Privacy Policy

Privacy Policy Date: 2021-04-01

We at DIGIFLOW respect your privacy and your rights in relation to the protection of the personal data we collect and process. This Privacy Policy is designed to help you to clearly understand what personal data we collect about you and how we use and share that data. Just to be clear, when we refer to DIGIFLOW, we mean Senwell Konsult (Pty) Ltd (Reg No. 2018/449658/07), trading as Elementary.World South Africa (“we”, “us”, “our”, “DIGIFLOW”, “Elementary.World”) (whose principal place of business is at 221 Garsfontein Rd, Menlyn, Pretoria, 0181, South Africa). If you have any inquiries about this Privacy Policy, please email our Chief Information Officer at cia@digiflow.co.za.

1. The Personal Data We Collect

Looking after your personal data is a huge responsibility for us. We will continue to do our best to protect your personal data as best we can and be transparent about what data we collect and why we collect it. We do not, and will never, engage in practices such as benefiting from selling your personal information to third parties.

1.1 A Look at the Use of Your Personal Data

We need to collect your personal data when you interact with certain components of our website and platform in order for us to deliver certain services or products to you. This will only take place on the basis of your full consent.

1.2 We Collect Your Personal Data for Very Specific Purposes

• During the registration of new users through our website or platform
• To enable us to provide services or products to registered users in the form of software as a service (SaaS)
• In order for us to provide you with technical and product support
• For general statistical purposes
• In direct support of the overall user experience
• In direct support of operating the underlying platform
• For general communications with you as the user

1.3 We Collect Both Personal and Non-Personal Data

• Contact information such as name, surname, email address
• Unique identifiers such as nickname and password
• Online identifiers such as internet protocol (IP) addresses
• User data generated by you on the DIGIFLOW platform
• Content data that is offered by you as a participant in a particular program hosted on the platform
• Functional data necessary for us to ensure our products function as intended in terms of performance and functionality
• Location identifiers such as geolocation data may be collected by our third-party service providers for the purpose of delivering agreed services

1.4 Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) in compliance with the GDPR. The DPO is formally responsible for data protection and ensuring compliance with GDPR requirements. You can reach our company DPO at cio@digiflow.co.za. Keeping Your Data Secure We do our best to secure your personal data and to protect your information from unauthorized access, alteration, disclosure, or destruction. While handling your personal data, we ensure that the appropriate security measures are in place and international standards are followed to protect the security of your personal data when transferred or when stored.

2. The Right of Individuals to Access Their Personal Data

2.1 It Is Important to Take Note of Your Rights

If you are a resident of the EEA, the UK, Australia, or South Africa you have the following data protection rights:

• You can request access, correction, updates, or deletion of your personal data at any time.
• You can object to the processing of your personal data, ask us to restrict the processing of your personal data, or request portability of your personal data.
• If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You can complain to a data protection authority (DPA) about our collection and use of your personal information. Contact details for data protection authorities in the EEA and the UK are available here. To object to our processing of your personal data or to exercise any of your rights, you can simply submit a request to our Data Protection Officer at cio@digiflow.co.za

3. Sharing Your Information with Third Parties

The personal data we collect might be disclosed to the following third parties:

3.1 Service Providers

• These are suppliers engaged by us that provide services on our behalf in support of providing products or services to you.
• Information about our sub-processors, including their functions and locations, is available here.

3.2 Subsidiaries, Affiliates, and/or Trusted Partners

• Your personal data may be shared as part of and in support of the operation of our business, such as contacting you based on your request to receive such communications.

3.3 Law Enforcement

• Your personal data may be shared with any competent law enforcement body, regulatory body, government agency, court, or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.

3.4 Corporate Events

• We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets.

4. International Transfer of Your Personal Data

We will not transfer your personal data to organizations, states, or countries that do not have adequate data protection measures in place. To facilitate our global operations, we transfer information to either Ireland, Australia or South Africa, solely based on your data residency requirements, and allow access to that information from countries in which the DIGIFLOW-affiliated entities have operations for the purposes described in this policy.

Certain recipients (sub-processors) (i.e., our suppliers who process your personal data on our behalf) may also transfer personal data outside the country in which you are a resident. Where such transfers occur, we will protect your personal data when it is transferred outside of the EEA, the UK, Australia, or South Africa by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data, or otherwise ensuring appropriate safeguards are in place to protect your personal data.

4.1 Legal Mechanism for Transfers

For transfers of your personal data to recipients (sub-processors) who are located outside of the EEA, the UK, Australia, or South Africa, we will rely on EU-US Privacy Shield, Swiss-EU Privacy Shield, or European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

4.2 Requirements for Sub-Processor Engagement

When engaging any sub-processor, we will:

• Ensure via a written contract that the sub-processor only accesses and uses your personal data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement and any Model Contract Clauses entered into or Alternative Transfer Solution adopted by us;
• Ensure that the data protection obligations described in Article 28(3) of the GDPR are imposed on the sub-processor if the GDPR applies to the processing of your personal data; and
• Remain fully liable for all obligations subcontracted to, and all acts and omissions of, the sub-processor.

5. Retention of Your Personal Data

In general, we retain your personal information as needed to fulfil the purposes for which it was collected, i.e., we will process and store your personal data as necessary in order to fulfil our business requirements and contractual or legal obligations.

6. Cookies and Similar Technologies

6.1 Cookies

Cookies are small text files that are stored in the web browser on your device by websites you visit. They enable a website to ‘remember’ information about your activity as a user and also serve a number of purposes, like storing your preferences and simplifying navigation and login functionality. DIGIFLOW and our partners use cookies and similar technologies to manage communication and support requests, to identify that you have logged in, analyze trends, administer the website, track users’ movements around the website, to gather demographic information about our user base as a whole, and to give us a better understanding of how you interact with our products and services.

6.2 Website Contacts Tracking

We do not do any website contacts tracking.

6.3 A Note on Web Analytics

We so not implement Google Analytics features on our websites.

END