Preaload Image


6.1.       Transfer of Personal Data Policy

  • Transfer of personal data shall be through the use of protected means of communication allowed only to authorized personnel in an anonymized format.
  • Upon informed consent, data can be collected from users connected to the University’s network anonymously and used for research purposes;
  • Before agreeing to transfer personal data to a third party, the ICT Directorate needs to assess the level of data protection afforded by the third party. As part of this assessment, the data controller should assess, inter alia, the applicable laws, and regulations, internal statutes and policies of the third party, specific contractual obligations or undertakings to respect specific data protection frameworks, their effective implementation as well as the technical and organizational means of data security put in place;
  • Unless there are satisfactory reasons not to do so, before transferring personal data to a third party, the data controller should seek to sign a data transfer agreement, or, as appropriate, incorporate data protection clauses within broader agreements;
  • The third-party maintains a high level of data security that protects personal data against the risk of accidental or unlawful/illegitimate destruction, loss, alteration, unauthorized disclosure of, or access to it;
  • In the appropriate circumstances, the University may transfer personal data to a national law enforcement agency or a national court. Such transfers may be upon request by the law enforcement agency or court, or on the University’s own initiative. Transfers may concern persons subjected to an investigation for an allegedly committed crime or concerning the victim(s) of or witness (es) to a crime.
  • Data transfer agreements should: 
  • Address the purpose(s) for data transfer, specific data elements to be transferred as well as data protection and data security measures to be put in place, 
  • Require the third party to undertake that its data protection and data security measures comply with this Policy, and 
  • Stipulate consultation, supervision, accountability, and review mechanisms for the oversight of the transfer for the life of the agreement.

6.2. Processing of Personal Data Policy 

6.3. Use and Disclosure of Personal Data Policy 

6.4. Access and Correction of Personal Data Policy 

6.5. Automatically Processed Information 

6.6. Use of Identifiers Policy  

6.7. Anonymity Policy 

6.8. Security and Quality of Personal Data Policy