DATA PROTECTION POLICY
Effective: October 29, 2025
1. Purpose
This Data Protection Policy outlines how we collect, process, store, and protect personal data within our Student Information System (COSIS) in compliance with applicable data protection laws and regulations.
2. Data Protection Principles
Lawful Processing
Data is processed fairly, lawfully and transparently
Security
Appropriate technical and organizational security measures
Retention
Data kept no longer than necessary
3. Data We Collect
| Data Category | Examples | Purpose |
|---|---|---|
| Identification Data | Name, Student ID, Photo | User authentication, records |
| Contact Data | Email, Phone, Address | Communication |
| Academic Data | Grades, Courses, Attendance | Academic administration |
| Technical Data | IP Address, Device Info | System security |
4. Data Security Measures
-
Encryption: All sensitive data encrypted in transit (TLS 1.2+) and at rest (AES-256)
-
Access Controls: Role-based access with multi-factor authentication
-
Infrastructure: Secure cloud hosting with regular penetration testing
-
Training: Annual data protection training for all staff
5. Data Subject Rights
Core Rights
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
Additional Rights
- Right to data portability
- Right to object to processing
- Right not to be subject to automated decision-making
- Right to lodge complaints
Some rights may be limited where necessary for academic record-keeping or legal compliance.
6. Data Breach Protocol
Our Response Process
- Immediate containment and assessment
- Notification to relevant authorities within 72 hours
- Communication to affected individuals when required
- Comprehensive investigation and remediation
- Review and improvement of security measures
Need Help with COSIS?
Support Hotline:
+2600977112233
Support Email:
support@abctech.zm
Support Hours: Mon-Fri 8:00 AM - 5:00 PM