Scope. This is the Privacy Policy of KR Design (PTY) LTD, which is referred to in this Privacy Policy, “we” or “us”. This Privacy Policy applies to information we collect from users of our website at www.krdesign.co.za and https://my.krdesign.co.za, our online services, our Android and iOS mobile apps, recipients of our emails, or when you otherwise interact with us (our “Services”). This policy further sets out what Personal Information we collect, how we process it and is designed to apply where we are acting as a data controller with respect to your Personal Information.

For more information about us, see the Section of this policy entitled “Our details” below.

In this policy, “processing” means any operation or set of operations which is performed on Personal Information (as defined in this Privacy Policy) or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We reserve the right to modify this Privacy Policy at any time and we will notify you of any material changes.

Collecting and Using Data.

For the purposes of this Privacy Policy, “Personal Information” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Privacy Policy, we will provide multiple examples of how Personal Information we collect may be used and why it is important.

For example, when you use our Services, we must collect your name, email address, and transaction information to complete the transaction. Some of the reasons that we collect Personal Information include to:

  • Provide our products and services, including our Apps and this Site, and improve them over time;
  • Allow you to download and purchase products and services;
  • Personalize and manage our relationship with you, including introducing you to products or services that may be of interest to you or to provide customer support;
  • Investigate, respond to, and manage inquiries or events;
  • Work with and respond to law enforcement and regulators; and
  • Research matters relating to our business such as security threats and vulnerabilities.

Data You Provide To Us. We collect information that you provide to us, including:

  • your name, email address, mobile phone number, date of birth, physical address, and currency preference, such as when you create an account, complete your profile or submit a request for support;
  • the emails and phone numbers of your contacts, if you choose to invite your friends to use AFFILIATES as part of our referral program when you create your account;
  • information about transactions you complete using our services, including the amount of funds associated with a service we provide, the type of transaction executed, and other related information; and
  • if you use our mobile apps, we collect from your mobile device a unique ID (where your device is an iPhone, we also collect the Apple-recommended CFUUID (the Core Foundation Universally Unique Identifier)).

Other Data Collected. We may also automatically collect the following data:

  • Cookies. We use cookies on our website to collect data about your visit (like usage data, and other information automatically collected from your browser or mobile device; this information may include your IP address; browser type and version; preferred language; geographic location using IP address or the GPS, wireless, or Bluetooth technology on your device; operating system and computer platform) and to allow you to navigate from page to page without having to re-login each time, count visits, and see which areas and features of our website are popular. We do not link the information we store in cookies to any information you submit while on our website. We may also use the data collected via cookies to tailor advertisements to you and to track the popularity of our website. Our use of cookies and other technologies may allow us and third parties to collect information about your browsing activities over time and across different websites following your use of our services.
  • Analytics. When you visit our website, we use third party analysis tools to collect data about your computer and Internet connection. That information includes the IP address of your computer and/or Internet service provider, when you access our website, the Internet address of websites from which you link to our website and from which you came before landing on our website, the browser that you are using, and your movements and preferences on our website. All of this information is used internally for the purpose of understanding how our website is being used and improving our website. We also use third party analysis tools to collect data about your use of our mobile apps. The information collected identifies the types and timing of actions you take within our mobile, including installation, registration, uploading, and certain types of navigating. All of this information is used internally for the purpose of understanding how our mobile apps are being used and improving them.
  • Action Tags. When you visit our website, we use action tags (also called pixel tags, clear GIF, or beacons) to identify some of the pages that you visit and how you use the content on those pages. Action tags may collect and transmit this data in a manner that identifies you if you have registered with our website; or are logged into our website. We also use action tags in our emails, to determine whether an email was opened or whether it was forwarded to someone else. When you use our mobile apps, we use action tags where you are accessing websites from links in our mobile apps. These may identify the pages that you visit and how you use the content on those pages.
  • Site Management. We aggregate data that we collect about the use of our website for administering, protecting and improving our website and our systems, to better understand the preferences of our website visitors and optimize the content that we serve, to identify server problems, to compile aggregated statistics about our website usage, and to improve our marketing and research.
  • Do Not Track. Our Service currently does not respond to “Do Not Track” signals and operates as described in this Privacy Policy whether or not a Do Not Track signal is received. If we do so in the future, we will describe how we do so in this Privacy Policy.

Bases for Data Processing. The data we collect and the data you provide to us is processed:

  • for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract;
  • for our legitimate interests, namely the proper administration of our business, the monitoring and improving of our website and Services, and the protection and assertion of our legal rights, your legal rights and the legal rights of others; and
  • in limited circumstances, further to your consent.

Automated Decision Making. We use automated processes to check Know-Your-Client (KYC) and Anti-Money Laundering (AML) data you provide to us in order to assess whether you are located in a banned country and, therefore, whether or not we are legally able to allow you to use our Services. However, those automated process support a decision making process that, in most cases, is conducted by humans, who will review any red flag issues raised by the automated processes. In some cases, decisions related to KYC data (and which are necessary to establish whether or not we can enter into a contract for Services with you) will be entirely automated. In those cases:

  • we perform a constant IP connection control in order to determine any potential connection to a banned country (in relation to account applications and/or during our relationship with you) and will reject any account application and/or relationship that is made from jurisdictions or regions that are prohibited by CHANGEHERE policies in compliance with applicable sanctions regulations.
  • account applications that infringe applicable rules will automatically be denied (for example, for customers that have submitted forged or fraudulent documents).
  • account applications for which all information and/or documentation is processed and approved by automated online identification systems are approved without human intervention.

Your Rights As A Data Subject. As a data subject you have the following rights which can be exercised by contacting our Data Protection Officer on dpo@rigcorp.co.za:

  • The right to confirmation and access
    You have the right to ask us to confirm to you whether or not we collect, process or store your Personal Information.
    Where we collect process or store your Personal Information, you are entitled to access to your Personal Information.
  • The right to rectification
    You have the right to have any inaccurate Personal Information about you rectified and to have any incomplete Personal Information about you completed.
  • The right to erasure
    You have the general right to request the erasure of your Personal Information. This right can be exercised if one of the following applies:
  1. the Personal Information is no longer necessary for the purpose the we collected it for;
  2. you withdraw your consent to consent based processing and no other legal justification for processing applies;
  3. you object to processing for direct marketing purposes;
  4. we unlawfully processed your Personal Information; or
  5. erasure is required to comply with a legal obligation that applies to us.
  • The right to restrict processing
    You have the right to restrict the processing of your Personal Information under certain circumstances. You may restrict the processing of your Personal Information in the following circumstances:
  1. if you contest the accuracy of the Personal Information;
  2. where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed Personal Information;
  3. if we longer need to process your Personal Information but you need the Personal Information for the establishment, exercise, or defense of legal claims; or
  4. if you object to processing that relies on the public interest or on our legitimate interests as the lawful processing grounds, we must restrict the challenged processing activity pending verification of whether our legitimate interests override your interests.
  • The right to object to processing
    You have the right to object to processing of your Personal Information under certain circumstances. These include:
  1. where our processing of your Personal Information is for direct marketing purposes (including profiling for direct marketing purposes) you may object free of charge by contacting us in writing; or
  2. where our processing of your Personal Information is for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation.
  • The right to data portability
    Where the legal basis for our processing your Personal Information is:
  1. your consent; or
  2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and where this processing is carried out by automated means, you have the right to receive your Personal Information from us in a structured, commonly used and machine-readable format, and also the right to transmit your Personal Information from us to another data controller without any hindrance from us where this is technically feasible. However, this right does not apply where it adversely affects the rights and freedoms of others.
  • The right to complain to a supervisory authority
    If you consider that our processing of your Personal Information infringes data protection laws applicable to you, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
  • The right to withdraw consent.
    Where the legal basis for processing your Personal Information is your consent, you have the right to withdraw that consent at any time, including in respect of direct marketing and automated decision making.

How We Protect The Data We Collect. We use reasonable physical, electronic, organizational and procedural safeguards to protect the personal information that we obtain from you from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please note that we are not responsible for the security of any data you are transmitting over the Internet, or any data you are storing, posting, or providing directly to a third party’s website, which is governed by that party’s policies. Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. If you have further questions about security, you can contact us.

Data Retention. The time periods for which we retain your Personal Information depend on the purposes for which we use it and are set out in our Record Retention & Destruction Policy. If you wish to close your KR Design account altogether, please contact us from your registered email address. We may retain information about you in our databases for as long as your account is active or as needed to provide you services and in accordance with applicable laws. Our retention and use of your information will be as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain certain information to prevent fraudulent activity, protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain, or if we believe in good faith that a law, regulation, rule or guideline requires it.

Access to Information. We will respond to your request for access to information we collect about you within the time frame required by applicable law.

Sharing Data. We may share your information as follows:

  • If we’ve aggregated or de-identified the information, so that it cannot reasonably be used to identify you;
  • With KR Design Group affiliated companies in order to provide you with specific products and services that are offered or provided by Eyeye or KR Design, each of them under the terms of use and/or service provided by each Group company;
  • With third party service providers who we use in delivering our Services, including certain advertising, referral, operations, financial services and technology services (such as hosting providers, identity verification, support, payment, and email service providers);
  • If required by applicable law or legal process, or if we believe it is in accordance with applicable law or legal process;
  • To protect the rights, property and safety of KR Design, our users and the public, including, for example, in connection with court proceedings, or to detect or prevent criminal activity, fraud, material misrepresentation, or to establish our rights or defend against legal claims; or
  • In connection with selling, merging, transferring, or reorganizing all or parts of our business.

Email Communications. If you opted-in to receive information about our products, updates and offers, we will use your name and email address to send this information to you. If you no longer wish to receive these communications, you can unsubscribe by following the instructions contained in the emails you receive or on our website. Please note that we may send you transactional and relationship messages, even if you have unsubscribed from our marketing communications. For instance, if our service is going to be temporarily suspended for maintenance, we might send you an email to update you.

Data Transfers. KR Design is headquartered in Midrand, South Africa, and we have operations band service providers throughout the world, including in the United States, United Kingdom and others. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the European Economic Area, we provide adequate protection for the transfer of Personal Information to countries outside of the EEA through a series of intercompany agreements based on the Standard Contractual Clauses authorized under the Article 46 of the EU General Data Protection Regulation.

Links to Other Websites and Online Services. Our website may include links to other websites or online services, including Facebook, whose privacy practices may differ from those of KR Design. If you submit information to any of those websites or online services, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

Changes to this Policy. We may make changes to this Privacy Policy. If we make changes, we will notify you by revising the date at the top of the policy. If we make material changes, we will do so in accordance with applicable legal requirements, and we will notify you prior to such changes becoming effective.

To keep your Personal Information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Information in our possession that you have previously submitted using our services. Please also feel free to contact us if you have any questions about our Privacy Policy or the information practices of the KR Design Services.

Our details. KR Design (PTY) LTD is registered in South Africa under registration number 2014/091081/07, and our registered office is at: 44 Sonneblom Road, Country View, Midrand, South Africa, 1687.

You can contact us:

  1. by post, to the postal address given above;
  2. using our website contact form;
  3. by email, using following email address info@krdesign.co.za.

Our Data Protection Officer’s contact details are: dpo@rigcorp.co.za if you have any queries concerning your rights under this Privacy Policy please contact the Data Protection Officer.