Privacy and Protection of Personal Information Policy

Effective Date: 17 February 2026
Last Updated: 4 May 2026

1. Introduction

ExpertRep (Pty) Ltd (“ExpertRep”, “we”, “us”, “our”) is committed to protecting your personal information and ensuring transparency in how it is collected, used, and shared.

This Privacy Policy applies to:

• Use of our website and all associated pages
• Use of subdomains and learning platforms
• All electronic communications from our domain
• Purchases, subscriptions, and training services

2. Responsible Party / Data Controller

ExpertRep (Pty) Ltd is the responsible party (data controller) for personal information processed through this platform.

Contact Details:
Email:info@expertrep.co.za
PAIA / Privacy Requests: info@expertrep.co.za
Website: www.expertrep.co.za

3. Categories of Personal Information Collected

We may collect and process the following personal information:

3.1 Identification Data

• Name and surname
• Email address
• Telephone number
• Username and login credentials

3.2 Professional Data

• Employer name
• Job role and department

3.3 Training & Performance Data

• Course participation
• Assessment results
• Progress and completion records
• CPD-related data

3.4 Technical Data

• Login activity
• Device and browser information
• IP address

3.5 Financial Data

• Payment and transaction details (processed via secure third-party providers)

4. How We Collect Information

We collect personal data when:

• You register on our platform
• You purchase or access training
• You complete forms or assessments
• Your employer registers you for training
• You interact with our website or communications

5. Purpose of Processing

We process personal data for the following purposes:

• Delivering training and learning services
• Managing user accounts
• Tracking learning progress and certification
• Providing reports
• Communicating with users
• Improving our platform and services
• Supporting business operations and analytics

6. Legal Basis for Processing

We rely on the following legal bases:

6.1 Contractual Necessity

• To deliver training services and manage user accounts.

6.2 Legitimate Interests

• Improving services
• Ensuring platform functionality
• Generating analytics

6.3 Consent

• Marketing communications, anonymous on social media, unless with prior written consent.
• Optional features or services

You may withdraw consent at any time.

7. Employer-Sponsored Users

Where training is provided through an employer:

• Personal and performance data may be shared with that employer
• This is done in accordance with contractual obligations and applicable data protection laws
• Employers act as independent responsible parties for such data

8. Sharing of Personal Information

We may share personal data with:

• Employers (where applicable)
• Service providers (e.g. hosting, payment processing)
• Regulatory or professional bodies (e.g. CPD accreditation authorities)

We do not sell personal data.

9. Cross-Border Data Transfers

Due to our operations across Africa and use of global service providers:

• Personal data may be transferred outside South Africa
• We ensure appropriate safeguards, including contractual protections, are in place

10. Data Retention

We retain personal data only as long as necessary:

• CPD and training records: minimum of 5 years
• Active user accounts: duration of engagement
• Inactive accounts: deleted or anonymised after a maximum of 10 years

11. Security of Personal Information

We implement appropriate technical and organisational measures, including:

• Secure login and authentication controls
• Access restrictions
• Regular system updates and monitoring
• Use of trusted service providers

While we take reasonable steps to protect data, no system is completely secure.

12. Data Breach Notification

In the event of a data breach:

• We will notify affected users where required
• We will comply with applicable legal and regulatory requirements

13. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Enhance user experience
• Analyse website usage
• Improve functionality

Users may manage cookie preferences through their browser settings.

14. Automated Decision-Making and Profiling

We may use data analytics to:

• Improve learning experiences
• Provide insights to users and organisations
• Marketing

No decisions with legal or significant effects are made solely through automated processing.

15. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Withdraw consent
• Restrict processing
• Object to processing
• Request data portability
• Lodge a complaint with a regulatory authority

16. Requests and Complaints

Requests relating to personal data or access to information may be submitted via: info@expertrep.co.za.

Access to information requests can be made in accordance with our PAIA Manual under the Promotion of Access to Information Act (PAIA).

You may also lodge complaints with the Information Regulator (South Africa).

17. Third-Party Content

Our platform may contain links to third-party content.
We are not responsible for the privacy practices of external websites.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on our website with a revised effective date. 

We keep our site updated, monitor security threats and implement mitigation tactics as well as regulations and strategies to protect our user’s personal information. This policy applies to the following services:

• use of this website and all of its pages,
• use of the subdomain sites as well as any electronic communication from this domain,
• purchases and/or subscriptions related to the use of ExpertRep products or services. 

 Please read this policy carefully and do not hesitate to contact us should you have any questions. Please keep your login details secure. 

Securing personal data

We value your privacy. We prevent unauthorised access to our platform through a login process and adhere to stringent username and password policies as advised to us through our website partners. We keep our site updated through trusted external parties. We cannot guarantee accidental loss of information, but we keep tight control by keeping our security settings and plugins of our sites updated. 

This policy aligns to:

• GDPR legislation which came into effect on 25 May 2018
• POPI (Protection of Personal Information) Act which came into affect 1 July 2021
• PAIA (Promotion of Access to Information Act) came into operation on 9 March 2001.