TrackTraining
Compliance OS
Legal

Privacy Policy

Last updated: 14 May 2026

1. Introduction

This Privacy Policy explains how TrackTraining ("we", "us", "our") collects, uses, discloses and protects information when you use the TrackTraining platform at admin.tracktraining.co.za and related services (the "Service"). By using the Service you agree to the practices described here.

2. Information we collect

We collect information that you or your organisation provide directly to us, including:

  • Account information (name, email address, role, organisation).
  • Employee records (name, contact details, role, department, supporting documents).
  • Training, certification, qualification and medical assessment records, including issue and expiry dates and uploaded certificates.
  • Operational data generated through use of the Service such as audit logs, session attendance and notification settings.
  • Technical data such as IP address, browser type and device information collected automatically when you access the Service.

3. How we use information

We use information to operate, maintain and improve the Service, including to:

  • Provide workforce training and compliance management features.
  • Send expiry notifications, account communications and service updates.
  • Maintain audit logs, security monitoring and abuse prevention.
  • Comply with applicable laws and respond to lawful requests.

4. Legal basis (POPIA / GDPR)

We process personal information on the basis of your organisation's legitimate interests in workforce compliance management, performance of our contract with the organisation, your consent where required, and our legal obligations. South African users are protected under the Protection of Personal Information Act (POPIA).

5. Sharing of information

We do not sell personal information. We share information only with: (a) authorised users within your organisation according to role-based access; (b) service providers (hosting, email delivery) that act on our behalf under written agreements; and (c) authorities where required by law.

6. Data retention

We retain personal information for as long as your organisation maintains an active account, and for any additional period required by law or to support legitimate compliance, audit and dispute-resolution needs. Records sent to the recycle bin remain restorable for a defined retention window before permanent deletion.

7. Security

We apply technical and organisational safeguards including authenticated and protected routes, role-based access controls, encrypted transport (HTTPS), database access policies and an immutable audit log. No system is perfectly secure, and you remain responsible for safeguarding account credentials.

8. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal information; object to or restrict certain processing; and withdraw consent. Requests should be directed to the organisation administrator or to us at the contact address below.

9. International transfers

Where information is processed outside your country of residence, we take appropriate safeguards to ensure that personal information continues to be protected to the standard required by applicable law.

10. Children

The Service is intended for use by organisations and is not directed at children under 18. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on the Service or communicated to organisation administrators.

12. Contact

For privacy questions or requests, contact your organisation administrator or email privacy@tracktraining.co.za.