At Axnosis Group ("Axnosis"/ "we"/ "us" / "our") [including our United Kingdom ("UK") and South African subsidiaries] understand and appreciate that your personal information is important to you
and that you may be concerned about disclosing it. Your privacy is just as important to us and we are committed to protecting and managing your information in a lawful manner. It is important that you understand how and for what purpose we process your information. If for any reason you think that your information is not processed in a legal or lawful way, or that your information is being used for a purpose other than originally intended, you can contact our Information Officer / Data Protection Officer.
Information Officer ("IO")
Name: Riaan van der Berg
Name: Conrad Smith
Data Protection Officer ("DPO")
Name: Deon Bothma
Axnosis is committed to full compliance with the following Acts:
These Acts are applicable to the collection, use, storage, and processing of personal
information (or "data")
in respect of customers, employees, sub-contractors, and business partners (collectively referred to a "data subjects").
Personal information has a wide meaning and includes information that identifies and
relates to organisations and legal persons (e.g., company contact details, directors'
details, correspondence of a confidential nature, etc.).
Personal information includes:
Special Personal Information ("SPI"):
It is recognized that the stated Acts place a general prohibition on the processing of
except in a few exceptional cases as defined in the law, e.g., parent or guardian consent
is required to process personal information of a child.
This Privacy Statement applies to all Axnosis websites, domains, products, and services and those of our wholly
owned subsidiaries. Personal information (i.e. "data") concerning Axnosis and its customers, including outsourcing,
business partners, employees, former employees (i.e. "data subject/s") - collected and processed - is also
governed by this Privacy Statement, except where the contract with a data subject defines different requirements
which will take precedence over this Privacy Statement.
This privacy statement explains:
Axnosis consists of Information Technology companies in the UK and South Africa.
Our key focus is: The sale of Microsoft software products, as well as our inhouse s
elfowned software, which function as add-ons to the Microsoft products.
These constitute a wide range of products to help local and foreign enterprises to operate
more efficiently and successfully. We sell the said products, complemented by
installation and implementation thereof, as well as training therein.
Data is sourced from customers, being private companies (local and foreign) as well as
South African State-Owned Enterprises ("SOE's"). The data is sourced in the execution
of signed contracts - or the submission of an online request / application. Note that a
contract mandates that processing is necessary to perform actions for the conclusion
or performance of a contract to which the data subject is a party.
Where data is not sourced by way of signed contracts, specific, customer or data
subject consents are obtained in writing, in which explicit permission is granted to use
his/her/its personal information. It is specifically noted that some meetings with
customers, in the execution of contracts, are recorded (e.g., voice recordings, Zoom
meetings, and/or MS Teams meetings). However, we provide participants with advance
notice when any meeting is recorded.
Data varies per customer - and contract requirements, but includes inter alia:
Axnosis also sources data from its own employees and external sub-contractors, which
personal information such as: Full names, identity numbers, race, gender, sex, age, details of driving
licences, marital status, details of spouse (if married), physical and postal addresses, cell phone numbers,
e-mail addresses, medical aid, and pension information, and banking details. The only SPI-type
information sourced by Axnosis is CV's, which is provided to us by the relevant data subject with his/her consent.
When we gather personal information of our own employees (or employment applicants, consultants,
and sub-contractors), we realize that we may not make free and unlimited use thereof, being cognizant
of our responsibility to have procedures in place with respect to such data which comply with relevant
data protection and surveillance laws.
We source data for the following specific purposes:
In general, we source (and process) data for a variety of purposes, including, but not
limited to, the following:
Processing is defined as any operation, or activity, or any set of operations, concerning
personal information, including:
All processing of personal information must be done in accordance with the following
eight key principles
as outlined in the stated Acts:
Specific to Axnosis:
It is important that you understand how and for what purpose we process your information.
If for any reason you think that your information is not processed in a legal or lawful way, or that
your information is being used for a purpose other than originally intended, you may contact our IO / DPO
(see "Introduction" above). In the unlikely event that we want to use your personal information
in a manner different from that stated at the time of collection, we shall notify you, and you will have,
subject to legal and/or contractual provisions, a choice as to whether we can use your personal information
in such a way, by providing written consent / refusal.
Data provided by private companies and SOE’s, are uploaded in their own Microsoft Dynamics databases.
This requires that the data is converted into a different and specific format/s to be uploaded.
Data is never changed, but only repackaged / reformatted. SLA’s concluded by Axnosis shall forthwith
have provisions in place to ensure that consent is provided to collect, store, and disseminate this information.
The uploaded data is employed to populate the newly configured software system (and data base)
of our customers, as required by them in terms of their contracts with us. Data in respect of employees
and sub-contractors are housed in our HR and Payroll software, to facilitate salary payments, PAYE deductions,
pension - and medical aid payments, and reimbursing of all business-related expenses.
It is important to note that all data processing is done in compliance with applicable laws
(refer "Legislation" above), including appropriate notice and consent, along with required filings
with data protection authorities (where required). We neither use any of the data for marketing -
or recruitment purposes, nor would we ever sell, rent, or lease your personal information to other parties.
However, we reserve the right to disclose your personal information as required by law and when we
believe that disclosure is necessary to protect our rights, or the rights of others,
or to comply with a judicial proceeding, court order, law enforcement or legal process.
We also reserve our right to use or share your information
to protect the rights or property of Axnosis, our customers, business partners, sub-contractors,
or other affected parties, when we have reasonable grounds to believe that such rights or property
have been or could be negatively affected.
Only the implementation team working on the developing and configuring of the new software system
of a customer, has access to the data provided by the customer. The 8 relevant Project Manager
is the one who monitors and ensures that only his/her team members have access rights to customer
data provided under a specific contract.
Employee - and sub-contractors' related data are only accessed by our HR Department and our directors.
Our commitment: Axnosis will always secure the integrity and confidentiality of personal information
in our possession or under our control by taking appropriate, reasonable, technical, and organizational
measures to prevent the: loss of, damage to, unauthorized destruction, and unlawful access to or processing
of all personal information.
Data is received from customers in three ways:
(1) Via e-mails sent to the implementation team members.
(2) Customers transferring data directly via our Sharepoint site into a client-specific designated folder.
(3) Recorded meetings as indicated above.
All this data is then stored on Sharepoint and on the laptops and cell phones of our staff and sub-contractors.
Sharepoint folders / files and all customer folders on laptops and cell phones are password protected,
with password changes required once every quarter. Only implementation team members may have
access to the Sharepoint folders / files of the customer/s applicable to them.
All data (on Sharepoint and laptops) are duplicated and stored in the cloud, which is also password protected,
with quarterly changes in passwords being required. Our employees and external sub-contractors have
all signed POPIA-related confidentiality agreements that are on file and included as appendixes to their
employment - and sub-contractor agreements respectively.
Employee - and sub-contractors’ related data are stored in arch-lever files and kept in secure,
lock-up metal cabinets under control of our HR department. All this data is scanned in and softcopies
thereof are stored in the cloud as back-up, where all folders are password protected, requiring quarterly changes.
Note that all passwords are monitored by HR and implementation Project Managers and no third parties
have any knowledge of passwords except the relevant individuals using their own unique passwords.
On top of this, we employ antivirus and antispyware on our internal systems as well as employees'
and sub-contractors' laptops, to monitor any attempts to illegally access data.
We do not transfer personal information about a data subject to a third party (e.g., a sub-contractor,
business partner, auditors, regulatory or governmental authorities, 9 etc.) domiciled locally or in a foreign jurisdiction unless:
(1) the data subject has granted written consent where there is no formal contract in place; and/or
(2) the transfer is necessary for the performance of a contract between the data subject and us; and/or
(3) the transfer is for the benefit of the data subject.
We recognize and respect the varying national laws and obligations and their impact on cross-border
data transfers. When transferring personal information outside of the country of collection for the purposes
identified above, Axnosis will do so in compliance with the applicable law.
In respect of a software implementation project: The data is retained until at least the completion of the project,
and for the duration of the maintenance contract, after which all data is deleted as stated below.
If there is no maintenance contract, all data is kept until at least the expiry of the customer satisfaction period,
which is normally 3 (three) months post implementation, after the customer signs a “Satisfied / In Order”
confirmation form (also called the "Cut-Over Document") that the newly implemented software is according
to the required specifications, that sufficient training has been completed, and all data has been correctly
uploaded in the new system. When the customer signs said form, all data is deleted from Sharepoint,
the cloud back-up, the laptops and cell phones of employees and sub-contractors. Where the customer does
not sign, data is retained indefinitely, to safeguard us in the event of legal claims brought against us by a customer.
Where data is sourced from a customer apart from a signed contract, such data is obtained with the consent
of the customer. The customer (or data subject) may request in writing that we delete all his/her data
or personal information. Refer to next section.
Data of employees and sub-contractors are deleted upon the resignation of employees and the expiry of
the sub-contractors' agreements, respectively. This includes hardcopies and softcopies of the data.
Generally, we shall retain personal information only for as long as legally required or permitted and in
accordance with our records and information management policies. Note that a deletion request cannot
be honoured when Axnosis is required by law to keep that information. We respect your right to privacy
and upon your request Axnosis will no longer use your personal information unless required to provide
you services or as necessary to comply with our legal obligations, resolve complaints and disputes,
and enforce our contractual agreements.
Specific: You have the right to have your personal information processed in accordance
conditions for the lawful processing as prescribed by the relevant Acts, including the right:
There is a general obligation to notify the data subject of any data breach. Where there are reasonable
grounds to believe that a data subject's personal information has been accessed or acquired by an unauthorised
person, the responsible party (or any third party processing personal information under the authority of
the responsible party) must notify the Information Regulator and the data subject of such breach, unless the
identity of the data subject cannot be established. Notification to the data subject must
We have set in place employee and sub-contractor training to ensure they are privacyaware employees
throughout their employment - and sub-contractor agreements' tenors respectively. All new employees hired,
or new sub-contractors - and business partner agreements concluded, require that they are trained in respect
of GDPR and POPIA. This is supplemented by annual awareness briefings, targeted training for high-risk
populations, and periodic awareness messaging to all affected parties.
With regular privacy risk assessments, and in consultation with our auditors, we monitor emerging risk items
and mitigate all identified weaknesses to constantly enhance our compliance capabilities.
Data may be requested by data subjects subject (customers, employees, subcontractors, and business partners)
for purposes of confirmation, amendments, and/or deletion at any time. As a data subject, with cognizance
of the exception clause under "Scope" above, you have the right to:
Axnosis is committed to resolve any complaints / objections / disputes you may have
in relation to your privacy
and our collection and use of your personal information. Where applicable, affected parties may also reach out
to their national privacy authorities and ask for their support. We are committed to coordinate and collaborate
with foreign regulators, such as EU, USA, and Australian privacy authorities.;
We will treat your requests / complaints / objections / disputes confidentially. Our representative will contact
you within a reasonable time after receipt of your completed form and e-mail to address your concerns and outline
options regarding how they may be resolved. We shall aim to ensure that your complaint is resolved in a
timely and appropriate manner.
Access to our websites and Sharepoint data folders:
When you access our websites or data folders (when provided), you are responsible for complying with our
terms and conditions in use on our websites and Sharepoint.
Liabilities and Warranties:
Everything on our websites and SharePoint folders are provided to you "as is" without warranty of any kind,
either express or implied. You use our websites and Sharepoint folders (when provided) entirely at your own risk.
Axnosis does not warrant that our data sites, or any material downloaded from our site, will be error-free,
or free of viruses, or other harmful components. We also provide no warranties or representations as to the
accuracy of the content on our websites. We assume no liability or responsibility for any errors or omissions
in the content of our site, even though we have reasonable effort to ensure the accuracy and veracity of the
content on our site. We also reserve our right to change, in our sole discretion, our site in any way or at any time,
as we deem fit, without notice. We shall not be liable for any damages of any kind arising from your use of our site
and any content therein
or our handling of personal information, or possible breach of your privacy, you can send an e-mail to our IO or DPO
contact persons listed above.