SYBU DATA PRIVACY POLICY

Your privacy is important to us.

The purpose of this Privacy Policy:

• Is to help you understand how we collect, use, store and share personal data about you;

• It describes our commitment to preserving the privacy and security of your personal data; and

• It forms part of our Standard Terms & Conditions of Service and applies to all users of our products and services, including visitors to our website .

All references herein to us, our or we are to SYBU Data (Pty) Ltd

PERSONAL DATA WE COLLECT AND HOW WE USE IT

The following information is collected, and is dependent on which of the following SYBU Data products or services you use:

SYBU JS-Blocker and SYBU for Kodi Apps:

We do not collect or store personal information when you download and use either our SYBU JS-Blocker or SYBU for Kodi applications.

Sybu Data Cloud Applications:

When you sign up to a Sybu Data Cloud Application, i.e. CloudBroker , CloudScale, BCEPS, or SYBU Licensing; personal information is collected, in a variety of ways, which may vary according to your use of the service and your account settings. The categories of personal information collected may include:

• Contact and profile information

• Account and authentication information from third-party integrated services

• Location information

• Information about your browser or device

• Non-personal information which may be linked to your Personal Information such as order number and installation

PLEASE NOTE that, with the exception of the SYBU Licensing platform, we do not personally control the information housed and processed in the Cloud Applications we develop – we merely provide these products and solutions to you, our clients, and you are ultimately the responsible party for the information collected. We may, from time to time, based on your requests, access this information as part of our ongoing product support, and we will comply with the privacy and security standards advised by you.

SYBU Contracted Clients

When you engage with us for consulting services, or purchasing bespoke software or hardware solutions for your business, we will collect the following personal information:

Company name and registration, company address, details of your Directors and Company Owners, email addresses, and telephone numbers. This information is used:

• for the purpose of managing your affairs with us; and

• to contact, request and obtain any information at any time and from any credit provider (or potential credit provider) or registered credit bureau in order to assess the behaviour, profile, payment patterns, indebtedness, whereabouts, and creditworthiness of our clients.

SYBU Data Website visitors:

We utilise Google Analytics to track user behaviour on our website. Google Analytics collects first-party cookies, data related to your device/browser, IP address and on-site activities to measure and report statistics about user interactions on our website.

Types of Data We Collect

The following is a more detailed description of the types of user data collected about you when you use our products:

We facilitate 3 kinds of user data to deliver our services: (i) contact and profile information (ii) Information from Integrated Sign-On Services; and (iii) service/diagnostic data. All are treated securely with respect for privacy and data confidentiality, but there are important technical and usage differences.

i) Contact and profile information.

When you create an account for any of our Sybu Data Cloud Applications you will provide personal information including your name and email address. After you register, you may also provide additional information in your profile, company name, location and other personal or demographic information. In addition, we may ask you for personal information at other times, such as when you contact our technical support team, send us an email, complete a user survey, or otherwise communicate with us.

(ii) Information from Integrated Sign-On Services, Google OATH User Data

If you decide to register through, or otherwise grant access to a third-party social networking or integrated service (what we call an “Integrated Service”), such as Facebook, Google or similar single sign-on service the following may apply:

Our Applications will collect and store Personal Information, that is your email address, name, surname and profile picture, that is already associated with your Integrated Service account. You may also have the option of sharing additional information through an Integrated Service, as controlled through your settings on that Integrated Service.

(iii) Service and/or diagnostic data

All of our applications maintain user logs and diagnostic data. We do not collect, receive or process this information. We may access this information to perform maintenance and diagnostic work at our client’s request. Wherever possible, personal information contained in these logs has been masked. When we do access this data, the information is never or seldom downloaded or retrieved to our servers, however, on rare occasions it is necessary to do so, we apply our strictest data protection policies and safeguards to maintain your data privacy. This data is permanently deleted from our systems once the problem has been resolved.

WHERE DO WE STORE YOUR PERSONAL INFORMATION?

Our service is managed from South Africa, but the Cloud Applications and related personal information is hosted by the 3rd party Service providers as stipulated in section “Processors we use” shown below.

To the extent that you have chosen to share information with us directly via email, service requests, user surveys, or any other means of communication; this information is stored securely at our offices.

HOW DO WE ENSURE THE SECURITY OF INFORMATION?

We only utilise top-rated service providers to host and deploy our cloud-based applications (as listed below under “3rd Party Processors We Use”). We review their Data Privacy and Security Policies and Compliance Reports (where available) on an annual basis to ensure that they remain fit for purpose, and to ensure that the highest acceptable industry standards are utilised to protect your information.

All data is encrypted via SSL/TLS when transmitted from the 3rd party processors to your browser.

On-site information collected and directly controlled by us is stored on secured servers which are password protected; firewall protocols are maintained and antivirus software is installed on all computers.

We periodically review our security protocols to ensure that vulnerabilities are minimised and strengthened, and that reasonably foreseeable potential risks to personal data are appropriately managed.

WHO WILL WE SHARE YOUR INFORMATION WITH?

We do not sell any of your personal data to any third parties. However, as part of the solutions we deliver, and only to the extent necessary, our applications may use certain third party processors to process and store some or all of your personal information. These 3rd party processors are:

3rd Party Processors We Use:

• Google Analytics – Web analytics service for our website.

• Microsoft Azure – Cloud services provider used to deploy and host our applications and store your data.

• Sendgrid – Email Messaging service – used for email notifications and password forgets

These processors are located in European Union and the United States of America.

• SMSPortal – SMS Messaging service based in South Africa which used to send OTP for logins to our Cloud Applications.

Authorities:

We may disclose necessary information to authorities, such as regulatory bodies, if we are required by law or you agreed to it (for instance, for anti-money laundering or counter-terrorism). We will not hand your data over to law enforcement unless a court order says we have to. We will inform you when such requests are made, unless instructed otherwise by law enforcement or other regulatory bodies.

Divestments:

We may transfer any Personal Information we hold about you to any entity involved in a re-organisation of SYBU Data (where such re-organisation may be by way of a merger, sale, dissolution, disposal of all or part of our assets or similar event).

Promotion Of Access To Information Act:

Access to your personal information held by us may also be requested by third parties. The Promotion of Access to Information Act, 2000 (‘PAIA’) regulates and sets out the procedure for such a request and under which circumstances such access may be refused.

Should you wish to exercise your right of access to information, please send us a formal request via email or by completing the Contact Us form on our website.

We will attend to all requests for access to Personal Information within a reasonable time. You may be required to pay a prescribed fee to receive copies or descriptions of records, or information about third parties. Your request for access may be refused in certain circumstances and access may be limited by applicable legislation.

YOUR RIGHTS REGARDING THE INFORMATION THAT WE PROCESS

We continue to adhere to the South African privacy laws as well as the data protection requirements under the General Data Protection Regulation (GDPR). GDPR gives people under its protection certain rights with respect to their personal information collected by us. Accordingly, we recognise and will comply with GDPR and those rights, except as limited by applicable law. Your rights under GDPR include:

Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.

Right to Correction. This is your right to request correction of your personal information.

Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfilment of your request may prevent you from using our services and may result in closing your account.

Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.

Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.

Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us using the Contact Us Form on our website.

DELETED DATA

When you cancel your account, we’ll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it’s active will also be purged within 30 days.

COOKIES

Small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website (https://www.aboutcookies.org) which offers guidance for all modern browsers.

COMPLIANCE AND ENFORCEMENT OF THIS PRIVACY POLICY

Our compliance with this Privacy Policy will be monitored on a regular basis. We reserve the right to modify this Privacy Policy with any updates to our business processes and security policies. The Privacy Policy posted via our Website shall be deemed to be the Privacy Policy currently in effect. We therefore encourage you to check this page regularly for any updates.

Any queries regarding this Privacy Policy, the way in which your Personal Information is treated, or any aspects of our service may be made by using the Contact Us form on our website.

BREACH NOTIFICATION

In an event of a breach, we recognise our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay.

GOVERNING LAW

This Privacy Policy and all disputes and claims arising from it shall be governed by and construed in accordance with the laws of the Republic of South Africa.

SUPERVISORY AUTHORITY

If you have concerns or complaints about this policy or our practices that you do not feel you can resolve through contacting us, please refer to the Information Regulator , https://www.justice.gov.za/inforeg/contact.html

CONTACTING SYBU DATA

Please contact Sybu Data with any questions or comments by sending us an email or by completing the Contact Us form on our website.