Privacy Policy

1. Responsible Body and Contact

The

SAFEZA AVA-X (PTY) LTD
7th Avenue
Cape Town, Western Cape, 8001
South Africa

is the responsible body within the meaning of the Protection of Personal Information Act, 2013 (POPIA) of South Africa and – where applicable – the EU General Data Protection Regulation (GDPR) for the processing of personal data in South Africa.

Contact for data protection concerns:
Email: privacy@safeza.ai
Mail: SAFEZA AVA-X (PTY) LTD, attn. Data Protection, 7th Avenue, Cape Town, Western Cape, 8001, South Africa

Note: Safeza AVA-X (PTY) LTD distributes and provides AI security software solutions developed by AVA-X AG (Switzerland) in South Africa. While we operate as an independent South African entity, certain technical services and data processing may involve our Swiss partner AVA-X AG in accordance with applicable data protection laws.

2. Applicable Law

This Privacy Policy is issued in application of the Protection of Personal Information Act, 2013 (POPIA) of South Africa and, where relevant, the EU General Data Protection Regulation (GDPR).

SAFEZA AVA-X (PTY) LTD observes all applicable data protection regulations in South Africa and internationally.

3. Collection and Categories of Personal Data

We generally only process personal data that you voluntarily provide to us or that is collected in the course of our business relationships or the use of our services.

3.1 Contract and Communication Data

• Identification and contact data: Name, first name, address, email address, telephone number
• Contract documents and payment information (e.g., bank details, invoice data)
• Other data that you provide to us in the course of communication

3.2 Technical Data

• Usage information: IP address, browser type, operating system, device type, access times
• Log data (logfiles) when using our website or cloud services

3.3 Publicly Accessible Data

Information from official registers or generally accessible sources, insofar as this is necessary for business purposes or identification.

3.4 Biometric Data (for certain services)

Insofar as we process biometric data within the scope of our services (e.g., for video analyses or facial recognition functions), this occurs exclusively on a valid legal basis (e.g., consent, contract, legal requirement). We take into account the increased need for protection of this data by implementing special technical and organizational protective measures in accordance with POPIA requirements for special personal information.

4. Purposes of Data Processing and Legal Bases

We process your personal data exclusively for the purposes stated below and on the respective legal bases:

Contract Fulfillment

• Processing of contracts relating to our products and services (delivery, installation, support)
• Customer service, communication, invoicing

Legal basis: Section 11(1)(b) POPIA (contract); Art. 6 para. 1 lit. b GDPR (where applicable)

Legal Obligations

• Compliance with legal retention periods, tax and commercial law obligations
• Provision of information to authorities

Legal basis: Section 11(1)(c) POPIA (legal obligation); Art. 6 para. 1 lit. c GDPR (where applicable)

Legitimate Interests

• Operation, further development, and security of our services (incl. IT security, fraud prevention)
• Assertion of legal claims and defense in legal disputes

Legal basis: Section 11(1)(f) POPIA (legitimate interest); Art. 6 para. 1 lit. f GDPR (where applicable)

Consent

• Implementation of marketing measures (newsletter, advertising campaigns), unless another permission criterion already applies
• Analysis and tracking technologies beyond what is technically necessary

Legal basis: Section 11(1)(a) POPIA (consent); Art. 6 para. 1 lit. a GDPR (where applicable)

5. Disclosure of Data to Third Parties

Personal data is only transferred to third parties if this is required:

• for contract fulfillment (e.g., to payment service providers, shipping companies),
• for compliance with legal obligations (e.g., to authorities),
• due to legitimate interests (e.g., IT service providers, hosting providers), or
• with your consent.

Typical recipients include:

• Authorities (e.g., tax and social security authorities, South African Police Service where legally required)
• External service providers (e.g., IT service providers, cloud providers, communication platforms)
• Banks (payment processing)
• Insurance companies (e.g., accident or health insurance in case of damage)
• AVA-X AG (Switzerland) - our technology partner, for technical support and service delivery purposes

5.1 Data Transfer to Third Countries

Data is only transferred to countries outside South Africa or the EEA (so-called third countries) if:

• an adequate level of data protection exists (in accordance with an adequacy decision or standard contractual clauses),
• you have consented, or
• another legal permission exists under POPIA or GDPR.

In such cases, we implement appropriate additional protective measures (e.g., encryption, risk analyses/"Transfer Impact Assessments") to ensure data protection. When data is transferred to our Swiss partner AVA-X AG, we ensure compliance with applicable data protection laws through appropriate safeguards.

6. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixels, local storage) on our website to:

• ensure the functionality of our services (essential cookies), and
• collect usage statistics or carry out marketing measures (optional cookies).

Essential cookies are necessary for the operation of the website and cannot be deselected.

For analysis and marketing cookies, we obtain your consent where required under POPIA.

Please note that deactivating or restricting cookies in your browser may impair the functionality of our website.

7. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect your personal data from unauthorized access, loss, misuse, and manipulation. These measures include in particular:

• Encryption of data transmissions (e.g., HTTPS)
• Access restriction to personal data using role-based authorization systems and multi-factor authentication
• Regular security reviews (backups, updates, penetration tests)
• Hosting in certified data centers in South Africa and Switzerland
• Compliance with POPIA security safeguards requirements

Despite all protective measures, absolute data security cannot be guaranteed. We point out that data transmission over the Internet (e.g., via email) may have security vulnerabilities.

8. Profiling and Automated Decisions

Insofar as we use data for analysis purposes or personalized offers (profiling), this is done on the basis of our legitimate interests or your consent, in compliance with POPIA requirements.

We do not make decisions that have legal or similarly significant effects exclusively based on automated processing. In cases where automated decision-making is used, we ensure that a final human review takes place (cf. Section 71 POPIA, Art. 22 GDPR).

9. Duration of Storage and Deletion

We store personal data only as long as necessary for the purposes for which it was collected, or as long as a legal retention period exists under South African law. Subsequently, the data will be deleted or anonymized.

If data is required for several purposes, it will be blocked or used only for the strictly necessary purpose until all retention periods have expired.

10. Rights of Data Subjects

Insofar as legally provided under POPIA and GDPR, you as a data subject have the following rights:

Right of Access (Section 23 POPIA, Art. 15 GDPR)

You can request information about the personal data processed by us.

Right to Rectification (Section 24 POPIA, Art. 16 GDPR)

You have the right to have inaccurate or incomplete data corrected.

Right to Erasure (Section 24 POPIA, Art. 17 GDPR)

You can request the deletion of your data, provided that no legal obligations or compelling legitimate reasons prevent this.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to restrict the processing of your data under certain conditions.

Right to Data Portability (Section 24 POPIA, Art. 20 GDPR)

You have the right to receive the data in a common format or to have it transmitted to a third party.

Right to Object and Right to Withdraw Consent (Section 11 POPIA, Art. 21 GDPR)

You can object to the processing of your data for reasons arising from your particular situation.

Insofar as we have obtained your consent, you can withdraw it at any time with effect for the future.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Regulator of South Africa if you believe that your personal information has been processed in contravention of POPIA.

Information Regulator of South Africa:
Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za

Exercising Your Rights

To assert your rights, please contact our data protection officer at privacy@safeza.ai. We may request proof of your identity before processing your request to ensure that information is not disclosed to unauthorized third parties.

11. Data Protection Impact Assessment (DPIA)

Insofar as our processing operations entail a high risk to the rights and freedoms of natural persons (for example, when using facial recognition or other data-intensive technologies), we – if we ourselves are the controller – carry out a Data Protection Impact Assessment (DPIA) in accordance with Section 35 POPIA and/or Art. 35 GDPR or ensure that such a DPIA is carried out by the respective controller.

12. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time and to adapt it to new legal requirements or changed processing operations. The current version is always available on our website. In the event of material changes (e.g., introduction of new purposes or procedures), we will inform affected persons in an appropriate manner (e.g., by email or by a notice on our website).

13. Questions and Contact

For questions, suggestions, or complaints regarding data protection at SAFEZA AVA-X (PTY) LTD or to assert your rights, please contact:

Email: privacy@safeza.ai

Mail:
SAFEZA AVA-X (PTY) LTD
attn. Data Protection
7th Avenue
Cape Town, Western Cape, 8001
South Africa