Protection of Personal Information in the 4IR Journey Portal

The Protection of Personal Information Act (POPIA), No. 4 of 2013 promotes the protection of personal information by public and private bodies, 4IR JOURNEY PORTAL included. The Act was signed into law by the President of South Africa on 19 November 2013 and published in the Government Gazette Notice 37067 on 26 November 2013. On the 22 June 2020, the President announced that the effective date of POPIA is 01 July 2020 and he has given all organisations a grace period of one year from 01 July 2020 to 30 June 2021 to get their processes and systems aligned with the conditions and requirements of POPIA.

In 4IR JOURNEY PORTAL’s context, the POPIA significantly affects the manner in which we collect, store/archive, use, share and destroy personal information of our students, alumni, employees, service providers, donors, council members, researchers, authors and community engagement members. The Act balances the legitimate needs of 4IR JOURNEY PORTAL to collect and use personal information for business and strategic purposes against the right of individuals to privacy.

Below is our Privacy Statement defining how we collect and use your personal information, disclosure and transfer of your personal information, information security measures over your personal information and your rights as prescribed by POPIA. We have also attached below the Personal Information Inventory Lists stating the personal information we collect and process.

SADICO Projects (owners of the 4IR Journey Portal) , its successors and assigns (YDx Service Provider Community, we, us, our) treat the personal information we collect through our Channels (this website, associated websites, mobile sites, mobile applications and other channels) as private and confidential. This Privacy Statement and our Cookie Notice applies when you use our Channels.


1. Lawful processing of personal information

SADICO Projects (owners of the 4IR Journey Portal) is committed to processing personal information in keeping with its responsibilities under the applicable data protection laws.

The following conditions of lawful processing of personal information are the principles in terms of which we will be processing the collected personal information. They are:

• Accountability – YDx Service Provider Community as the responsible party and through its employees will make sure that personal information is processed in a lawful and responsible manner.

• Processing limitation – we shall lawfully collect personal information for a defined purpose and where applicable, with the consent of our clients and third parties.

• Purpose specification – we will only use personal information for the purposes that our clients, third parties and employees expect us to use it for. Further processing limitation – where a processing activity is seen as further processing (means a new purpose for processing personal information) and this new purpose is inconsistent with the original purpose (original reason we collected personal information), we will make sure that our processing activities meet the requirements of the applicable data protection laws.

• Information quality – we will take reasonable steps to ensure your personal information is accurate, complete and updated and not misleading.

• Openness – from the start, we will be open, clear and honest with our clients, third parties and employees on how and why we use their personal information and how we protect their personal information.

• Security safeguards – we will apply and follow appropriate and reasonable technical and organisational measures to make sure that the confidentiality, integrity and availability of personal information are secured. These measures will also be applied to protect personal information against loss, damage, unauthorised destruction or unlawful access.

• Data subject participation – we have processes in place for our clients, third parties and employees to access, correct and delete personal information and exercise their rights in terms of applicable data protection laws.


2. Collection

We collect and process the following categories and types of personal information through the relevant Channels, including:

1. Personal details (this can be your name, age, passport information, biometric information, information about personal interests).
2. Contact details (this can be your mobile number and email address).
3. Details related to a client (this can be the business contact details of an agent or representative, relationship with the client or related parties, shareholder information) and
4. Transactional details (this can be information about products, services, requests, queries or complaints).

We will collect personal information in the following ways:
• Directly from you, and
• where lawful and reasonable, from third parties and public sources. This includes credit reporting and government agencies.


3. If you decide to give us express consent, we will use your personal information to:

• Meet our responsibilities to you.

• Process your personal information for ordinary business purposes (this includes to open and maintain your account, execute transactions, administer claims where applicable, manage our risks and maintain our overall relationship with you).

• Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services). Consent will not be obtained if we anonymise/de-identify the personal information.

• Tell you about similar services and products available within The Standard Bank of South Africa, SADICO Projects or partner services and products. If you wish, you may opt out from receiving such information at any time by choosing the “Unsubscribe” option provided in every communication that we send to you.

• Comply with applicable laws and regulations.

SADICO Projects (owners of the 4IR Journey Portal) will not intentionally or knowingly collect personal information directly from minors (anyone under the age of 18). The personal information of minors will be collected through their legal guardian or parent only where products or services are obtained for the minors.

Standard Bank will only use and share your personal information where it is necessary for us to carry out our lawful business activities. To enable you to fully understand the way in which we process your personal information, we have described the different lawful grounds for such processing in detail below:

1. Consent – We may process your personal information for a specific and explicitly defined purpose where you, or a competent person in the case of personal information relating to a minor, provide us with your express consent for such processing or where law requires.

2. Contractual need - We may process your personal information where it is necessary to enter into a contract with you in order for us to provide our products or services to you or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.

3. Compliance with an obligation imposed by law- When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.

4. Legitimate interests of YDx Service Provider Community - We may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms (for example, for marketing purposes, site maintenance, etc.).


When can we process or share your personal information?

We will process your personal information if you give us your consent willingly or according to the grounds of lawful processing highlighted above. If we need your consent, we will notify you through our product and services agreements or application processes through our various authorised Channels.

We will only share your personal information if:
• the law requires it;
• we have a public duty to share the personal information;
• our or your legitimate interests require us to share the personal information;
• it is necessary to conclude or perform due to an agreement between you and us; or
• you agreed that we may share your personal information.


Personal Information sharing and data transfers

1. We will not share your personal information to external organisations that are not our service providers, unless business operations require the processing of your personal information in other countries, either to carry out processing based on your instructions or for ordinary business purposes. As specified by the above purposes, we may share your personal information with any of the parties mentioned below, located in any jurisdiction: Any member of SADICO Projects .

2. Professional advisers like auditors, third-party vendors, or independent contractors who process personal information on behalf of Standard Bank to support our business.

3. Our business partners who provide their products and services to you.

4. An employee of a card distributor or vendor where the personal information is shared in connection with the use of a card.

5. Any individual who needs your personal information due to foreign or local law or regulation.

6. Any court of justice, regulatory body, taxation authority (including any authority investigating an offence) or their agents.

7. Any debt collection agency, credit bureau, insurer or broker, direct or indirect provider of credit protection and fraud prevention agencies.

8. Any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes for the group.

The third party, who is located outside of South Africa and receives the personal information, will need to comply to either a law, or binding corporate rules or a binding agreement which states that they will provide an adequate level of protection to your personal information. This means that they have to agree to lawfully process your personal information and protect your personal in the same manner as we do.

The transfer of your personal information will be based one of the following conditions:

1. You provide your consent to the transfer.

2. The transfer is necessary for the conclusion or performance of a contract to which you are a party.

3. The transfer is for your benefit, and it is not reasonably practical to obtain your consent to that transfer; and if it were reasonably practicable to obtain such consent, you would be likely to give it.


Storing personal information

We will store and keep your personal information according to the retention (holding) periods defined by law for legitimate business purposes and will take reasonably practicable steps to make sure that it is kept up to date and deleted and archived according to our defined retention schedules.


Our security practices

The security of your personal information is important to us. We have implemented appropriate and reasonable technical and organisational measures to prevent loss, unauthorised destruction, damage or access to your personal information by unauthorised third parties. The security of your personal information is important to us. We make sure that we implement organisational and technical procedures to keep your personal information safe.

However, you must not share or send us any personal information over unauthorised channels, since it is not a secure way of communication and carries a risk of interception and unauthorised access. You should only share personal information over authorised channels of Standard Bank of South Africa Limited.


Marketing by electronic means

We would like to share information about our own products, services and special offers that are similar to the products or services used by you, via your preferred method of communication (as indicated to us), such as email, text message, social media platforms or notification on your mobile application. Subject to your express consent and the option to opt-out or unsubscribe at any time, we may also share information with you about similar products, services and special offers of our partner companies. If you have opted-in to receive marketing communications, you may always opt out at a later stage using the link shared below or clicking on the “Unsubscribe” option included in every marketing communication sent to you. You have the right at any time to stop us from contacting you for marketing purposes or giving your data to other members of SADICO Projects . If you no longer wish to be contacted for marketing purposes, please request for us to mark you as ‘No’ to Marketing by emailing us on


Use of Cookies on our website

A “cookie” is a small text file that is stored on your computer, smartphone, tablet, or other device when you visit a website or use an app. They contain specific information related to your use of our website or app, such as login credentials, your preference settings or tracking identifiers. Cookies make it easier for us to give you a better experience online. For all optional types of cookies, we will obtain your consent before these cookies can be used or stored on your device.

For this reason, we limit our use of cookies as explained below to:

• provide products and services that you request;
• deliver advertising via marketing communications;
• provide you a better online experience and track website performance; and
• help us make our website more relevant to you


Any POPI related queries, questions and/or complaints can be kindly directed to the:

E-mail Address: