Data Retention Policy

1. PURPOSE AND OBJECTIVE

1.1 This Data Retention Policy ("Policy") regulates the retention, storage, archiving and destruction of Personal Information and other data processed through the Matric2Tertiary platform ("Platform").

1.2 The purpose of this Policy is to: Ensure compliance with the Protection of Personal Information Act 4 of 2013 (POPIA); Give effect to the principles of lawful processing, storage limitation, and data minimisation; Establish defined retention periods for different categories of data; Mitigate legal, regulatory, and operational risk; Ensure that records are retained for evidentiary, audit, and dispute resolution purposes.

2. SCOPE AND APPLICATION

2.1 This Policy applies to: All Users of the Platform; All Personal Information processed by ROCVEST Systems (PTY) Ltd ("ROCVEST"); All employees, contractors, and service providers handling such data.

2.2 This Policy applies to data processed through: Web and mobile interfaces; Backend systems and databases; Integrated third-party systems.

3. LEGAL AND REGULATORY FRAMEWORK

3.1 This Policy is aligned with and gives effect to: The Protection of Personal Information Act 4 of 2013 (POPIA); The Electronic Communications and Transactions Act 25 of 2002 (ECTA); Applicable South African common law relating to evidence and record-keeping.

4. GENERAL RETENTION PRINCIPLE

4.1 Personal Information shall not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed.

5. EXCEPTIONS TO GENERAL PRINCIPLE

5.1 ROCVEST may retain Personal Information for longer periods where: Retention of the record is required or authorised by law; ROCVEST reasonably requires the record for lawful purposes related to its functions or activities; Retention of the record is required by a contract between the parties thereto; The Data Subject (or guardian) has consented to the retention of the record.

6. CATEGORIES OF DATA AND RETENTION PERIODS

6.1 User Account and Profile Data: Retained for the duration of the User's active account. Deleted or de-identified within 12 months of account closure or inactivity.

6.2 Academic Records and APS Data:Retained as long as the account is active to provide pathway guidance. Subject to deletion upon request or account termination.

6.3 Tutoring and Booking Records: Retained for 5 years for audit and dispute resolution.

6.4 Communication Records: Email and support logs retained for 3 years.

7. STORAGE AND SECURITY DURING RETENTION

7.1 Data shall be stored in secure environments utilizing encryption, access controls, and redundant backups to prevent unauthorized access or accidental loss.

8. DE-IDENTIFICATION AND ANONYMISATION

8.1 Where records are no longer required but are useful for statistical or research purposes, ROCVEST shall de-identify the data such that it can no longer be linked to a Data Subject.

9. DATA DESTRUCTION AND DELETION

9.1 Upon expiry of the retention period, ROCVEST shall securely delete or destroy Personal Information in a manner that prevents its reconstruction.

10. DATA SUBJECT RIGHTS

10.1 Data Subjects have the right to request the deletion or destruction of their Personal Information, subject to legal or contractual retention obligations.

11. THIRD-PARTY SERVICE PROVIDERS

11.1 ROCVEST shall ensure that any third-party service provider processing data on its behalf adheres to equivalent retention and destruction standards.

12. DISPUTE AND LITIGATION HOLD

12.1 In the event of an ongoing dispute, investigation, or legal proceeding, the relevant retention periods shall be suspended until the matter is fully resolved.

13. COMPLIANCE MONITORING

13.1 ROCVEST shall implement measures to monitor compliance with this Policy, including internal audits.

14. POLICY REVIEW AND AMENDMENTS

14.1 This Policy shall be reviewed periodically to ensure alignment with legislative changes and technological developments.

15. BREACH AND NON-COMPLIANCE

15.1 Any unauthorised retention or failure to delete data in accordance with this Policy may constitute a breach of POPIA, a disciplinary offence, or a contractual breach.

16. RETENTION OF FINANCIAL AND TRANSACTION RECORDS

16.1 ROCVEST retains records relating to payments and financial transactions for audit, tax compliance, and regulatory obligations.

16.2 Such records shall be retained for a minimum period of five (5) years, or for such longer period as may be required under applicable South African law.

17. CONTACT INFORMATION

17.1 All queries relating to this Policy may be directed to: info@matric2tertiary.co.za.

18. ACCEPTANCE

By using the Platform, the User acknowledges that they have read and understood this Policy and consent to the retention of their data as described herein.