In this Privacy Notice, we describe how Profesaas (Pty) Ltd ("Profesaas", "we", "us", or "our") collects, uses, shares, and otherwise processes personal data in connection with our websites, products, services, and other offerings (collectively, the "Services"). This Privacy Notice applies to all users of our Services, including visitors, customers, administrators, and end users.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. We process personal data in compliance with applicable data protection laws, including the Protection of Personal Information Act (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR).

This Privacy Notice applies to personal data collected, used, retained, or disclosed by Profesaas while acting in the capacity of a data controller, as that term is defined under the GDPR, for the purposes and legal bases set out in further detail below. For example, when individuals access and use our website and we place cookies in their browser, or when individuals create accounts and provide certain personal data (such as name and email address) for authentication purposes, we act as a data controller.

Our Services are intended for and provided to businesses and other organizations (our "Customers") for professional use. In providing these services, we process personal data relating to end users ("Customer Data") on behalf of and at the direction of our Customers as a "processor" or "operator." This Privacy Notice does not apply to data processing in our role as a processor. When collecting, using, and disclosing personal data for their own purposes, our Customers are responsible for making their own disclosures concerning the rights of individuals with respect to personal data, in accordance with applicable law. If you are an end user of one of those organizations, you should read that organization's privacy statement and direct any privacy inquiries to that organization.

1. Definitions :

• • "Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. This includes but is not limited to names, email addresses, IP addresses, device identifiers, and usage data. The term does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual. If you are located in the European Economic Area (EEA), this term includes all "personal data" as defined under the GDPR.
  • "Profesaas Account" means the account you create to access our Services.
  • "Services" means the Profesaas software platform, websites, APIs, and related services.
  • "Tenant" means an organization that has subscribed to our platform and uses it to manage their operations.
  • "End User" means an individual who uses the Services through a Tenant's account.
  • "Customer Data" means personal data relating to end users that we process on behalf of and at the direction of our Customers in our capacity as a processor or operator.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "Data Processor" means the entity that processes personal data on behalf of the Data Controller.
  • "Sensitive Personal Information" means personal data that reveals racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or account log-in credentials in combination with any required security or access code or password.
  • "Tracking Technologies" means cookies, web beacons, pixels, embedded scripts, and similar technologies used to automatically collect information when you interact with our Services.

2. Why We Collect Data and What We Collect :

• The personal data we collect depends on how you interact with us, the Services you use, and the choices you make. We collect and process personal data for the following purposes:

• 2.1 To Provide and Maintain Our Services

  We collect data necessary to deliver our platform, including account information (name, email address, organization details), authentication credentials, and configuration preferences. This data is essential for creating and managing your account, providing access to platform features, processing transactions, verifying your identity and authorization, and delivering customer support.

• 2.2 Security and Fraud Prevention

  We process data to protect the security of our Services and users, including IP addresses, login histories, session information, and device identifiers. This helps us detect and prevent unauthorized access, fraud, abuse, and security incidents, and to help maintain the safety, security, and integrity of our property, Services, technology assets, and business.

• 2.3 Usage Analytics and Improvement

  We collect anonymized and aggregated usage data to understand how our Services are used and to improve them. This includes feature usage patterns, performance metrics, and error reports. We use this information to test, enhance, update, and monitor the Services, diagnose or fix problems, conduct research and analytics on our user base, and to improve and customize our Services to address the needs and interests of our users.

• 2.4 Communication and Marketing

  With your consent where required, we use your contact information to send service notifications, product updates, newsletters, and promotional materials. We may also use your data to display advertising and personalized content, and to communicate with you via email, in-app messaging, or other channels. You can opt out of marketing communications at any time.

• 2.5 Legal Compliance

  We process personal data as required by applicable laws, regulations, and legal processes, including tax obligations, regulatory reporting, and responding to lawful requests from authorities. We may also process data to enforce our Terms of Service, to resolve disputes, to carry out our obligations, and to protect our business interests and the interests and rights of third parties.

• 2.6 Managing Our Organization

  We use personal data to manage our organization and its day-to-day business operations, facilitate customer relationships through benefits and services including customer support, and to fulfill any other purpose for which you provide personal data or to which you consent.

• 2.7 Types of Data We Collect

  We collect personal data from different sources and in various ways when you use our Services:

  Personal Data Collected Directly From You
  • Identity & Contact Data: First and last name, job title, organization name, email address, phone number, physical address, country or region, and communication preferences.
  • Account Data: Username, password (encrypted), profile information, customer ID, user ID, account preferences, and history of services obtained or purchased.
  • Transaction Data: Subscription details, payment history, invoices, and billing information. Please note we use third-party payment processors and do not store credit card details directly.
  • Communication & Inquiry Data: Support tickets, feedback, correspondence, information provided in forms, chat messages, and any other information you provide when contacting us or subscribing to our communications.
  • Demographic Data: Occupation, job level, or similar demographic details that may be collected when you complete a survey, register for an event, or fill out registration forms.
  • Event & Survey Data: Registration information, attendee details, survey responses, and feedback provided in connection with events, webinars, or surveys.
  Personal Data Collected Automatically

  We, and our third-party providers, automatically collect information when you visit our Services through cookies, server logs, and similar tracking technologies. This includes:

  • Device & Technical Data: IP address, browser type and version, Internet service provider, device type, model and manufacturer, operating system, date and time stamps, and unique device identifiers that allow us to identify your browser or device.
  • Usage Data: Pages visited, features used, time spent on pages, the site from which you came and the site to which you go when leaving our Services, how frequently you access the Services, links you click, interaction patterns, and other browsing behaviour and actions.
  • Location Data: General geographic location (such as city, province, and country) derived from your IP address.
  • Analytics Data: We may use third-party analytics tools to help measure traffic and usage trends for the Services and to understand more about the demographics of our users.

  The information collected automatically allows us to improve your experience, enhance and personalize our Services, monitor and improve our platform, and improve the effectiveness of our Services and communications.

  Personal Data We Infer or Generate

  We may infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we may infer your general geographic location based on your IP address or your interests based on your usage patterns on our Services.

  Personal Data from Other Sources

  We may obtain personal data from other sources, which we may combine with personal data we collect automatically or directly from you, including:

  • From your organization: If you are an End User, your Tenant administrator may provide us with your information when setting up your account, or your employer may provide your information when engaging with our Services.
  • Authentication providers: When you sign in using third-party authentication services (such as Google or LinkedIn), we receive information they share with us such as your name, email, and profile details.
  • Service providers: Our service providers who perform services on our behalf, such as payment processors, analytics providers, and cloud-hosting services, may share information with us.
  • Social media: When you interact with our Services through social media networks, we may receive information about you that you permit the social network to share with third parties, dependent upon your privacy settings.
  • Publicly available sources: We may collect personal data from publicly available sources, third-party data providers, or through business transactions such as mergers and acquisitions.

• When you are asked to provide personal data, you may decline. You may also use web browser or operating system controls to prevent certain types of automatic data collection. However, if you choose not to provide or allow information that is necessary for certain Services or features, those Services or features may not be available or fully functional.

3. How We Collect Data :

• We collect personal data through the following methods:

  • Directly from you: When you create an account, fill out forms, contact us, subscribe to our newsletter, submit surveys or feedback, register for events, request a product demonstration, or otherwise provide information to us.
  • Automatically: When you use our Services, we automatically collect certain technical and usage data through cookies, server logs, web beacons, pixels, and similar tracking technologies. We may also use third-party tools to collect information about how you use the Services, including your browsing behaviour, scrolling, clicks, and interaction patterns.
  • From your organization: If you are an End User, your Tenant administrator may provide us with your information when setting up your account. If you interact with our Services through your employer or company, we may receive your information from your employer or company.
  • From third parties: We may receive data from authentication providers (such as Google or LinkedIn), payment processors, analytics services, and social media platforms.
  • From service providers: Our service providers who perform services on our behalf, such as cloud-hosting services, payment processors, and communications providers, may collect and share personal data with us.
  • From publicly available sources: We may collect personal data from publicly available sources or third-party data providers to correct or supplement personal data we collect.

4. Children's Privacy :

• Our Services are designed for business use and are not directed at, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 18 (or 16 in the EEA). If an individual is under the applicable age threshold, they should not use our Services or otherwise provide us with any personal data either directly or by other means. If we learn that any personal data we collect has been provided by a child under the applicable age threshold, we will promptly delete that personal data from our systems. If a child has provided personal data to us, we encourage the child's parent or guardian to contact us to request that we remove the personal data. Please contact us at privacy@profesaas.com.

5. Transparency :

• We are committed to being transparent about our data practices. Before or at the time of collecting personal data, we will inform you about the categories of data being collected, the purposes for which it will be used, and how you can manage your data. Where we rely on consent, we will obtain clear and affirmative consent before processing your data.

6. Sharing of Personal Data :

• We may disclose, share, transmit, grant access to, make available, and provide personal data with and to internal and external recipients, as follows:

  • Profesaas Affiliates: We may share personal data with companies owned or controlled by Profesaas, and other companies under common ownership, particularly when we collaborate in providing the Services.
  • Service Providers: Third-party vendors who assist us in providing our Services, such as cloud hosting providers (including infrastructure provisioning and IT services), payment processors, email service providers, analytics platforms, chat functionality services, and administrative services. These providers are contractually bound to protect your data and process it only for limited and specified purposes.
  • Tenant Administrators: If you are an End User, your Tenant administrator may have access to your account information and usage data within their organization's scope.
  • Your Employer / Organization: If you interact with our Services through your employer or company, we may disclose your information to your employer or company, including another representative of your employer or company.
  • Marketing Providers: We may coordinate and share personal data with marketing providers in order to communicate with individuals about the Services we make available, where you have consented to receive such communications.
  • Analytics Providers: We work with third-party analytics providers to help us understand how our Services are used. These parties may collect information through cookies or other tracking technologies.
  • Customer Service and Communication Providers: We share personal data with third parties who assist us in providing customer services and facilitating our communications with individuals that submit inquiries.
  • Business Partners: We may share personal data with select business partners who provide products or services that we believe may be of interest to users of our Services, where permitted by law.
  • Legal and Regulatory Bodies: We may disclose data to third parties, such as legal advisors and law enforcement, in connection with the establishment, exercise, or defence of legal claims; to comply with laws or respond to lawful requests and legal process; to protect our rights and property and those of others; to detect, suppress, or prevent fraud; to protect the health and safety of us and others; or as otherwise required by applicable law.
  • Business Transfers: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal data to a third party during negotiation of, in connection with, or as an asset in such a transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy, or receivership.
  • With Your Consent: We may disclose personal data about an individual to certain other third parties or publicly with their consent or direction.

  We do not sell your personal data to third parties for monetary or other valuable consideration. Where we transfer personal data to a third party acting on our behalf, we take reasonable and appropriate steps to ensure the third party processes personal data for limited and specified purposes and in a manner consistent with our obligations.

7. Security :

• We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful access, destruction, loss, change, alteration, disclosure, or damage. We take into account the risks involved in the processing and the nature of the personal data when we implement these measures. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on data protection best practices
  • Incident response procedures for data breaches
  • Multi-tenant data isolation to prevent cross-tenant data access
  • Logging, monitoring, and auditing of access to personal data
  • Secure software development practices and code review

  While we strive to protect your data, no method of transmission or storage is 100% secure. We will never contact you requesting your account password, credit or debit card information, or national identification numbers. Please note that email sent over the Internet may not be secure and should not be used to communicate confidential or sensitive personal data to us.

  We encourage you to use strong passwords and protect your account credentials. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

8. Data Retention :

• We store the personal data we collect about you for no longer than necessary for the purposes set out in this Privacy Notice, and in accordance with our legal obligations and legitimate business interests. When data is no longer needed, it is securely deleted or anonymized. We also consider the volume, nature, and sensitivity of your personal data, as well as any potential risk of harm from unauthorized use or disclosure of that personal data.

  The criteria used to determine our retention periods depend on the legal basis under which we process the personal data:

  • Contract: Where we process personal data based on a contract, we generally retain your personal data for the duration of the contract plus an additional limited period necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
  • Legitimate Interests: Where we process personal data based on our legitimate interests, we generally retain such information for a reasonable period based on the particular interest, taking into account your fundamental interests and your rights and freedoms.
  • Consent: Where we process personal data based on your consent, we generally retain your data until you withdraw your consent, or otherwise for the period necessary to fulfill the underlying agreement with you.
  • Legal Obligation: Where we process personal data based on a legal obligation, we generally retain your data for the period necessary to fulfill the legal obligation, including tax, accounting, and regulatory reporting requirements.
  • Legal Hold: We may need to retain information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

  Specific retention periods include:

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter for legal and operational purposes.
  • Transaction Data: Retained for the period required by applicable tax and financial regulations.
  • Usage Data: Anonymized and aggregated data may be retained indefinitely for analytics purposes.
  • Communication Data: Retained for as long as necessary to resolve inquiries and for quality assurance.

9. Location of Your Information and International Transfers :

• Our primary data storage and processing facilities are located in South Africa. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in, to locations where we and our third-party service providers have operations. For example, if you are accessing our Services from the EEA, UK, or other jurisdictions, your personal data may be processed outside of those jurisdictions.

  In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an adequate level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission or other legally recognised transfer mechanisms. We also ensure compliance with POPIA requirements for cross-border transfers, including that the recipient country has adequate data protection laws or that the transfer is subject to binding agreements that provide adequate protection. If you wish to inquire further about the safeguards we use, please contact us at privacy@profesaas.com.

10. Third-Party Links :

• Our Services may include links to third-party websites, plug-ins, and applications. Except where we post, link to, or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal data practices of third-party websites and online services or the practices of other third parties. To learn about the personal data practices of third parties, please visit their respective privacy notices. We encourage you to always review and, if necessary, adjust your privacy settings on third-party websites and services before sharing information and/or linking or connecting them to our Services.

11. Cookies and Tracking Technologies :

• We use cookies and similar tracking technologies (including web beacons, pixels, embedded scripts, and logging technologies) to automatically collect usage and device information. We use the following types of cookies:

  • Essential Cookies: Required for the operation of our Services, including authentication, session management, security, and load balancing. These cookies cannot be disabled as they are necessary for the Services to function.
  • Functional Cookies: Enable personalized features such as remembering your preferences, settings, language choices, and identity when you return to our Services.
  • Analytics Cookies: Help us understand how our Services are used so we can improve them. We may use third-party analytics tools to measure traffic and usage trends and to understand more about the demographics of our users.
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness. These cookies may be set by us or by third-party advertising partners.

  Managing Your Cookie Preferences: You may control your cookies and tracking technologies in the following ways:

  • Browser Controls: Your browser or device may have settings that determine what information we and other websites collect. You can configure your browser to refuse all cookies, accept only certain cookies, or notify you when a cookie is set.
  • Device Settings: You can withdraw permission for Services to access your device features through your device's settings menu.

  Please note that disabling certain cookies may affect the functionality of our Services. These choices are specific to the device or browser you are using. If you access our Services from other devices or browsers, take these actions from those devices or browsers to ensure your choices apply to the data collected when you use them.

12. Your Privacy Rights :

• In accordance with applicable privacy law, you have the following rights in respect of your personal data:

  • Right of Access: You have the right to obtain confirmation of whether, and where, we are processing your personal data; information about the categories of personal data we are processing, the purposes for which we process it, and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your personal data; and a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
  • Right to Erasure: You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified, subject to legal obligations that may require us to retain certain data.
  • Right to Restrict Processing: You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing in this way is not justified, such as where the accuracy of the personal data is contested by you.
  • Right to Data Portability: You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to Object: You may object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
  • Right to Withdraw Consent: If you have provided consent for the processing of your personal data, you have the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.

  To exercise any of these rights, please contact us at privacy@profesaas.com. Due to the confidential nature of data processing, we may need to verify your identity before processing your request. This process may require us to request additional personal information from you. We will respond to your request within the timeframe required by applicable law.

  You also have the right to lodge a complaint with your local data protection authority. For South African residents, please see Section 15 below. For EEA residents, information about your local data protection authority is available at the European Commission's website.

13. Legal Bases for Processing :

• When we are processing personal data that is governed by the GDPR or similar data protection laws, we process your personal data on the following legal bases:

  • Performance of a Contract: When processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract. This applies when you become our customer, subscribe to our Services, or engage with us as a vendor or contractor. This may also include our Terms of Service.
  • Legitimate Interests: Where we have a legitimate interest that is not overridden by your interests or fundamental rights and freedoms. This includes processing when you use our Services (to improve user experience), when we communicate with you (to respond to inquiries and maintain records), for marketing to existing customers, and for sharing personal data with other parties to run our business efficiently and securely.
  • Consent: Wherever you consent to the processing, for example when you sign up for our newsletters, register for events, request a demonstration, or agree to the use of cookies and other technologies on our website. Your consent may be implied when you submit a particular form to us, or explicit when you actively agree to specific processing activities.
  • Legal Obligation: For any processing where we need to comply with laws and regulations related to bookkeeping, accounting, taxation, and other business activities.

14. Control Over Your Information :

• You may control your information in the following ways:

  • Browser or Device Controls: Your browser or device may have controls that determine what information we and other websites collect, usually via a "Settings" menu. You can configure your browser to refuse cookies, manage tracking technologies, and control permissions for our Services to access your device features. These choices are specific to the device or browser you are using.
  • Email Communication Preferences: You can stop receiving promotional email communications from us by clicking on the "unsubscribe" link provided in such communications. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).
  • Push Notifications: If applicable, you can stop receiving push notifications from us by changing your preferences via your device's Settings menu.
  • Modifying or Deleting Your Information: If you have any questions about reviewing, modifying, or deleting your information, you can contact us directly at privacy@profesaas.com. We may not be able to modify or delete your information in all circumstances.
  • Account Settings: You may update your account information and preferences at any time by logging into your Profesaas Account and accessing your account settings.

15. Sensitive Personal Information :

• We may collect sensitive personal information, such as account log-in credentials in combination with any required security or access code or password allowing access to your Profesaas Account. We use sensitive personal information only for the following purposes where necessary and proportionate:

  • For performing services you have requested
  • For the operation and security of our platform
  • For detecting security incidents, fraud, and other illegal actions
  • To perform services on behalf of the business

  We do not use or disclose sensitive personal information to infer characteristics about you or for purposes beyond what is necessary and proportionate to provide the Services.

16. Automated Decision-Making :

• We do not currently use automated decision-making technologies to make significant decisions that produce legal or similarly significant effects concerning you without human involvement. If our practices change in the future, we will update this Privacy Notice and provide you with appropriate notice, including information about how to exercise your right to opt out of such automated decision-making and your right to appeal to a human reviewer.

17. Do Not Sell or Share Personal Data :

• We do not sell your personal data to third parties for monetary or other valuable consideration. We do not share your personal data with third parties for cross-context behavioural advertising purposes. If our practices change in the future, we will update this Privacy Notice and provide you with the ability to opt out of such sale or sharing.

18. Changes to This Notice :

• We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the effective date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided. We encourage you to review this notice periodically.

19. Contact Us :

• All general questions and comments about this Privacy Notice or other privacy-related matters may be directed to us using the contact details below:

  Profesaas (Pty) Ltd

  Email: privacy@profesaas.com

  Address: 292 Surrey Road, Ferndale, Johannesburg, 2194

  Website: profesaas.com

20. Data Protection Officer :

• If you wish to make a complaint about how we have handled your personal data, or have concerns about our data processing practices, please contact our Data Protection Officer (Privacy Officer):

  Data Protection Officer (Privacy Officer)

  Profesaas (Pty) Ltd

  Email: dpo@profesaas.com

  Address: 292 Surrey Road, Ferndale, Johannesburg, 2194

  Our Data Protection Officer is responsible for overseeing our privacy compliance, including with the Protection of Personal Information Act (POPIA) and, where applicable, the GDPR and other data protection legislation.

21. POPIA-Specific Provisions (South Africa) :

• Under the Protection of Personal Information Act (POPIA), you have additional rights including the right to lodge a complaint with the Information Regulator:

  Information Regulator (South Africa)

  Email: inforeg@justice.gov.za

  Website: inforegulator.org.za

22. GDPR-Specific Provisions (EEA and UK) :

• If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have the right to lodge a complaint with your local data protection authority:

  • EEA Residents: You may contact your local data protection authority. A list of EEA data protection authorities is available on the European Commission's website.
  • UK Residents: You may contact the UK Information Commissioner's Office (ICO) at ico.org.uk.

  Under the GDPR, you also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason. If you wish to exercise any of these rights, please contact us using the details provided in Section 19 above.