1.1. Personal information (also commonly known as personally identifiable information (PII) or personal data) is information that can be used to identify you, or any other individual to whom the information may relate.

1.2. The personal information that we collect directly from those registering for the Service, includes the following categories:

1.2.1. name and contact information (e.g., address; phone number; email, fax); 1.2.2. geographic or location information; 1.2.3. education Levels; 1.2.4. South African Identity Number; 1.2.5. information contained in posts you may on the public forums and interactive features of the Service; and

1.2.6. other information that may be exchanged in the course of engaging with the Service. You will be aware of any subsequently collected information because it will come directly from you.

2.1. We may invite you to post content on the Service, including your comments and any other information that you would like to be available on the Service, which may become public (“User Generated Content”). If you post User Generated Content, all of the information that you post will be available to authorized personnel of NEMISA.

2.2. You expressly acknowledge and agree that we may access in time, record and store archives of any User Generated Content on our servers to make use of them in connection with the Service. If you submit a review, recommendation, endorsement, or other User Generated Content through the Service, or through other websites including Facebook, Instagram, Google, Yelp, and other similar channels, we may share that review, recommendation, endorsement, or content publicly on the Service.

When providing personal information to NEMISA as described in this Notice, that personal information is collected directly from you, and you will know the precise personal information being collected by us. NEMISA does not collect personal information from any other sources, except where it may automatically be collected as described in the section titled “Cookies, Device Data, and How it is Used, if the information in that section is considered personal information.

4.1. Subject to the terms of this Privacy Notice, NEMISA uses the above-described categories of personal information in several ways. Unless otherwise stated specifically, the above information may be used for any of the following purposes:

4.1.1. to administer the Service to you;

4.1.2. to respond to your requests;

4.1.3. to distribute communications relevant to your use of the Service, such as system updates or information about your use of the Service;

4.1.4. as may be necessary to support the operation of the Service, such as proof of completion of courses, course results, maintenance, and record-keeping purposes (Alumni Databases);

4.1.5. to send to you NEMISA solicitations, product announcements, and the like that we feel may be of interest to you. Please note that you may “opt out” of receiving these marketing materials; and

4.1.6. in other manners after subsequent notice is provided to you and/or your consent is obtained, if necessary.

NEMISA does not sell, re-sell, or distribute for re-sale your personal information.

6.1. If you agree to this in writing, we may provide any of the described categories of personal information to NEMISA employees, consultants, affiliates or other businesses or persons for the purpose of processing such information on our behalf in order to provide the Service to you. In such circumstances, we require that these parties agree to protect the confidentiality of such information consistent with the terms of this Privacy Notice.

6.2. We share this information with our various CoLabs and Learning partners who provide access to their learning platforms for your benefit.

6.3. We will not share your personal information with other, third-party companies for their commercial or marketing use without your consent or except as part of a specific program or feature which you will specifically be able to opt-out of.

6.4. In addition, we may release personal information:

6.4.1. to the extent that we have a good-faith belief that such action is necessary to comply with any applicable law;

6.4.2. to enforce any provision of the Terms of Service, protect ourselves against any liability, defend ourselves against any claims, protect the rights, property and personal safety of any user, or protect the public welfare;

6.4.3. when disclosure is required to maintain the security and integrity of the Service, or to protect any user’s security or the security of other persons, consistent with applicable laws;

6.4.4. to respond to a court order, subpoena, search warrant, or other legal process, to the extent permitted and as restricted by law; or

6.4.5. in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of our assets.

7.1. We may communicate with you using email, SMS, and other channels (sometimes through automated means) as part of our effort to market our products or services, administer or improve our products or services, or for other reasons stated in this Privacy Notice. You have an opportunity to withdraw consent to receive such direct marketing communications, as permitted by law.

7.2. If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by submitting a request to coursera@nemisa.co.za or dspsupport@nemisa.co.za , or by using the UNSUBSCRIBE link in any email communication you may have received. Further, you may express your communication preferences by:

7.2.1. Noting your preferences at the time you register your account with the Site [or our mobile application];

7.2.2. logging into your account settings and updating your preferences; and

7.2.3. contacting us using the contact information provided below.

7.3. Please note that you may continue to receive non-marketing communications as may be required to maintain your relationship with NEMISA.

7.4. In addition to the communication described here, you may receive third-party marketing communications from providers we have engaged to market or promote our products and services. These third-party providers may be using communications lists they have acquired on their own, and you may have opted-in to those lists through other channels. If you no longer wish to receive emails, SMSs, or other communications from such third parties, you may need to contact that third party directly.

8.1. NEMISA will retain your personal information only for as long as is necessary for the purposes set out in this Notice. We will retain and use personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

8.2. NEMISA will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Sites and/or Portals, or we are legally obligated to retain this data for longer periods.

8.3. NEMISA will also retain data in an Alumni database for confirmation of course completion, awarding of badges and certificates and for follow up research determining the outcomes from the training received.

9.1. When you use our Service, we may record unique identifiers associated with your device (such as the device ID and IP address), your activity within the Service, and your network location. NEMISA uses aggregated information (such as anonymous user usage information, cookies, IP addresses, browser type, clickstream information, etc.) to improve the quality and design of the Service and to create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and

trends. Specifically, we may automatically collect the following information about your use of Service through cookies, web beacons, and other technologies:

9.1.1. domain name;

9.1.2. browser type and operating system;

9.1.3. web pages you view;

9.1.4. links you click;

9.1.5. IP address;

9.1.6. the length of time you visit the Sites, Portals, and/or Services; and

9.1.7. the referring URL or the webpage that led you to the Sites.

9.2. We may also collect information regarding application-level events, such as crashes, and associate that temporarily with your account to provide customer service. In some circumstances, we may combine this information with personal information collected from you (and third-party service providers may do so on behalf of us).

9.3. In addition, we may use "cookies," clear gifs, and log file information that help us determine the type of content and pages to which you link, the length of time you spend at any particular area of the Service, and the portion of the Service you choose to use. A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited information, usually a unique identifier and the name of the site. Your browser has options to accept, reject or provide you with notice when a cookie is sent. Our cookies can only be read by NEMISA; they do not execute any code or virus; and they do not contain any personal information. Cookies allow NEMISA to serve you better and more efficiently, and to personalize your experience with the Service. We may use cookies for many purposes, including (without limitation) to save your password so you don’t have to re-enter it each time you visit the Service. We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:

9.3.1. Essential cookies Necessary for the operation of the Site. We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer Site features.

9.3.2. Analytical/performance cookies. Allow us to recognize and count the number of visitors and see how visitors move around the Site when using it. This helps us improve the way the Site works.

9.3.3. Functionality cookies. Used to recognise you when you return to the Site. This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

9.3.4. Targeting cookies. Record your visit to the Site, the pages you have visited, and the links you have followed. We will use this information to make the Site and the more relevant to your interests. We may also share this information with third parties for this purposeand to deliver content (which may include third party advertisements) specific to your interests.

9.4. We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on the Service. We may permit these service providers to use cookies and other technologies to perform these services for NEMISA. We do not share any personal information about our customers with these third-party service providers, and these service providers do not collect such personal information on our behalf. Our third-party service providers are required to comply fully with this Privacy Notice.

10.1. If No EU Data For individuals located outside South Africa, in particular in Switzerland, the United Kingdom and the European Economic Area (EEA), please note that NEMISA is a South African based company. NEMISA does not market to or solicit customers from outside the South Africa, therefore, users of the Service should not expect to avail themselves of the rights provided under the EU’s General Data Protection Regulation (“GDPR”). If you use the Service, all information, including personal information, will be transferred to NEMISA in South Africa. By

10.2. We may use third party service providers to help us deliver certain services, and it may result in the processing of personal information in data centers and locations outside of the [Country of company headquarters]. For example, these service providers may provide us with essential information technology or tools we use to run our business. We may permit these service providers to process our business information and/or your personal information. We do not permit these service providers to process any personal information outside of a contract, and these service providers may collect personal information on our behalf. Our third-party service providers are required to comply fully with this Privacy Notice.

11.1. If you are located in the EEA, the General Data Protection Regulation (“GDPR”) grants you certain rights under the law. In particular, the right to access, correct, and delete the personal information we hold about you. NEMISA will retain your personal information for the length of the time in which you engage with our services as described in the retention section of this Notice, until you request deletion of such personal information.

In certain circumstances, you have the following data protection rights:

11.1.1 the right to access, update, or delete the personal information we have on you;

11.1.2. the right of rectification. You have the right to have your personal information rectified if that information is inaccurate or incomplete;

11.1.3. the right to object. You have the right to object to our processing of your personal information;

11.1.4. the right of restriction. You have the right to request that we restrict the processing of your personal information;

11.1.5. the right to data portability. You have the right to be provided with a copy of the personal information we have on you in a structured, machine-readable and commonly used format; and

11.1.6. the right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

11.2. In order make a request regarding your personal information, please contact dspsupport@nemisa.co.za.

11.3. If you have a comment, question, or complaint about how we are handling your personal information, we hope that you contact us at dspsupport@nemisa.co.za in order to allow us to resolve the matter. In addition, if you are located in the EEA, you may submit a complaint regarding the processing of your personal information to the EU data protection authorities (each a “DPA”). The following link may assist you in finding the appropriate DPA: https://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm.

12.1. If you are located in the EEA, our legal basis for collecting and using the personal information described in this Notice depends on the personal information we collect and the specific context in which we collect it.

12.2. We may process personal information because:

12.2.1. We need to perform a contract with you;

12.2.2. you have given us consent to do so;

12.2.3. the processing is in our legitimate interest to offer the Service, when that legitimate interest is not overridden by your rights and

12.2.4. to comply with the law.

12.3. Where personal information is processed based on consent, EU residents have the right to withdraw such consent at any time. To do so, please contact us as described in this Notice. If there is a different legal basis that would permit us to continue processing your personal information after withdrawing consent, we will notify you of that legal basis at the time of your request.

13.1. If you are a South African resident, South African law may provide you with certain rights with regard to your personal information under the Protection of Personal Information Act (“POPIA”) and Promotion of Access to Information Act (“PAIA”).as well the Consumer Protection Act (“CPA”). Throughout this Privacy Notice you will find information required by POPIA regarding the categories of personal information collected from you; the purposes for which we use personal information, and the categories of third parties your data may be shared with. This information is current as of the date of the Notice and is applicable in the 12 months preceding the effective date of the Notice.

13.2. As a South African resident, the POPIA and PAIA provides you with the ability to make inquiries regarding to your personal information. Specifically, the degree to which the information is not already provided in this Privacy Notice, you have the right to request disclosure or action your personal information, including: 13.2.1. if your personal information is collected by us;

13.2.2. the specific pieces of personal information collected about you;

13.2.3. the ability to correct or delete certain personal information collected about you;

13.2.4. the ability to delete all the personal information collected about you, subject to certain exceptions;

13.2.5. to opt-in or opt-out of direct marketing to you;

13.2.6. to object to processing of your personal information, or

13.2.7. appeal any rejection of access to your personal information.

13.3. You may submit a request regarding your rights under POPIA or PAIA by submitting a request by contacting us at one of the following dspsupport@nemisa.co.za, coursera@nemisa.co.za or info@nemisa.co.za.

13.4. If we receive a POPIA request from you, we will first make a determination regarding the applicability of the law, and we will then take steps to verify your identity prior to responding. The steps to verify your identity may vary based on our relationship with you, but, at a minimum, it will take the form of confirming and matching the information submitted in the request with information already held by NEMISA and/or contacting you through previously used channels to confirm that you submitted the request i.e., confirming identity through contact information that we have on file, and/or the contact information submitted to make the request).

13.5. NEMISA does not knowingly collect or process the special personal information such as your religious or philosophical beliefs, race or ethnic origins, trade union memberships, political persuasion, health or sex life, or your criminal behaviour or biometric information.

13.6. If you have a comment, question, or complaint about how we are processing your personal information, we hope that you contact us at [INSERT FORM] in order to allow us to resolve the matter. In addition, if you are located in the Republic of South Africa, you may submit a complaint regarding the processing of your personal information to the Information Regulator at the following link: https://www.justice.gov.za/inforeg/contact.html.

We may allow other companies, called third-party ad servers or ad networks, to serve advertisements within the Service. These third-party ad servers or ad networks use technology to send, directly to your device, the advertisements and links that appear on the Service. They automatically receive your device ID and IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or Web Beacons) to measure the effectiveness of their advertisements and to personalize the advertising content you see. You should consult the respective privacy policies of these third-party ad servers or ad networks for more information on

their practices and for instructions on how to opt-out of certain practices. This Privacy Notice does not apply to them, and we cannot control their activities.

15.1. We employ industry-standard and/or generally accepted security measures designed to secure the integrity and confidentiality of all information submitted through the Service. However, the security of information transmitted through the internet or via a mobile device can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data.

15.2. Users of the Service are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of the Service. In order to protect you and your information, we may suspend your use of any of the Service, without notice, pending an investigation, if any breach of security is suspected.

16.1. The Service may contain links to other websites maintained by third parties. Please be aware that we exercise no control over linked sites and NEMISA is not responsible for the privacy practices or the content of such sites. Each linked site maintains its own independent privacy and data collection policies and procedures, and you are encouraged to view the privacy policies of these other sites before providing any personal information.

16.2. You hereby acknowledge and agree that NEMSIA is not responsible for the privacy practices, data collection policies and procedures, or the content of such third-party sites, and you hereby release NEMISA from any and all claims arising out of or related to the privacy practices, data collection policies and procedures, and/or the content of such third-party sites.

The Service is not intended for children under the age of 18, and NEMISA does not knowingly collect the personal information of children under the age of 18.

NEMISA reserves the right to modify this Privacy Notice from time to time in order that it accurately reflects the regulatory environment and our data collection principles. When material changes are made to this Privacy Notice, NEMISA will post the revised Notice on our website. This Privacy Notice was last modified as of 24 February 2021.

If you have any questions or comments about this Privacy Notice or the Service provided by NEMISA, please contact us at:

21 Girton Street,

Parktown,

Johannesburg

Tel: 011 484 0583

Web: https://www.nemisa.co.za