website, and users of our products and services. In particular, we want you to know that ASP School Projects is not in the business of buying, selling, renting or trading email lists with other companies and businesses for marketing purposes.

In this Privacy Policy, we’ve provided detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. For the purposes of this Privacy Policy, “personal information” shall be defined as set out in the Promotion of Access to Information Act, No. 2 of 2000.

You can contact us with data information requests via email at info@aspschoolprojects.co.za, or alternatively leave a message on our Contact Us page.

1. GENERAL

1.1 About Our Privacy Policy
We are committed to protecting your privacy. This privacy policy applies to all the web pages related to the Site.

The personal information gathered through details submitted via the Site will not be used for anything other than that which is stated in the Terms and Conditions. Such gathered personal information may be stored and used by us indefinitely in order to fulfil our services, which include the promotion of our products and services.

Through your use of the Site, you signify your acceptance of our Privacy Policy. Should you not agree to this policy, please do not continue to use the Site. Your continued use of the Site following the posting of changes to the Privacy Policy will be deemed as your acceptance of those changes.

2. COOKIES POLICY

2.1. What Are Cookies?
Like most websites, www.aspschoolprojects.co.za uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smartphones or tablets) as you browse this website. They are used to remember when your computer or device accesses our website, and also help us keep track of information needed as you move from page to page (for example, the contents of your shopping cart).

Cookies are essential for the effective operation of our website and to help you shop with us online. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.

2.2. Information Collected
Some cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device. This includes information about pages viewed, products purchased or added to your cart and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details. ASP School Projects can use cookies to monitor your browsing and purchasing behaviour.

2.3. How Are Cookies Managed?
The cookies stored on your computer or other device when you access our websites are designed by:

• ASP School Projects, or on behalf of ASP School Projects, and are necessary to enable you to a make purchases on our website.
• Third parties who collect analytical data (namely Google Analytics and Facebook Pixel).

2.4. What Are Cookies Used For?
The main purposes for which cookies are used are:

• For technical purposes essential to effective operation of our website, particularly in relation to online transactions and site navigation.
• To enable ASP School Projects to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.

2.5. How Do I Disable Cookies?
If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below:

Microsoft Internet Explorer
Google Chrome
Safari
Mozilla Firefox
Opera
Safari on iPhone
Chrome on iPhone
Android Browser

2.6. What Happens If I Disable Cookies?
This depends on which cookies you disable, but in general the website will not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our site, some buttons will become inactive, and some navigation functionality will be lost.

3. OUR CUSTOMER DATABASE

3.1 About Our Customer Database
We have our own customer database which is stored on servers and is never transferred, duplicated or backed up outside of the Republic of South Africa. Stringent measures are in place to prevent unauthorised access to this database, including IP locking and strong “need to know basis” access policies.

3.2. Who Has Access?
Access to the raw data is limited to a very small handful of people who legitimately need to use it within ASP School Projects, as well as senior partners at our third party web development company, Mindmuzik Technologies. Mindmuzik Technologies.

Our customer experience team and finance team, via the administration section of our website, have access to all customer details including name, physical address, email address, order history and transactions. Only the head of department can access the raw underlying data.

Our web development teams, both internally and employed by our third party provider, work with an anonymised copy of the live database (the same underlying data, but with all references to identifiable personal information scrambled, including names, email addresses, postal addresses, and phone numbers).

Access keys for our various third party services are stored securely external to the code to which developers have access.

4. MARKETING

4.1. Signing Up For Our Mailing List
Our mailing list (sometimes known as our newsletter) is classified under the following 3 email categories:

Company updates and product releases
By opting into this category we’ll tell you about new and upcoming products and significant updates or changes to existing products.

Special offers and promotions
By opting into this category we’ll tell you about upcoming promotional pricing events in our shop. We’ll also announce all the exclusive events and competitions we’re planning.

Newsletter and blog articles
By opting into this category we’ll tell you about educational and other content from our blog articles including tips such as exam preparation and study techniques and much more. We’ll share social media activity (such as photos, videos etc.) and other relevant news we think might interest you.

Our Home, Blog and Gallery pages contain a form you can use to sign up to our mailing list. After you’ve entered your email using this form, we’ll send you a confirmation email, and you’ll need to click the confirm button to affirm that you opt in and that the email address you used is valid. The single piece of mandatory information we need from you in order to subscribe you is a valid email address. In using it you’ll be opting in to receiving all 3 categories of emails, however you can update your preferences at any time on the My Profile page (which will also be included in every email we send you). You can unsubscribe altogether in the same place after you have logged in successfully.

You will also be opted into our mailing list when you obtain a free gift (such as free samples or other educational material) from our Free page. In order to gain download access to your gift, you will be prompted to enter your email address and will have to confirm your email. You will be opted into all 3 categories, but you can update your preferences or unsubscribe at any time on the My Profile page after you have logged in successfully.

You can also opt to join our mailing list during the process of creating a profile when you register. You will be opted into all 3 categories if you opt in, but you can update your preferences or unsubscribe at any time on the My Profile page after you have logged in successfully.

4.2. Where We Keep Our Mailing List
We use Mailchimp to host our mailing list. This is a US-based company and store our data outside the Republic of South Africa. They comply with required data protection policies. Their privacy policy is here.

Apart from your email address and (optionally) your name, Mailchimp also tracks your interactions with our campaigns (opens, clicks) as well as detecting if the email is marked as spam or doesn’t get delivered (bounces). They also track whether or not you have unsubscribed.

Every email we send from this platform has an unsubscribe button and the option to update your mailing preferences.

Additionally, we send some emails via our own website, usually where the message relies on us knowing more information about you. An example of this include a discount code to purchase a product for which you have downloaded a free gift.

We maintain synchronicity between your preferences in our own database, and your preferences on Mailchimp (whichever way round you choose to edit them).

One caveat you should note is that if you change your email address directly using Mailchimp’s supplied form, and don’t make the same adjustment on your ASP School Projects account, we will be unable to maintain sync between both sets of preferences, and you may receive emails you don't expect.

4.3. How Long We’ll Keep You On Our Mailing List
We’ll keep you on our mailing list so long as you occasionally open our messages or until you unsubscribe. We reserve the right to remove people from our list who have not opened any of our emails in the previous 12 months; whose emails continue to bounce too many times; or whom we consider unqualified.

5. CREATING AN ASP SCHOOL PROJECTS ACCOUNT

5.1. Activities That Require An Account
Certain activities you might perform on our website require you to have an ASP School Projects account. These include:

• Buying products
• Downloading products

When you create an account, we ask for your personal details (such as first and last names), your login details (such as email address and a password), your contact details (such as your cellphone number and physical address) and also ask whether you’d like to opt in to our mailing list (you can read more about our mailing list above).

When you create an account, your password is stored encrypted using an industry standard password hashing mechanism which isn’t reversible, so nobody can find out what your password is in plain text. We encourage our customers to use difficult to guess passwords or passphrases, and to use a password manager to discourage password sharing between websites.

5.2. How To Keep Your Data Up To Date
You can update your data on the My Profile page once you have successfully logged in. Alternatively, you can leave a message on our Contact Us page or by telephone and we will update it for you.

5.3. How Long Do We Keep Your Account Data
We will retain your ASP School Projects account data indefinitely.

Your account can either be suspended or terminated depending on the reason for investigation or cancellation of your account, however, we cannot remove every detail of your account. If you have ever bought anything from us we are required by law to retain financial records for at least 5 (five) years, so we will not be able to completely remove you if you have made any orders more recently than this (see the OUR ONLINE STORE section below for more details).

6. OUR ONLINE STORE

6.1. About Our Online Store
If you buy something from us, you are required to log into your account or to create an account in order to process your payment, deliver you your purchases and continue to support them in future. This is to enable us to fulfill our contractual obligation to you which begins at the point of sale.

6.2. Who Deals With Our Payments
Our Payment Service Provider for Credit Card and Debit Order transactions is Netcash. You can read their Terms and Conditions here and you can read their Privacy Policy here.

Netcash provides a secure payment gateway, processing payments for thousands of online businesses, including ours. It is Netcash's utmost priority to ensure that transaction data is handled in a safe and secure way.

Netcash uses a range of secure methods. Once on the Sage Pay systems, all sensitive data is secured using internationally recognised encryption standards.

Netcash is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits from a certified Qualified Security Assessor (QSAs). They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

6.3. Who Has Access To Financial Data
Access to our Sage Pay data is restricted to our customer experience and finance teams. The heads of our web and operations teams (including our senior partners at our web development company, Mindmuzik Technologies) also have access in order to be able to manage the integration with our site, and act as tier 3 level support in case of unusually problematic transactions. The financial team can request and confirm manual payments.

6.4. Transactional Emails
You will receive an email to confirm your credit card or debit order transaction and payment and that your order has been fully processed. EFT transactions will receive an email with confirmation for your order in process and will receive a second email to confirm your payment.

7. OUR PRODUCTS

7.1. Downloading
In order to download the Content from the Products within your subscription plan, you have to be logged in.

We log information about the progress of your downloaded content (the number of downloads of a single file and whether you marked it as complete), including your operating system and IP address. We do this so that our customer experience team can diagnose problems more effectively if something goes wrong, as well as for the purpose of recognising and preventing unusual download activity (for example, a single product being downloaded simultaneously in several different provinces or countries may indicate sharing of passwords or piracy).

This data may also be used statistically to help us improve the quality, reliability and speed of our download service.

7.2. Updating

We update our documents, products and the Site from time to time, either to fix errors and bugs or to add new features. These updates are typically free for all existing users. In order for us to be able to notify you via email of important updates, we must retain your account email address and your order history.

8. CUSTOMER EXPERIENCE

8.1. Contact Us
At ASP School Projects we want satisfied customers. In order for us to help you we will often need to know a little bit about you. If you leave a message on our Contact Us page you will be required to leave your name, email and contact number along with your message.

8.2. Email
You can contact us via email at the appropriate email addresses provided on our website.

In the process of servicing your request, you may have to provide details about your account (if applicable) in order for us to help you. Additionally, we may ask for personal or financial information; or details of your order history; or your hardware and software. All such information may be retained for future reference.

8.3. Phone
If you call us, we may collect your caller ID (i.e. phone number) if available should we need to call you on this number in the future. During the call we will ask for your name and account details (if applicable), and will add all this information into your account.

If you block the sending of your caller ID; and/or don’t tell us who you are during the call; and/or don’t want to share details of your account we cannot guarantee successful assistance.

8.4. How Long We Keep Your Service Data
We retain all customer service requests (including messages and emails) indefinitely. This is to ensure that we have a full case history of any problems you may have experienced in the past, and can refer back to these when necessary.

9. ANALYTICS AND STATISTICS

9.1. Google Analytics
When someone visits www.aspschoolprojects.co.za we use a third party service, Google Analytics, to collect standard internet log information (e.g. geographical location, OS and browser information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Besides members of our own internal marketing team, the other third party who have access to Google Analytics information is Mindmuzik Technologies, who administer the analytics service integration on our behalf.

9.2. Facebook Pixel
When someone visits www.aspschoolprojects.co.za we use a third party service, Facebook Pixel, to collect standard internet log information and details of visitor behaviour (e.g. which pages they visit or whether they add something to their cart). We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.

10. OUR DATA BREACH POLICY

10.1. Disclaimer
We have taken all reasonable steps to safeguard the privacy of information provided by you, but we do not make any representations or warranties that the information provided by you, whether personal information, or otherwise, is absolutely safe and secure. Should a data breach occur, we will take immediate measures to stop it and minimise its impact.

10.2. What Is A Data Breach?
We consider a data breach to be one or more of the following:

• Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad / tablet device, or paper record).
• Equipment theft or failure.
• System failure.
• Unauthorised use of; access to or modification of data; or information systems.
• Attempts (failed or successful) to gain unauthorised access to information or IT system(s).
• Unauthorised disclosure of sensitive / confidential data.
• Website defacement.
• Hacking attack.
• Human error.
• ‘Blagging’ offences where information is obtained by deceiving the organisation who holds it.

10.3. Investigation And Containment
If we discover or are notified of any of the above:

We will firstly determine whether the breach is ongoing, and if so, take immediate measures to stop it and minimise its impact.

Secondly, we will investigate the extent and severity of the breach and assess the risks associated with it, for example, the potential adverse consequences for individuals, how serious or substantial those are and how likely they are to occur. This investigation will consider the following:

• The type of data involved.
• Its sensitivity.
• The protections which are in place (e.g. encryptions).
• What has happened to the data (e.g. has it been lost or stolen).
• Whether the data could be put to any illegal or inappropriate use.
• Data subject(s) affected by the breach, number of individuals involved and the potential effects on those data subject(s).
• Whether there are wider consequences to the breach.

10.4. Notification
After investigating the breach, we will determine whether it is necessary to report it, and if so, will do so within a maximum of 72 hours of becoming aware of the breach, if possible.

Every incident will be assessed on a case by case basis. The following will be considered:

• Whether the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms under the Protection of Personal Information Act (“POPIA”).
• Whether notification would assist the individual(s) affected (e.g. could they act on the information to mitigate risks?)
• Whether notification would help prevent the unauthorised or unlawful use of personal data.
• Whether there are any legal / contractual notification requirements.
• The dangers of over notifying. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.

Individuals whose personal data has been affected by the incident, and where it has been considered likely to result in a high risk of adversely affecting that individual’s rights and freedoms will be informed without undue delay. Notification will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks. Individuals will also be provided with a way in which they can contact us for further information or to ask questions on what has occurred.

We will consider notifying third parties such as the police, insurers, banks or credit card companies. This would be appropriate where illegal activity is known; or is believed to have occurred; or where there is a risk that illegal activity might occur in the future.

We will consider whether our marketing team should be informed regarding a press release and to be ready to handle any incoming press enquiries.

An internal record will be kept of any personal data breach, regardless of whether notification was required.

10.5. Evaluation And Response
Once the initial incident is contained, we will carry out a full review of the causes of the breach, the effectiveness of the response(s) and whether any changes to systems, policies and procedures should be undertaken.

Existing controls will be reviewed to determine their adequacy, and whether any corrective action should be taken to minimise the risk of similar incidents occurring.

The review will consider:

• Where and how personal data is held and where and how it is stored.
• Where the biggest risks lie including identifying potential weak points within existing security measures.
• Whether methods of transmission are secure; sharing minimum amount of data necessary.
• Staff awareness.

If deemed necessary, a report recommending any changes to systems, policies and procedures will be considered by the ASP School Projects board.

Development and Hosting: Resolve Technology Solutions

Design and SEO: Avelantis

© Copyright 2003 - 2020 ASP School Projects. All Rights Reserved.
No information or document may be duplicated, copied, distributed or sold, either in part or as a hole without the written permission of ASP School Projects.