GDPR Regulation, Privacy Policy Protection

Thuto Trust Privacy Policy

This Privacy Statement is effective 1 Jul 2022. Please note that this privacy statement will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.


Thuto Trust attaches great importance to your right to privacy and the protection of your personal data. We want you to feel secure that when you deal with Thuto, and that your personal data are in good hands.

At Thuto Trust we respect the privacy of people and we protect the personal data we process. We balance our need to process personal data for our activities with the legal requirements to protect it, as stipulated in the POPI Act.

In addition, Thuto maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, disclosure or access. 


This policy describes the principles governing our processing of personal data. It also records our compliance strategy regarding personal data.  


This policy applies to all personal data processed in the course of our business and to all persons employed or engaged by us who process personal data.
We collect personal and professional data and information in various forms from the following groups of people and groups within and associated with, Thuto Trust, Thuto Empowerment Pty Ltd, and Thuto Education Development Agency :

  • Thuto Directors and Thuto Trustees
  • Thuto Employees
     - Thuto Trust (Trust nr. IT 5016/04)
    - Trustees: LY Okeyo KL Molebatsi, RT Muzariri
  • Teacher Development student applicants and Teacher Development Bursars themselves: (When Thuto is in the process of recruitment of bursary recipients, we collect personal data and information that includes South African ID numbers, addresses, phone contacts, emergency contact information, marital status, race or ethnicity, gender, history of students’ community work, SACE background checks, historic and current university records, professional background information.
  • Bursary students themselves: all of the information listed in point 3 above, as well as bank account details for stipend payments, and ongoing academic progress reports, teacher development and mentorship reports, psycho social support reports and any other relevant information to ensure the success of the Thuto Trust bursary programme for each student.
  • Alumni Teachers
  • Mentor Teachers
  • Partner Organisations
  • Partner Schools (Principals, Mentor Teachers)
  • Service Providers
  • Investee Companies
  • Foundations, Donors and contributor organisations
  • Dissemination of Marketing & Research Information will exclude any personal information
  • Suppliers of services
  • We will conduct surveys from time to time with our bursary students, and will make every effort to keep personal information confidential
  • Website users: If the data we collect are not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how they will be used. 

Data Protection Laws

We are committed to protecting and respecting the privacy of our data subjects in accordance with the local data protection laws applicable to the jurisdictions in which we operate. As such, we have chosen to adopt a national approach to data protection compliance. The relevant local laws with which we will comply are:

  • Protection of Personal Information Act 4 Of 2013 (South Africa);

In applying the relevant data protection laws, we will ensure that we:

  • enable data subject rights;
  • adhere to our data protection obligations as Responsible Party or operator; and
  • apply the data protection principles.

In terms of data subject rights, we will ensure that our data subjects can:

  • know when and why we process their personal data;
  • request access to their personal data that we process;
  • rectify any personal data of theirs that is incorrect;
  • erase their personal data from our systems, where required;
  • restrict our processing of their personal data, where required;
  • object to our processing of their personal data;
  • transfer their personal data from us to another Responsible Party in a structured and accessible format;
  • be protected from us making automated decisions about them.

In terms of our obligations as Responsible Party, we will ensure that we:

  • enter into a contract with the relevant Responsible Party;
  • appoint sub-operators only with the Responsible Party’s written authorisation;
  • process personal data only on the instructions of the Responsible Party;
  • keep records of our processing activities done on behalf of the Responsible Party;
  • inform the relevant data protection authorities of irregularities, where required

 In terms of the data protection principles, we will ensure that we process personal data:

  • lawfully, fairly and transparently.
  • only for a specific purpose that is explicit and legitimate;
  • only as necessary for that purpose;
  • accurately, and is kept up to date;
  • for no longer than necessary to achieve the purpose; and
  • securely.; 

Codes and Standards

We consider the following codes and standards as key guidelines for Thuto Trust:

  • King IV (corporate governance)
  • ISO 27001 & ISO 27701 (information security & data privacy management)
  • ISO 31000 (risk management)  

Compliance Strategy

compliance strategy is to work with:

  • Reasonable compliance – do what is reasonably practicable to comply with those aspects of data protection that apply to our business, under the applicable data protection law.

We have identified the following areas as being key priorities in our compliance efforts:

  • Protecting the privacy of the students in our programmes
  • Protecting the privacy of Trustees, Directors and beneficiaries of our programmes
  • Monitoring and applying our data protection activities consistently across our entities and programmes;
  • Adopting privacy by design and by default at a group level;
  • Managing our data operator relationships efficiently; and
  • Digitising our data processing activities.
  • Communicating our data privacy priorities to all those who may require data from time to time, such as donor organisations and/or partner organisations. 

Governance of Data Protection

Thuto Trust will appoint and maintain one Information Officer and one Deputy Information Officer Who will cover all of our entities.

The Information Officer is responsible for:

  •  promoting compliance with data protection law within the entity;
  • ensuring awareness of data protection law within the entity;
  • managing and responding to data subject access requests;
  • limiting the sharing of personal data to a minimum with our partner organisations;
  • managing and responding to data breaches or incidents;
  • assisting the relevant data protection authorities with their investigations;
  • developing, implementing and monitoring the compliance framework within the entity

The Information Officer will report to the Thuto Trust Board responsibility and administration.: