Privacy Notice
This Privacy Notice explains how South African Hang Gliding and Paragliding Association (SAHPA) collects, uses, and protects personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA).
This notice is provided for transparency only. It does not replace or override SAHPA’s PAIA and POPIA Manual.
1. Responsible Party
SAHPA is the responsible party for personal information processed in connection with its governance, safety, and regulatory functions.
2. Personal Information We Process
SAHPA may process personal information including, but not limited to:
Some information may constitute special personal information and is processed only where lawful and necessary.
3. Purpose of Processing
Personal information is processed for purposes that include:
- membership administration;
- aviation safety oversight;
- compliance with aviation legislation and regulations;
- incident and accident investigation;
- insurance administration;
- governance, disciplinary, and corrective processes;
- communication with members, clubs, schools, and regulators.
4. Lawful Basis for Processing
- identity and contact details;
- membership, licensing, and ratings information;
- training, instructor, and school-related information;
- incident, accident, and safety-related information;
- complaints, disciplinary, and compliance-related information;
- insurance and claims-related information.
SAHPA processes personal information on the basis of:
- compliance with legal and regulatory obligations;
- performance of contractual or membership-related obligations;
- legitimate interests relating to aviation safety and governance;
- consent, where applicable and appropriate.
Where permitted by law, certain processing may occur without consent.
5. Information Systems and Data Submissions
SAHPA uses information systems to support its governance and safety functions.
SAHPA may permit limited, controlled submission of information by SAHPA-recognised schools or other entities via technical interfaces for the purpose of recording required activity. Such submissions do not grant access to SAHPA records or systems beyond the information submitted.
6. Disclosure of Information
SAHPA does not sell personal information.
Personal information may be disclosed where necessary for:
- regulatory or statutory reporting;
- safety or incident investigation;
- insurance or legal processes;
- compliance with lawful requests from authorities.
Disclosure is limited to what is lawful and necessary.
7. Data Security
SAHPA implements reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, or disclosure.
8. Retention of Information
Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law, regulation, or oversight obligations.
9. Data Subject Rights
In terms of POPIA, data subjects may have the right to:
- request access to personal information;
- request correction or deletion of information where appropriate;
- object to certain processing activities.
The exercise of these rights may be limited where required to protect safety, disciplinary integrity, the rights of others, or lawful governance functions.
Requests are handled in accordance with applicable law.
10. Access to Records
Requests for access to records held by SAHPA are governed by the Promotion of Access to Information Act, 2000 (PAIA).
Details of how to submit such requests are set out in the SAHPA PAIA and POPIA Manual.
11. Changes to This Notice
This Privacy Notice may be updated from time to time to reflect legal, regulatory, or operational changes.
12. Contact
Privacy-related enquiries may be directed to SAHPA via the contact details published in the SAHPA PAIA and POPIA Manual.