Introduction and scope
DataProphet strives to ensure that our use of Personal Information of data subjects is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings and your experience.
The Personal Information that we collect about you
“Personal Information” refers to private information about an identifiable person. Personal Information does not include information that does not identify a person (including in instances where that information has been anonymised). The Personal Information that we collect about you may differ based on the services that you receive from DataProphet.
We may Process distinct kinds of Personal Information about you which we have grouped together as follows:
Identity Information, which includes information concerning your name, username or similar identifier;
Contact Information, which includes billing addresses, delivery addresses, email addresses and telephone numbers, as well as company secretarial information that has been disclosed in relation to you;
Technical Information, which includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
Usage Information, which includes information about how you use our Website, products and services;
Marketing and Communications Information, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
How we collect your Personal Information
We collect your Personal Information in three ways, namely:
through direct or active interactions with you;
through automated or passive interactions with you; and
from our affiliates and third parties, including service providers.
Direct or active collection from you
We may require you to submit certain information in order for you to access certain portions of the Website, to receive our services or to conclude an agreement with us, to conduct our business or manage our relationship with you, or when we fulfil our statutory obligations. We also collect information directly from you when you communicate directly with us, for example via e-mail, telephone calls, feedback forms, site comments and forums.
If you contact us, we may keep a record of that correspondence and any information provided by you (including for prospective employment with us).
Passive collection from your Access Device
We passively collect some of your Personal Information from devices that you use to access and navigate through the Website (each an “Access Device“) by using various technological means, for instance, using server logs to collect and maintain log information.
The information which we may passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Usage Information and your Marketing and Communications Information, and any other information which you permit us, from time to time, to passively collect from your Access Device.
Information collected from third parties
DataProphet receives Personal Information about you from our affiliates, business partners and third-party service providers, purely to supplement information which you have already agreed to give us.
How we use your Personal Information
We use the information we collect to provide, maintain, and improve the Website, to provide current, and develop new services, and to protect us, our services and our users, and to conduct our business, manage our relationship with you, and comply with the applicable laws. We constantly strive to improve our users’ experience, and so we also use the information we collect in order to offer you information and content which is more appropriately tailored for you as far as reasonably possible.
We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
Where required to conduct our business or manage our relationship with you.
We have set out below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your Personal Information. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Information where more than one ground has been set out in the table below.
Type of information
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
(a) Identity(b) Contact
Performance of a contract with you
(a) Identity(b) Contact(d) Marketing and Communications
(a) Performance of a contract with you(b) Necessary to comply with a legal obligation(c) Necessary for our legitimate interests (to: (i) keep our records updated, facilitate engagement, and to study how customers use our products/services; (ii) managing, maintaining and giving effect to any employment related matters, practices or issues (whether in respect of any past, present or prospective employees) – including any CV processing, interviews, background or other checks, aptitude tests, record keeping or verification, or otherwise; and (iii) to manage our relationship and facilitate engagement with us, including any future engagement or analytics associated with your interaction with us.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Identity(b) Contact(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity(b) Contact(d) Usage(e) Marketing and Communications(f) Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
(a) Technical(b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(a) Identity(b) Contact(c) Technical(d) Usage(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
DataProphet will restrict its Processing of your Personal Information to the original purposes for which we collected it, unless DataProphet reasonably considers that it is required to be Processed for another purpose and that purpose is compatible with the original purpose. If you would like us to explain how the further Processing for the new purpose is compatible with the original purpose, please contact us.
Compulsory information and consequences of not sharing with us
Where DataProphet is required to process certain Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that Personal Information when requested, DataProphet may not be able to perform the contract we have or are trying to enter into with you. In this case, DataProphet may be required to terminate its relationship with you, but we will notify you if this is the case at the time. The terms of any applicable laws and/ or the contract between you and DataProphet, will govern the termination of the agreement.
Sharing of your Personal Information
DataProphet may share your Personal Information under the following circumstances:
to our employees, suppliers, service providers and agents if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as hosting, development and administration, technical support and other support services relating to the Website or the operation of DataProphet business. We will authorise any information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
in order to enforce or apply any other contract between you and us, to conduct our business or to manage our relationship with you;
in order to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;
in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
to governmental agencies and other regulatory or self-regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:
comply with the law or with any legal process;
protect and defend the rights, property or safety of DataProphet, or our customers, employees, contractors, suppliers, service providers, agents or any third party;
Storage and transfer of your Personal Information
We store your Personal Information on our servers or those of our service providers.
We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa, and such jurisdiction may not have comparable data protection legislation.
If the location that Personal Information is transferred to or stored does not have substantially similar laws which provide for the protection of Personal Information, we will take reasonably practicable steps, including, among other things, by imposing the necessary contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information outside of South Africa or the jurisdiction in which we collected the Personal Information.
We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.
From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.
Even by taking the above measures when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.
DataProphet has implemented procedures to address any suspected data breaches and will notify you and any applicable regulator of a breach where DataProphet is legally required to do so within the period in which DataProphet is required to issue such a notification.
Retention of your Personal Information
We may keep and Process some or all of your Personal Information if and for as long as:
we are required or permitted by law or a contract with you (or this Policy) to keep it;
we reasonably need it for lawful purposes related to our functions and activities;
we reasonably need it for evidentiary purposes; or
you agree to us keeping it for a specified further period.
To determine the appropriate retention period for Personal Information, DataProphet will consider, among other things, the quantity, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means. DataProphet will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
Keeping your Personal Information updated and correct
Where required by law, we take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading, and up to date.
You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 18 below.
You give up some of your rights
You agree that where the law requires us to make you aware of something (to inform or notify you) or to do something else, we do not have to do this. This only applies as far as the law allows this.
For example, sometimes the law says that we have a duty to make you aware of some information or other matters, unless you agree that we do not need to do these things (this is called a waiver of rights). Because you agree to this, we will not have this duty anymore and will not need to make you aware of the information or other matters.
Please note that, under certain circumstances, you may have rights under data protection laws in relation to your Personal Information. You may have the right to:
Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information that DataProphet has about you.
Request correction of the Personal Information that we hold about you. This enables you to ensure that any incomplete or inaccurate data that DataProphet holds about is corrected.
Request erasure of your Personal Information. This enables you to request that DataProphet delete or remove Personal Information where there is no lawful basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (described below), where we may have processed your information unlawfully or where we are required to erase or anonymise your Personal Information to comply with applicable law. DataProphet may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where DataProphet is processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedom.
Request restriction of processing of your Personal Information. This enables you to ask DataProphet to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.
Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, a copy of your Personal Information in our possession in a structured, commonly used, machine-readable format. Note that this right only applies in certain jurisdictions and is limited to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please note that we may continue to Process your Personal Information in certain instances where we are not relying on your consent.
When you register to use the Website, you agree to receive marketing communications from us.
You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communications from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
You may opt out of receiving direct marketing communications from us at any time by requesting us (in the manner set out in the communication or by contacting us at the contact details set out in clause 18) to desist from initiating any direct marketing to you.
If you have opted out, we may send you written (which may include electronic writing) confirmation of receipt of your opt out request, and not send you any further direct marketing communications. Please note that you may continue to receive communications from us that are not marketing related.
Third party sites
Consumer Protection Act and Protection of Personal Information Act
does or purports to limit or exempt us or any person or entity from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
does or purports to limit or exempt us from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
Queries and Contact details
You have the right to make a complaint at any time to the Office of the Information Regulator in South Africa (http://www.justice.gov.za/inforeg/). You may also have the right to contact the appropriate regulator in your country if you are based outside of the Republic of South Africa. We would, however, appreciate the chance to deal with your concerns before you approach a regulator, so please contact us in the first instance.