PLEASE READ THIS PRIVACY NOTICE CAREFULLY.
This data protection declaration clarifies the type, scope, and purpose of the processing (including the collection, processing and use as well as obtaining of consent) of Personal Data within our online offer and the websites, functions, and content connected with it (hereinafter jointly referred to as “online offer” or “website“, “platforms”). This Data Protection Declaration applies in a technology-neutral way, regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offer is executed.
We are committed to protecting your privacy as a user (referred to as “User“, “customer”, “you“, “your” or “Data subject(s)“), and we take our responsibility regarding the security of your Personal Data (defined below) very seriously.
Who is responsible for processing your Personal Data?
For the purposes of data privacy laws, principles, and regulations that may apply to the customer, South African Software Development Hub (referred to as “South African Software Development Hub”, “we“, “us” or “our“) is the “data controller” for all Personal Data that is collected from our customers and used by South African Software Development Hub
What Personal Data do we collect (including by automated means)?
We process users’ data in compliance with the General Data Protection Regulation (“GDPR”). This means that users’ data will only be processed if a legal basis is available under Art 6 GDPR, especially if it is required by law, if consent is given, or if the data is necessary for the provision of our contractual services (whether online or offline) or are necessary for us to pursue our legitimate interests.
We may ask for and collect your Personal Data (either directly through your use of the Platform or when you communicate with us in any other way, or indirectly through our third parties) in a number of ways to provide you with the services that you request.
“Personal Data” are defined under Art 4 (1) of the General Data Protection Regulation, as the information that can be used to identify you directly or indirectly as an individual, in order to provide you with the service. This includes, but is not limited to, information such as your name, date of birth, phone number, social media name, email address, IP address, location data, time zone, browser data, device data, language settings, details of services you have purchased, payment details, information about your access to our website, and other online identifiers that may help us to improve or personalize our services.
Why and how do we use your Personal Data?
In addition to the uses expressly mentioned in this Data Protection Declaration, users’ data will be processed for the following purposes, based on contractual necessity, consent of the user, or in pursuit of our legitimate interests:
Transfer and/or sharing of users’ data. We do not “sell” users’ data to any third parties within the meaning of the CCPA, please refer to our Additional Terms. We only share it if necessary for billing purposes or for other purposes if this is necessary to fulfill our contractual obligations.
To perform our legal obligations under national law or Union law, or for prevention of crime.
For the purpose of marketing our products and services, sometimes through third party websites or APIs
For communication purposes. This includes contact information you use to contact us (contact form and/or email) to enable us to process the inquiry and follow-up questions.
For statistical purposes to improve our services. For example, for confirmation of the age of majority of the users.
How do we protect your Personal Data (including retention periods)
We follow strict security procedures in the storage and disclosure of your Personal Data. These procedures are designed to protect your Personal Data against misuse, unauthorised access, modification or disclosure, and accidental loss, destruction, or damage. We take technical and organizational measures (TOMs) including but not limited to authentication of the user via email confirmation, setting up a firewall, use of a virus scanner against potential malware, and data backup on a weekly basis to safeguard your Personal Data.
Location of storing users’ data
We use Google Cloud to store all our data for processing purposes. Their data centers are located in the United States or other regions that may require transfer of data from the EU to other third countries. Google provides third-party ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701 and SOC 2/3 reports to comply with the GDPR requirements and provide services, such as conducting risk assessment and to determine whether appropriate technical and organisational measures are in place. After the invalidation of the Privacy Shield in CJEU case C-311/18, Google Cloud now uses Standard Contractual Clauses or Model Contract Clauses (MCCs) for compliance with privacy regulations including the GDPR. We have signed the Data Privacy Agreement with Google and store our data in our own Google Cloud Platform. For details, please refer to Google Cloud’s official website.
However, please note that the data that we share with third parties is automatically stored at the third parties’ server, but only in order to provide you necessary services according to our contract. We will not “sell” nor share your data with third parties for marketing purposes and will keep your Personal Data within our own servers.
Retention of your Personal Data
We will not retain your data for longer than is necessary to fulfil the purposes for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We also consider the periods for which we might need to retain Personal Data in order to meet our legal obligations, to deal with complaints and queries, and to protect our legal rights in the event of a legal claim being made. This will normally be a period of three months which is necessary for us to fulfill our contractual obligations and pursue our legitimate interest when you sign up with or use our services. You can choose to opt-in the data retention period when using our services, so that we can keep you in touch and notify you of the latest updates of our services. After that, we will ask you for your consent to extend the data retention period on a regular basis.
When we no longer need your Personal Data, we will securely delete or destroy it. We will only use the least amount of data necessary for processing to fulfill one or more specific purpose(s) in accordance with the data minimization principle pursuant to Art. 5(1)(c) GDPR., If we can anonymise or pseudonymise your Personal Data to the extent it can no longer be associated with you or identify you, whether directly or indirectly, then we may use that information without sending further notice to you.
Your rights and choices
As a person affected by the processing of Personal Data, you have the following rights:
You have the right to obtain confirmation as to whether Personal Data concerning you is being processed. If this is the case, you have the right to be informed about the Personal Data and to receive the information specified in Art. 15 GDPR.
You have the right to ask the data controller to correct incorrect Personal Data concerning you without undue delay and, if necessary, to complete incomplete Personal Data (Art. 16 GDPR).
You have the right to request the controller to delete personal data concerning you immediately if one of the reasons listed in Art. 17 GDPR applies, e.g., if the data is no longer needed for the purposes for which it was collected (right to deletion).
You have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have lodged an objection to processing, for the duration of the controller’s examination.
You have the right to enjoy data portability to receive Personal Data concerning yourself, where the Personal Data is collected and processed on the basis of consent, or where the Personal Data is necessary for the performance of the contract, or when the processing is carried out by automated means. The Personal Data provided must be in machine-readable and interoperable format (Art. 20 (1) GDPR). You can also request your Personal Data to be transmitted directly from one controller to another, where technically feasible (Art. 20 (2) GDPR).
You have the right to object to the processing of Personal Data concerning you at any time for reasons arising from your particular situation. The controller will then no longer process the Personal Data unless he can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
In order to exercise your rights listed above, you can send us a data subject request to our Data Protection Officer listed in Section 9, and we will process your request within 1 month of receiving it.
Right to withdraw
The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject will be informed thereof. It is as easy to withdraw as to give consent (Art. 7 GDPR). You can revoke your consent by sending an email to our Data Protection Officer or changing it in your privacy settings.
Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of Personal Data concerning you is in breach of our agreement or the GDPR (Art. 77 GDPR). You may exercise this right before a supervisory authority in the Member State in which you are resident, your place of work or the place of the suspected infringement.
Right of objection for direct marketing
In individual cases we process Personal Data in order to carry out direct marketing. In this case you have the right to object at any time to the processing of Personal Data concerning you for the purpose of such advertising (Art. 21 GDPR). If you object to processing for the purposes of direct marketing, the Personal Data will no longer be processed for these purposes.
The objection can be made at any time without any formal requirement using one of the contact options provided in this data protection policy.
Links to other third party websites
We may provide links to other websites for your convenience and information. These websites may operate independently from us.
If you visit any website linked, you are subject to that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. With regard to any linked websites that are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.
Google- Re/Marketing Services
We use the Google Remarketing application, a retargeting feature used by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Remarketing allows us to display ads for and on our website that are customized according to visitors’ interests so that we only show you ads that may be of interest to you.
Please note that we will not sell your data to third parties, including Google. All data that you provide to us will only be circulated for internal use, such as for our own marketing or remarketing purposes. Third parties cannot use our data, but we may use third-party publishers to display our own ads that may be of interest to you. If you have any questions, please check Google’s Data Protection Declaration or change your privacy settings on our websites.
For these purposes, when Google calls up our website, a code is executed and so-called (re)marketing tags are incorporated into the website. This means that an individual cookie file is stored on your device, which stores information about the websites you visit, the content you access, your browser and your operating system. Your IP address is also recorded. The IP address will not be merged with data from you within other offers from Google. However, Google may combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, the ads tailored to the user’s interests may be displayed.
Your data is always processed pseudonymously by Google Remarketing. This does not apply if you have expressly allowed Google to process your data without using a pseudonym. The information collected by Google Remarketing about users is transmitted to Google and stored on Google’s servers.
Further information on the use of data for marketing purposes by Google can be found on the overview page or the Google Data Protection Declaration:
Overview page: https://policies.google.com/technologies/ads?hl
Data Protection Declaration: https://policies.google.com/privacy
Google uses standard contractual clauses and thus offers a guarantee of compliance with European data protection law.
The legal basis for the use of Google Remarketing is the consent given by you when you access our website in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future via the cookie settings.
South African Software Development Hub stores its codes, and has its database in Google Cloud, meaning this is an essential tool in order to provide you with our services. Google Cloud has subprocessors, you can find them in the following link: https://cloud.google.com/terms/subprocessors.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Integration of third party services and content
Within our online offer, the contents or services of third-party providers, such as city maps or fonts from other websites, may be integrated. The integration of content from third-party providers always requires that the third-party providers are aware of the IP address of the user, as they would not be able to send the content to the user’s browser without the IP address. The IP address is therefore necessary for the display of this content. Furthermore, the providers of the third-party content may set their own cookies and process the users‘ data for their own purposes. User profiles can be created from the processed data. We will use this content as sparingly and with reasonable effort to avoid data loss and will select reliable third-party providers with regard to data security.
The following presentation offers an overview of the third-party providers we use, which are necessary to provide our online services according to our contract:
Google Fonts can be used in different ways. The so-called “Online” mode, which connects to the Google servers as soon as the website is called, is widely used. However, for reasons of data economy and because it is technically difficult to obtain consent, the integration of fonts in “offline” mode is preferable in order to be able to use Google fonts in a legally secure manner. More information about the differences can be found at:
If you decide to use the “online” mode despite the legal risk, you will also find a corresponding text module for this.
For the display of external fonts we use Google Fonts in “offline” mode. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). No data is passed on to Google servers.
Plugins of the social network YouTube are used on our website. The operator of Youtube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We rely on your consent to the collection of data when using plugins. If you do not agree to the use of data when you first visit our website, the plugin will not be activated by Youtube, so that data will not be transferred even if you accidentally interact with a Youtube plugin.
If you are on a page of our website on which such a plugin is provided, your browser only establishes a direct connection with the servers of YouTube when the user clicks on the relevant button (“Extended data protection mode”). The content of the plugin is then transmitted by YouTube to your browser and integrated by it into the website. By activating the plugin, YouTube receives the information that you have called up the corresponding page of our website. Content is then transmitted from YouTube to your browser and included on the page. YouTube receives the message that you are on the corresponding page of our website. This happens even if you do not have a profile on YouTube or are not logged in. Personal Data (including your IP address) is then automatically forwarded to and stored in a server of YouTube located in the USA.
A direct assignment on the part of YouTube only takes place if you are logged in to YouTube. A corresponding interaction takes place even if you click the corresponding button actively. The result is a publication on your YouTube account and the presentation of such a publication in your contacts.
Further details on how YouTube handles your Personal Data can be found on the following webpage: https://policies.google.com/privacy?hl
Updates to this Data Protection Declaration
We reserve the right to change the Data Protection Declaration in order to adapt it to the changing legal requirement or in case of changes in the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as the consent of the users is required or components of the data protection policy contain amendment of the contractual relationship with the users, the changes will only be made with the consent of the users.
If we make changes to the Data Protection Declaration, we will post those changes on our websites and online offers and inform you through the Newsletter as well so you are aware of what has been changed and the purposes of the changes.
How to contact us?
We welcome inquiries, questions, and comments about this Data Protection Declaration and our privacy practices. If we receive a complaint from you about how we have handled your Personal Data, we will investigate and determine what action we should take to resolve the complaint. We will contact you within a reasonable time, normally within 1 month, and may request more information to assist us with our investigation. We aim to resolve all complaints in a timely manner.
If you wish to provide feedback or if you have questions or concerns or wish to exercise your rights related to your Personal Data, please contact us at the following email address: firstname.lastname@example.org
The above Data Protection Declaration applies only to users living in the European Union within the territorial scope of Art. 3 GDPR. Under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.100, Californian residents also have the following rights with regard to their Personal Data.
Right of Access: You have a right to request access to the Personal Data we may hold on you for the past twelve months. You may submit up to two requests per year of access to your Personal Data.
Right to Opt-In/Opt-Out of Sale of Personal Data: You have the right to opt-in to the sale of Personal Data we may hold on you to third parties, but please note that we will not sell your data to third parties by default.
Right to Deletion: You also have the right to delete data or restrict processing activities. There may be exceptions to the right to deletion for specific legal reasons which, if applicable, we will set out for you in response to your request.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.