Privacy Policy

THE DATAPROPHET PROPRIETARY LIMITED PRIVACY POLICY

THIS DATAPROPHET PROPRIETARY LIMITED PRIVACY POLICY APPLIES TO HOW WE COLLECT, USE AND PROCESS YOUR INFORMATION. PLEASE READ THIS PRIVACY POLICY CAREFULLY.

Introduction and scope
1. DataProphet Proprietary Limited and its subsidiaries (“DataProphet” or “we” or “us” or “our“) provides specialist machine learning services and operates internationally, with our head offices located in Cape Town. DataProphet is made up of different entities, details of which can be found upon request to info@dataprophet.com. This Privacy Policy is issued on behalf of the DataProphet Group so when we mention “DataProphet” or “we” or “us” or “our” in this Privacy Policy, we are referring to the relevant company in the DataProphet Group responsible for Processing your Personal Information.
2. DataProphet strives to ensure that our use of Personal Information of data subjects is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings and your experience.
3. This DataProphet Privacy Policy (this “Privacy Policy“) sets out what we will do with any Personal Information (defined in paragraph 2.1 below) we collect from or about you, or that you provide to us, when you use our services or engage with us (via direct, automated or other means), including our website (which we also refer to in this Privacy Policy as the “Website“). Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Information and how we will treat it.
4. It is important that you read this Privacy Policy together with our website terms and conditions and any other document or agreements which describes the way we may provide in specific circumstances when we are collecting or processing Personal Information about you. This will enable you to properly understand the way DataProphet will process your Personal Information. This Privacy Policy supplements such other documents and agreements, and this Privacy Policy is not intended to override them.
The Personal Information that we collect about you
1. DataProphet may collect, get, receive, record, organise, collate, store, update, change, retrieve, read, process, analyse, use and share your Personal Information in the ways set out in this Privacy Policy. When we do one or more of these actions with your Personal Information, we are “Processing” your Personal Information.
2. “Personal Information” refers to private information about an identifiable person. Personal Information does not include information that does not identify a person (including in instances where that information has been anonymised). The Personal Information that we collect about you may differ based on the services that you receive from DataProphet.
3. We may Process distinct kinds of Personal Information about you which we have grouped together as follows:
  1. Identity Information, which includes information concerning your name, username or similar identifier;
  2. Contact Information, which includes billing addresses, delivery addresses, email addresses and telephone numbers, as well as company secretarial information that has been disclosed in relation to you;
  3. Technical Information, which includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
  4. Usage Information, which includes information about how you use our Website, products and services;
  5. Marketing and Communications Information, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
4. DataProphet may also process, collect, store and/or use aggregated data, which may include historical or statistical data (“Aggregated Data“) for any purpose. Aggregated Data could be derived from your Personal Information but is not considered Personal Information as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.
How we collect your Personal Information
1. We collect your Personal Information in three ways, namely:
  1. through direct or active interactions with you;
  2. through automated or passive interactions with you; and
  3. from our affiliates and third parties, including service providers.
2. Direct or active collection from you
  1. We may require you to submit certain information in order for you to access certain portions of the Website, to receive our services or to conclude an agreement with us, to conduct our business or manage our relationship with you, or when we fulfil our statutory obligations. We also collect information directly from you when you communicate directly with us, for example via e-mail, telephone calls, feedback forms, site comments and forums.
  2. If you contact us, we may keep a record of that correspondence and any information provided by you (including for prospective employment with us).
  3. The information we may actively collect from you may include any of the information listed in paragraph 2 of this Privacy Policy.:
3. Passive collection from your Access Device
  1. We passively collect some of your Personal Information from devices that you use to access and navigate through the Website (each an “Access Device“) by using various technological means, for instance, using server logs to collect and maintain log information.
  2. The information which we may passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Usage Information and your Marketing and Communications Information, and any other information which you permit us, from time to time, to passively collect from your Access Device.
4. Information collected from third parties
  1. DataProphet receives Personal Information about you from our affiliates, business partners and third-party service providers, purely to supplement information which you have already agreed to give us.
How we use your Personal Information
1. We use the information we collect to provide, maintain, and improve the Website, to provide current, and develop new services, and to protect us, our services and our users, and to conduct our business, manage our relationship with you, and comply with the applicable laws. We constantly strive to improve our users’ experience, and so we also use the information we collect in order to offer you information and content which is more appropriately tailored for you as far as reasonably possible.
2. We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal obligation.
  4. Where required to conduct our business or manage our relationship with you.
3. We have set out below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
4. Note that we may process your Personal Information for more than one lawful ground depending on the specific purpose for which we are using your Personal Information. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Information where more than one ground has been set out in the table below.

Purpose/Activity	Type of information	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	(a) Identity(b) Contact	Performance of a contract with you
To manage our relationship with you which will include:(a) Notifying you about changes to our terms or Privacy Policy;(b) Facilitation ongoing engagement, and to conduct our business and any legitimate interest or purpose in connection therewith	(a) Identity(b) Contact(d) Marketing and Communications	(a) Performance of a contract with you(b) Necessary to comply with a legal obligation(c) Necessary for our legitimate interests (to: (i) keep our records updated, facilitate engagement, and to study how customers use our products/services; (ii) managing, maintaining and giving effect to any employment related matters, practices or issues (whether in respect of any past, present or prospective employees) – including any CV processing, interviews, background or other checks, aptitude tests, record keeping or verification, or otherwise; and (iii) to manage our relationship and facilitate engagement with us, including any future engagement or analytics associated with your interaction with us.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity(b) Contact(c) Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity(b) Contact(d) Usage(e) Marketing and Communications(f) Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	(a) Technical(b) Usage	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	(a) Identity(b) Contact(c) Technical(d) Usage(f) Marketing and Communications	Necessary for our legitimate interests (to develop our products/services and grow our business)

DataProphet will restrict its Processing of your Personal Information to the original purposes for which we collected it, unless DataProphet reasonably considers that it is required to be Processed for another purpose and that purpose is compatible with the original purpose. If you would like us to explain how the further Processing for the new purpose is compatible with the original purpose, please contact us.
DataProphet may, where permitted or required by applicable laws, Process your Personal Information without your knowledge or consent, in accordance with the further provisions of this Privacy Policy.
Compulsory information and consequences of not sharing with us

Where DataProphet is required to process certain Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that Personal Information when requested, DataProphet may not be able to perform the contract we have or are trying to enter into with you. In this case, DataProphet may be required to terminate its relationship with you, but we will notify you if this is the case at the time. The terms of any applicable laws and/ or the contract between you and DataProphet, will govern the termination of the agreement.

Sharing of your Personal Information
1. We will not intentionally disclose, for commercial gain or otherwise, your Personal Information other than as set out in this Privacy Policy or with your permission.
2. DataProphet may share your Personal Information under the following circumstances:
  1. to our agents, advisers, service providers and suppliers which have agreed to be bound by this Privacy Policy or terms which offer the same level as protection as this Privacy Policy;
  2. to our employees, suppliers, service providers and agents if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as hosting, development and administration, technical support and other support services relating to the Website or the operation of DataProphet business. We will authorise any information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
  3. in order to enforce or apply any other contract between you and us, to conduct our business or to manage our relationship with you;
  4. in order to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;
  5. in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
  6. to governmental agencies and other regulatory or self-regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:
    1. comply with the law or with any legal process;
    2. protect and defend the rights, property or safety of DataProphet, or our customers, employees, contractors, suppliers, service providers, agents or any third party;
    3. detect, prevent or deal with actual or alleged fraud, security or technical issues or the abuse, misuse or unauthorised use of the Website and/or contravention of this Privacy Policy.
Storage and transfer of your Personal Information
1. We store your Personal Information on our servers or those of our service providers.
2. We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa, and such jurisdiction may not have comparable data protection legislation.
3. If the location that Personal Information is transferred to or stored does not have substantially similar laws which provide for the protection of Personal Information, we will take reasonably practicable steps, including, among other things, by imposing the necessary contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
4. Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information outside of South Africa or the jurisdiction in which we collected the Personal Information.
Security
1. We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.
2. From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.
3. Even by taking the above measures when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.
4. DataProphet has implemented procedures to address any suspected data breaches and will notify you and any applicable regulator of a breach where DataProphet is legally required to do so within the period in which DataProphet is required to issue such a notification.
Retention of your Personal Information
1. We may keep and Process some or all of your Personal Information if and for as long as:
  1. we are required or permitted by law or a contract with you (or this Policy) to keep it;
  2. we reasonably need it for lawful purposes related to our functions and activities;
  3. we reasonably need it for evidentiary purposes; or
  4. you agree to us keeping it for a specified further period.
2. To determine the appropriate retention period for Personal Information, DataProphet will consider, among other things, the quantity, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means. DataProphet will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.
Keeping your Personal Information updated and correct
1. Where required by law, we take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading, and up to date.
2. You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 18 below.
You give up some of your rights
1. You agree that where the law requires us to make you aware of something (to inform or notify you) or to do something else, we do not have to do this. This only applies as far as the law allows this.
2. For example, sometimes the law says that we have a duty to make you aware of some information or other matters, unless you agree that we do not need to do these things (this is called a waiver of rights). Because you agree to this, we will not have this duty anymore and will not need to make you aware of the information or other matters.
Your rights
1. Please note that, under certain circumstances, you may have rights under data protection laws in relation to your Personal Information. You may have the right to:
  1. Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information that DataProphet has about you.
  2. Request correction of the Personal Information that we hold about you. This enables you to ensure that any incomplete or inaccurate data that DataProphet holds about is corrected.
  3. Request erasure of your Personal Information. This enables you to request that DataProphet delete or remove Personal Information where there is no lawful basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (described below), where we may have processed your information unlawfully or where we are required to erase or anonymise your Personal Information to comply with applicable law. DataProphet may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where DataProphet is processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedom.
  5. Request restriction of processing of your Personal Information. This enables you to ask DataProphet to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.
  6. Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, a copy of your Personal Information in our possession in a structured, commonly used, machine-readable format. Note that this right only applies in certain jurisdictions and is limited to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
  7. Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please note that we may continue to Process your Personal Information in certain instances where we are not relying on your consent.
Changes to this Privacy Policy
1. We may, at any time, change this Privacy Policy and will take reasonably practical steps to inform you of the changes. Without limiting the ways we may inform you, we may inform you either by sending you an e-mail (if you give us your e-mail address when you register to use the Website), but utilising a “pop-up” notification on our Website, or by notifying you when you access our Website.
Direct marketing
1. When you register to use the Website, you agree to receive marketing communications from us.
2. You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communications from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
3. You may opt out of receiving direct marketing communications from us at any time by requesting us (in the manner set out in the communication or by contacting us at the contact details set out in clause 18) to desist from initiating any direct marketing to you.
4. If you have opted out, we may send you written (which may include electronic writing) confirmation of receipt of your opt out request, and not send you any further direct marketing communications. Please note that you may continue to receive communications from us that are not marketing related.
Third party sites
1. This Privacy Policy does not apply to other parties’ websites, applications, products or services, such as websites linked to, from or advertised on the Website, or sites which link to or advertise the Website. We are not responsible for the privacy practices of such third party websites.
2. We advise you to read the privacy policy of each third party website and determine if you agree to the privacy practices and policies of such third party websites. This is important, as these third party websites may collect or share information about you.
Consumer Protection Act and Protection of Personal Information Act
1. If any part of this Privacy Policy is regulated by or subject to the Consumer Protection Act, No 68 of 2008 (“CPA“) or the Protection of Personal Information Act, No. 4 of 2013 (“POPIA“), it is not intended that any part of this Privacy Policy contravenes any provision of the CPA or POPIA. Therefore all provisions of this Privacy Policy must be treated as being qualified, to the extent necessary, to ensure that the provisions of the CPA and POPIA are complied with.
2. No provision of this Privacy Policy (or any contract governed by this Privacy Policy):
  1. does or purports to limit or exempt us or any person or entity from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
  2. requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
  3. limits or excludes any warranties or obligations which are implied into this Privacy Policy (or any contract governed by this Privacy Policy) by the CPA or POPIA (to the extent they are applicable) or which we give under the CPA or POPIA (to the extent they are applicable), to the extent that the law does not allow them to be limited or excluded.
3. No provision of this Privacy Policy:
  1. does or purports to limit or exempt us from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
  2. requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
  3. limits or excludes any warranties or obligations which are implied into this Privacy Policy by the CPA (to the extent applicable), POPIA (to the extent applicable), or other applicable laws or which we give under the CPA (to the extent applicable), POPIA (to the extent applicable), or other applicable laws, to the extent that the law does not allow them to be limited or excluded.
Governing law
1. To the maximum extent possible, South African law applies to this Privacy Policy.
2. If any provision of this Privacy Policy is judged to be illegal, void or unenforceable due to applicable law or by order of a court of a competent jurisdiction it shall be deemed deleted and the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
Queries and Contact details
1. If you have questions about our Privacy Policy or wish to contact us, please contact us at info@dataprophet.com.
2. You have the right to make a complaint at any time to the Office of the Information Regulator in South Africa (http://www.justice.gov.za/inforeg/). You may also have the right to contact the appropriate regulator in your country if you are based outside of the Republic of South Africa. We would, however, appreciate the chance to deal with your concerns before you approach a regulator, so please contact us in the first instance.