Introduction This privacy policy intends to offer data subjects the highest possible protection of their data and comprises internationally accepted data privacy principles while incorporating national data protection laws. IoT.nxt BV, with chamber of commerce number 68328001, as a responsible party and a processor and / or controller, is committed to protecting the right to privacy as set out in the national laws, and we are committed to adhering to the standards required for the processing of personal information. Please take note that this privacy policy forms part of the terms and conditions of use of this website, and if you do not accept same, please cease using our website immediately. You are required to voluntarily accept or reject the way in which we process and control personal data. If you do not voluntarily accept, please exit the website or refrain from continuing your use and sharing of personal data, if any. The right to privacy of European citizens is a fundamental right and originates from the Charter of Fundamental Rights of the European Union. Should you be a European citizen (in other words, a European natural person) and should we collect your personal data, we intend to process it, albeit as a controller or processer of personal data, in accordance with the principles of the General Data Protection Regulations (“GDPR”). These regulations will apply to us if we process your personal information in Europe, if any. Part of the IoT.nxt group is IoT.nxt (Pty) Ltd, with registration number 2015/305236/07. This group member will also be bound to apply and adopt this privacy policy, and shall be read in conjunction with national laws applicable to data protection in South Africa This policy intends to explain how we process your personal information and is applicable to personal information of all data subjects, being both natural and, where applicable, juristic persons. By using this website, you agree that you have read and agreed to be bound by these terms and conditions voluntarily by accepting these terms and conditions. It is however recorded that the GDPR applies to natural persons’ data only, and its applicability herein does not apply to the data of juristic persons. This does not however mean that less caution will be taken when dealing with data of juristic persons, as we strive to treat any information that is not ours with the utmost confidentiality and protection. Principles Our data protection measures are based on international best practices when processing or controlling your personal data. We adhere to the principles encasing accountability, processing limitations, purpose specification, information quality, security and data subject participation, fairness and lawfulness, transparency and minimalism. Collecting of information, cookies and links We collect information from you in the following ways: Through your communications with us; Through you sharing information that you provide on this website or one of our applications; Through third parties related to our business operations. Cookies may enable us to improve our service to you, estimate our audience size and usage patterns, store information about your preferences and recognise when you return to our website. Cookies can be defined as text files in your browser that we use to determine your preferences. When you access our website, information is automatically received and stored on our server logs, which information may include your location, IP address, cookie information and the relevant pages you have requested. We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. You can adjust your browser settings to refuse the use of cookies. Some examples of the data collected using automated links include time spent on our website, the objects that were clicked on details of the website where you were referred from. Our website may include links that may direct you to other websites over which we do not have control. Although these links are intended to make browsing easier for you, these links are opened at your own discretion and we cannot be held liable or responsible for the use of any personal information by the owner of the website that you are directed to, and it is advised that you read their website terms and conditions before proceeding. In addition, we make no guarantees or representations regarding any third-party website and their privacy policies and procedures. How and why we process your personal information We will only process information that you provide us with for the specific purposes for which it was disclosed to us and in as far as it is required, and in a reasonable manner that does not infringe your fundamental right to privacy. The principle of minimalism will apply to the processing of your personal information in that such processing will not be excessive, irrelevant or inadequate. If we have reasonable grounds to believe that your rights may be limited, we may need to disclose or use your personal information or use of this website to protect our business and/or the property, safety or other rights of our employees, partners, clients, suppliers or other users or to prevent fraudulent or unlawful use of this website. Should you object to the processing of your personal information, we will immediately cease the processing associated with it. In the event that we need to transfer your information across our borders, same will only be done as far as is necessary to meet our obligations to you and where you provide your consent. These cross-border flows of data shall only be received by parties who employ similar corporate rules and agreements and which flow from and are subject to similar legislation as that of national legislation. When we process or control your personal data and it is required to be transferred to a company other than a group company, please be reminded that this transfer is to be consented to as part of your voluntary acceptance of this privacy policy. Should you wish to not accept the provisions relating to cross-border transfers, please get in touch with us so that we may accommodate you as far as possible and as best we can. Any transfers will only take place for the purpose for which the transfer is defined. It may happen that we merge, sell, purchase or restructure our business and may need to disclose personal information to the other party/ies to the transaction. Should this take place in the future, we will always seek that the information be treated as strictly confidential and that the relevant party is bound by this confidentiality and that such party employs similar standards of protection Depending on the type of discloser of the personal information, we may collect the following types of information when, for example, you fill out a request for us to contact you regarding our service offerings, or if we are already rendering services to you or your organisation: Full name of individual and/or organisation; Identity number or organisation registration number; Cell phone number and/or email address; Data of objects and machine information extracted using our Raptor™ technology. Depending on the reason that the information was disclosed and the nature of the discloser of the information, we may use it for the following reasons: Performing our duties or responding to your requests; Monitoring and analysing our business, including performing statistical analysis and marketing research; Performing administrative tasks, audits and complying with legislation; Contacting you or requesting information from you; Any other reason that you give us permission for; If it is in the public interest or required by a competent authority; To assist your business in implementing a digital strategy; To translate vast data that is relevant into readable format and to transfer this to a usable platform; To send data to and from the cloud and/or the edge of a data system to the devices that our technology applies to. The information assists us in developing our business and entering into business transactions which involve the provision of hardware and software related components and services in the Internet of Things sphere. We may share this information with third parties if it is necessary for us to deliver on our product offerings, and we may share the information with. We are required to maintain records of our processing activities and processing operations, which may be made available to you on sufficient notice. Any information provided to us will only be kept for the duration for which it is required and to give effect to the purpose for which it was disclosed. If we are required by law or otherwise to keep your personal information for longer than required, we will ensure that it is de-identified. We will also not sell or share your information without your prior written consent. We will destroy or delete a record of your personal data should the personal data no longer be required, and such deletion or destruction shall be done in a manner that, as far as is practicably possible, prevents its reconstruction. Should we wish to retain your personal data, we will obtain your consent and ensure that appropriate safeguards are in place to protect same, and that it will only be used for historical, statistical or research purposes. Any special personal information will not be processed unless your express prior consent has been obtained. Should you be a European citizen and the purpose for which we processed your personal information has been realised, then we are bound to erase your personal information unless one of the grounds in Article 22 of the GDPR is applicable. Should personal data be collected, processed and used on the website or on an application that belongs to us, all efforts will be taken to inform the user of this privacy policy. The privacy policy will be easy to access and easy to identify and will, unless one of the factors in the website terms of use is applicable (for example, website maintenance), be constantly available. Should the website or application allow for the accessing of personal information, such identification and authorization process will be sufficiently protected. Children We do not intend to directly or indirectly market to children, and this website, our applications and general business offering has not been designed for use by or intended for children. Minors therefore require the consent of competent person, and persons under the age of 16 years in Europe require the consent of their parent or trustee. Security and breach We respect your personal information and the confidential nature thereof, and we are committed to complying with the relevant laws that govern our interactions with users, clients, partners and the like. Your personal data deserves protection from unauthorised access, accidental loss, modification, destruction and unlawful disclosure, regardless of whether your data is processed in paper form or electronically. For this reason, we implement appropriate, high quality and sophisticated security server technology which at a minimum complies with industry good practice, so that the integrity of your personal information may be protected. Our employees and operators and anyone who processes your personal information are bound by terms of confidentiality and have been obligated to respect and uphold your privacy. Some of these measures include using firewalls, passwords and restricted access, physical recognition methods and the information is used internally by persons on a strict need-to-know basis. We do however urge you to assist us in our endeavour to keep your personal information safe and kindly request that you take reasonable measures to protect your personal information, as the nature of the internet and the technology industry lends itself to attempted unauthorized breaches of security protocols. We will report any security breaches to the data regulator and / or inspectorate and to the affected data subject. This notification will be will be made as soon as is practicably possible after the scope and nature of the breach have been determined, considering any measures to restore the security of the information. We undertake to provide you with adequate information regarding any such breach, and will comply with directions given by the inspectorate or registrar. Should you be a European citizen, we will notify the data inspectorate within 72 hours of a breach and, if there is a high risk to the rights and freedoms of other persons, we will notify you. If any form of breach by an IoT.nxt group company is committed, IoT.nxt undertakes to assist you in establishing the facts of the matter and in asserting your rights against the group company concerned. The technical and organisational security measures for protecting personal data are updated continuously and according to industry best practice. Data protection officer We will appoint a data protection officer should section 4 of the GDPR become applicable to our company. At the time of release of this version of the privacy policy, we are not yet required to appoint a data protection officer. Access to your information You are entitled to request the details of the information we have about you. We may also provide you with a copy thereof that is in an acceptable format and sufficiently clear, subject to the payment of a prescribed fee and within a reasonable time frame after you have furnished satisfactory proof as to your identity. We also undertake to comply with requests to update and alter your personal information and to take reasonable steps to ensure that the personal information is complete, accurate and up to date. You have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance. Different Versions We reserve the right to amend this privacy policy at any time without any notice. Such amendments may, for example, as a result of us improving our security measures, adding new products or changing technology. We therefore request that you visit the website regularly so that you are aware of the latest version of this privacy policy. We cannot be held responsible for a user’s reliance on an outdated version of our privacy policy. These changes will then be posted on our website so that you are always in a position to determine what information we collect and how we use it. International users This website is hosted in a Microsoft Azure datacentre in Western Europe, and any international users consent, by virtue of their acceptance and continued use of this website, to their data being transferred the said data centre for processing and use in accordance with this privacy policy. The data will be transferred only if directed by you or if otherwise legitimately required to do so. Your rights Notwithstanding any other rights you may have in law, you have the following rights that we intend to uphold and protect at all times in relation to the protection of your data: You may request how your information was collected, how it is stored and for what purpose; You are entitled to know who your data is being transferred to and for what purpose; You may at any time request that your data is updated and supplemented so that it is correct and complete at all times; Should a legal basis for the processing or controlling for your data cease to exist, you may request that your data is deleted permanently, subject to legal retention periods that may be applicable; and You may at any time object to your data being processed.