1. Purpose

Apextra Virtual Academy Limited (A.V.A) is committed to safeguarding personal and sensitive data in compliance with global data protection standards, including the General Data Protection Regulation (GDPR), and relevant Tanzanian laws such as the Personal Data Protection Act, Electronic and Postal Communications Act (EPOCA), and the Cybercrimes Act, 2015. This policy outlines how A.V.A collects, processes, stores, and protects data to ensure transparency, trust, and compliance.

2. Scope of application

This policy applies to all employees, contractors, learners, and partners who interact with A.V.A’s systems, platforms, and services. It covers all personal and sensitive data, including but not limited to learner records, employee data, partner agreements, and communications collected from users of A.V.A platforms, including e-learning platforms, social network pages, emails, and other A.V.A official communications channels.

3. Key Definitions

  • Personal Data: Any information that identifies or can identify an individual, such as names, email addresses, phone numbers, or IP addresses, marital status, date of birth, .
  • Sensitive Data: Information like racial/ethnic origin, health details, or financial data requiring higher protection levels.
  • Data Controller: A.V.A., responsible for deciding the purpose and means of data processing.
  • Data Processor: Any third party processing data on behalf of A.V.A.
  • A. V.A Platform: includes website, email, official social network accounts, and any other official communication channel owned by A.V.A
  • Usage Data: includes information such as the device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
  • Sale: means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a user’s personal information to another business or a third party for monetary or other valuable consideration.

4.0 Collection and Use of Personal Data

4.1 Types of Data Collected

4.1.1 Personal Data

While using our services and interacting with our platforms, we may ask you to provide us with certain personal information that can be used to contact or identify you. The personal information includes but not limited to:

  • Full name
  • Email Address
  • Phone number
  • Usage data
  • Academic records

4.1.2 Non-personal Data

We may also collect non-personal data to enhance user experience and platform security. The information to be collected includes:

  • Device information, such as browser type and operating system
  • Geological data
  • Usage statistics and interaction pattern
  • Cookies and similar tracking technologies

5.0 Use and Purpose of Collecting Personal Data

The personal data collected by A.V.A. is collected, stored, and processed solely for legitimate, specific, and clearly defined purposes, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Tanzania data protection laws. The purposes and corresponding lawful bases for processing are as follows:

  • Course Facilitation and Training Delivery: To enable enrollment, registration, and participation in courses provided by A.V.A. and its partners, including managing learner details, payment information, and related administrative requirements necessary for the performance of a contract entered into with the learner.
  • Communication: To provide timely and relevant communication to learners and users, including important updates, notifications, and information relating to courses, programs, or services offered by A.V.A. Such communications are necessary to fulfill contractual obligations and maintain engagement with learners.
  • Market and Industry Insights: To generate and share relevant insights with industry leaders, employers, learners, sectoral stakeholders, and partners for the purpose of advancing education, skills development, and market awareness.
  • Platform Functionality and User Experience: To ensure the effective functioning, security, and usability of the A.V.A platform, including the use of cookies and analytics tools to enhance system performance, interface design, and overall user engagement.

6.0 How A.V.A. Collects and Processes Data

A.V.A collects users’ data through the following means;

  • Learner Registration Data: We collect names, contact details, and payment information for enrollment and participation during the learner’s journey within A.V.A. and the Alumni network.
  • Learner Platform Engagement Data: We collect and analyze education and skills levels, professional background, course completion rates, assessment performance, level of interactivity, screen time, and drop-off rates to enhance training effectiveness.
  • Platform Usage Data: We utilize analytics from cookies, usage metrics, and other digital tracking tools to refine learner experience and platform performance (subject to user consent where required).
  • Feedback Data: We gather input from learner surveys, forms, and feedback mechanisms to assess program effectiveness and improve learner satisfaction.
  • Integrating AI in Data Processing and Analysis: We integrate AI tools into the processing and analysis of personal data to gain insights and enhance service delivery.

7.0 Legal Basis for the Collection and Processing of Personal Data

Our data collection are grounded in:

  • Users’ consent obtained during registration and use of our platform
  • Fulfilment of contractual obligation between A.V.A. and users of the platform
  • Compliance with legal requirements

8.0 Data Sharing and Disclosure

  • The data collected, stored, and processed by A.V.A may be disclosed or shared with third parties, including through sale. By accessing, using, and interacting with A.V.A’s platform, you consent to the sharing of your data with third parties.
  • All third parties with whom data is shared are contractually obligated to adhere to data protection standards consistent with A.V.A’s Privacy Policy, the General Data Protection Regulation (GDPR), and applicable laws in Tanzania, including the Personal Data Protection Act, the Electronic and Postal Communications Act (EPOCA), and the Cybercrimes Act, 2015.

9.0 Principles Governing Collection and processing of personal data

A.V.A. is committed to adhering to the following data protection principles during collection, processing and storing of personal data:

  • Lawfulness, Fairness, and Transparency: Data is collected and processed lawfully, transparently, and only for legitimate purposes. All data are collected after seeking consent of data subjects and the data will be used for the purpose specified in this policy only.
  • Purpose Limitation: Data is used strictly for stated and agreed-upon purposes. We do not use the personal data beyond what has stated under this policy.
  • Data Minimization: we onlycollect essential data necessary for the performance of A.V.A lawful activities.
  • Accuracy: A.V.A is committed to ensuring that thedata collected and being processed is accurate and up to date. Any person who wants his data held by A.V.A to be corrected, may submit his correction request to A.V.A through apextravirtual@gmail.com
  • Storage Limitation: Data is retained only as long as necessary.
  • Integrity and Confidentiality: Data is secured against unauthorized access, loss, or breach. We are committed to ensuring the security of data by using technical and administrative measures.

10.0 Data Storage and Security Policy

  • Storage: Personal Data is stored in secure, encrypted databases on servers that comply with global security standards.
  • Access Controls: Only authorized personnel can access sensitive data.
  • Third-party Services: Partners (e.g., payment gateways, job-readiness tools) must comply with data protection standards and contractual obligations.
  • Backup Systems: Regular backups are conducted to prevent data loss.

11.0 Rights of Data Subjects

A.V.A. ensures that learners, employees, and partners have the right to:

  • Access Data: Request access to data (excluding personal) stored by A.V.A.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (Right to Be Forgotten): Request deletion of data under certain circumstances.
  • Data Portability: Obtain data in a machine-readable format.
  • Object to Processing: Refuse data usage for specific purposes like marketing.

12.0 Data Breach Response

In case of a data breach:

  • Immediate Notification: Relevant authorities, such as the Personal Data Protection Commission and affected individuals, will be informed within 72 hours.
  • Mitigation Measures: Steps will be taken to address vulnerabilities and minimize further risks.
  • Record Keeping: Breach details will be documented for audit purposes.

13.0 Compliance and Training

  • Staff Training: Regular workshops and courses ensure employees are well-versed in data protection practices.
  • Audit and Monitoring: Routine assessments of data handling processes will be conducted to ensure compliance and improve security of personal data.

14.0 Updates to Policy

This policy will be reviewed annually or as required by changes in legislation or operational needs. Data subject will be notified about any change and required to give or withdraw their consent.

15.0 Contact

For any data protection concerns, contact A.V.A team at apextravirtual@gmail.com

16.0 Implementation Scenarios

  • Learner Enrollment: During registration, learners provide personal data. A.V.A. ensures this data is encrypted and securely transmitted using HTTPS protocols.
  • Job Readiness Tool Integration: Third-party tools used for learner assessments are vetted for GDPR and EPOCA compliance.
  • Data Access Requests: If a learner requests data access, A.V.A. provides a secure portal for verification and data sharing.

17.0 Key Software Integrations for Compliance

  • Google Workspace, Office 365 or AWS Cloud service: Secure storage and collaboration tools for learner data.
  • Zapier: Automate data transfer between systems while maintaining compliance.
  • ClickUp: Maintain a secure and structured learner database.
  • Slack: Ensure secure internal communication and limited access to sensitive data.

This policy reflects A.V.A’s commitment to ethical and legal data handling while fostering trust among its stakeholders.