Our privacy and cookies policy gets updated from time to time. Whenever we make a change, we’ll post it on our Website and let you know if there is a material change.

This privacy policy explains how we collect, use, share and protect your personal information when you use our products and services and our Website.

It is important to note that when you engage with us, you acknowledge that we require your personal information, as defined in the Protection of Personal Information Act (“PoPIA”) and other related regulations and need to process such personal information to provide products or services to you for purposes including to confirm, update and enhance our records, to confirm your identity and additional purposes as detailed below and in other supplementary privacy policies and statements linked to specific services that you subscribe to.

The provision of your personal information in terms of this policy is mandatory, and you will not be able to continue using our products and services should you object to providing us with such information.

We are IoT.nxt (Pty) Ltd (hereinafter referred to as “IoT.nxt”)

Our registered office is Irene Link, Building C, Third Floor, 5 Impala Avenue, Doringkloof, Centurion, 0157.IoT.nxt. We are registered in the Republic of South Africa under company number 2015/305236/07.

In this privacy policy:

“we/us” means IoT.nxt (Pty) Ltd,

“third party” means someone who is not you or us

“IoT.nxt Group” means IoT.nxt Group Limited and any company or organisation in which IoT.nxt Group Limited owns more than 30% of the share capital.

“Vodafone Group” means Vodafone Group Plc and any company or other organisation in which Vodafone Group Plc owns more than 15% of the share capital.

“Personal information” refers to personal information about you as defined in PoPIA and includes, without limitation, location information, usage information, race, gender, nationality, marital status, age, physical or mental health, disability, language, education, identity number, telephone number, email, postal address, biometric information, and financial, criminal or employment history.

“Process (or processing)” means any operation or activity, whether automated or not, concerning personal information, including collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, degradation, erasure or destruction of information.

Your opinion matters to us – if you have any questions about our privacy and cookie policy or your privacy settings, please submit your query to [email protected], and a dedicated team member will respond to you.

The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, how you have interacted with IoT.nxt even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us.

IoT.nxt will process your personal information based on:

• The performance of your contract or entering into the contract and taking action on your requests. For example, so you can make calls and texts and browse the internet on your phone, we process things like the numbers you dial, how much data you’re using and when you’re doing it so we can provide connectivity. This also enables us to generate your bill based on your usage. We also need to conduct credit checks when you apply for a product or service.
• IoT.nxt’s legitimate business interests include fraud prevention, tax evasion, and financial crime prevention, as well as maintaining the security of our network and services and improving our services. Whenever we rely on this lawful basis to process your personal information, we assess our business interests to make sure they do not override your rights. Additionally, in some cases, you have the right to object to this processing. For more information, visit the ‘Your rights’ section of this privacy policy.
• Protecting your legitimate interests – for example, providing notifications regarding network availability and performance in your area, notification of emergency services, and fraud prevention. For more information, visit the ‘Your rights’ section of this policy.
• Compliance with a mandatory legal obligation, including, for example, accounting and tax requirements, which are subject to strict internal policies and procedures, and your right to restrict usage of your personal information, which controls the scope of legal assistance to be provided. We are also required to process your personal information pursuant to legislation, including but not limited to the
• Financial Intelligence Centre Act, 38 of 2001 (FICA), the Regulation of Interception of Communications and Provisions of Communication-related Information Act 70 of 2002 (RICA), the Electronic Communications and Transactions Act, 2002 (ECTA), the Electronic Communications Act, 2005 (ECA), the Consumer Protection Act, 2008 (CPA), the Promotion of Access to Information Act, 2000 (PAIA), and the Cybercrimes Act, 2020.
• Consent you provide where IoT.nxt does not rely on another legal basis (referred to above). Consent may be withdrawn at any time. When you give your consent, you will be given details on how to change your mind. You can also visit the ‘Your rights’ section of this privacy policy for more information.

We will collect your personal information when you, for example:

• Buy or use any of our products and services;
• Use our network or other IoT.nxt products and services;
• Register for a specific product or service;
• Subscribe to newsletters, alerts or other services from us;
• Contact us through various channels or ask for information about a product or service;
• Visit or browse our Website or other Vodacom Group websites;
• Have given permission to other companies to share information about you;
• Where your information is publicly available;
• Are the customer of a business that we acquire;
• Visit our business premises.

We are required to take all reasonably practicable steps to ensure your personal information is complete, accurate, not misleading and updated on a regular basis. To ensure this, we will always endeavour to obtain personal information from you directly. Where we are unable to do so, we will make use of verifiable independent third-party data sources who have the necessary authority to provide us with such information. We also collect information from certain organisations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories, credit check reference/vetting agencies, billing calculating agencies and connected network providers.

We may also collect information about you on CCTV when you visit our premises or on other security cameras as part of our security and crime prevention measures.

We use cookies (small text files stored in your browser) and other techniques, such as web beacons (small, clear picture files used to follow your movements on our Website). This, in turn, helps us make our Website relevant to your interests and needs. They also help us find information once you have logged in or help us link your browsing information to you and your personal information, for example, when you choose to register for a service.

Cookies cannot be used to discover your identity by themselves. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. If you choose not to accept cookies from our Website, its functionalities or performance may be limited. For more details on how we use cookies and your rights regarding them, please refer to the “Our Cookies policy” section, which can be accessed here.

The types of information we may process are, where applicable:

• Your name, address, phone and/or mobile number, your date of birth, gender, information about your property or household, and email address. Where you have provided us with the personal information of a third-party (for example your spouse or family member), you guarantee that such third- party has given you consent to provide us with their personal information. Where you provide us with the personal information of a person under the age of 18 years (a minor), you confirm that you have the necessary legal authority or is legally competent to provide their personal information to us.
• Your correspondence with us, such as an email or letter sent, or other records of any contact with us.
• Your account information, such as dates of payment owed or received, subscriptions you use, account numbers or other information related to your account.
• Credential information – we’ll collect passwords, hints and similar security information used for authentication and access to accounts and services.
• Your preferences for particular products and services when you tell us what they are, or we assume what they are, based on how you use the products and services.
• See the ‘Cookies’ section for details on what we collect using cookies, web beacons and other technologies.
• Your data sessions – We keep a history of the sites you visit in line with our retention policy. This is to enable connections to be made and for billing purposes, fraud investigations, network and store planning, campaign planning, marketing specific products such as URL bundles, and personalisation of services.
• Photographs and images when attending any of our events or functions or accessing premises with surveillance cameras.
• Information we obtain from other sources, such as credit agencies, fraud-prevention agencies, and other data providers. This includes demographic data and interest-based data.

We’ll also get information about how you use our products and services, such as:

• The level of service that you receive – for example, network or service faults and other events that may affect our network services or other services.

We will use, process and analyse your personal information for the following purposes:

Processing your order and providing you with your products and services

• To process the products and services you’ve bought from us, install equipment at your property or deliver equipment to you, and keep you updated with the progress of your order.
• To provide you with the relevant product or service. This includes other services not included in your agreement with us (PayPal, for example), services that use information about where you are, and to contact you with messages about changes to the products or services.

Billing and customer care

• To bill you for using our products and services or to take the appropriate amount of credit from you.
• Contact you if the billing information you provided us is about to expire or we cannot take payment.
• To respond to any questions or concerns you may have about our network, products or services.

Service messages

We will contact you with customer service messages to keep you updated with current information about the products and services you’ve taken. For example, changes to our terms and conditions or service interruptions.

Improving and innovating our products and services

• We collect anonymous, de-identified or aggregate information in order to improve the service we offer to everyone. None of these analytics can identify you individually or link back to you in any way.
• We conduct surveys to understand various aspects of our interaction with you, the use of our services and products and the network.

Managing our networks and understanding network usage

• To protect our networks and understand how you use our networks, products and services. That way, we can seek to review and improve these, develop more interesting and relevant products and services, and personalise our products and services.

Where applicable, we share information about you with:

• Companies in the IoT.nxt and Vodafone Group, located across the globe, including but not limited to the European Economic Area (EEA), Egypt, India and the US, for reporting purposes and where they are involved in providing products and services that you have signed up for;
• Partners, suppliers, or agents involved in delivering the products and services you’ve ordered or used;
• Companies who are engaged to perform services for, or on behalf of, IoT.nxt Group Limited, Vodafone Limited, or Vodafone Group which companies may be located outside of the borders of South Africa;
• Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law;
• A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement.

Fraud management and law enforcement

• We will release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or protecting the interests of our customers.
• We also may need to release your information to comply with our legal obligation to respond to the authorities’ lawful demands. Your personal information shall only be provided when we, in good faith, believe we are obliged to do so in accordance with the law and pursuant to an exhaustive evaluation of all legal requirements.

Mergers and acquisitions

If we become involved in a proposed or actual merger, acquisition, or any form of sale of assets, we may use and disclose your personal information to third parties in connection with the evaluation of the transaction. Any acquiring company would have access to your personal information.

Where you’ve purchased IoT.nxt products and services using a third party or partner organisation, we often need to exchange information with them as part of managing that relationship and your account – for example, to be able to identify your order and be able to pay them.

Suppose we have a contract with a service provider or contractor to provide us with services or provide a service on our behalf, and they may have access to your personal information. In that case, we don’t authorise them to use or disclose your personal information except in connection with providing their services. We ensure that all our service providers and contractors align with our policies and requirements.

We collect and combine information in order to monitor your use of products and services, as well as that of our other customers, and to help us improve the quality of our products and services.

We may also need to transfer your information to other Vodafone or Vodacom group companies or service providers in countries outside South Africa, in which case we will fully comply with applicable data protection legislation. This may happen if our servers or suppliers and service providers are based outside South Africa or if our services are hosted in systems or servers in Vodacom or Vodafone Operating Companies outside South Africa, including the United Kingdom, European Economic Area (EEA) or India and/or if you use our services and products while visiting countries outside South Africa. Countries in the United Kingdom and EEA are considered to have adequate data protection laws similar to those of South Africa; however, we will make sure that your information is protected and enter into appropriate agreements to achieve this.

If you are visiting this Website from a country other than South Africa, the various communications will necessarily result in the transfer of information across international boundaries.

Where we transfer your personal information outside of the borders of South Africa, we will ensure that the third-party recipient is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection for your personal information that is substantially similar to the data protection laws applicable to South Africa.

We may not retain your personal information any longer than is necessary for achieving the purpose for which your personal information was collected or subsequently processed unless:

• The retention of your personal information is required or authorised by law;
• We reasonably require your personal information for lawful purpose related to our function or activities;
• The retention of your personal information is required by a contract that we enter into with you.

Keeping your personal information secure

We have specialised security teams who constantly review, improve and ensure the implementation of appropriate, reasonable technical and organisational measures to protect your personal information from unauthorised access, accidental loss, disclosure, or destruction. We are required in terms of PoPIA to notify you and the Information Regulator if any of your personal information has been compromised. Communications over the internet (such as emails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered, as this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

We’ll never ask for your secure personal or account information through unsolicited means of communication. You’re responsible for keeping your personal and account information secure and not sharing it with others.

Unauthorised third-party access to your information

Despite the security measures we have in place to protect your personal information (firewalls, password access and encryption methods) you acknowledge that it may be accessed by an unauthorised third party, e.g. as a result of an illegal activity. In the unlikely event of such access, we will notify you, where possible, via email, SMS or using the address you have provided us with, within a reasonable time of us becoming aware of such occurrence.

Below, we set out details on how you can exercise your rights. If you have a question or cannot find the answer, please contact our Information Officer / Deputy Information Officer at [email protected].

Right to access personal information

You have the right to request a record or description of the personal information that IoT.nxt holds about you. This includes the right to request IoT.nxt to confirm, free of charge, whether or not we hold any personal information about you, as well as information about the categories of third parties who have, or have had, access to your personal information. To make this request as an individual or an authorised third party, please contact our Information Officer / Deputy Information Officer at [email protected].

Right to correct personal information.

You have the right to correct information held about you if it’s not accurate, out-of-date, excessive, irrelevant, or misleading. If the information we hold about you is inaccurate or needs to be updated, please contact our Information Officer / Deputy Information Officer at [email protected].

Right to object to the use of personal information.

You have the right, in certain circumstances, to object to IoT.nxt processing your personal information. In order for IoT.nxt to provide you with products and services, IoT.nxt is required to process your personal information, and as such, the provision of your personal information is mandatory, and you may not object to same in order to continue using our products or services. For more information or to exercise this right, please contact our Information Officer / Deputy Information Officer at [email protected].

How to lodge a complaint

If you want to contact us about any of your rights or should you believe that IoT.nxt has used your personal information contrary to applicable law, you undertake to first attempt to resolve any concerns with IoT.nxt directly. Kindly contact our Information Officer / Deputy Information Officer at [email protected]. If you are not satisfied with such a process, you have the right to lodge a complaint with the Information Regulator at:

The Information Regulator (South Africa)
JD House
27 Stiemens Street
Braamfontein
Johannesburg
2001
Complaints emails:

• PAIA Complaints – [email protected] 
• POPIA Complaints – [email protected] 

Right to restrict the use of your personal information

If you feel that the personal information we hold on you is inaccurate, or you believe we shouldn’t be processing your personal information, please contact our Information Officer / Deputy Information Officer at [email protected] to discuss your rights. In certain circumstances, for example, where you contest the accuracy of your information, or where IoT.nxt no longer requires your information for achieving its purpose but must maintain it for purposes of proof, you have the right to ask us to restrict processing.

Right to deletion

IoT.nxt strives to only process and retain your personal information for as long as we need to. In certain circumstances, for example, where you indicate that your personal information is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully, you have the right to request that we erase your personal information that we hold. If you feel that we are retaining your personal information longer than we need, it is worth first checking that your contract with IoT.nxt has been terminated. If your contract with IoT.nxt has been terminated, we may still have lawful grounds to process your personal information.

We are continually improving our methods of communication and adding new functionality and features to this Website and to our existing products and services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data protection practices will change from time to time.  If and when our data protection practices change, we will update this privacy policy to describe our new practices.  If we do, we will notify you the next time you visit this site or interact with us through any of our other communication channels. We encourage you to check this page regularly.