- The Client controls how and why we process data, as such Clients voluntarily accept or reject the way in which we process personal data.
- We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.
- We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
The right to an individual’s privacy is a fundamental right and is encapsulated in various legislatures including the Protection of Personal Information Act, 4 of 2013 (“POPIA”) in South Africa.
Where any Client or data subjects within such Client-organisations are natural persons, and should we collect their personal data, we intend to process it, albeit as a controller or processor of personal data, in accordance with the principles of POPIA and the General Data Protection Regulations (“GDPR”). These regulations will apply to us if we process your personal information in South Africa or abroad, if at all.
This policy intends to explain how we process your personal information and is applicable to personal information of all data subjects, being both natural and, where applicable, juristic persons. By using MAPIT services, you agree that you have read and agreed to be bound by these terms and conditions voluntarily by accepting these terms and conditions. It is however recorded that the GDPR applies to natural persons’ data only, and its applicability herein does not apply to the data of juristic persons. This does not however mean that less caution will be taken when dealing with data of juristic persons, as we strive to treat any information that is not ours with the utmost confidentiality and protection.
Our data protection measures are based on international best practices when processing or controlling your personal data. We adhere to the principles encasing accountability, processing limitations, purpose specification, information quality, security and data subject participation, fairness and lawfulness, transparency and minimalism.
Collecting of Information, Cookies, and Links
We collect information from you in the following ways:
- Through your communications with us;
- Through you sharing information that you provide on MAPT’s web platform sites or through one of our applications;
- Through third parties related to our business operations.
As a result of you dealing with us, as client or customer, we may collect and store some personal information from such as:
- your name;
- address, previous addresses and how long you have lived at those addresses;
- date of birth;
- your employer, previous employers and how long you have been in such employment;
- your email address;
- your telephone numbers; and
- the details of any references you supply, including the names and addresses of your referees
We don’t share any personally identifying information publicly or with third parties, except when required to by law.
How and why we process your personal information
We will only process information that you provide us with for the specific purposes for which it was disclosed to us and in as far as it is required, and in a reasonable manner that does not infringe your fundamental right to privacy.
The principle of minimalism will apply to the processing of your personal information in that such processing will not be excessive, irrelevant or inadequate.
If we have reasonable grounds to believe that your rights may be limited, we may need to disclose or use your personal information or use of our website or services to protect our business and/or the property, safety or other rights of our employees, partners, clients, suppliers or other users or to prevent fraudulent or unlawful use of this website.
Should you object to the processing of your personal information, we will immediately cease the processing associated with it.
In the event that we need to transfer your information across our borders, same will only be done as far as is necessary to meet our obligations to you and where you provide your consent. These cross-border flows of data shall only be received by parties who employ similar corporate rules and agreements and which flow from and are subject to similar legislation as that of national legislation.
It may happen that we merge, sell, purchase or restructure our business and may need to disclose personal information to the other party/ies to the transaction. Should this take place in the future, we will always seek that the information be treated as strictly confidential and that the relevant party is bound by this confidentiality and that such party employs similar standards of protection
Depending on the type of disclosure of the personal information, we may collect the following types of information when, for example, you fill out a request for us to contact you regarding our service offerings, or if we are already rendering services to you or your organisation:
- Full name of individual and/or organisation;
- Identity number or organisation registration number;
- Cell phone number and/or email address;
- Data of objects and machine information extracted using our SpeedFOX technology.
Depending on the reason that the information was disclosed and the nature of the disclosure of the information, we may use it for the following reasons:
- Performing our duties or responding to your requests;
- Monitoring and analysing our business, including performing statistical analysis and marketing research;
- Performing administrative tasks, audits and complying with legislation;
- Contacting you or requesting information from you;
- Any other reason that you give us permission for;
- If it is in the public interest or required by a competent authority;
- To assist your business in implementing a digital strategy;
- To translate vast data that is relevant into readable format and to transfer this to a usable platform;
- To send data to and from the cloud and/or the edge of a data system to the devices that our technology applies to.
The information assists us in developing our business and entering into business transactions which involve the provision of hardware and software related components and services in the geospatial sphere. We may share this information with third parties if it is necessary for us to deliver on our product offerings. We are required to maintain records of our processing activities and processing operations, which may be made available to you on sufficient notice.
Any information provided to us will only be kept for the duration for which it is required and to give effect to the purpose for which it was disclosed. If we are required by law or otherwise to keep your personal information for longer than required, we will ensure that it is de-identified. We will also not sell or share your information without your prior written consent. We will destroy or delete a record of your personal data should the personal data no longer be required, and such deletion or destruction shall be done in a manner that, as far as is practicably possible, prevents its reconstruction. Should we wish to retain your personal data, we will obtain your consent and ensure that appropriate safeguards are in place to protect same, and that it will only be used for historical, statistical or research purposes.
Any special personal information will not be processed unless your express prior consent has been obtained. Should the purpose for which we have processed your personal information have been realised, then we are bound to erase your personal information unless one of the grounds in Section 71 of POPIA is applicable.
We do not intend to directly or indirectly market to children, and this website, our applications and general business offering has not been designed for use by or intended for children. Minors therefore require the consent of competent person, and persons under the age of 18 years in South Africa require the consent of their parent or trustee.
Security and Breach
We respect your personal information and the confidential nature thereof, and we are committed to complying with the relevant laws that govern our interactions with users, clients, partners and the like.
Your personal data deserves protection from unauthorised access, accidental loss, modification, destruction and unlawful disclosure, regardless of whether your data is processed in paper form or electronically. For this reason, we implement appropriate, high quality and sophisticated security server technology which at a minimum complies with industry good practice, so that the integrity of your personal information may be protected.
Our employees and operators and anyone who processes your personal information are bound by terms of confidentiality and have been obligated to respect and uphold your privacy. Some of these measures include using firewalls, passwords and restricted access, physical recognition methods and the information is used internally by persons on a strict need-to-know basis. We do however urge you to assist us in our endeavour to keep your personal information safe and kindly request that you take reasonable measures to protect your personal information, as the nature of the internet and the technology industry lends itself to attempted unauthorized breaches of security protocols.
We will report any security breaches to the data regulator and / or inspectorate and to the affected data subject. This notification will be made as soon as is practicably possible after the scope and nature of the breach have been determined, considering any measures to restore the security of the information. We undertake to provide you with adequate information regarding any such breach and will comply with directions given by the inspectorate or registrar.
We will notify the Information Regulator within 72 hours of a breach and, if there is a high risk to the rights and freedoms of other persons, we will notify you. If any form of breach by an MAPIT group company is committed, MAPIT undertakes to assist you in establishing the facts of the matter and in asserting your rights against the group company concerned. The technical and organisational security measures for protecting personal data are updated continuously and according to industry best practice.
Notwithstanding any other rights you may have in law, you have the following rights that we intend to uphold and protect at all times in relation to the protection of your data:
- You may request how your information was collected, how it is stored and for what purpose;
- You are entitled to know who your data is being transferred to and for what purpose;
- You may at any time request that your data is updated and supplemented so that it is correct and complete at all times;
- Should a legal basis for the processing or controlling for your data cease to exist, you may request that your data is deleted permanently, subject to legal retention periods that may be applicable; and