Xactco Privacy Notice
By providing us with your personal information, you agree to the terms of this Privacy Notice and authorize us to process such information as set out herein.
This Privacy Notice applies to all external parties with whom we interact, including but not limited to: individual clients, business partners, visitors to our offices, and other users of our services (‘you’).
Xactco respects the privacy of your personal information and has implemented reasonable measures to ensure that processing of your personal information is aligned to the requirements of the Protection of Personal Information Act 4 of 2013 (‘POPIA’).
In this document, we explain how and when we process personal information. If you have questions arising from the processing of information that are not specifically listed herein, you may contact us at info@xactco.com for assistance.
Xactco may review and update this Privacy Notice from time to time.
Highlighted terms used in this Notice are explained in Annexure A.
1. THE INFORMATION WE COLLECT AND RECORD
1.1. As a matter of course, to manage a transaction in which we act or have received instruction or are involved with in any way, we request, receive, store, and record personal information of data subjects.
1.2. We collect and record only the minimum personal information that is required for us to attend to your enquiry.
1.3. If you approach us via our website or you are a subscriber to any of our publications, we will collect and retain your email address and additional details you provided when submitting the enquiry to us.
1.4. We may collect or obtain your personal information:
1.4.1. directly from you;
1.4.2. in the course of our business relationship with you;
1.4.3. in the course of providing software and related services to you;
1.4.4. when you make your personal information public;
1.4.5. when you visit and/or interact with our website or our social media platforms;
1.4.6. when you register to access newsletters, updates, and similar services and products that we offer;
1.4.7. when you visit our offices; and
1.4.8. from third parties.
1.5. We may record personal information about you such as records of your communications and interactions with us, including, but not limited to, your attendance at events or at interviews in the course of applying for a job with us, subscription to our newsletters and other mailings, and interactions with you during the course of digital or ‘in person’ marketing campaigns.
2. BUSINESS OPERATIONS: WHEN WILL WE USE OR SHARE YOUR PERSONAL INFORMATION
2.1. We treat your personal information as confidential and only use, share, record, or delete it as is required by law and/or as lawfully instructed by you.
2.2. We primarily use your personal information only for the purpose for which it was originally or primarily collected. We will use your personal information for a secondary purpose only if such purpose constitutes a legitimate interest for you or for us and is closely related to the original or primary purpose for which your personal information was collected. We may subject your personal information to processing during the course of various activities, including:
2.2.1. Operating our business;
2.2.2. Transfer of information to our service providers and operators;
2.2.3. For recruitment purposes;
2.2.4. For relationship management and marketing purposes in relation to our services (including, but not limited to, processing that is necessary to operate our business), for accounts management, and for marketing activities in order to establish, maintain and/or improve our relationship with you and with our service providers.
2.3. In addition, we may process your personal information for statistical purposes and for internal management and management reporting purposes, including but not limited to: conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes, and for management reporting analysis.
2.4. We may process your personal information for safety and security purposes.
2.5. We may share certain personal information with other institutions as part of our service rendering or as legally required, such as sharing information with the Receiver of Revenue, local authorities, the courts, sheriffs, and the like. We only share such personal information as are required by law.
2.6. Where we need to process your special personal information, we will do so in the ordinary course of our business.
3. OTHER PROCESSING OF YOUR PERSONAL INFORMATION
3.1. We may need to ensure that we hold correct and updated personal information and hence may need to update your personal information from time to time, and request your assistance in doing so. We may for that purpose contact you via email or telephonically, or via any other contact form that we have for you.
3.2. We will:
3.2.1. not sell or give your personal information away, use it, other than in terms of this policy.
4. YOUR RIGHTS IN RESPECT OF THE PERSONAL INFORMATION THAT WE PROCESS
4.1. You may at any time request us to delete your information or to refrain from using it. If we are by law required to retain the information, we will not be able to delete it.
4.2. You may further unsubscribe from any of our electronic material by clicking on the unsubscribe option provided or by contacting us at the addresses listed on page 1 in the Introduction. In that event, we will remove your details from that database, in a secure way.
4.3. You may otherwise ask us to delete any information we have about you but we might refuse if we need your personal information to protect our rights, or if the law obliges us to keep it. In these circumstances, if we refuse to delete your personal information, we will advise you of the fact that we did not delete the personal information and provide you with a reason therefore.
4.4. You may enquire from us about your personal information that we have, and how, if at all, it was used and shared or otherwise dealt with by us.
5. SECURITY BREACH
5.1. We have specialized and strict measures in place to make sure that our information systems are not breached.
5.2. However, should a breach occur, we will ascertain how and where the breach occurred and make sure that the exposed area is repaired immediately.
5.3. We will ascertain which data has become vulnerable as a result and notify you if the breach may affect you and assist you to minimize any potential damages that you may suffer as a result.
5.4. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during the course of such transmission.
6. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
6.1. We may disclose your personal information to our associates, operators, and service providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. In addition, we may disclose your personal information:
6.1.1. if required by law;
6.1.2. to legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
6.1.3. to third-party Operators (including, but not limited to, data processors such as providers of data hosting services and document review technology and services), located anywhere in the world, subject to 6.2;
6.1.4. where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
6.1.5. to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security;
6.1.6. to any relevant third-party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation); and
6.1.7. to any relevant third-party provider, where our Website uses third-party advertising, plugins, or content.
6.2. If we engage a third-party Operator to process any of your personal information, we recognize that any Operator who is in a foreign country must be subject to a law, binding corporate rules, or binding agreements which provide an adequate level of protection similar to POPIA. We will review our relationships with Operators we engage and, to the extent required by any applicable law in force, we will require such Operators to be bound by contractual obligations to:
6.2.1. only process such Personal Information in accordance with our prior written instructions; and
6.2.2. use appropriate measures to protect the confidentiality and security of such Personal Information.
7.INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
7.1. We may transfer your personal information to recipients outside of the Republic of South Africa.
7.2. Subject to 6.2, Personal Information may be transferred outside of the Republic of South Africa provided that the country to which the data is transferred has adopted a law that provides for an adequate level of protection substantially similar to POPIA, the Operator/third party undertakes to protect the Personal Information in line with applicable data protection legislation, and the transfer is necessary in order to provide the legal and other related services that are required by Xactco’s clients.
8. DATA ACCURACY
The Personal Information provided to Xactco should be accurate, complete, and up-to-date.
Should Personal Information change, the onus is on the provider of such data to notify Xactco of the change and provide Xactco with the accurate data.
9. DATA MINIMIZATION
Xactco will restrict its processing of Personal Information to data which is sufficient for the fulfillment of the primary purpose and applicable legitimate purpose for which it was collected.
10. DATA RETENTION
Xactco shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.
11. DIRECT MARKETING
11.1. We may process your personal information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe for free at any time.
11.2. If you currently receive marketing information from us which you would prefer not to receive in the future, please email us at info@xactco.com.
12. USER RIGHTS
12.1. Access and Control: You have the right to access the personal information we hold about you. You can request a copy of your data, understand how it is being used, and ensure its accuracy.
12.2. Update and Correction: If any of your personal information is inaccurate or incomplete, you have the right to request corrections or updates.
12.3. Deletion: You can request the deletion of your personal information, subject to certain legal obligations that may require us to retain data.
12.4. Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to request its transfer to another controller where technically feasible.
12.5. Restrict Processing: You can request that we restrict the processing of your personal information under certain circumstances, such as if you contest its accuracy or object to its use.
12.6. Objection to Processing: You have the right to object to the processing of your personal information for purposes of direct marketing or where we have a legitimate interest that overrides your interests or fundamental rights.
13. CHILDREN’S PRIVACY
13.1. Age Restriction: Our services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
13.2. Parental Consent: If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information as soon as possible.
13.3. Compliance with COPPA: If applicable, we comply with the Children’s Online Privacy Protection Act (COPPA) and similar regulations to protect the privacy of children.
14. CHANGES TO THE PRIVACY POLICY
14.1. Notification of Changes: We may update this Privacy Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
14.2. Effective Date: The updated Privacy Notice will indicate the effective date.
14.3. Communication of Changes: Significant changes will be communicated to you via in-app notifications, email, or prominent notices on our website. Continued use of our services after such changes will constitute your acceptance of the updated Privacy Notice.
15. INFORMATION COLLECTION AND USE
15.1. Types of Information Collected: We collect various types of information, including but not limited to personal identification information (e.g., name, email address), device information, location data, and usage data.
15.2. Purpose of Collection: The information collected is used to provide and improve our services, personalize your experience, conduct analytics, and for marketing purposes.
15.3. Consent: By using our services, you consent to the collection and use of your information as described in this Privacy Notice.
15.4. Third-Party Services: We may use third-party services (e.g., Google Analytics, AdMob) that may collect information about you. We encourage you to review the privacy policies of these third parties.
16. DATA SHARING AND DISCLOSURE
16.1. Legal Requirements: We may disclose your personal information if required to do so by law or in response to valid requests by public authorities.
16.2. Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction.
16.3. With Your Consent: We may share your personal information with third parties when you have given explicit consent to do so.
17. SECURITY MEASURES
17.1. Data Protection: We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
17.2. Encryption: Sensitive data is encrypted during transmission and storage to ensure its security.
17.3. Access Controls: Access to personal information is restricted to authorized personnel only, based on the necessity to perform their job functions.
17.4. Regular Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
18. CONTACT INFORMATION
You may contact us at:
info@xactco.com
Tel number: +27 71 639 2111
Date: April 2024
19. USER CONSENT
19.1. Agreement to Terms: By using our services, you agree to the terms outlined in this Privacy Notice.
19.2. Withdrawal of Consent: You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
20. INFORMATION FOR GOOGLE PLAY USERS
20.1. Compliance with Google Play Policies: This Privacy Notice is designed to comply with Google Play’s User Data policies. We ensure that all data collection, usage, and sharing practices align with the requirements set forth by Google Play.
20.2. App Permissions: Details about the permissions our app requests and the purposes for which they are used are provided within the app itself and in this Privacy Notice.
20.3. User Data Protection: We prioritize the protection of user data in accordance with Google Play’s policies, ensuring transparency, security, and respect for user privacy.
ANNEXURE A – DEFINITIONS
- “Associates” means Xactco’s shareholders, Xactco’s subsidiaries, and the directors, employees, and consultants of Xactco or of any of its subsidiaries.
- “Cookie” means a small file that is placed on your device when you visit a website. In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear Graphic Interchange Format files (“GIFs”).
- “Data subject” means a person to whom personal information relates.
- “Operator” means any person or entity that processes personal information on behalf of the responsible party.
- “Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
- “POPIA” means the Protection of Personal Information Act 4 of 2013.
- “Process”, “Processing” or “Processed” means anything that is done with any personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.
- “Responsible Party” means the entity that decides how and why personal information is processed.
- “Special personal information” means personal information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal behaviour.
- “Service provider” – third-party providers of various services whom we engage, including, but not limited to, providers of information technology.
Copyright Xactco
Disclaimer: This does not constitute professional advice and Xactco accepts no responsibility for errors or omissions. Please consult an attorney should you require legal assistance.
