Schoolmia Privacy & Cardholder Data Security Policy

 

1. Purpose & Scope

 

This policy explains how Schoolmia collects, processes, and protects personal and cardholder data in line with PCI-DSS standards.

 

2. Data We Collect

 

Name, email address, phone number, institution details

 

Cardholder data processed through PayFast and PayPal (Schoolmia does not store this data)

 

 

3. Security Measures

 

• TLS/HTTPS encryption

 

• Access controls and secure authentication

 

• No card data stored on Schoolmia servers

 

• Regular security audits and reviews

 

 

4. Payments

 

All transactions are processed through PCI-DSS-compliant providers: PayFast and PayPal.

 

5. Data Usage

 

Used for account setup, payment handling, academic communication, and technical support.

 

6. Data Retention

 

Personal data is retained for up to 24 months. Payment data is retained by PayFast/PayPal.

 

7. Breach Notification

 

Users will be notified within 72 hours if a data breach occurs.

 

8. Contact

 

For privacy or support queries: support@kzdsolutions.co.za