General
Duke Corporate Education is a North Carolina nonprofit corporation (“Duke CE”). Duke CE is a controlled affiliate of Duke University. Duke CE, in turn, has controlled affiliates in Singapore (“Duke CE-Singapore”), the Republic of South Africa (“Duke CE-RSA”) and the United Kingdom (“Duke CE-UK”) (each a “Controlled Affiliate. 1
Duke CE and its Controlled Affiliates-follow the Duke University Privacy Policy, unless the laws of Singapore, South Africa or the United Kingdom, as applicable, require a different approach for a Controlled Affiliate, in which case the relevant entity adheres to the law in the country where it is domiciled. The intent of this Duke CE Privacy Policy is to capture any such differences. In the event of a conflict between this Duke CE Privacy Policy and the Duke University Privacy Policy, this Duke CE Privacy Policy will prevail.
Duke CE-UK
The United Kingdom has a data privacy law, namely the UK Data Protection Act (“UKDPA”). As an entity domiciled in the UK, Duke CE-UK adheres to the UKDPA.
Duke CE-RSA
The Republic of South Africa has a data privacy law, namely the Protection of Personal Information Act (www.gov.za) (“POPIA”). As an entity domiciled in the Republic of South Africa, Duke CE-RSA adheres to POPIA, including the provisions as set forth in the “Duke CE-RSA Privacy Policy Addendum” attached to this Duke CE Privacy Policy.
Transfers of Personal Data Between and Amongst Duke CE Entities
The UKDPA requires Duke CE-UK, as a condition of Duke CE-UK transferring Personal Data to Duke CE-US and Duke CE-Singapore, to have an agreement with Duke CE-US and Duke CE-Singapore that contractually requires Duke CE-US and Duke CE-Singapore to adhere to data protection and security requirements set forth in the UKDPA and its implementing regulations. This is based on the European Data Protection Board determination that the data protection laws in the United States and Singapore do not provide an adequate level of privacy and data protection.
Duke CE-RSA has determined that POPIA requires Duke CE-RSA, as a condition of Duke CE-RSA transferring Personal Data to Duke CE-US and Duke CE-Singapore, to have an agreement with Duke CE-US and Duke CE-Singapore that contractually requires Duke CE-US and Duke CE-Singapore to adhere to data protection and security requirements set forth in POPIA and its implementing regulations.
Based on the UKDPA and POPIA, Duke CE and its Controlled Affiliates have in place a compliant agreement between and amongst themselves allowing for transfers of Personal Information between themselves.
Duke CE-RSA Privacy Policy Addendum
Duke CE-RSA follows and adheres to the Duke CE Privacy Policy to which this Duke CE-RSA Privacy Policy Addendum (Addendum) is attached. In case of any inconsistencies between this Addendum and the Duke CE Privacy Policy, this Addendum shall prevail.
1. Responsible Party
The address of Duke CE-RSA is as follows: The Campus Ground Floor Eden Gardens, 57 Sloane Street, Bryanston, Gauteng, 2191.
2. Personal Information of juristic persons
Duke CE-RSA may process information relating to juristic persons, which information constitutes personal information for purposes of the Protection of Personal Information Act of South Africa (POPIA). The personal information relating to juristic persons which Duke CE-RSA may process includes:
- A company’s or other juristic person’s name, address, telephone number, email address, company registration number, and company contact’s name;
- A company’s or other juristic person’s incorporation documents, tax numbers, audited financial statements, B-BBEE certificates, and bank account records; and
- A company’s or other juristic person’s representative’s details, including their name, email, telephone numbers, job title, job function and details relating to the area of work.
Duke CE-RSA collects the information directly from the juristic person concerned or its representative during negotiation or when preparing and concluding agreements.
3. Purposes and legal basis for the processing of personal information of juristic persons
The purposes of the processing of the abovementioned personal information of juristic persons includes:
- To identify the juristic person and any accounts the juristic person holds with Duke CE-RSA;
- To market services to juristic persons;
- To negotiate and enter into contracts and to carry out contracts entered into between Duke CE-RSA and the juristic person;
- To conduct billing and to provide requested services to the juristic persons;
- To record engagements and conversations with the juristic person;
- To comply with applicable statutory obligations; and
- To carry out and manage Duke CE-RSA business operations and for any other legitimate business purposes.
Generally, Duke CE-RSA processes the above personal information of juristic persons for purposes of the performance of a contract, or where Duke CE-RSA has the consent of the juristic person concerned, or on the basis that it is in the legitimate interests of Duke CE-RSA or that of a third party to whom the information is supplied for purposes of, amongst other things, marketing Duke CE-RSA services, supporting access to and use of Duke CE-RSA website, responding to user queries of Duke CE-RSA, improving Duke CE-RSA services, and for Duke CE-RSA statistical analysis.
Duke CE-RSA may share personal information of juristic persons with third parties and transfer personal information of juristic persons to countries outside of South Africa as provided for in the Duke CE Privacy Policy.
4. Republic of South Africa laws authorizing or requiring the collection of the personal information of individuals or juristic persons
There may be certain laws which require the processing of personal information of individuals or juristic persons, which laws include legislation relating to tax, fraud and corruption. The laws in this regard may include:
- The Financial Intelligence Centre Act, 2001;
- The Income Tax Act, 1962; and
- The Company’s Act, 2008.
In most instances, an individual or juristic person will be required to make personal information available to Duke CE-RSA and the supply of the information is accordingly mandatory. In instances where it is voluntary, the individual or juristic person will be informed by Duke CE-RSA accordingly.
5. Contact Us
If you have any questions or concerns about this Duke CE Privacy Policy or the Duke CE-RSA Privacy Policy Addendum, you may contact the Information Officer at [email protected]. Duke CE-RSA shall require you to verify your identity. Duke CE-RSA will reply to the request within reasonable time period.
1 The legal names of these entities are as follows: Duke Corporate Education (“Duke CE_US”), Duke CE (SEA) Private Limited (“Duke CE-Singapore”), Duke Corporate Education RSA (Proprietary) Limited (“Duke CE-RSA”), and Duke Corporate Education Limited (“Duke CE-UK”)