1. Introduction

1.1 Analytical Tracking Solutions (PTY) LTD trading as Antrack ("we," "us," or "our") is committed to protecting the privacy of your personal information. This Privacy Statement explains how we collect, use, disclose, safeguard, and process your information, in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable laws, when you use our website (www.antrack.co.za), mobile applications (iOS and Android), tracking platform and servers.

1.2 We respect your privacy and will take all reasonable measures to protect your personal information and keep it confidential.

2. Definitions

2.1 In this Privacy Statement, the following terms shall have the meanings assigned to them below:

• 2.1.1 "Data Subject" means the person/juristic person to whom Personal Information relates.
• 2.1.2 "Information Officer" means the Privacy Officer, or equivalent officer, of Antrack or the person who is acting as such.
• 2.1.3 "Personal Information" means any information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, as defined in POPIA. It is information or pieces of information that could identify that natural or juristic person, either directly (e.g., by name) or indirectly (e.g., through pseudonymised data) and includes, but is not limited to, email, home addresses, usernames, profile pictures, user-generated content, financial information, and geolocation.

3. Scope and Application of this Privacy Statement

3.1 This Privacy Notice applies to Antrack, including all employees, clients and third parties who provide services to Antrack and covers Personal Information collected and managed by Antrack.

3.2 It also applies to a Data Subject when the Data Subject visits Antrack's websites, uses its electronic applications, or makes use of Antrack's services as a client.

3.3 Where Antrack services are accessed outside the Republic of South Africa, it is the responsibility of the client or Data Subject to ensure compliance with applicable data privacy, consumer protection, and telecommunications laws in those jurisdictions.

4. Principles for the Collection and Processing of Personal Information

4.1 Collection, processing, and purpose: We will only collect Personal Information when it is necessary to comply with legal obligations that apply; or

• 4.1.1 when such processing is necessary for the performance of a contract or pre-contractual procedures; or
• 4.1.2 if we have a legitimate interest, provided that in each case our interest is in accordance with applicable law and the rights of the Data Subject; or
• 4.1.3 if we have obtained the consent of the Data Subject to process said Personal Information for specific, explicit, and legitimate purposes.

4.2 We will only use Personal Information for the fulfilment of the specific purposes for which it was obtained, or for other lawful processing.

4.3 Accuracy: We will take all reasonable steps to ensure that Personal Information that we process is accurate, complete, and up to date.

4.4 Openness: We are committed to openness regarding our policies and practices of handling Personal Information.

4.5 Security: We will implement appropriate security safeguards to protect Personal Information from loss, unauthorised access, destruction, use, modification, or disclosure.

4.6 Transfers and sharing:

• 4.1.4 We may transfer Personal Information outside South Africa to be processed by some of our service providers or business partners. In such cases, we will ensure that this transfer takes place in accordance with the law and that an adequate level of protection of Personal Information is implemented.
• 4.1.5 We will only disclose Personal Information for the fulfilment of the specific purposes for which it was obtained, or for other lawful processing.
• 4.1.6 We will not sell or rent Personal Information to third parties.

4.7 Retention: We will retain Personal Information for as long as necessary for the purposes for which it was collected. In some cases, data retention may occur for longer periods, especially when required by law.

4.8 Access: The Data Subject may request a copy of their Personal Information from Antrack and, where required, instruct Antrack to effect changes to correct the data or to permanently delete their Personal Information, in accordance with local regulations.

5. Information We Collect

5.1 We may collect the following types of information:

• 5.1.1 Account Information: When you create an account, we collect your name, email address, phone number, and password.
• 5.1.2 Tracking Data: We collect real-time location data of your vehicles or assets through our tracking devices. This includes GPS coordinates, timestamps, speed, and direction.
• 5.1.3 Device Information: We collect information about the tracking devices you use, such as device ID, model, and SIM card details.
• 5.1.4 Usage Data: We collect information about how you use our platform, including features accessed, pages visited, and interactions with the app.
• 5.1.5 Payment Information: If you make purchases, we may collect payment details through our authorised payment platform.
• 5.1.6 Client Support Information: We collect information you provide when contacting client support, such as your name, phone number, email address, and details of your inquiry.
• 5.1.7 Telephone Recordings: We may record telephone calls to and from our representatives, affiliates, and call centers.
• 5.1.8 Information to investigate crime: We may share information with insurers who are investigating an insurance claim or with law enforcement who are investigating a criminal matter.
• 5.1.9 API and Hosted Server Access: If you use our API or are provided with a dedicated hosted server, we may collect system metadata and user activity logs, such as authentication timestamps, access control changes, and API call details. You are responsible for managing access securely.

5.1.10 Other Information:

• a. General identification and contact information (e.g., gender, marital status).
• b. Identification numbers issued by government bodies or agencies (e.g., identity or passport number, company registration details, VIN number and registration number of your vehicle or asset).
• c. Financial information and account details (Bank account number and account details, credit history, credit score and other financial information).
• d. Other sensitive information (We may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud or in the employment process. We may also obtain sensitive information if you voluntarily provide it to us (for example, if as an employee you express preferences regarding medical treatment based on your religious beliefs).

5.1.11 Company Information: We may collect information relating to a company or other juristic person, including but not limited to:

• a. Company registration documents and details.
• b. B-BBEE certificates and compliance information.
• c. Tax clearance certificates and compliance status.
• d. Business contact details and authorised representative information.
• e. Industry or sector classification.
• f. Operational, compliance, or regulatory documentation relevant to the services provided.
• g. Any other company-related information required to verify identity, assess compliance, fulfil contractual obligations, or comply with applicable laws and regulations.

All company-related information is treated with the same level of confidentiality and protection as personal information under the POPIA and applicable data protection laws.

6. How We Use Your Information

6.1 We use your information for the following purposes:

• 6.1.1 Providing and Improving Services: To provide and maintain our tracking and analytics services, process your transactions, and improve our platform.
• 6.1.2 Communication: To communicate with you about your account, updates, and important notices.
• 6.1.3 Personalisation: To personalise your experience and provide tailored content and recommendations.
• 6.1.4 Analytics: To analyse usage patterns and trends to improve our services and develop new features, including generating statistics and developing strategic and marketing plans.
• 6.1.5 Marketing: With your consent, to send you promotional emails about new products or offers. You will have the option to opt out of receiving any marketing or other material from us.
• 6.1.6 Legal Compliance: To comply with applicable laws and regulations, such as POPIA and RICA.
• 6.1.7 Client-Controlled Admin Rights: Where clients are provided with additional administrative rights, including access to dedicated hosted environments, they are responsible for ensuring that only authorised personnel access the system and that appropriate internal access levels and restrictions are enforced.
• 6.1.8 To carry out any contracts that may exist between us.
• 6.1.9 To notify you about changes to our services or introduce you to new services.

7. Data Sharing and Disclosure

7.1 We may share your information with:

• 7.1.1 Third-Party Service Providers: We may share information with trusted third-party service providers who assist us in operating our platform, processing payments, or providing client support.
• 7.1.2 Business Partners: We may share information with business partners who offer complementary services, but only with your consent.
• 7.1.3 Legal Authorities: We may disclose information to legal authorities if required by law or legal process.
• 7.1.4 Affiliates: We may share your information with our affiliates and subsidiary companies so that they may contact the Data Subject with information about their products or services which may be of benefit or interest to the Data Subject.
• 7.1.5 We will not sell, rent, or provide your Personal Information to unauthorised entities or any other third parties for their independent use, without your express consent, except as provided in this Privacy Statement.

7.2 Your Personal Information may also be shared under the following circumstances:

• 7.2.1 when required by the laws of the Republic of South Africa and in the public interest.
• 7.2.2 under special circumstances where we have reason to believe that such disclosure is necessary to identify, contact or bring legal action against a party who may be breaching our terms and conditions or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else that could be harmed by such activities.

8. Data Security

8.1 We take reasonable and appropriate measures to protect your information from unauthorised access, use, or disclosure. These measures include:

• 8.1.1 AWS Cloud Infrastructure: Our platforms and client data are hosted on Amazon Web Services (AWS), a leading cloud service provider that complies with international security and privacy standards. This provides a secure environment for storing and processing Personal Information.
• 8.1.2 Data Encryption: We use encryption to protect sensitive data during transmission and storage.
• 8.1.3 Access Controls: We restrict access to your information to authorised personnel only.
• 8.1.4 Regular Security Assessments: We conduct regular security assessments to identify and address vulnerabilities.
• 8.1.5 Storing client information in databases with built-in safeguards to ensure the privacy and confidentiality of that information.
• 8.1.6 Using strict procedures and security features to try to prevent unauthorised access.

8.2 While we strive to protect your Personal Information, the transmission of information via the internet or electronic mail is not completely secure, and we cannot guarantee the security of your information transmitted to our website or via electronic mail. Any transmission of your information to our website or via electronic mail is entirely at your own risk.

8.3 If you use the services provided by us, you may be given a username and password. You are responsible for maintaining the secrecy and confidentiality of your username and password. Please do not share your password with anyone. Where you or your organisation are given enhanced administrative access (e.g. to dedicated servers), you must implement strict internal access controls. Antrack cannot be held liable for any privacy or data breaches resulting from improper access rights granted by your internal users.

8.4 We will notify you and the relevant Regulator as soon as reasonably possible after we become aware of any unauthorised access to or acquisition of your Personal Information, unless a public body responsible for detection, prevention or investigation of offences, or the relevant Regulator, informs us that notifying you will impede a criminal investigation, or if there is another legal ground not to inform you.

8.5 When we notify you that your Personal Information has been accessed or acquired by an unauthorised person, we will provide you with sufficient information to allow you to take protective measures against the potential consequences of the compromise.

9. Data Retention

9.1 We will retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.

10. Your Privacy Rights

10.1 You have the following rights regarding your Personal Information:

• 10.1.1 Information: You have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Information and your rights.
• 10.1.2 Access: You have the right to access, and to receive a copy of, any Personal Information we hold about you (subject to certain restrictions). A reasonable fee may be charged for providing such access but only where permitted by law.
• 10.1.3 Rectification: You have the right to have your Personal Information rectified if it is incorrect or outdated, and to have it completed if it is incomplete.
• 10.1.4 Erasure (to be forgotten): You have the right to have your Personal Information erased or deleted, subject to legal or legitimate grounds for retaining the Personal Information.
• 10.1.5 Direct marketing: You may unsubscribe or opt out of direct marketing communication at any time.
• 10.1.6 Withdrawal of consent: You may withdraw your consent to our processing of your Personal Information when such processing is based on consent. Where consent is withdrawn, the lawfulness of processing prior to withdrawal is not affected.
• 10.1.7 Objection to processing: You may object to the processing of your Personal Information when such processing is based on our legitimate interests.
• 10.1.8 Lodge a complaint: You have the right to contact the relevant data protection authority to lodge a complaint against our data protection and privacy practices.
• 10.1.9 Data portability: You have the right to move, copy or transfer Personal Information from our database to another. This only applies to Personal Information that you have provided, where processing is based on a contract or explicit consent, and the processing is carried out by automated means.
• 10.1.10 Restriction: In circumstances limited by legislation, you may restrict the processing of your Personal Information, so that it can be stored, but not used or processed further, such as:
  • Inaccurate data contested by you must be restricted until verified and corrected.
  • Processing is unlawful but you object to the erasure thereof.
  • Antrack no longer requires your data, but you require it to be stored for the establishment, exercise or defense of legal claims.
  • You object to processing based on Antrack's legitimate interests, until verification of overriding rights.
• 10.1.11 Not to be subjected to automated processing: You have the right not to be subjected to a decision which is based solely on the automated processing of your Personal Information intended to provide a profile of you.

11. Children's Privacy

11.1 Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children.

12. Changes to this Privacy Statement

12.1 We may update this Privacy Statement from time to time. We will post any changes on our website and notify you as required by law.

12.2 The most updated version of this Privacy Statement will always be available on our website. We encourage you to check it regularly. If we make any material changes, we will provide appropriate notice as required by law.

13. Contact Us

13.1 If you have any questions about this Privacy Statement, or wish to amend or update any of your Personal Information, you may log into Antrack at https://antrack.co.za/ or contact us at support@antrack.co.za.

14. Information Officer

14.1 Data Subjects that have any queries regarding Antrack's data protection policies or procedures may send an email to support@antrack.co.za with the subject: Information Office: POPIA.

15. Complaints

15.1 Data Subjects have the right to submit a complaint to the Information Regulator if unsatisfied with Antrack's handling of the Data Subject's Personal Information.