POPIA Privacy Policy
Last updated: 09 July 2026 (example policy for CRS Test System)
Test environment (CRS Test System (crstestsystem.co.za)): All data in this portal—including learner, parent, staff, and school records—is fictional sample data for testing. It is not real personal information. Legal contacts in this policy are also example data only.
Coded Roots Software (Pty) Ltd ("we", "us") operates CRS Test System on behalf of participating schools. This policy explains what personal information we collect, why we collect it, who we share it with, and your rights under the Protection of Personal Information Act 4 of 2013 (POPIA).
1. Responsible party
- Entity: Coded Roots Software (Pty) Ltd
- Registration: 2026/333335/07
- Address: Bellville, Western Cape, 7530, South Africa
- Information Officer: Tyrone Booysen
- Email: tyrone@codedrootssoftware.co.za
- Phone:
2. What personal information we collect
Depending on your role and use of the portal, we may process:
- Account details (name, email address, username, role, authentication logs).
- Learner, parent/guardian, and staff profile and contact information supplied by the school.
- Academic and operational data (timetables, attendance, assignments, marks, reports, announcements).
- Files you upload (submissions, attachments, profile or org photos where enabled).
- Technical data (IP address, browser type, device information, security and audit logs).
- Communication preferences for in-portal notifications (where you opt in).
We do not intentionally collect special personal information unless the school has a lawful reason to record it in the ordinary course of school administration.
3. Why we process personal information
- To provide secure access to teaching, learning, and school administration features.
- To communicate school-related notices and operational messages you have requested or are entitled to receive.
- To maintain security, prevent fraud, and protect the integrity of the platform.
- To comply with applicable law and reasonable instructions from the school as data controller where applicable.
4. Lawful basis
Processing is based on one or more of: performance of a contract or service to the school, legitimate interests in operating a secure educational platform, legal obligations, and consent where required (for example optional marketing or non-essential cookies — this site does not use advertising or analytics tracking cookies).
5. Who we share information with
- Authorized users at your school (staff, learners, parents) according to role-based access controls.
- Infrastructure and support providers who host or maintain the platform under confidentiality obligations.
- Regulators or law enforcement when required by law.
We do not sell personal information.
6. Cross-border transfers
Data is primarily processed in South Africa. If any subprocessors process data outside South Africa, we require appropriate safeguards consistent with POPIA.
7. Retention
We retain information for as long as needed to provide the service, meet school record-keeping requirements, and satisfy legal obligations, after which it is deleted or anonymized where reasonably possible.
8. Security
We use HTTPS, access controls, authentication, and organizational measures to protect personal information. No method of transmission over the Internet is completely secure; we work to reduce risk to an appropriate level.
9. Your rights
Subject to POPIA, you may request:
- Confirmation that we hold personal information about you.
- Access to, correction of, or deletion of personal information where lawful.
- Objection to processing in certain circumstances.
- Lodging a complaint with the Information Regulator.
Contact tyrone@codedrootssoftware.co.za or the school's Information Officer. For formal access requests under PAIA, see our PAIA Manual.
10. Cookies
We use strictly necessary cookies for sign-in and security. We do not use Google Analytics or similar tracking on this portal. See Cookie Settings for details and to manage your preference.
11. Children
The portal may process learner information under the school's authority. Parents/guardians and schools should use the portal in line with school policies and applicable law.
12. Data breach response
If we become aware of a compromise likely to cause harm, our internal process includes:
- Containing the incident and preserving evidence.
- Assessing scope, affected data subjects, and likely harm.
- Notifying the Information Regulator and affected users where POPIA requires it.
- Remediating root causes and documenting lessons learned.
Report suspected security issues to tyrone@codedrootssoftware.co.za.
13. Changes
We may update this policy from time to time. Material changes will be reflected on this page with an updated date.