Privacy Policy

Introduction

This privacy policy intends to offer data subjects the highest possible protection of their data and comprises internationally accepted data privacy principles while incorporating national data protection laws.

IoT.nxt (Pty) Ltd., a private company registered in accordance with the laws of the Republic of South Africa with registration number 2015/305236/07, as a responsible party and a processor (and/or controller), is committed to protecting the right to privacy as set out in the national laws, and we are committed to adhering to the standards required for the processing of personal information. Please take note that this privacy policy forms part of the terms and conditions of use of IoT.nxt’s website and services.

  • The Client controls how and why we process data, as such Clients voluntarily accept or reject the way in which we process personal data.
  • We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
  • We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

The right to an individual’s privacy is a fundamental right and is encapsulated in various legislature including the Protection of Personal Information Act, 4 of 2013 (“POPIA”) in South Africa.

Where any Client or data subjects within such Client-organisations are natural persons, and should we collect their personal data, we intend to process it, albeit as a controller or processer of personal data, in accordance with the principles of POPIA and the General Data Protection Regulations (“GDPR”). These regulations will apply to us if we process your personal information in South Africa or abroad, if at all.

This policy intends to explain how we process your personal information and is applicable to personal information of all data subjects, being both natural and, where applicable, juristic persons. By using IoT.nxt services, you agree that you have read and agreed to be bound by these terms and conditions voluntarily by accepting these terms and conditions. It is however recorded that the GDPR applies to natural persons’ data only, and its applicability herein does not apply to the data of juristic persons. This does not however mean that less caution will be taken when dealing with data of juristic persons, as we strive to treat any information that is not ours with the utmost confidentiality and protection.

Principles

Our data protection measures are based on international best practices when processing or controlling your personal data. We adhere to the principles encasing accountability, processing limitations, purpose specification, information quality, security and data subject participation, fairness and lawfulness, transparency and minimalism.

Collecting of Information, Cookies, and Links

We collect information from you in the following ways:

  • Through your communications with us;
  • Through you sharing information that you provide on IoT.nxt webplatform sites or through one of our applications;
  • Through third parties related to our business operations.

As a result of you dealing with us, as client or customer, we may collect and store some personal information from such as:

  • your name;
  • address, previous addresses and how long you have lived at those addresses;
  • date of birth;
  • your employer, previous employers and how long you have been in such employment;
  • your email address;
  • your telephone numbers; and
  • the details of any references you supply, including the names and addresses of your referees

We don’t share any personally identifying information publicly or with thirdparties, except when required to by law.

Cookies may enable us to improve our service to you, estimate our audience size and usage patterns, store information about your preferences and recognise when you return to our website. Cookies can be defined as text files in your browser that we use to determine your preferences. When you access our website, information is automatically received and stored on our server logs, which information may include your location, IP address, cookie information and the relevant pages you have requested. We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. You can adjust your browser settings to refuse the use of cookies. Some examples of the data collected using automated links include time spent on our website, the objects that were clicked on details of the website where you were referred from.

Our website(s) may include links that may direct you to other websites over which we do not have control. Although these links are intended to make Page 4 of 9 Data Protection and Privacy Policy browsing easier for you, these links are opened at your own discretion and we cannot be held liable or responsible for the use of any personal information by the owner of the website that you are directed to, and it is advised that you read their website terms and conditions before proceeding. In addition, we make no guarantees or representations regarding any third-party website and their privacy policies and procedures.

How and why we process your personal information

We will only process information that you provide us with for the specific purposes for which it was disclosed to us and in as far as it is required, and in a reasonable manner that does not infringe your fundamental right to privacy.

The principle of minimalism will apply to the processing of your personal information in that such processing will not be excessive, irrelevant or inadequate.

If we have reasonable grounds to believe that your rights may be limited, we may need to disclose or use your personal information or use of our website or services to protect our business and/or the property, safety or other rights of our employees, partners, clients, suppliers or other users or to prevent fraudulent or unlawful use of this website.

Should you object to the processing of your personal information, we will immediately cease the processing associated with it.

In the event that we need to transfer your information across our borders, same will only be done as far as is necessary to meet our obligations to you and where you provide your consent. These cross-border flows of data shall only be received by parties who employ similar corporate rules and agreements and which flow from and are subject to similar legislation as that of national legislation.

When we process (or control) your personal data and it is required to be transferred to a company other than a group company, please be reminded that this transfer is to be consented to as part of your voluntary acceptance of this privacy policy. Should you wish to not accept the provisions relating to cross-border transfers, please get in touch with us so that we may accommodate you as far as possible and as best we can. Any transfers will only take place for the purpose for which the transfer is defined.

It may happen that we merge, sell, purchase or restructure our business and may need to disclose personal information to the other party/ies to the transaction. Should this take place in the future, we will always seek that the information be treated as strictly confidential and that the relevant party is bound by this confidentiality and that such party employs similar standards of protection

Depending on the type of discloser of the personal information, we may collect the following types of information when, for example, you fill out a request for us to contact you regarding our service offerings, or if we are already rendering services to you or your organisation:

  • Full name of individual and/or organisation;
  • Identity number or organisation registration number;
  • Cell phone number and/or email address;
  • Data of objects and machine information extracted using our Raptor™ technology.

Depending on the reason that the information was disclosed and the nature of the discloser of the information, we may use it for the following reasons:

  • Performing our duties or responding to your requests;
  • Monitoring and analysing our business, including performing statistical analysis and marketing research;
  • Performing administrative tasks, audits and complying with legislation;
  • Contacting you or requesting information from you;
  • Any other reason that you give us permission for;
  • If it is in the public interest or required by a competent authority;
  • To assist your business in implementing a digital strategy;
  • To translate vast data that is relevant into readable format and to transfer this to a usable platform;
  • To send data to and from the cloud and/or the edge of a data system to the devices that our technology applies to.

The information assists us in developing our business and entering into business transactions which involve the provision of hardware and software related components and services in the Internet of Things sphere. We may share this information with third parties if it is necessary for us to deliver on our product offerings. We are required to maintain records of our processing activities and processing operations, which may be made available to you on sufficient notice.

Any information provided to us will only be kept for the duration for which it is required and to give effect to the purpose for which it was disclosed. If we are required by law or otherwise to keep your personal information for longer than required, we will ensure that it is de-identified. We will also not sell or share your information without your prior written consent. We will destroy or delete a record of your personal data should the personal data no longer be required, and such deletion or destruction shall be done in a manner that, as far as is practicably possible, prevents its reconstruction. Should we wish to retain your personal data, we will obtain your consent and ensure that appropriate safeguards are in place to protect same, and that it will only be used for historical, statistical or research purposes.

Any special personal information will not be processed unless your express prior consent has been obtained. Should the purpose for which we have processed your personal information have been realised, then we are bound to erase your personal information unless one of the grounds in Section 71 of POPIA is applicable.

Should personal data be collected, processed and used on the website or on an application that belongs to us, all efforts will be taken to inform the user of this privacy policy. The privacy policy will be easy to access and easy to identify and will, unless one of the factors in the website terms of use is applicable (for example, website maintenance), be constantly available. Should the website or application allow for the accessing of personal information, such identification and authorization process will be sufficiently protected.

Children

We do not intend to directly or indirectly market to children, and this website, our applications and general business offering has not been designed for use by or intended for children. Minors therefore require the consent of competent person, and persons under the age of 18 years in South Africa require the consent of their parent or trustee.

Security and Breach

We respect your personal information and the confidential nature thereof, and we are committed to complying with the relevant laws that govern our interactions with users, clients, partners and the like.

Your personal data deserves protection from unauthorised access, accidental loss, modification, destruction and unlawful disclosure, regardless of whether your data is processed in paper form or electronically. For this reason, we implement appropriate, high quality and sophisticated security server technology which at a minimum complies with industry good practice, so that the integrity of your personal information may be protected.

Our employees and operators and anyone who processes your personal information are bound by terms of confidentiality and have been obligated to respect and uphold your privacy. Some of these measures include using firewalls, passwords and restricted access, physical recognition methods and the information is used internally by persons on a strict need-to-know basis. We do however urge you to assist us in our endeavour to keep your personal information safe and kindly request that you take reasonable measures to protect your personal information, as the nature of the internet and the technology industry lends itself to attempted unauthorized breaches of security protocols.

We will report any security breaches to the data regulator and / or inspectorate and to the affected data subject. This notification will be made as soon as is practicably possible after the scope and nature of the breach have been determined, considering any measures to restore the security of the information. We undertake to provide you with adequate information regarding any such breach and will comply with directions given by the inspectorate or registrar.

We will notify the Information Regulator within 72 hours of a breach and, if there is a high risk to the rights and freedoms of other persons, we will notify you. If any form of breach by an IoT.nxt group company is committed, IoT.nxt undertakes to assist you in establishing the facts of the matter and in asserting your rights against the group company concerned. The technical and organisational security measures for protecting personal data are updated continuously and according to industry best practice.

Data protect / Information Officer

A data protection officer has been appointed to assist with privacy-related matters. The IoT.nxt DPO can be reached at [email protected].

Access to your information

A data protection officer has been appointed to assist with privacy-related matters. The IoT.nxt DPO can be reached at [email protected].

You are entitled to request the details of the information we have about you, as per the Promotion of Access to Information Act, 2 of 2000; or local equivalent.

We may also provide you with a copy thereof that is in an acceptable format and sufficiently clear, subject to the payment of a prescribed fee and within a reasonable time frame after you have furnished satisfactory proof as to your identity.

We also undertake to comply with requests to update and alter your personal information and to take reasonable steps to ensure that the personal information is complete, accurate and up to date. You have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance.

Different versions

We reserve the right to amend this privacy policy at any time without any notice.

Such amendments may, for example, be as a result of us improving our security measures, adding new products or changing technology. We therefore request that you visit the website regularly so that you are aware of the latest version of this privacy policy.

We cannot be held responsible for a user’s reliance on an outdated version of our privacy policy. These changes will then be posted on our website so that you are always in a position to determine what information we collect and how we use it ( www.iotnxt.com ).

International users

IoT.nxt’s website and platforms are hosted in a Microsoft Azure and AWS datacentres in Europe, and any international users consent, by virtue of their acceptance and continued use of this website, to their data being transferred the said data centre for processing and use in accordance with this privacy policy. The data will be transferred only if directed by you or if otherwise legitimately required to do so.

Your rights

Notwithstanding any other rights you may have in law, you have the following rights that we intend to uphold and protect at all times in relation to the protection of your data:

  • You may request how your information was collected, how it is stored and for what purpose;
  • You are entitled to know who your data is being transferred to and for what purpose;
  • You may at any time request that your data is updated and supplemented so that it is correct and complete at all times;
  • Should a legal basis for the processing or controlling for your data cease to exist, you may request that your data is deleted permanently, subject to legal retention periods that may be applicable; and

You may at any time object to your data being processed. If you have any questions with regard to this privacy policy, or would like to know more about our management and use of information, you can contact us at


United States:

EMAIL: [email protected]

PHONE: (322) 214-4512

ADDRESS:

7700 Windrose Ave, Plano, Texas, 75024


South Africa:

EMAIL: [email protected]

PHONE: +27(12) 880-0114

ADDRESS:

Bylsbridge Office Park, Building 14, Alexandra Rd, Centurion, Pretoria


Netherlands:

EMAIL: [email protected]

PHONE: (481) 821-4566

ADDRESS:

Zuid Hollandlaan 7 The Hague, 2596AL


We will endeavour to respond to any queries or requests as soon as practically possible.