As we invite you to reimagine our world with us, we’re also very committed to protecting any personal information you may entrust us with and will always try to do our best to not let you down in this regard.
We process personal information for a number of reasons related to the business we operate and we value a transparent approach regarding why and how we process personal information (defined later in this policy).
We are committed to preserving the confidentiality and integrity of all personal information we hold and processes and to operating our business in compliance with the requirements of the Protection of Personal Information Act, 2013 (“POPI”), and all other applicable laws relating to the processing of Personal Information (collectively, the “Legislation”).
We recognise the importance of personal information and to respecting the privacy rights of individuals in this regard. This policy sets out the principles which we apply to our processing of personal information. Typically, we process personal information in one of two capacities, either:
1. as a Responsible Party for our internal business operations, such as human resources, contracting with service providers, delivering services to customers, administration, marketing, sales, customer relationship management, etc., or
2. as an Operator when carrying out services for and/or delivering products to our customers and/or customers of our affiliates.
It is the responsibility of all Kryptonite employees and/or independent contractors to apply the provisions of this policy to the processing of any personal information, whether we are acting as responsible party and/or operator (or both). Kryptonite provides employees and/or independent contractors with regular instruction concerning such matters.
What kind of personal information do we collect
Personal information collected by Kryptonite may include:
1. Customer Relationship Data: Information relating to identifying particulars, including first name, last name, identification number, e-mail address, physical address, telephone number, employer, the information contained in communications between us and customers and/or prospective customers, etc.
2. Usage data: Data about use of our website, social media, platforms, services and/or products which may include IP address, cookies, tags, metatags, headers, publicly published information, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of service use.
3. Legitimate business data: Data about business contacts, corporate clients (and individuals associated with our corporate clients), Individuals who use our applications and/or those we have provided with access to them, marketing and/or sales leads, general enquiries from any person, recruitment applicants, suppliers (including subcontractors and individuals associated with our suppliers and subcontractors), Kryptonite personnel (shareholders, staff and contractors); visitors to our offices and/or digital events.
Whom to contact
For the purposes of the Protection of Personal Information Act, 2013 (the “POPI Act”), if applicable the Responsible Party is Kryptonite (Pty) Ltd, telephone: +27 83 556 7957, email: email@example.com, website: https://www.kryptonite.digital/.
For the purposes of the Protection of Personal Information Act, 2013 (the “POPI Act”), if applicable the Operator is Kryptonite (Pty) Ltd, telephone: +27 83 556 7957, email: firstname.lastname@example.org, website: https://www.kryptonite.digital/.
Why we collect personal information
We collect personal information for the following purposes:
1. To provide our services, deliver products and carry out our contractual obligations to customers. We process personal information in the first place to be able to offer our services and/or deliver products to our customers and to run, maintain and develop our business. Personal information may be processed to carry out our contractual obligations towards our customers.
2. For customer communication and marketing.We may process personal information to manage our relationships with customers, engaging with prospective customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. We may additionally pass marketing and sales leads on to our affiliates and partners where appropriate.
3. For quality improvement and trend analysis. We may process information regarding the use of our products and/or services to improve the quality thereof. Whenever possible, and unless required for the task at hand, we will do this using aggregated, non-personally identifiable data.
4. Keeping a proper record of transactions. We may process personal information to keep records of our transactions with personnel, customers and/or prospective customers.
Why do you need to provide personal information
In order to use our products and/or services, we require certain personal information either because of legal requirements or because we need that information to deliver our products and/or services.
We endeavour to tell our customers when personal information requested is mandatory, or if it is voluntary. If the customer does not provide mandatory personal information, we may be unable to properly provide our products and/or services.
Where a customer chooses not to provide us voluntary personal information this may reduce the quality of the product and/or service we provide (for example, if a customer only provides a physical address and does not provide us with an e-mail address, we will only be able to contact the student by traditional mail).
Where do we keep your personal information
We primarily store personal information within the Republic of South Africa.
However, Kryptonite uses service providers in several geographic locations. As such, we or our service providers may transfer personal information to, or access it in, jurisdictions outside the customer’s domicile.
Where we transfer your personal information outside of the Republic of South Africa, the safeguards that we will use to protect your personal information include contractual obligations imposed on the recipients of the personal information. Those obligations require the recipient to protect the personal information to the standard required in the Republic of South Africa. Safeguards also include requiring the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.
Who do we share your personal information with
We may disclose personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the POPI Act. The categories of recipients that we will share your information with are:
1. our service providers, agents, independent contractors and sub-contractors who administer or process information on our behalf (such as our cloud service providers)
2. affiliates in our delivery ecosystem
3. our partners
Individuals who voluntarily register for our participate in our public or private events (whether paid for or free of charge) acknowledge that the nature of these events (especially virtual ones) means that other attendees may be able to view some of their personal information such as their name, surname, email address, title, company name, etc and that this processing is necessary in order to provide them with the product and/or service they have requested.
Our Lawful Basis for processing this personal information
Our lawful basis for processing your personal information is consent, contractual obligation and/or providing customers with access to products and/or services they have themselves requested and/or voluntarily subscribed to.
Your rights regarding personal information
Under the POPI Act, our customers and relevant data subjects have several rights. Please note that these rights are not without limitation, and in some instances may not be available. Where applicable, these include the right to:
1. request access to personal information and to obtain information about how we process it;
2. have inaccurate/incomplete personal information corrected/completed;
3. object to the processing of your personal information; and
4. have personal information erased.
To exercise these rights as set out above, customers and/or other relevant data subjects must please write to us using the details set out above. There is no fee for making these requests. However, if a request is excessive or unfounded, we can charge a reasonable fee or refuse to comply with it.
Who to contact if you’re not satisfied with our handling of personal information
Customers and/or other relevant data subjects have the right to complain to the information regulator if they think that we have infringed any of their rights.
Contact the Information Regulator at email@example.com, write to them at The Information Regulator (South Africa); SALU Building, 316 Thabo Sehume Street, Pretoria or visit their web address for other ways to contact them: http://www.justice.gov.za/inforeg/index.html