Privacy Policy. 

What does this Privacy Policy Cover 

CONSUMPTION INFORMATION REAL TIME (PTY) LTD AND ITS SUBSIDIARIES INCLUDING BUT NOT LIMITED TO CIRT RETAIL INTELLIGENCE SOLUTION (PTY) LTD (“​RIS”​) respects your privacy and is committed to protecting your Personal Data. ​We want to be transparent with you about how we collect and use your Personal Data in making available (i) the RIS website ​www.cirt.co.za​ (the “​Sites​”) (ii) the RIS mobile application and whitelabel derivatives thereof is a self shopping / checkout mobile application for Android and iOS ​(add links to apps)​, (the “​Apps​”), (iii) the RIS Q-Hop self check-out kiosk that weighs the purchased items and may contain a camera for product recognition (the “​KIOSK​”), and (iv) our partners in creation this solutions AuthGate describe their Terms of Use available at https://authgate.com/termsofuse​ (together with the Sites, Apps and the Kiosk, the “​Services”​) and tell you about your privacy rights and how the law protects you.

This Privacy Policy aims to clarify how CIRT collects and processes Personal Data of individuals that uses the Services, including any data you may provide using the Services.

The Privacy Policy creates surety and Transparency around Services under the ​General Data Protection Regulation (“​GDPR”), Protection of Personal Information Act​ 4 of 2013 (“​POPI​”) and ​Consumer Protection Act​ 68 of 2008 (“​CPA​”) of South Africa. 

We will post and notify individuals on any modifications or changes to this Privacy Policy on this page.

RIS is the Controller (for the purposes of the GDPR) of your Personal Data (referred to as either ​RIS​, ​we​, ​us​ or ​our​ in this Privacy Policy).

How to contact us.

You can contact us by emailing: ​support@q-hop.com​, on any query related to a Service. Questions, comments or concerns regarding this Privacy and Cookie Policy or our use of your personal data are welcomed.

Understanding rights of your Personal Data

Your rights retained on your Personal Data

Under certain circumstances, by law you have the right to:

● Request access to your Personal Data​. Acquiring a copy of our Personal Data to determine that we are lawfully processing it.

● Request correction of the Personal Data that we hold about you​. Inform us of any incomplete or inaccurate information we hold.

● Request erasure of your Personal Data​. Request the removal of Personal Data where there is no good reason to retain and to process it. You may also request us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).

● Object to processing of your Personal Data​. The right to object to processing your Personal Data for direct marketing purposes.

● Request the restriction of processing of your Personal Data​. Request to suspend the use of Personal Data, for example to determine its accuracy or the reason for processing it.

● Request the transfer of your Personal Data​. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

● Withdraw consent​. Consent withdrawal may result in us, not able to provide you with access to the certain specific functionalities of our Services. We will notify you this is applicable at the time you withdraw your consent.

How to exercise your rights

To exercise your rights described above, please contact us using the contact details under How to Contact Us.

Typically, there is no charge to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply under these circumstances.

We may as a security precaution require specific information from you to assist in confirming your identity and ensure your right to access the Personal Data (or to exercise your rights). We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Your request may take longer if particularly complex or you have made a number of requests. In such a case, we will notify you and keep you updated.

 

 

Complaints

Any complaints regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us using the contact details shown under Contact Us.

If your request has not been adequately resolved to your liking, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the ​Information Commissioner’s Office​.

Marketing communications preferences

You may occasionally receive push notifications from our Apps containing marketing materials. If you prefer not to receive push notifications, you may disable it at any time in your device’s app settings.

When opting out of push notifications, you may still receive support and administrative emails from time to time regarding your use of the Services including, for example, changes to our terms and conditions and policies, updates to our Services and security alerts.

What Personal Data we collect 

All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below. 

GDPR’s definition of ​Personal Data ​can be found ​here​. Essentially, it boils down to: information about an individual, from which that individual is either directly identified or can be identified. 

Anonymous data is ​not​ included (i.e., information where the identity of the individual has been permanently removed).

However, it ​does​ include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).

 

Category of Personal Data collected 

What this means 

 

Identity First name, surname, date of birth.

Contact Email address, telephone numbers and address.

Financial No​ financial or payment credentials are stored, only selected payment methods are stored.

Transaction Any details about payments to and from you and other details of services you have purchased from us. Data in respect of your transactions with third parties.

Service Your data that you provide to us when you report a problem or ask a question in respect of our Services or when you request further services from us. If you

contact us, we may keep a record of that correspondence.

Technical This includes:

● Device information: We may collect information about the device you

use to access the Services, including time zone setting and location,

operating system and platform, mobile network information,

telephone number and other technology on the devices you use to

access our Services.

● Location information: When you use one of our location-enabled Apps

or Services, we may collect and process data about your actual

location.

● Video footage: When you use the kiosk all video footage will only be

used to identify purchased items, and will ​not​ be used for any other

processes, identification, shared with a third party, retained for

extended periods or leave our system.

● Log information: We may automatically collect and store certain

information about your use of the Services in server logs, including but

not limited to internet protocol (IP) addresses, internet service

provider, clickstream data.

● Unique application numbers: When you install or uninstall an App

containing a unique application number or when such an App

searches for automatic updates, that number and information about

your installation, for example the type of operating system, may be

sent to us.

Aggregated Data 

We also collect, use and share ​Aggregated Data​ such as statistical, shopping habits or demographic data as deemed fit. Aggregated Data may be derived from your Personal Data, but once in aggregated form users does not directly or indirectly reveal your identity and will not be considered Personal Data for the purposes of the GDPR. For example, we may aggregate any Behavioural or Usage Data for marketing, shopping habits or brand preferences. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

No Special Categories of Personal Data

We do not collect any ​Special Categories of Personal Data​ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your Personal Data and why

We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.

What is our legal basis for processing your Personal Data?

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legal basis for that use. Most commonly, we will rely on one of the following legal bases:

● Where we need to perform a contract we are about to enter into or have entered into with you (​Contractual Necessity​).

● Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (​Legitimate Interests​). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below.

● Where we need to comply with a legal or regulatory obligation (​Compliance with Law​). ● Where we have your specific consent to carry out the processing for the Purpose in question (​Consent​).

Generally we do not rely on your Consent as a legal basis for using your Personal Data.

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.

 

Purpose Category(ies) of Personal Data

involved

Why do we do this Our legal basis for this use of data

 

Account Creation ● Identity ● Contact

● Technical

To register you as a new customer. Contractual Necessity.

Contractual Necessity.

 

To process transaction

● Identity

● Contact

● Financial ● Transaction

To prevent theft items purchased, purchase history, selected payment method.

Contractual Necessity.

 

Troubleshooting ● Identity ● Contact

● Service

To track issues that might be occurring on our or partner systems and to notify you of updates and

Legitimate Interests. It is in our legitimate

 

● Technical ● Transaction

security alerts. interests that we are able to monitor and ensure the

proper operation of our

Services and associated

systems and services.

 

Data analysis, and improvements to our Services

● Identity

● Contact ● Service

● Behavioural ● Technical

To carry out audits and data analysis to identify usage trends, improve the Services and improve the effectiveness of our

communications.

Legitimate Interests.

It is in our legitimate interests that we are able to use audit and data analysis to improve the Services and improve the effectiveness of ourcommunications.

 

Customer Services ● Identity ● Contact

● Service

● Technical

Personalisation ● Identity ● Service

● Behavioural

● Technical

To provide customer service, including to respond to your enquiries and fulfil any of your requests for information in respect of the Services.

To personalise your experience on our Apps by presenting information tailored to you and your geographic location.

Contractual Necessity.

Legitimate Interests.

It is in our legitimate interests that we are able to provide a more

personalised service to you to improve your experience of the

Services.

 

Compliance with law and regulation

● All relevant data

We may use data as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process and our

regulators; (c) to respond to requests from public and

government authorities; (d) to enforce or apply this Privacy and Cookie Policy or our Terms of Use; (e) to protect our operations; (f) to protect our rights, privacy, property or safety, and/or that of you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Depending on the

circumstances, our legal basis may be:

● Compliance with a legal

obligation to

which we are

subject;

● Necessity to

protect your vital

interests or

those of another

person;

● Legitimate

interests.

 

Personal Data from Third Party Sources

Would we pull data in from other sources other than from usage of our application????????? How we use cookies & other tracking or profiling technologies.

RIS website cookie policy?????

Who we share your Personal Data with.

The table below describes who we share your Personal Data with, what we share and why we share it.

 

Recipients Category(ies) of Personal Data we

share.

Why we share it Location(s)

Our Affiliates ● Identity ● Contact

Service Providers ● Identity ● Contact

● Technical

Our affiliates help us provide our service

?

and help manage our customer

relationships (including providing

customer support, customer liaison etc).

Our service providers provide us with IT

?

and system administration services.

 

Professional

advisers

Regulators and other authorities

Analytics

Providers

Data transfers

● Identity

● Contact

● Identity

● Contact

● Behavioural ● Technical ● Transactional

Our lawyers, bankers, auditors and

?

insurers provide consultancy, banking, legal, insurance and accounting services.

Authorities may require reporting of

?

processing activities in certain

circumstances

Our analytics providers will use this

?

information for the purpose of evaluating your use of our Services, compiling reports on Service activity and providing other services relating to Service activity and internet usage. Our analytics

providers may also transfer this

information to third parties where

required to do so by law, or where such third parties process the information on our analytics providers’ behalf. Improving our classifications and analysis with respect to all aspects of the system.

 

To be completed after above table, depending where we host our services and where data will be transferred across borders

How we store your Personal Data securely.

We store all your Personal Data under appropriate security measures to it from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

We limit access to your Personal Data (as shown in the table above) to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.

How long we store your Personal Data.

We will only retain your Personal Data for so long as we reasonably need to use it for the purposes set out above How we use your Personal Data and why, or until you execute your rights to remove it, unless a longer retention period is required by law (for example for regulatory purposes).

The table below shows our standard retention practices:

 

Category of Personal Data

Retention period

 

Identity For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)

Contact For so long as you remain a customer of ours.

Transaction For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)

Service For so long as you remain a customer of ours.

Technical For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)

Third party links.

The Services may include links to third-party websites, plug-ins and applications. We are not responsible for the privacy or other practices of any such third parties. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Services, we encourage you to read the privacy policy of every site you visit.

© 2019 by Consumption Information Real Time (CIRT).