A. Introduction This Privacy Policy describes how Christopher Africa Pty Limited (hereinafter referred to in this policy as “we”, “us” or “our”), having enterprise number K2019185804, at the address 164, Katherine Street Pinmill Office Farm, Sandton, 2196, South Africa, handles the personal data of user that interact with our website. Users of our website and services (hereinafter referred to as “you” or “your”) can provide personal data to us when you visit our website and when you use any of our services. This can be done by you in your capacity as a private individual. You may also be a representative of any company for doing so. We may also obtain your personal data from third party sources. We act as the data controller of personal data obtained accordingly and of its processing in accordance with this Privacy Policy. In order to safeguard your personal integrity, it is important for us to protect your personal data. It is also important for us to ensure that whatever personal data related to you is processed by us, is correct and lawful. This Privacy Policy intends to help you in understanding what kind of personal data, we may collect and how it is processed when you use our website and services. This Privacy Policy also intends to explain you your rights as a data subject. You may exercise your rights by contacting support@christopher.africa (here we need to mention client’s support email id for GDPR). Therefore, it is necessary that you read this Privacy Policy carefully and understand its content completely. We will inform you in an appropriate manner when there arises a need to make updates or changes to this Privacy Policy. The Privacy Policy is last updated on 17th March 2020. If you have any questions, relating to this Privacy Policy then you may please contact us at support@christopher.africa (here we need to mention client’s support email id for GDPR). B. How do we process personal data? This part of the Privacy Policy mentions about what personal data do we process, why do we process it, how do we collect such data, what other processing activities are involved (if any), how and with whom do we share this data, including information regarding transfers of personal data outside the EU and also the time period for which we store such data. i) What type of personal data is processed by us? The categories of personal data processed by us are: a) Name, b) email address, c) telephone number, d) location, e) professional title, f) information regarding the company you represent as well as any agreements you have entered into with us on your or your company’s behalf; g) social media account details, - Details of social media accounts such as username/userID, - password in encrypted form, - information regarding unique identifiers such as API tokens, - profile picture, - bio, and - information relating to other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) you have linked to your user account; h) Personal and professional preferences, i) Personal interests, j) Personal subscriptions; k) language settings; l) Browser information, e.g. type and version of browser, m) any website from which you have been referred, n) which time zone you visit us from; o) pages you visit on our website; p) your IP-address and a rough location estimate based on your IP-address; q) information about your web activity or your interaction in emails we send to you; and r) information on your use of our services. ii) Why we process your personal data? In this part, we describe when and why do we process your personal data. We do not intend to use your personal data in any manner that is incompatible with the purposes for which it was collected. a) Provision of our services to you: In order to provide you or your company with our services and to communicate with you, we may process your personal data. This may include but not be limited to providing you any access to our different features, administering your account, processing your contact information, invoicing you and/or your company, providing support, training, professional services and general information regarding our services to you and/or your company. Therefore, it is our genuine intent to process your data for the purpose of providing best of our services and take your prior consent (where applicable and reasonable, for eg. when you sign up for an account with us). b) Better our services: In order to improve our services that we offer, we may process your personal data {eg. for testing, troubleshooting, fixing bugs (if any) etc.,}. This may include but not be limited to creating/analyzing statistics on how our services are being used by you or to perform market research, customer surveys and/or getting feedback from you. We also use your personal data based on your web activity and email activity, including but not limited to how you use our website and services, what are your interests, what is your professional title, which is your company and what are the similarities with other users’ interests, etc. We use your personal data in an aggregated or anonymized form to the extent possible. c) Marketing: We may also use personal data belonging to you for marketing activities directed to you such as communicating with you about our services, to inform you about our terms and conditions, send marketing related messages, etc. Marketing related messages will only be sent to you, if you have opted to receive marketing related messages. We will provide you with an option to opt-out from further marketing related messages at any time by using the un-subscription link provided in every marketing related message. The only reason for us to process your personal data is to genuinely improve our services. iii) Ways of collecting your personal data We may collect your personal data when you register a user account on our website. We may also collect your personal data in any other way through which you may provide us with your personal data. We also collect your personal data based on your web activity and email activity, including but not limited to how you use our website and services, and from third party sources (if any). For our collection of personal data through cookies, you may refer to our Cookie Policy. iv) Ways of sharing your personal data Your personal data that is collected by us may be shared with other group companies that we have and also with our third party suppliers and other third parties listed below, for the provision of our services, including for our developing and maintenance of the platform. This may involve coordination of your personal data with other registers. These are the types of third parties with whom we share your personal data such as our Service providers, Partners, third parties in case of a sale or transfer of business or assets and as and when required to such persons for security reasons. We intend to genuinely to comply with agreement requirements relating to sharing of personal data with above third parties. v) Duration of storing your personal data Your personal data will be stored for as long as necessary for the purposes that they were collected for and/or to fulfill our legal duties related to the storing of data otherwise. We will comply with the applicable law for the same to the reasonable extent. C. Security Ample security measures have been taken by us to ensure that the personal data we store is secured. For example, access to areas where personal data is stored is limited to our employees and/or service providers who need the same for the provision of their services. They are informed of the importance of maintaining the security and confidentiality of the personal data we store. We maintain reasonable safeguards and security standards to protect your personal data. We will try to monitor our systems to find out any vulnerabilities in it to protect your personal data. D. What are your rights? Here we describe your rights under applicable data protection law. If you have any queries relating to your rights, then you may email us at support@christopher.africa and we will respond within reasonable time after appropriate security checks relating to your identity. i) Access rights and changes You have the right to access which of your personal data is being processed by us and to make changes in them by making a request to us. ii) Right to erasure a) In the following situation, you may request us to erase your personal data: - the personal data is no longer necessary in relation to the purpose; - the processed personal data is unlawfully processed; or - you object to our processing of personal data on legitimate grounds; - you withdraw the consent which enables the processing and there is no other legal ground for processing; - legal obligations for erasure of personal data. b) Your request for erasure may be denied from our end if legally we are prevented from erasing the same (e.g. in relation to accounting and tax legislation) or we need them for the establishment, exercise or defending of any legal claims. If your request cannot be met, then we will try to restrict the personal data so it cannot be used for any other purpose. iii) Right to restriction You may restrict the processing of your personal data in the following situation: - the processing is unlawful and you oppose erasure of the personal data and request restriction instead; - you challenge the accuracy of the personal data and give us time to verify the accuracy of the same; - the personal data is not required for processing but for you to establish or defend any legal claim; iv) Right of objection You always have the right to raise an objection to us for processing of your personal data. If we receive an objection from you but still process your personal data, then we will be required to demonstrate appropriate reasons for the processing of your personal data which will then supersede any of your rights. We will not process your personal data for the purposes related to marketing, if it is so opposed by you for processing. v) Right for receive personal data If you provide us your personal data for processing or on the performance of an agreement with you, you obtain the right to receive the personal data concerning you such structured, normally used and/or machine readable format that can be used for transmitting these to any other service provider. vi) Right of consent withdrawal When we can only process your personal data on the basis of your consent then you will have the right of consent withdrawal at any time. Such consent may be withdrawn through your account settings by deleting your account. Please note that the lawfulness of processing based on consent before its withdrawal is not affected. vii) Right to register a complaint If you have reasons to believe that the processing carried out by us is in breach of data protection laws, then you may lodge a complaint with the appropriate supervisory authority. We will appreciate resolving any grievances internally first, before any official complaint is raised. Hence we request you to get in touch with us in such situations.