Privacy Policy

Terms of ServicePrivacy PolicyAcceptable Use Policy

Sudonum's Privacy Policy

September 2020

1. INTRODUCTION

The right to privacy and this privacy "Policy" is important to us. Sudonum Proprietary Limited ("Sudonum", "us" or "we") is committed to taking steps to protect your privacy when we process your personal information. We therefore implement business practices that comply with applicable data protection laws, including the Protection of Personal Information Act 4 of 2013 ("POPI") and the General Data Protection Regulation ((EU) 2016/679) ("GDPR") (collectively "Applicable Law"). This Policy applies to all processing of personal information.

Where we refer to "Personal Information" in this Policy, we mean personal information as defined in Applicable Law, being information that may be used to directly or indirectly identify you. Personal Information includes, for example, your name, surname, email address, identity number (or company registration number), contact details, photograph and location.

In this Policy, we explain how we will use and protect your Personal Information in compliance with Applicable Law. "You" means any natural or legal person whose Personal Information we process. Depending on whether you are a customer of Sudonum ("Customer") or a client of our Customers ("End User") or not, additional terms may also apply to our relationship. The terms of this Policy will prevail if there is any conflict. We may change the terms of this Policy and will always process Personal Information in accordance with the latest version.

In terms of Applicable Law, Sudonum processes information in two capacities: when we process personal information of our Customers for the purposes of managing our relationship and offering our services, we are the responsible party (POPI) / controller (GDPR); and when we process personal information provided by our Customers for us to perform the services, we are the operator (POPI) / processor (GDPR). When we act as an operator/processor, we act on the instructions of our client, the Customer, who will be the responsible party/controller in respect of the Personal Information that they have instructed us to process to render the services. We also process certain Personal Information as a responsible party when someone visits our website (even if they are not a Customer or End User).

Parts of this Policy will apply to you if you are:

  • a visitor to our website;
  • a Customer that we provide services to; or
  • End Users of our Customers.

2. COLLECTING YOUR PERSONAL INFORMATION

We collect Personal Information about you from the following sources:

  • directly from you, the Customer, when you provide it to us, such as when you sign up to use our services as a Customer, contact us or through the course of our relationship with you;
  • from our Customers where their End Users' Personal Information becomes available to us through our Customers' use of our services;
  • from your web browser when you visit our website, subject to the settings of your web browser; from public sources where you have made your Personal Information public, such as on social media or online platforms;
  • from your use of our services or use of any features or resources available on or through our services; and
  • from third parties when you interact with them through our services, or your interaction with us as a result of the services or as required of the third parties to share it with us.

3. CATEGORIES OF PERSONAL INFORMATION THAT WE PROCESS

We collect various categories of Personal Information depending on our relationship with you, and therefore, we might not collect all of the below categories of information from or about you.

  • General personal details: for individuals, we collect name and surname, date of birth, age, nationality, language preferences, identity or passport number, and for juristic persons, we collect registered name, registration number, address, vat details. Contact details: address, contact number, and email address, and the details of a contact person in the case of juristic persons.
  • User information: Personal Information included in correspondence, transaction documents, use of the services or other materials that we process in the course of providing the services. This will include recordings of telephone calls and any Personal Information that may be included in those recordings (which Personal Information is not actively processed by us unless required by the Customer).
  • Account details: such as your username, password, usage data, and aggregate statistical information. Although our systems process passwords, Sudonum is not able to view the password.
  • Consent records: records of any consents you have given in respect of your Personal Information and any related information, such as the specific details of the consent. We will also record any withdrawals or refusals of consent. Our Customers may also hold records of consent where the End User has consented to the Customer processing their Personal Information.
  • Payment details: payment method used, information provided by payment gateway service providers, payment amount, date and reason for payment and related information. Data relating to our services: such as the type of device used to access the website or to use our services, the operating system and browser, browser settings, IP address, dates and times of connecting to and using the website and using the services and other technical communications information, including cookies and other technologies (depending on your browser settings).
  • Content and advertising data: records of your interactions with our online advertising on the various websites which we advertise and with marketing content displayed on our website and records relating to content displayed on web-pages displayed to you.
  • Views and opinions: any views and opinions that you choose to share with us, or publicly post about us on social media platforms, provide in the services or elsewhere.
  • Children's Personal Information: Personal Information of any person that qualifies as a child in terms of the Applicable Law of the applicable jurisdiction necessary for us to render the services on the instructions of our Customer. We will only process the Personal Information of children as an operator/processor in terms of Applicable Law and not as a responsible party/controller.

4. PURPOSE OF PROCESSING PERSONAL INFORMATION

We process adequate and relevant Personal Information for the following purposes and legal bases:

  • to perform in terms of our agreement with you (provide you with our services);
  • as part of providing services to our Customers;
  • operate and manage your account or your relationship with us;
  • monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes;
  • contact you by email to inform you about our services, however, you can opt-out of such communications;
  • form a view of you as an individual/juristic person and to identify, develop or improve our services and other services that may interest our Customers;

Carry out market research and surveys, business and statistical analysis and necessary audits;

  • fraud prevention;
  • perform other administrative and operational tasks like testing our processes and systems and ensuring that our security measures are appropriate and adequate; and
  • comply with our regulatory, legal or other obligations.

In addition to the above purposes, we may use your Personal Information for other purposes if the law allows for it, if you consent to it, or if it is in the public interest to do so. All purposes for the processing of your Personal Information will be legal in terms of Applicable Law.

5. DIRECT MARKETING

We may process your Personal Information to contact you to provide you with information regarding updates about services and new features and products that may be of interest to you. Where we provide services to you (where you are a Customer of ours), we may send information to you regarding our services and other information that may be of interest to you, using the contact details that you have provided to us. We will only send you direct marketing communications where you have consented to us sending you direct marketing or otherwise in compliance with Applicable Laws.

You may unsubscribe from any direct marketing communications at any time by clicking on the unsubscribe link that we include in every direct marketing communication or by contacting us and requesting us to do so. You can also ask us to not send you direct marketing communications when you register with us as a Customer. After you unsubscribe, we will not send you any direct marketing communications, but we will continue to contact you when necessary in connection with providing you with the services or in connection with our business.

If as part of the service, we process Personal Information for the Customer relating to direct marketing for the Customer's purposes, the Customer as the responsible party has the obligation to comply with all direct marketing requirements in terms of Applicable Laws.

We will not sell your personal information or provide it to third parties for their marketing purposes.

6. DISCLOSURE OF INFORMATION OT THIRD PARTIES

We will keep your Personal Information confidential and only share it with others in terms of this Policy, or if you consent to it, or if the law allows or requires from us to share it. We may disclose your Personal Information to:

  • Your business partners or third party processors in order to provide you with our services, such as data storage service providers, third party payment processors, software licensors or partners etc. in accordance with written agreements with those third parties;
  • legal and regulatory authorities, upon their request, or for the purposes of reporting any breach of Applicable Law;
  • accountants, auditors, lawyers and other external professional advisors in terms of written agreements with them;
  • any relevant party to the extent necessary for the establishment, exercise or defence of legal rights, criminal offences, threats to public security, etc.;
  • any relevant third party provider where we use third party advertising, plugins or content in our services.

If we engage third party processors to process your Personal Information, the processors will only be appointed in terms of a written agreement which will require the third party processors to only process Personal Information on our written instructions, use appropriate measures to ensure the confidentiality and security of your Personal Information and comply with any other requirements set out in the agreement and required by Applicable Law.

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Due to the nature of the Services and our business operations, we may need to transfer Personal Information to and from different countries for our business purposes.

In accordance with Applicable Law, we may transfer your Personal Information to recipients in other countries. We will only transfer Personal Information to third parties in countries with adequate data protection laws or do so in terms of a written agreement with the recipient which imposes data protection requirements on that party as required by Applicable Law.

Please note that when you transfer any Personal Information directly to a third party in another country (i.e. we do not send your Personal Information to the third party), Sudonum is not responsible for that transfer of Personal Information (and such transfer is not based on or protected by this Policy). Any Personal Information that we receive from a third party country will nevertheless be processed in terms of this Policy.

8. SECURITY

We have implemented appropriate technical and organisational security measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing. These measures are in accordance with Applicable Law.

The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect Personal Information, we cannot guarantee the security of your Personal Information transferred to us using the internet. Therefore, you acknowledge and agree that any transfer of Personal Information via the internet is at your own risk and you are responsible for ensuring that any Personal Information that you send is sent securely.

9. YOUR LEGAL RIGHTS

You have certain rights in relation to your Personal Information. As available and except as limited under Applicable Law, you have the following rights in respect of your Personal Information:

  • Right of access – the right to be informed of and request access to the Personal Information that we process about you;Right to rectification – you may request that your Personal Information be amended or updated where it is inaccurate or incomplete;
  • Right to erasure – the right to request that we delete your Personal Information, subject to applicable limitations and exceptions;Right to restrict processing – you may request that we temporarily or permanently stop processing your Personal Information;
  • Right to object – you may object to us processing your Personal Information; and to your Personal Information being processed for direct marketing purposes;
  • Right to information portability – where you are a data subject under the GDPR, you may request a copy of your Personal Information and request that information to be transmitted for use by another person; and
  • Right not to be subject to automated decision-making – where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your Personal Information not be processed in that manner.

Note that where we process Personal Information as an operator/processor for our Customers, these rights will be applied against the Customer. We will fully co-operate with our Customer on any request relating to these rights.

Where you have provided consent for us to process your Personal Information, you may also withdraw your consent where our processing is based on your consent. However, we may continue to process your Personal Information if another legal justification exists for the processing.

10. USE OF COOKIES AND SIMILAR TECHNOLOGIES

When you use our website, we automatically receive and record information on our server logs from your browser. This information may include, amongst others, browser type, language preference, referring site, and the date and time of each visitor request, your location, IP address, cookie information and Google Analytics information. This is statistical data about browsing actions and patterns. We may also obtain information about your general internet usage through a cookie file which is stored on the hard drive of your computer. Cookies enable us to improve our website and services, estimate our audience size and usage patterns, store information about your preferences and recognise when you return to our website.

In some instances, we may collect and store information about your location through cookies (other than when you share your location with us). We convert your IP address into a rough geo-location, and we may use location information to improve and personalise our website and services for you.

You can set your web browser to refuse cookies, but if you do this you may not be able to enjoy the full use of the services and you may not be able to take advantage of certain promotions we may run.

Please note that third parties may also use cookies, but we do not have access to, or control over them, and therefore cannot take responsibility for them.

11. LINKS ON OUR WEBSITE

Our website may include links to other apps or third party websites which do not fall under our supervision. We cannot accept any responsibility for your privacy or the content of these third party sites, but we display these links in order to make it easier for you to find information about specific subjects. Your use of and reliance on these links is at your own risk.

12. RIGHT TO OBJECT

You may, on reasonable grounds, object to us using your Personal Information for certain purposes. If you object, we will stop using your Personal Information, except if Applicable Law allows its use. To exercise this right or to discuss it with us, please contact us at legal@sudonum.com.

13. CHILDREN'S INFORMATION AND SENSITIVE/SPECIAL PERSONAL INFORMATION

We do not intentionally collect or use children's Personal Information. If we do collect Personal Information of children, it will be as a result of the service that we provide to our Customers. Our Customer as the responsible party / controller will have the obligation to obtain consent or ensure that the processing takes place on a justification ground allowed in terms of Applicable Laws.

Similarly, we do not intentionally collect or process special/sensitive Personal Information and will only do so on the instructions of our Customer, with consent or if allowed by Applicable Law.

14. QUALITY AND ACCESS TO YOUR INFORMATION

Quality. Where we are the responsible party / controller, we want to ensure that your Personal Information is accurate and up to date. You may ask us to correct or remove any Personal Information that you think is inaccurate, by sending us an email to legal@sudonum.com.

Access. You have the right to request us to provide you with Personal Information that we hold about you. You must contact us directly to do so or send an email to legal@sudonum.com. This request may be subject to an access to information request in terms of Applicable Laws and may require you to verify your identity, identify the rights you are wishing to exercise and pay a fee. If our Customer is the responsible party/controller for the information, any request will need to be addressed to our Customer.

The right to access your Personal Information may further be limited in terms of Applicable Law.

15. RETENTION OF INFORMATION

We take every reasonable step to ensure that your Personal Information is only processed for the minimum period necessary for the purposes set out in this Policy.

We retain Personal Information in accordance with the required retention periods of our Customers, in terms of Applicable Law or for legitimate business purposes. We will only retain your Personal Information for the purposes explicitly set out in this Policy or on the instruction of our Customers. We may keep Personal Information indefinitely in a de-identified format for statistical purposes, which may include for example statistics of how you use the services.

This Policy also applies when we retain your Personal Information. We may also retain your Personal Information for the duration of any period necessary to establish, exercise or defend any legal rights.

16. LODGING A COMPLAINT

We will report any security breach to the applicable regulatory authority in terms of Applicable Law and to the individuals or companies whose Personal information is involved in the breach. If your Personal Information as an End User is affected by a security breach, we will inform our Customer about the breach. If you want to report any concerns about our privacy practices or if you suspect any breach regarding your Personal Information, kindly notify us by sending an email to legal@sudonum.com.

17. SECURITY BREACH

If you want to raise any objection or have any queries about our privacy practices, you can contact our data protection officer at legal@sudonum.com.

You also have the right to formally lodge a complaint in terms of applicable laws as follows:

POPI

The Information Regulator


Website: https://www.justice.gov.za/inforeg/

Address: 33 Hoofd Street, Forum III, 3rd Floor Braampark, P.O Box 31533, Braamfontein, Johannesburg, 2017, South Africa

Tel: +27 10 023 5207

Email: inforeg@justice.gov.za

GDPR

The European Data Protection Supervisor

Online complaint procedure: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

18. LEGAL DISCLOSURE

  1. Website owner: Sudonum Proprietary Limited, registration number 2010/011151/07.
  2. Legal status: Sudonum is a private company, duly incorporated in terms of the applicable laws of South Africa.
  3. Directors: M Griffioen, M Toop and B Commaille.
  4. Description of main business of Sudonum: Sudonum is a technology business helping businesses realise more value from the calls and messages they generate.
  5. Email address: legal@sudonum.com.
  6. Contact number: +27 21 8303 100.Website address: https://sudonum.com
  7. Address: Unit 8 Werkwinkel, 65 Webervallei Road, Stellenbosch, 7600, South Africa.

In addition to the above purposes, we may use your Personal Information for other purposes if the law allows for it, if you consent to it, or if it is in the public interest to do so. All purposes for the processing of your Personal Information will be legal in terms of Applicable Law.