top of page

Privacy Policy (EU)

Updated March, 2023

​

1. Introduction

1.1 Responsible entity

1.1.1 Augmental Technology Ventures, Inc., located in the United States of America at the registered business address 651 N Broad St, Suite 206, Middletown, Delaware (“Tracto”), is the stated responsible entity under the data protection regulations. In other words we are the company that decides on the purpose and means of processing the personal data of our users (“User Data”) and is therefore responsible for its security and compliance with the applicable laws.

1.1.2 As the responsible entity we are subject, for example, to information requirements that we wish to fulfill in connection with this privacy notice. We also provide additional information within our products, e.g. we may ask you for a new consent or explain the consequences of revocation. The information in our products does not contradict this privacy notice, but rather supplements it with brief and easily readable information so that you can make decisions more easily. This privacy notice and the additional information are easily accessible at any time from within our products.

​

1.2 Structure and consent concept

1.2.1 This privacy notice informs you about the purposes and scope of processing your User Data, as well as data transfers, and your extensive rights. As our offer is exclusively aimed at persons with ADHD and comorbid conditions, your use typically already provides information on your child’s health condition. We therefore only process User Data as health data with your consent. We differentiate as follows:

1.2.1.1 “Necessary Processing” describes how we process the User Data required to fulfill the contract. Without this consent the use of our products is not possible from a legal and a factual point of view because our services depend on this processing.

1.2.1.2 “Processing for Product Improvement” explains how you can help us and other users by allowing us to use your and your child(ren) data in particular to develop algorithms for therapy management, improve the product and so forth without us contacting you for advertising purposes etc. 

1.2.1.3 “Processing for Marketing Purposes” describes how we contact you for marketing purposes, with your consent, e.g. by email, notifications etc. Here too you may use the products without consent but with your consent you will receive interesting information on our products or if, for example, your health insurance company covers new services.

1.2.1.4 In “General Information” we have assembled the information that applies to all of the above consents to avoid repetition.

The relevant categories are described in more detail below. You may provide the relevant consents upon registration or later via the child account settings. You may revoke any consents at any time via the child profile settings or by sending an email to support@tracto.app. In such an instance we will inform you about the consequences of the revocation. The lawfulness of the processing prior to revocation remains unaffected.

1.2.2 In some cases, the processing may take place independently of consent on the basis of statutory principles (e.g. medical device regulations). We will inform you accordingly in appropriate cases.

​

2. Necessary processing

If you grant your consent, we process the User Data listed below in order to be able to provide our services. If you do not consent to this necessary processing, you cannot use the services of Tracto.

​

2.1 Necessary and optional User Data

2.1.1 In order to protect your User Data, our services can only be used in connection with a user account. To create a user account we require and process the following User Data:

Email address

Password (we only save a checksum)

Tracto ID (we provide this after registration)

Registration date

Status of consents

​

When using the Tracto app: Device ID, manufacturer, device type, operating system version

Language, country, time zone

IP address.

​

2.1.2 All other information is optional and self-explanatory in the input masks. Such optional entries include:

Personal Master Data: First name, last name, address, date of birth/age, relationship, gender, telephone number.

​

Medical Master Data: Diagnosis, diagnosis year, symptoms, height, weight, meter/therapy device, medication, notes.

Commercial and Usage Data: App store download, purchase, invoices, payment status, payment method (credit card, bank account, etc.) insurance number, Tracto Premium status, vouchers redeemed, IP address, device ID, operating system, browser type and version, token, activity events for customization, support queries.

​

Medical Data: App entries such as date/time/timezone/place, type and duration of interventions/activities, notes/text, weight, mood, concentration, steps, images/photos, medication, tags, points, imported values; sensor data such as start date/time, end date/time, time zone, sensor value, type, date app settings such as display options, activated integrations.

​

2.2 Necessary purposes

2.2.1 All the necessary purposes of our processing are associated with providing our services:

Order, delivery, support, and billing of our products (including goods from our cooperation partners) require the entry and processing of certain data in order to process your order.

Installation of our apps leads to technical and device-related data recordings such as the device ID.

Registration leads to the creation of your Tracto ID using the email address and password.

The provision of our services requires you to voluntarily and actively enter data depending on the function and each function describes the purpose for which the data is needed.

​

Communication from Tracto with you within our apps or via other electronic messaging services (e.g. email, instant messaging, telephone) where this is required to support or troubleshoot our products. This is how we process any comments and queries that you may have via various communication channels when using Tracto. The most important example is our support service, which you can access at support@tracto.app. Please therefore think about which information and data you want to give in your active communication with us – this is solely your decision. For our part, communication with users may be necessary either by email, in-app card, or push notification. This is how we inform you about updates to our products and provide important security advice as well as assistance associated with your usage. This support communication – as an essential part of our products – is sent to users notwithstanding whether they have subscribed to our Newsletter or not.

​

2.2.2 Use of our apps and extensions requires you to actively and voluntarily enter data. You will find additional selection options in the settings of our apps. To resolve an error in the app we require, for example, crash reports that we can use for troubleshooting purposes to determine the circumstances of the problem. In addition, the key data of your device and your usage behavior are recorded as our contractual fulfillment, above all, means customizing our products i.e. processing individual user information. An automated analysis of user behavior is performed exclusively for the purpose of customizing your use when fulfilling the contract and has no legal effect for you.

​

3. Processing for product improvement

If you consent, we also process your User Data beyond the necessary usage described in section 2 above to improve our products and services as described in more detail below.

 

3.1 Additional data

In general, we use the same User Data to improve our products as stated in section 2. In addition, Tracto may also record the following User Data:

Usage Data

​

Activity events that allow us to understand how you use our products. This enables us to see how our products are used and for example where menu designs can be optimized.

3.2 Purpose of product improvement

​

As a result of fast-moving technological progress, we have to continually analyze, develop, test, and improve our products and their interactions, in order to ensure that our content benefits users in the most effective way. To achieve this, we conduct usage and security tests and the knowledge gained is incorporated into improved new versions of our products such as the app. These improvements are also provided to you via regular updates.

​

4. Processing for marketing purposes

4.1 Newsletter

4.1.1 We would like to send you interesting information on products and services in addition to the contractual scope (including information from carefully selected partners) and invitations to participate in surveys or other sales promotions and marketing activities (“Newsletter”).

4.1.2 You can select whether you want to subscribe to our Newsletter (opt in). You can revoke your consent at any time via the link in the Newsletter or the account settings.

​

4.2 Other types of marketing

4.2.1 Other consents, e.g. for surveys, notifications, or customized offers, are obtained as required when you are logged in. We always explain to you why we need certain data and also how you can revoke the consent.

4.2.2 Please be aware that we may show you offers within the app without processing your personal data. 

​

5. Usage for statutory purposes

5.1 Scientific research and statistics

Tracto is committed to the science of all aspects of ADHD and comorbid conditions. Therefore, anonymous User Data may also be used for the purposes of research and statistics (always whilst complying with the recognized ethical scientific standards) and internal analyses. This is used mainly to determine and improve the effectiveness of techniques for controlling and treating ADHD. The legal basis for this is Article 9 (2) j) GDPR.

​

5.2 Enforcement of rights

The use of personal data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data are permitted by law without your consent. The legal basis for this is Article 9 (2) f) GDPR.

​

5.3 In accordance with medical device legislation

Finally, as the manufacturer or distributor of a medical device, we are subject to increased requirements for monitoring the functionality of our product. This vigilance system required for regulatory purposes may also involve the processing of personal data. The legal basis for this is Article 9 (2) i) GDPR.

​

6. General Information

6.1 Purpose limitation and security

6.1.1 Tracto uses your personal data exclusively for the purposes determined in this privacy notice and the relevant consents. We ensure that each processing is restricted to the extent necessary for its purpose.

6.1.2 Each processing always guarantees adequate security and confidentiality of your personal data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and the latest encryption methods, always taking into account state-of-the- art technology and implementation costs.

​

6.2 Processors

6.2.1 Our products are subject to complex processes that, in light of our users, we have to manage and keep up-to-date. For technical support we therefore may use curated third-party suppliers (“Processors”) in order to offer you a comprehensive and optimal use of our products.

​

6.2.2 Tracto transfers User Data to Processors exclusively within the framework of this privacy notice and only to fulfill the purposes stated in it. Processors work according to our specifications and instructions; they are not permitted to use the personal data of our users for their own or other purposes.

​

6.2.3 We use Processors offering sufficient guarantees that suitable technical and organizational measures are undertaken in a way that the processing of personal data complies with the statutory requirements and our privacy notice. The protection of the rights of our users is ensured by concluding binding contracts that meet the strict requirements of GDPR.

​

6.2.4 The third-party suppliers appointed by Tracto may only use other processors (subcontractors) with our prior consent. If a subcontractor does not comply with the same data protection obligations and all of the appropriate security measures that we impose on our Processors, then we will prohibit the hiring of such a subcontractor.

​

6.3 Encryption, pseudonymization, and anonymization

6.3.1 Each data transfer, without exception and by default, is encrypted during transfer. Using HTTPS (hypertext transfer protocol secure) we ensure that your data is not intercepted by unauthorized third parties.

​

In addition, for the purposes of data security and minimization, we also use other processes for the encryption and pseudonymization of User Data. Of course this depends on the type, scope, and purpose of the relevant data processing and takes into account the latest technology. For example, we only disclose User Data that a Processor requires to carry out his tasks.

​

6.3.2 When a contractual relationship with a Processor is terminated, such Processor must, at Tracto’s discretion, either return all our User’s Data or delete it if there are no statutory storage obligations.

6.3.3 Data that requires no personal reference for processing (e.g. for research and analysis) is subject to anonymization. This prevents a connection to a specific user being made in all cases.

​

6.4 EU and other countries

6.4.1 We primarily select cooperation partners who are based in or whose servers are located in the European Union (EU) or European Economic Area (EEA). Data transmission within the EU and EEA is unobjectionable because the GDPR applies in all member states.

​

6.4.2 In exceptional circumstances we appoint third-party suppliers who are located in or who have servers outside the EU, e.g. innovative companies in Silicon Valley, USA. However, even in these cases your personal data is subject to a high protection level in line with the GDPR – either through an EU adequacy decision, which considers data protection in certain third-party countries to be appropriate (e.g. Switzerland, Israel, and New Zealand), or through certain standard contractual clauses approved by the EU, which the contractual relationships with our contracted data processors are based on, or through comparable legal instruments permitted under the GDPR. In any case, all Processors are subject to the obligations in this privacy notice.

​

6.4.3 In addition, we ensure that our partners have additional security standards in place, such as individual security measures and data protection provisions or certifications under the GDPR. 

​

6.5. Categories of recipients

6.5.1 Our cooperation partners are bound by the agreements signed with Tracto as well as by the GDPR and only process data according to our instructions. We provide our users’ Data only to fulfill the contract:

Manufacturers and suppliers require personal data to handle orders for goods. Insurance companies may exchange data with us if you buy our products as part of your health insurance (statutory or private). If applicable, this enables billing based on the tariff of your insurance company.

​

Bookkeeping and payment service providers support us in the ongoing billing of our chargeable products.

Customer support services and their tools help our customer support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.

​

Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future.

Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.

​

Hosting and cloud services and their tools are used to store data and to produce anonymized analyses (see section 2.4 above).

​

Reminder: the transfer of data to our Processors and service providers is protected by guarantees such as adequacy decisions, certifications or standard contractual clauses. A copy of such guarantees or information on these can be requested from support@tracto.app.

​

6.5.2 Finally please note that you have the option to directly share certain data with a third party from within our products. This relates, for example, to reports generated in our apps and communication with your healthcare professionalYou are solely responsible for such data transfers.

​

6.6 Usage data

We only use Google Universal Analytics in the publicly accessible part of our website (no login required), a web analysis service by Google Inc. (“Google”). Google is certified under the EU-US Privacy Shield; we also have a processing contract in place with Google.

​

Google Universal Analytics uses cookies (see above) to enable analysis of your website use and these may be stored for up to 2 years if you do not delete them before that time. The information generated by the cookie on your use of our website is generally transferred to and stored on a Google server in the USA. We have extended Google Analytics on our website to include the “gat.anonymizeIp();” code in order for IP addresses to be recorded anonymously. At our request, Google only records your IP address in abbreviated form thus ensuring anonymization that does not permit any conclusions to be made about your identity or device. Google abbreviates IP addresses within the EU or other member states which are parties to the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and reduced there. At our request Google will use this information to analyze your use of the website in order to provide us with aggregated reports and provide other services associated with Internet usage. The IP address provided by your browser as part of Google Analytics is not merged with other Google data.

​

6.7 Storage and deletion

6.7.1 Your User Data is stored on your device. This data is also stored on our servers. We only use systems that meet GDPR requirements.

​

6.7.2 Regardless of the storage location we ensure that the high protection level pursuant to the GDPR is guaranteed; naturally this also applies to data that is stored temporarily at another location or is transferred for processing.

​

6.7.3 As a rule, Tracto only stores your personal data for the duration of the contract. In exceptional cases, longer storage may be required in order to fulfill post-contractual obligations or to comply with statutory storage obligations or disclosure duties, or to assert, exercise, or defend legal claims (limitation periods).

​

6.8 Minors

Minors, below the age of sixteen are only permitted to use our products with the consent of a parent/guardian (see section 3.2.3 of our General Terms and Conditions). This also applies to processing their personal data, which is only legal if and to the extent to which the consent has been obtained by and through the parent/guardian. Otherwise use of our products is prohibited.

​

6.9 Data protection officer

6.9.1 Our data protection officer is available to answer all data protection questions at privacy@tracto. The data protection officer monitors ‒ independently and is not bound by instructions ‒ compliance with all data protection regulations and is subject to strict statutory secrecy and confidentiality obligations.

​

6.9.2 The data protection officer is widely involved in all questions associated with protecting the personal data of our users. As trained experts they monitor our processing on an ongoing basis, inform, and advise the whole Tracto team on an ongoing basis in order to ensure the best-possible protection of your User Data.

​

6.10 Changes

6.10.1 As technology and processes in the Internet as well as data protection legislation are constantly being developed, we have to undertake changes from time to time. We will inform you of changes by appropriate means whilst granting an appropriate advance notice period and if necessary obtaining new consents.

​

6.10.2 Unless otherwise provided by this privacy notice, the same definitions apply in our General Terms and Conditions.

​

7. Your rights

7.1. Revocation of consents

If we process your User Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.

​

7.2. Information, correction, and restriction

7.2.1 Each user has the right to request information on the processing of their personal data. To do so, please contact us at any time at privacy@tracto.app.

7.2.2 Your right to information covers information on the processing purposes, data and recipient categories, storage time, origin of your data, and your rights under the data protection regulations. You can find all of this information in this privacy notice and we are happy to provide it to you in an electronic form.

7.2.3 Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data yourself in our apps. You have the right to restrict data processing for the duration of any investigation review that you have requested.

​

7.3 Deletion (“right to be forgotten”)

Each user has the right to request the deletion of their personal data. To do so, please contact us at any time at support@tracto.app.

​

7.4 Ability to transfer data

Finally each user has the right to request that we provide an overview of their personal data to another responsible party, if this is technically feasible.

​

7.5 Complaints

7.5.1 If you feel we are not protecting your data protection rights adequately, please contact us at any time at support@tracto.app. We will handle your request immediately.

​

Thank you for your confidence in us.

Logo@2x.png

Privacy Policy (USA)

Updated March, 2023

​

​

1. Introduction

1.1 Responsible entity

1.1.1 Augmental Technology Ventures, Inc., located in the United States of America at the registered business address 651 N Broad St, Suite 206, Middletown, Delaware (hereinafter referred to as “Tracto”) is the stated responsible entity under the data protection regulations. This means that Tracto decides on the purpose and means of processing the personal data of our users (“User Data”) and is responsible for its security and compliance with the applicable laws.

​

1.1.2 As the responsible entity, we are subject for example to information duties that we wish to fulfill with this privacy notice. We may also provide additional information regarding your privacy in our products, e.g. if we ask you for new consent or explain the consequences of revocation. The information in our products does not contradict this privacy notice, but rather supplements it with brief and easily readable information so that you can make decisions more easily. This privacy notice and the additional information are easily accessible at any time from within our products.

​

1.2 Structure and consent concept

1.2.1 In this privacy notice we inform you about the purposes and scope of processing your User Data, data transfers, and your comprehensive rights. As the Tracto products are exclusively aimed at persons with ADHD and comorbid conditions, your use typically provides information on your child’s health condition. We process personal User Data, including health data, with your consent, as further described in the following sections:

​

1.2.1.1 The “Necessary processing” section describes how we process User Data required to fulfill the contract. Without this consent the use of our products is not possible from a legal and a factual point of view because our services depend on this processing.

​

1.2.1.2 The “Processing for product improvement” section explains how you can help us and other users by allowing us to use your and your child(ren)’s data in particular to develop algorithms for therapy management, improve the product, etc., without us contacting you for advertising purposes etc..

​

1.2.1.3 The “Processing for marketing purposes” section describes how we contact you – with your consent – e.g. by email, notifications, etc. for marketing purposes. Again, you can use the products without consent but with your consent you will receive interesting information on our products or if e.g. your health insurance company covers new services.

​

1.2.1.4 In the “General information” section we have assembled the information that applies to all of the consents stated above to avoid repetitions.

​

The relevant categories are described below in more detail. You can give the relevant consents on registration or later via the child profile settings. You can revoke consents at any time and we will inform you about the consequences of the revocation. You can action this instruction by either using the child account settings or by sending an email to support@tracto.app. The lawfulness of the processing before revocation remains unaffected.

​

1.2.2 In some cases, the processing may take place independently of consent on the basis of statutory (e.g. Medical Device Law) principles. We will inform you accordingly in the given cases.

​

2. Necessary processing

If you consent we process the following User Data in order to be able to provide our services. If you do not consent to this necessary processing, you cannot use the services of Tracto. Your consent will be requested during the registration process and can be managed in the account settings.

​

2.1 Necessary and Optional User Data/Types of Information Collected

2.1.1 In order to protect your User Data, our services can only be used in connection with a user account. To create a user account we require and process the following User Data:

Email address

Password (we only save a checksum)

Tracto ID (we provide this after registration)

Registration date

Status of consents

When using the Tracto app: Device ID, manufacturer, device type, operating system version

Language, country, time zone

IP address.

​

2.1.2 All other information is optional and self-explanatory in the entry masks. These optional entries include:

Personal Master Data: First name, last name, address, date of birth/age, gender, relationship, telephone number.

​

Medical Master Data: Diagnosis, diagnosis year, symptoms, height, weight, meter/therapy device, medication, notes.

​

Commercial and Usage Data: App store download, purchase, invoices, payment status, payment method (credit card, bank account, etc.) insurance number, Tracto Premium status, vouchers used, IP address, device ID, operating system, browser type and version, token, activity events for customization, support queries.

Medical Data: App entries such as date/time/timezone/place, type and duration of interventions/activities, notes/text, weight, mood, concentration, steps, images/photos, medication, tags, points, imported values, sensor data such as start date/time, end date/time, time zone, sensor value, type, date, app settings such as display options, activated integrations.

​

2.2 Necessary purposes

2.2.1 The processing of your User Data is necessary to provide our services:

Order, delivery, support, and billing of our products (including goods from our cooperation partners) require the entry and processing of certain data in order to process your order.

​

Installation of our app leads to technical and device-related data recordings such as the device ID.

Registration leads to the creation of your Tracto ID.

​

Provision of our services requires your active and voluntary entry of data depending on the function; each function describes which data is needed for what purpose.

​

Communication by Tracto with you within our apps or via other electronic messaging services (e.g. email, instant messaging, telephone) is required where necessary to support or troubleshoot our products. For example, you may access our support service at support@tracto.app. Please carefully consider what information and data you want to give us in your communication with us – this is solely your decision. For our part, communication with users may be necessary either by email, in-app card, or push notification. This is how we inform you about updates to our products and provide important security advice and product assistance. This support communication – as an essential part of our products – is sent to users notwithstanding whether they have subscribed to our Newsletter or not.

​

Medical devices can be paired with your mobile device which enables data to be transferred to our apps.

Health apps, like those by Apple, and other connected services also enable data to be exchanged with our apps. Synchronization only takes place if you activate this in the settings of our apps, i.e., by using the function.

​

2.2.2 Use of our apps and extensions requires you to actively and voluntarily enter data. You will find additional selection options in the settings of our apps. For instance, to troubleshoot the app, we will request crash reports to determine the circumstances of the problem. In addition, the key data from your device and your usage behavior are recorded in order to provide customized products.. We do perform an automated analysis of your behavior solely for the purpose of customizing your use of the mobile application.

​

3. Processing for product improvement

If you consent, we also process your User Data beyond the necessary usage described in section 2 to improve our products and services as described in more detail below.

​

3.1 Additional data

In general, we use the same User Data to improve our products as stated in section 2. In addition, Tracto can also record the following User Data:

Usage Data Activity events that allow us to understand how you use our products. This enables us to see how our products are used and for example where menu designs can be optimized.

​

3.2 Purpose of product improvement

We have to continually analyze, develop, test, and improve our products, in order to ensure that our content benefits users in the most effective way. To do this, we analyze usage and incorporate learnings into improved new versions of our products. These improvements are also provided to you via regular updates.

​

4. Processing for marketing purposes

4.1 Newsletter

4.1.1 We would like to send you interesting information on products and services (including information from carefully selected partners) and invitations to participate in surveys or other sales promotion and marketing activities (all abbreviated as “Newsletter”).

4.1.2 You can select whether you want to subscribe to our Newsletter. You can revoke your consent (opt out) at any time via the link in the Newsletter or the account settings.

​

4.2 Other marketing

4.2.1 Other consents, e.g. for surveys, notifications, or customized offers, are obtained as required when you are logged in. We always explain to you why we need certain data and also how you can revoke the consent.

4.2.2 Please be aware that we may show you offers in the app without processing your personal data. You will also see these non-customized advertisements if you have not provided consent.

​

5. Usage for statutory purposes

5.1 Scientific research and statistics

Tracto is committed to the science of all aspects of ADHD and comorbid conditions. Therefore, anonymous User Data can also be used for the purposes of research and statistics (always whilst complying with the recognized ethical scientific standards) and internal analyses. This anonymous data is used mainly to determine and improve the effectiveness of techniques for controlling and treating ADHD. As an Dutch company, Tracto is required to comply with European data protection laws, including the EU General Data Protection Regulation (GDPR). Under the GDPR, all processing of personal data requires a legal basis. Our legal basis under the GDPR for processing personal data for scientific research purposes is found in Article 9 (2) j) of the GDPR.

​

5.2 Enforcement of rights

The use of personal data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data is permitted by law without your consent. As mentioned above, all processing requires a legal basis under the GDPR. For processing personal data for the enforcement of rights, the legal basis is found in Article 9 (2) f) of the GDPR.

​

5.3 Under Medical Device Law

Finally, as the manufacturer or distributor of a medical device, we are subject to increased requirements for monitoring the functionality of our product. This vigilance system required for regulatory purposes may also involve the processing of personal data. As mentioned above, all processing requires a legal basis under the GDPR. For processing personal data for monitoring the functionality of our product, the legal basis is found in Article 9 (2) i) of the GDPR.

​

6. General information

6.1. Purpose limitation and security

6.1.1. Tracto uses your personal data exclusively for the purposes stated in this privacy notice and the relevant consents. We ensure that each processing is restricted to only that which is necessary.

​

6.1.2. We take measures to protect the security and confidentiality of your personal data. This includes technical and organizational measures to protect your data from unauthorized and illegal processing, unintentional loss, unintentional destruction, or damage. We use strict internal processes, security features, and the latest encryption methods, always taking into account state-of-the-art technology and implementation costs.

​

6.2. Processors

6.2.1. For technical support we may use curated third-party suppliers (all hereinafter referred to as “Processors”) in order to provide you with optimal support.

​

6.2.2. Tracto transfers User Data to Processors exclusively within the framework of this privacy notice and only to fulfill the stated purposes. Processors work according to our specifications and instructions; they are not permitted to use the personal data of our users for other purposes.

​

6.3. Encryption, pseudonymization, and anonymization

6.3.1. Each data transfer – without exception and by default – is encrypted during transfer. We use HTTPS (hypertext transfer protocol secure) to protect your data from interception by unauthorized third parties.

In addition, for the purposes of data security and minimization, we also use other processes for the encryption and pseudonymization of User Data. Of course this depends on the type, scope, and purpose of the relevant data processing and takes into account the latest technology. For example, a processor does not receive any User Data that is not required for their tasks.

​

6.3.2. After ending the contractual relationship with the relevant processor, the processor must – at the discretion of Tracto – either return all of our User’s Data or delete it if there are no statutory storage obligations.

​

6.3.3. Data that requires no personal reference for processing (e.g. for research and analysis) is subject to anonymization. This prevents a connection to a specific user being made.

​

6.4. Third-Party Suppliers

6.4.1. From time to time, we may use third parties to provide products, services or otherwise support our business or collaborate with third parties with respect to development, promotion or other business activities related to a particular product or service. As a result, we may disclose User Data to contractors, service providers and other third parties but such disclosure will be limited to enabling those third parties to provide their products or services. To the extent a third party’s Privacy Policy separately governs their use of your data obtained via Tracto, you will be notified and given an opportunity to review such terms. We may also disclose Personal Information to our subsidiaries and affiliates.

​

6.4.2. In the event of a change of ownership, sale, merger, liquidation, reorganization or acquisition of Tracto, in whole or in part, your information may be transferred as part of the transaction, including during the due diligence process, as long as, the party acquiring such information agrees to be bound by the terms of this Privacy Policy.

​

6.4.3. We may also release your Personal Information to third parties as required by law, when we believe disclosure is necessary to comply with a legal or regulatory requirement, judicial proceeding, court order or legal process served on us, to protect the safety, rights or property of patients, customers, the public or Tracto or defend Tracto and its officers, directors, employees, attorneys, agents, contractors and partners, in connection with any legal action, claim, or dispute.

​

6.5. Categories of recipients

6.5.1. Our cooperation partners are bound by the agreements signed with Tracto as well as by the GDPR and only process data according to our instructions. We provide our Users’ Data only to fulfill the contract:

Manufacturers and suppliers require personal data to handle orders for goods. 

​

Insurance companies may exchange data with us if our products are offered to you by your health insurance provider (government or private). Bookkeeping and payment service providers support us in the ongoing billing of our chargeable products.

​

Customer support services and their tools help our customer support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.

​

Analytics service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future. 

Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.

​

Hosting and cloud service providers and their tools are used to store data and to produce anonymized analyses (see section 2.4 above).

 

6.5.2. Please note that you have the option to directly share certain data with a third party from within our products. This relates, e.g., to reports generated in our apps and communication with your healthcare professional. You are solely responsible for such data transfers.

​

6.6. Usage data

In the publicly accessible section of our website (no login) we use Google Universal Analytics, a web analysis service by Google Inc. (“Google”). Google is certified under the EU-US Privacy Shield; we also have a processing contract in place with Google.

​

Google Universal Analytics uses “cookies” (see above) to enable analysis of your website use and these may be stored for up to 2 years if you do not delete them before that time. The information generated by the cookie on your use of our website is generally transferred to and stored on a Google server in the USA. We have extended Google Analytics on our website to include the “gat.anonymizeIp();” code in order for IP addresses to be recorded anonymously.

​

6.7. Storage and deletion

6.7.1. Your User Data is stored on your device. This data is also stored on our servers. We only use systems that meet the GDPR requirements.

​

6.7.2. Regardless of the storage location we follow industry standards to comply with applicable data privacy laws – of course this also applies to data that is stored temporarily at another location or is transferred for processing.

​

6.7.3. As a rule, Tracto only stores your personal data for the duration of the contract. In exceptional cases, longer storage may be required in order to fulfill post-contractual obligations or to comply with statutory storage obligations or disclosure duties, or to assert, exercise, or defend legal claims (limitation periods).

​

6.8. Minors

6.8.1. Minors only permitted to use our products with the consent of a parent/guardian (see section 3.2.3 of our General Terms and Conditions). This also applies to processing their personal data, which is only legal if and to the extent to which the consent has been obtained by and through the parent/guardian. Otherwise use of our products is prohibited.

​

6.9. Data protection officer

6.9.1. Our data protection officer is available to answer all data protection questions at privacy@tracto.app . The data protection officer monitors – independently and not bound by instructions – compliance with all data protection regulations and is subject to strict statutory secrecy and confidentiality obligations.

​

6.9.2. The data protection officer is widely involved in all questions associated with protecting the personal data of our users. As trained experts they monitor our processing on an ongoing basis, inform, and advise the whole Tracto team on an ongoing basis in order to ensure the best-possible protection of your User Data.

​

6.10. Changes

6.10.1. As technology and processes in the Internet and the data protection legislation are constantly being developed, we have to undertake changes from time to time. We will inform you of changes by appropriate means whilst granting an appropriate advance notice period and if necessary obtaining new consents.

6.10.2. Unless otherwise provided by this privacy notice, the same term definitions apply as in our terms and conditions.

​

7. Your rights

7.1. Revocation of consents

If we process your User Data based on your consent, you can revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.

​

7.2. Information, correction, and restriction

7.2.1. Each user has the right to request information on the processing of their personal data. To do so, please contact us at any time at privacy@tracto.app.

​

7.2.2. Your right to information covers information on the processing purposes, data and recipient categories, storage time, origin of your data, and your rights under data protection laws. You can find all of this information in this privacy notice and we are happy to provide it to you in an electronic form.

​

7.2.3. Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data yourself in our apps. You have the right to restrict data processing for the duration of any investigation on your request.

​

7.3. Deletion (“right to be forgotten”)

Each user has the right to request the deletion of their personal data. To do so, please contact us at any time at support@tracto.app.

​

7.4. Ability to transfer data

Finally each user has the right to request that we provide an overview of their personal data to another responsible party, if this is technically feasible.

​

7.5. Complaints

7.5.1. If you feel we are not protecting your data protection rights adequately, please contact us at any time at support@tracto.app or contact our data protection officer directly at privacy@tracto.app.

​

7.6. Your California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us via support@tracto.app.

​

Thank you for your confidence in us.

Privacy Policy (South Africa)

Updated June 30, 2021

​

BY ACCESSING AND USING THIS WEBSITE AND/OR OUR SERVICES, THE USER IS PROVIDING HIS/HER EXPRESS AND VOLUNTARY CONSENT TO THE PROCESSING OF THEIR PERSONAL INFORMATION BY AUGMENTAL TECHNOLOGIES PTY LTD (“THE COMPANY’) ON THE BASIS SET OUT IN THIS PRIVACY NOTICE. IF THE USER DOES NOT CONSENT, THE USER MUST IMMEDIATELY STOP ACCESSING AND/OR USING THIS WEBSITE AND OUR SERVICES.

​

Introduction

  1. THE COMPANY collects, uses and, in some circumstances, shares the personal information of Users in and through this website and during the provision of services to you.

  2. THE COMPANY respects the rights of Users whose personal information is collected and used by it, including their right to protection against the unlawful collection, retention, sharing and use of such personal information.

  3. The purpose of this Privacy Policy is to provide Users with information about the information processing activities of THE COMPANY and the manner in which their rights are protected.

  4. This Privacy Policy shall serve as a notification to Users about THE COMPANY’s processing activities which will remain valid for as long as one has an active account with or is using the services of THE COMPANY, including the browsing of this website. Users will not be notified separately on each occasion that THE COMPANY processes the same personal information in the same way over the period.

  5. THE COMPANY may amend the provisions of this Privacy Policy to comply with any changes in the law, and/or pursuant to any changes to its information processing activities or privacy practices. Such amendments will be published on the website and will become operable from the date of such publication.

  6. This privacy policy, and the interpretation and enforcement thereof, will be governed by the laws of the Republic of South Africa.

  7. The provisions of this Privacy Policy is, as far as possible, be incorporated into any agreement between THE COMPANY and Users.

 

Definitions and Interpretation

  1. In this Privacy Policy, the following words bear the following meanings:

    1. ‘’consent’’ means any voluntary, specific and informed expression of will in terms of which permission is given by or on behalf of a User for the processing of their personal information;

    2. ‘‘direct marketing’’ means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply any goods or services to the data subject;

    3. ‘’information officer’’ means the Information Officer of THE COMPANY;

    4. ‘‘operator’’ means an outside third party who processes personal information for or on behalf of THE COMPANY in terms of a contract or mandate;

    5. ‘’PAIA’’ means the Promotion of Access to Information Act 2 of 2000;

    6. ‘’personal information’’ means any information linked to a User or information that can identify a User, including but not limited to:

      1. information relating to a User’s gender, nationality, ethnic or social origin age, language;

      2. a User’s e-mail address, physical address, telephone number, location information or online identifier;

      3. a User’s financial information including banking details and invoice information;

      4. a User’s personal opinions, views or preferences;

      5. correspondence sent by a User which is of a private or confidential nature;

      6. the User’s special personal information, including without limitation information about a User’s health; and

      7. the User’s name if it appears with other personal information relating to that User, or if the disclosure of their name on its own would reveal further personal information about that User;

    7. ‘’POPIA’’ means the Protection of Personal Information Act of 2013, including any regulations or codes of conduct promulgated under it;

    8. ‘’process” or “processing’’ means, in relation to personal information, any operation or activity or any set of operations, whether or not by automatic means, including:

      1. collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of that information;

      2. dissemination by means of transmission, distribution or making available in any other form; or

      3. merging, linking, as well as restriction, degradation, erasure or destruction of that information;

    9. “special personal information” means the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or any biometric information of a User; and may include criminal behaviour of a User to the extent such data relates to the alleged commission of the User of an offence or any proceedings in respect of any offence allegedly committed by a User or the disposal of such proceedings

    10. “services” means the services provided to any User by THE COMPANY;

    11. ‘’User’’ means a visitor or user of this website or our products, or any of the content or services associated with this website or our products; and

    12. ‘’the website’’ means the website or application or any part thereof which is accessible from http://www.augmentaltech.com.

  2. Any reference in this Privacy Policy to:

    1. the singular includes the plural and the other way around;

    2. any one gender includes the other genders, as the case may be;

    3. an act, regulation or other law is to the version of that law in force at the effective date of this Policy and includes any amendment or re-enactment made to that law after the effective date of this Policy.

  3. When calculating any number of days for the purposes of this Policy, the first day must be excluded and the last day of the relevant interval included, unless the last day is not a business day, then the last day will be the next succeeding business day.

  4. The word "include" means "include without limitation". Use of the word ‘’include’’ or ‘’in particular’’ is for illustration or emphasis only and where followed by specific examples must not be interpreted as limiting the meaning of the general wording preceding it.

  5. A requirement that any Policy, request, demand or other communication made in terms of this Privacy Policy must be in writing will be met if it is in the form of a data message as defined in the Electronic Communications and Transactions Act, No. 25 of 2002, and is accessible in a manner usable for subsequent reference, provided that this policy may not be amended as such. 

 

Responsible Party

  1. THE COMPANY will be the party who will be collecting and processing a User’s personal information and as such is designated as the ‘’responsible party’’ for the purposes of this Policy.

  2. THE COMPANY‘s contact details are as follows

    1. Email: privacy@augmentaltech.com

    2. Website address: http://www.augmentaltech.com 

  3. THE COMPANY may instruct third party operators from time to time to undertake certain processing activities relating to the User’s personal information.

 

What Personal Information is Collected

  1. Such purposes may include the following:

    1. Personal information - such as your name, date of birth, home language, address, account information and email address).

    2. Your contact with us - such as a note or recording of a call you make to our call centre, an email you send to us or other records of any contact you have with us.

    3. Account information - such as product type, dates of payment owed and received, top up information or any other information related to your account.

    4. Commercial and Usage Data: App store download, purchase, invoices, payment status, payment method (credit card, bank account, etc.) insurance number, Tracto Premium status, vouchers redeemed, IP address, device ID, operating system, browser type and version, token, activity events for customization, support queries.

    5. Personal Master Data: First name, last name, address, date of birth/age, relationship, gender, telephone number.

    6. Medical Master Data: Diagnosis, diagnosis year, symptoms, height, weight, meter/therapy device, medication, notes.

    7. Medical Data: App entries such as date/time/timezone/place, type and duration of interventions/activities, notes/text, weight, mood, concentration, steps, images/photos, medication, tags, points, imported values; sensor data such as start date/time, end date/time, time zone, sensor value, type, date app settings such as display options, activated integrations.

  2. The supply of personal information by the User to THE COMPANY is voluntary and not mandatory. However, if the User refuses to supply any personal information, certain consequences may naturally flow from such a refusal, such as preventing THE COMPANY from concluding or performing any contract with the User, or preventing THE COMPANY from complying with one or more of its obligations in law.

  3. There are certain laws which require or authorise THE COMPANY to collect a User’s personal information.

 

Purpose/s for Collection and Processing of Personal Information

  1. THE COMPANY shall only collect a User’s personal information for a specific, explicitly defined and lawful purpose relating to a function or activity of THE COMPANY‘s business.

  2. Such purposes may include the following:

    1. to enter into a contract with a User;

    2. to perform any obligations under a contract with a User;

    3. to comply with a legal obligation;

    4. to protect a legitimate interest of a User (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);

    5. to pursue its own legitimate interests or the legitimate interests of a third party who it is sharing the information with (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);

    6. to process personal information for direct marketing purposes (only if the User has opted in to receiving any direct marketing material);

    7. to customise and display content to the User in a way that THE COMPANY feels may interest the User or be most beneficial to them;

    8. to send content including, but not limited to products, articles, listings and advertisement content to the User via email or other electronic media, where the User has consented to be contacted by THE COMPANY with such content;

    9. to enable the User to voluntarily participate in interactive features;

    10. to notify the User about changes to the website or services.

  3. If THE COMPANY intends to process a User’s personal information for any other purpose not listed in clause 5.2 or which is otherwise not automatically permitted by law, it shall ensure that it obtains the User’s written consent to do so.

  4. THE COMPANY will not sell a User’s personal information to any third party without the prior written consent of the User.

 

Collection Directly from User

  1. THE COMPANY shall, as far as possible, collect personal information about a User directly from the User, except in the following circumstances:

    1. where personal information is available in a public record;

    2. where the User has given their written consent to THE COMPANY to collect their information from another source;

    3. where it is more practicable to collect the information from another source;

    4. where the collection of a User’s personal information from another source will not prejudice any of the User’s legitimate interests;

    5. where the collection of personal information from another source is necessary to maintain THE COMPANY’s legitimate interests or those of any third party it intends sharing the information with;

    6. where the collection of personal information directly from the User would prejudice the purpose for the collection;

    7. where the collection of personal information directly from the User is not reasonably practicable in the circumstances.

  2. If THE COMPANY collects personal information from a source other than the User, it shall record in writing the details of that source, including the full names and contact details of that source where applicable.

  3. THE COMPANY may use Cookies on this website:

    1. through the use of an iOS or Android application;

    2. through the use of the service via a computer or mobile browser;

    3. when requesting further services or information from THE COMPANY;

    4. when contacting THE COMPANY to report a problem with the website or the services or for any other reason;

    5. when completing any forms on the website.

  4. The User may visit the website without providing any personal information. However, the website’s servers may still collect technical information regarding the use of the website, which is aggregated for analytical purposes, technical maintenance and for improving the content offered on the website. Such information may include details of the User’s visit, information about the User’s computer, including IP (Internet Protocol) address, operating system and browser type, the User’s location, and usage information. An individual User will not be identified from or by this information and THE COMPANY is entitled to copy, distribute or otherwise use such information without limitation.

 

Cookies

  1. “Cookies” are small text files transferred by a web server to a User’s hard drive and thereafter stored on their computer. The types of information a Cookie collects includes a User’s username, the date and time of their visits to the website, their browsing history and preferences.

  2. THE COMPANY may use Cookies on this website to:

    1. distinguish one User from another on the website;

    2. remember the User’s last session when they return to the website;

    3. estimate the website's audience size and usage patterns;

    4. store information about the User’s preferences, which allows THE COMPANY to customise the website and content according to the Users individual preferences; and

    5. speed up searches on the website.

  3. The provisions of this clause are only applicable to Cookies used by THE COMPANY. In some instances, third-party service providers may use Cookies on the website. THE COMPANY cannot and does not control or access Cookies used by third party service providers and therefore takes no responsibility.

  4. The User has the right and ability to either accept or decline the use of Cookies on their computer’s web browser, whether they are logged in as a member, or simply casually visiting the website. However, declining the use of Cookies may limit a User’s access to certain features on the website.

 

General Conditions for Processing Personal Information

  1. THE COMPANY shall comply with all laws, contracts or regulations when it processes a User’s personal information.

  2. THE COMPANY shall not act unreasonably when processing a User’s personal information. This means that it will collect and process a User’s personal information in a way that the User can reasonably expect and in a way that is fair.

  3. THE COMPANY shall respect the User’s right to privacy at all times. If there is another way in which it can achieve the same goal without posing any risk of harm to the privacy rights of the User, then it will choose that option.

  4. Similarly, if THE COMPANY needs to process personal information but there are less privacy-invasive methods of collecting, using and sharing that information, then it will use those methods.

  5. THE COMPANY shall ensure that the personal information that is collected and processed is and remains relevant to the identified purpose/s for such processing, and that such information is and remains adequate, but not excessive, for achieving the identified purpose/s.

  6. If there are any alternative ways to achieve the identified purpose/s without processing personal information, THE COMPANY shall not process that personal information.

  7. THE COMPANY shall ensure that the processing activities it chooses to apply are proportionate to achieving the identified purpose/s and that no less privacy invasive measures are available to achieve the same purpose/s.

  8. THE COMPANY shall ensure that, regardless of the stated purpose/s for processing personal information, the rights and interests of Users will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.

  9. THE COMPANY shall be entitled to store the personal information of Users indefinitely unless the User objects thereto. In the event a User objects to the indefinite storage, once THE COMPANY has achieved the purpose for the collection of the User’s personal information, it will destroy or delete such information, unless the User has directed otherwise in writing, or THE COMPANY is required by law to retain the information for a longer period of time.

  10. If THE COMPANY no longer needs to process personal information to achieve the purpose originally specified, it will stop using that information.

 

Disclosure and Sharing of Personal Information

  1. THE COMPANY may, in the course of providing any content or services on this website, or for the purposes of concluding or performing any other services or transaction with a User, share certain personal information with third party operators who perform certain processing activities on behalf of THE COMPANY.

  2. The information shared and the categories of third party operators with whom it is shared will always be notified to you prior to being shared. Notwithstanding the aforegoing, you consent to us sharing your personal information with the following operators:

    1. Partners or agents involved in delivering the products and services to the User.

    2. Partners or agents that conduct client satisfaction surveys and any other surveys related to the products or services provided to the User.

    3. Law enforcement agencies, regulatory organisations, courts or other public authorities if THE COMPANY have to, or are authorised to by law.

    4. THE COMPANY will release information if it’s reasonable for the purpose of protecting it against fraud, defending its rights or property, or to protect the interests of its Users.

    5. If THE COMPANY is reorganised or sold to another organisation, it may transfer any personal information it holds about the User to that organisation.

  3. THE COMPANY may also share aggregated information about Users of this website and their usage patterns. Such aggregated information will be de-identified and the User’s personal information will not be disclosed.

  4. Other than as stated in clause 9.1 and 9.3, THE COMPANY shall not share a User’s personal information with any third parties unless it has the User’s express consent to do so.

 

User's Rights in Relation to the Processing of their Personal Information

  1. Users shall have the following rights in relation to the processing of their personal information:

    1. to access and correct any personal information held by THE COMPANY about them;

    2. to object to the processing of their information; and

    3. to lodge a complaint with the Information Regulator (https://justice.gov.za/inforeg/).

  2. Users may make a request in terms of clause 10.1.1 by following the process for making such a request as set out in THE COMPANY’s PAIA manual.

 

Further Processing

  1. THE COMPANY shall not process a User’s personal information for any purpose not previously specified except in the following circumstances:

    1. where the User has consented to such further processing;

    2. where the further processing is necessary for the exercise of any contractual rights or the fulfilment of any obligations between THE COMPANY and the User;

    3. where the further processing activities are linked to or compatible with the original purpose;

    4. where the further processing is necessary for the prevention, detection, investigation, prosecution and punishment of an offence;

    5. where the further processing is necessary to enforce any law;

    6. where the further processing is necessary for the conduct of legal proceedings in any court or tribunal that have commenced or are reasonably contemplated;

    7. where the further processing is necessary to prevent or mitigate a serious and imminent threat to the life or health of the User or another individual;

    8. where the further processing is necessary for historical, statistical or research purposes.

  2. THE COMPANY shall ensure that if it intends processing personal information for other purposes not previously specified, it shall notify the User of such further purposes and the possible consequences of the intended further processing for the User.

 

Accuracy, Correctness and Completeness of Personal Information

  1. THE COMPANY shall take reasonably practicable steps to ensure that the personal information kept by it about Users is complete, accurate, not misleading and is updated when necessary.

  2. However, if a User is aware of any personal information in THE COMPANY’s custody that is incorrect, inaccurate or which needs to be updated, the User must make a written request to THE COMPANY’s information officer at privacy@augmentaltech.com to update or correct the relevant information.

  3. If a User has contested the accuracy of any personal information being used by THE COMPANY, it shall immediately stop using that information until its accuracy has been verified, if it is reasonably practicable to do so.

  4. THE COMPANY reserves its right to only adhere to a request from a User in terms of clause 12.2 if the correction or updating of that information will result in the personal information being correct and accurate.

 

Security Safeguards

  1. THE COMPANY is committed to protecting the personal information in its custody against any loss of, damage to or unauthorised destruction of that information, and to prevent any unauthorised parties from accessing that information.

  2. THE COMPANY takes steps to continually identify and document any risks to the personal information it has in its possession or under its control and that appropriate security safeguards are in place against those risks.

  3. THE COMPANY shall ensure that in any contracts entered into with third party operators who process personal information on THE COMPANY’ behalf, include the following obligations:

    1. the operator shall not process any personal information without THE COMPANY’s knowledge and authority;

    2. the operator shall treat all personal information given to it as confidential and shall not disclose it to any unauthorised third parties;

    3. the operator shall establish and maintain adequate security measures which are the same or offer similar protection over the personal information as that employed by THE COMPANY;

    4. the operator shall notify THE COMPANY immediately where there are reasonable grounds to believe that any personal information has been leaked to or accessed by any unauthorised person;

    5. if the operator is situated in another country, it must comply with the data protection laws in that country and be able to provide verification that it is so compliant;

    6. if an operator is legally obliged to disclose any personal information processed by them on THE COMPANY’ behalf to other parties, it must notify THE COMPANY beforehand to enable THE COMPANY and/or individual Users to protect their rights if necessary.

  4. THE COMPANY shall ensure that all personal information on its systems is properly backed-up and that back-up copies are stored separately from the live files.

 

Notification of Breach of Security

  1. If personal information about a User is inadvertently leaked or THE COMPANY’s security has been unlawfully breached by any unauthorised party, THE COMPANY shall immediately identify the relevant Users who may be affected by the security breach, and shall contact them at their last known email address or contact details or by the quickest means possible.

  2. THE COMPANY shall provide sufficient information to the User to allow him or her to take the necessary protective measures against the potential consequences of the compromise, or shall advise Users of the steps to be taken by them and the possible consequences that may ensue from the breach for them.

 

Cross Border Transfers of Personal Information

  1. The User consents that personal information (including special personal information) may be transferred transborder, even to countries without data protection laws similar to those of South Africa, for storage purposes, or if it is in THE COMPANY’s legitimate interests or those of a third party to do so.

 

Retention of Information

  1. The User consents that THE COMPANY may keep record of his/her personal information for an indefinite period of time, unless User objects. In such cases THE COMPANY will only keep such records if it is lawfully entitled or obliged to do so.

 

Returning, Destroying or Deleting Personal Information

  1. Where THE COMPANY is no longer authorised to retain a record of any personal information, it shall either:

    1. ensure that the information is permanently destroyed or deleted as soon as reasonably practicable; or

    2. return the information to the User or transfer it to a third party, if requested by the User in writing to do so.

 

Consent

  1. The User hereby consents to the processing of their personal information in terms of the provisions of this Privacy Policy.

  2. The User acknowledges and agrees that such consent has been given voluntarily after the User has read and understood the provisions of this Privacy Policy, in particular, regarding the following:

    1. the types of personal information to be processed, including specifically special personal information;

    2. the specific processing activities to be undertaken;

    3. the specific purpose/s for such processing; and

    4. the possible consequences for the User that may arise from such processing.

  3. Should a User wish to withdraw any consent previously given by the User, they must notify THE COMPANY’s information officer in writing.

​

Lodging an Objection

  1. A User may, on reasonable grounds, object to the processing of their personal information at any time after that processing has started.

  2. If a User wishes to object to the processing of their personal information, they should contact THE COMPANY’s information officer in writing and provide reasons for doing so. Users may use the process and forms contained within THE COMPANY’s PAIA manual available on our website.

 

Choice of Law

  1. This Privacy Policy shall be governed and interpreted in accordance with the laws of the Republic of South Africa.

  2. Amendment of this Privacy Policy

    1. THE COMPANY reserves the right to change, update, add, remove and/or amend any of the provisions of this Privacy Policy from time to time. Such changes, updates, additions, removals or amendments will become effective from the date of their publication on this website.

    2. It is the User's obligation to periodically check the provisions of this Privacy Policy for any such changes, updates, additions, removals or amendments.

    3. The User's continued use of this website following any changes, updates, additions, removals or amendments to this Privacy Policy will be considered Policy of the User's acceptance to abide by and be bound by this Privacy Policy, as amended.

 

Contact

For more information on your rights to privacy over your information, or the information processing activities of THE COMPANY, please do not hesitate to contact us directly at privacy@augmentaltech.com.

​

bottom of page