SPARK Schools Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their “Personally identifiable information” (PII) is treated by SPARK Schools. PII is information that can be used on its own or with other information to identify, contact, or locate a natural person or juristic person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle our key stakeholders’ PII.

About Us 

SPARK Schools is a registered independent school network providing services in the South African education sector. We have put in place suitable physical, technological, and managerial measures in order to comply with the Protection of Personal Information Act No 4 of 2013 (POPIA) and to safeguard the privacy of the natural and juristic persons we encounter while conducting our business.

What personal information do we collect?

We collect data mainly about scholars, parents, employees, and suppliers but also about third parties that interact with SPARK Schools. We do so to provide quality education to scholars, a safe place for employees and to build good relationships with suppliers. The data that we collect includes but is not limited to:

  • General identification and contact information such as name, ID number, physical address, postal address, email address, telephone numbers, gender, marital status, and date of
  • Financial information and account details, such as bank account numbers, Bank name and household income information.
  • Telephone recordings of
  • Academic information
  • Health

The supply of such personal information may be mandatory where there is a requirement for both compliance with the regulators and to provide the scholars with quality education in a safe environment.

When do we collect information? 

We collect information from you when you apply for enrollment on our website, subscribe to a newsletter, fill out a form or enter information on our website.

We collect personal information through:

  • Our computer
  • Our
  • Social media channels
  • Telephone
  • Emails; and
  • Open days

How do we use your information? 

We may use such information in the following ways:

  • Providing education
  • Collecting fees
  • Complying with internal and external Health and Safety protocols
  • Performing statistical analyses to measure performance
  • To personalize your experience on our site and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our technological platforms to better serve
  • To allow us to better respond to service requests from our investors, customers, employees and
  • To administer contests, promotions, surveys, and website features
  • To quickly process
  • To send periodic emails to our customers, employees and partners

How do we protect the information we receive?

The SPARK Schools website site is reviewed on a regular basis for security vulnerabilities in order to make your visit to our site as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We do not store credit/debit card information on our systems.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Do we use “cookies”?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and understand your preferences based on previous or current website activity,

which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Chrome or Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If you disable cookies, some features will be disabled which may turn off some of the features that make your site experience more efficient and some of our services will not function properly.

How can you opt out, remove or modify information you have provided to us?

You can request to have your information removed by sending an email to

Please note that we may maintain information about an individual sales transaction in order to complete that transaction and for record keeping purposes.

Third Party Disclosures

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Transfer Of Your Personal Information

Your information, including personal information, may be transferred to — and maintained on — computers located outside of your province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Your Personal Information 

If we are involved in a merger, acquisition or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different Privacy Policy.

Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Retention of Your Personal Information

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Information Regarding the Protection of Personal Information Act (POPIA) 

SPARK Schools endeavours to comply with South Africa’s POPI Act that promotes the protection of personal information processed by public and private bodies; that introduces certain conditions so as to establish minimum requirements for the processing of personal information; provides for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; provides for the

issuing of codes of conduct; provides for the rights of persons regarding unsolicited electronic communications and automated decision making; regulates the flow of personal information across the borders of the Republic; and provides for matters connected therewith.

The purpose of this Act is to —

  1. give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations that are aimed at balancing the right to privacy against other rights, particularly the right of access to information; and
    1. protecting important interests, including the free flow of information within the Republic and across international borders;
  2. regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information;
  3. provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act; and
  4. establish voluntary and compulsory measures, including the establishment of an Information Regulator, to ensure respect for and to promote, enforce and fulfil the rights protected by this Act.

The Protection of Personal Information Act 4 of 2013 aims:

  • to promote the protection of personal information processed by public and private bodies;
  • to introduce certain conditions so as to establish minimum requirements for the processing of personal information;
  • to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
  • to provide for the issuing of codes of conduct;
  • to provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  • to regulate the flow of personal information across the borders of the Republic; and
  • to provide for matters connected

POPI Conditions 

SPARK Schools (hereafter referred to as “the operator”, interchangeably with the “responsible party”) endeavors to comply with the eight (8) conditions set out by the POPI Act, which we summarised as stated below:

1. Accountability

The responsible party must ensure that the conditions set out in POPI Act, and all the measures that give effect to such conditions, are complied with at the time of the determination of the purpose and means of the processing and during the processing itself.

2. Processing Limitation
  1. Lawfulness of processing

Personal information must be processed—lawfully; and in a reasonable manner that does not infringe the privacy of the data subject

  1. Minimality

Personal information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.

  1. Collection directly from data subject
  2. Consent, justification and objection
3. Purpose specification
  1. Collection for specific purpose
    1. Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party.
    2. Steps must be taken in accordance with section 18(1) to ensure that the data subject is aware of the purpose of the collection of the information unless the provisions of section 18(4) are applicable.
  2. Retention and restriction of records

Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed unless retention of the record is required or authorised by law, and the responsible party reasonably requires the record for lawful purposes related to its functions or activities.

4. Further processing limitation

Further processing of personal information must be in accordance or compatible with the purpose for which it was collected. The further processing of the information is necessary to prevent or mitigate a serious and imminent threat to—

  1. public health or public safety; or
  2. the life or health of the data subject or another individual;

The further processed information may be used for historical, statistical or research purposes and the responsible party would ensure that the further processing is carried out solely for such purposes and will not be published in an identifiable form.

5. Information quality
  1. A responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
  2. In taking the steps referred to above, the responsible party must have regard to the purpose for which personal information is collected or further processed.
6. Openness

A responsible party must maintain the documentation of all processing operations under its responsibility as referred to in section 14 or 51 of the Promotion of Access to Information Act. The operator will notify the data subject when collecting personal information, and if personal

information is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of the information being collected and where the information is not collected from the data subject, the source from which it is collected.

7.    Security safeguards

The operator will secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—

  1. loss of, damage to or unauthorised destruction of personal information; and
  2. unlawful access to or processing of personal

The operator must notify the responsible party immediately where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person.

Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party must notify—

  • the Regulator; and
  • subject to subsection (3), the data subject, unless the identity of such data subject cannot be established.

The responsible party may only delay notification of the data subject if a public body responsible for the prevention, detection or investigation of offences or the Regulator determines that notification will impede a criminal investigation by the public body concerned.

8. Data subject participation 

A data subject, having provided adequate proof of identity, has the right to—

  • request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject; and
  • request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information—
  1. within a reasonable time;
  2. at a prescribed fee, if any;
  3. in a reasonable manner and format; and
  4. in a form that is generally

For more information on the Act please visit the following website:

Information Regarding Your Data Protection Rights Under General Data Protection Regulation (GDPR)

For the purpose of this Privacy Policy, we are a Data Controller of your personal information.

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal information because:

  • We need to perform a contract with you, such as when you create a Policy with
  • You have given us permission to do so
  • The processing is in our legitimate interests, and it’s not overridden by your rights
  • For payment processing purposes
  • To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the personal information we have on you
  • The right of rectification
  • The right to object
  • The right of restriction
  • The right to data portability
  • The right to withdraw consent

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information.

Service Providers

We employ third party companies and individuals to facilitate our website (“Service Providers”), to provide our Website on our behalf, to perform Website-related services or to assist us in analysing how our Website is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

Contacting Us

SPARK School’s aim is to always have accurate, complete, up-to-date and relevant personal information. Requests for access to and possible correction of personal information as envisaged by the Protection of Personal Information Act should be addressed to

Stacey Brewer, The Information Officer SPARK Schools

1 Sturdee Avenue

Rosebank, Johannesburg Telephone: +27 11 125 0600