Privacy Policy

1. Purpose of this Privacy Policy

◦ This policy (“Privacy Policy”) details what Personal Information we
process, why and how we collect, use, and process your Personal Information,
the manner in which we secure the integrity and confidentiality thereof and
your rights in terms of POPIA. We shall at all times strive to ensure that
the Personal Information we collect from you is processed in accordance with
the requirements of POPIA.

◦ It is important that you read this Privacy Policy together with any other
privacy notice we may provide from time to time when collecting or
Processing Personal Information about you so that you are fully aware of
what, how and why we are using your Personal Information.

2. Definitions and Interpretation

◦ “Quasistellar” (or “we” / “us” / “our”) means Quasistellar Game
Development (Pty) Ltd, a company incorporated in South Africa under
registration number 2013/066473/07.

◦ “Parties” means:

1. the “Responsible Party” being the person or entity who determines the
scope of Personal Information (“what”), the purpose of Processing (“why”)
and the means (“how”) of Processing the Personal Information.

2. “You” or the “Data Subject” means any person, including our clients,
prospective clients and/or our service providers, to whom the Personal
Information relates;

◦ “Operator” means those third party persons or entities who Processes
Personal Information on behalf of the Responsible Party in terms of an
agreement;

◦ “Personal Information” shall have the meaning ascribed to it in POPIA,
currently being information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic
person, as amended from time to time, which includes, but is not limited to
the Personal Information specified in clause 5

◦ “POPIA” means the Protection of Personal Information Act 4 of 2013, as
amended from time to time;

◦ “Processing” shall have the meaning ascribed to it in POPIA, currently
being any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information as amended from time to
time, and “Processed”, “Process” and “Processes” shall be ascribed similar
meaning

3. Status and Amendments

◦ Due to legal and other developments, Quasistellar may amend these terms
and conditions from time to time. The version of the terms and conditions
effective for this Privacy Policy are indicated by the last update date at
the bottom of this page. It is your duty to remain apprised of the current
version of this Privacy Policy. The date indicated in the last update date
at the bottom of this page is the effective date that governs this Privacy
Policy from the date specified until the next revision of this Privacy
Policy becomes effective

◦ By continuing to utilise Quasistellar for the provision of the Services
after a revised Privacy Policy becomes effective, it constitutes your
agreement to observe this Privacy Policy as may be revised.

◦ The latest version of the Privacy Policy will always be made available on
the Quasistellar website (https://hosting.quasistellar.co.za/privacy-policy)
and is intended to override all previous versions of the Privacy Policy.
Unless otherwise indicated, the latest version of the Privacy Policy shall
supplement other general privacy notices delivered by Quasistellar from time
to time and is not intended to override the Privacy Policy.

4. Who this Privacy Policy Applies to

◦ This Privacy Policy applies to all clients, prospective clients and/or
service providers of Quasistellar. It also applies to users of our websites.

5. What Personal Information we Collect and Generate

◦ Quasistellar processes the following Personal Information from you in
order to provide you with the Services:

1. Name and surname for natural persons;

2. Registered and trading name for juristic persons;

3. Passport/identity number and/or registration number;

4. contact number;

5. email address;

6. physical address and/or location information, including IP address

7. banking details;

6. Why we Collect and Process your Personal Information

◦ Quasistellar processes your Personal Information for the following reasons
(“Purposes”) and your continued use of the Services constitutes your
agreement to us Processing your Personal Information for such Purposes:

1. to execute a contract with you for the purpose of rendering the Services;

2. to carry out actions for the conclusion or performance of our contractual
obligations with you, which includes collecting and using your Personal
Information for the following purposes:

1. let you register an account with us;

2. to manage our relationship with you;

3. reply when you contact us for support;

4. investigate and resolve your query, complaint or request;

3. to share with other entities in Quasistellar, and/or those third-party
Operators located in South Africa as well as outside of South Africa who
have contracted with us, who require such Personal Information to render the
Services to you and/or for the operation of the Services, including website
hosting, administration, maintenance, development and supply of products
associated with the Services.

4. to meet our contractual obligations with third parties;

5. to enable any entity within Quasistellar and/or any third party Operator
to advise you of, or offer to you, any enhanced benefits or new products
that becomes available from time to time which you may become entitled to
qualify for, provided your consent to receive such communication in
accordance with Chapter 8 of POPIA.;

6. where it is in our or your legitimate interest to do so, for example
monitor our premises with CCTV cameras to ensure your and our safety.

7. where we are legally required to collect and process certain Personal
Information to comply with relevant laws.

8. to meet our duties in terms of POPIA to ensure your Personal Information
is complete, accurate, not misleading and updated on a regular basis. To
enable this, we will always try to obtain this Personal Information from you
directly, however, where it is more practicable to do so, we will make use
of verifiable independent third-party data sources.

9. to conduct credit enquiries as to your creditworthiness and perform risk
analysis, tracing and any related purposes, which includes Personal
Information about your credit history, financial history, judgements and
default history;

10. to combine all your Personal Information for any one or more of the
following purposes: perform market, statistical and academic research or to
customise our benefits and Services to meet your needs;

11. where Quasistellar is involved in a proposed or actual merger,
acquisition or any form of sale of any assets, we may share your Personal
Information with the third parties in connection with such transaction.
Where any business within Quasistellar is sold to another entity as a going
concern, you consent to this Privacy Policy being ceded to and applying
under the new entity unless specifically stipulated otherwise.

◦ If we want to process your Personal Information for reasons other than the
Purposes specified above, we will always ensure that the further Processing
is in accordance or compatible with the Purposes, with due regard to the
factors set out in section 15(2) of POPIA. Where we determine that the
reasons for further Processing of your Personal Information is not in
accordance or compatible with the Purposes, we will ensure that you consent
thereto. Please be advised that in certain circumstances, we will obtain
your consent through updating the latest Privacy Policy and notifying you
that the latest revision of the Privacy Policy is available on our website.
Your continued use of the Services will be indicative of your consent to the
further Processing of your Personal Information.

7. Where we Collect your Personal Information from

◦ We collect your Personal Information from you directly, except where we
have used third party Operator’s for the purpose of verifying,
substantiating and/or updating the Personal Information provided.

8. Websites and Cookies

◦ In order to provide you with the best possible and most relevant service,
our Websites may use standard technology to collect information about the
use by you of our Websites. This technology is not able to identify
individuals but simply allows our Websites to collect statistics.

◦ Our Websites utilises cookies, which is a small file that is placed on the
user of our Websites hard drive in order to keep a record of a user’s
interaction with our Websites. The cookies are used to allow us to tailor
the advertising and our Services to your displayed preferences. The Websites
may use third-party cookies from an ad server for this purpose. Cookies
themselves cannot be used to identify a person or users of our Websites but
may be used to compile anonymised statistics relating to the use of services
offered or to provide us with feedback on the performance of our Websites.

◦ If you do not wish cookies to be used to customise your interaction with
our Websites, it is possible to alter the manner in which your browser
handles cookies in your browser settings. Please note that if this is done,
certain services on the Websites may not be available to you.

9. Who we Share your Personal Information with

◦ We only transfer your Personal Information to Operators we trust and who
have agreed to keep your Personal Information secure and confidential and to
only use it for the purposes for which we shared it with them.

◦ We use Operators to process Personal Information on behalf of Quasistellar
for the provision of the following:

1. communicate with you;

2. verify your Personal Information to assist in fraud detection;

3. monitor the effectiveness of our Services;

4. store your Personal Information;

5. manage the day to day operations of our business;

6. professional services providers and advisors;

7. provide IT services and infrastructure;

◦ We ensure, in terms of a written contract between us and all Operators,
that all Operators process your Personal Information in accordance with
substantially similar security measures and standards that we implement when
Processing your Personal Information.

10. Transborder Flow of Personal Information

◦ We transfer your Personal Information to third parties who are in a
foreign country primarily for rendering services and support systems.
Certain services, including website builders and support ticket systems may
make use of servers hosted by third party services providers, such as Amazon
Web Services, Microsoft Azure, OVH, MaxMind who store data in various
locations around the world.

◦ We ensure that all third parties, with whom we transfer your Personal
Information to, who are in a foreign country are subject to a law, binding
corporate rules or binding agreements which provide an adequate level of
protection that effectively upholds principles for reasonable Processing of
your Personal Information that are substantially similar to the conditions
for the lawful Processing of Personal Information as set out in this Privacy
Policy and POPIA.

◦ Through your continued use of the Services, you consent to the transfer of
your Personal Information to third parties who are in a foreign country for
purposes of concluding and performing in terms of the contract in respect of
the Services.

11. Reasonable Measures to Secure your Personal Information

◦ When we process your Personal Information, we ensure that the integrity
and confidentiality of your Personal Information is secure by taking
appropriate, reasonable technical and organisation measures to prevent loss
of, damage to, unauthorised destruction of and unlawful access to your
Personal Information, having at all times due regard to generally accepted
information security practices and procedures which may apply to
Quasistellar or be required in terms of our specific industry or
professional rules and regulations.

◦ In order to give effect to the above, we have taken and shall continue to
take reasonable measures to identify all reasonably foreseeable internal and
external risks to Personal Information in our possession or under our
control, establish and maintain appropriate safeguards against any risks
identified, regularly verify that the safeguards are effectively implemented
and updated in response to new risks or deficiencies in previously
implemented safeguards.

◦ In consideration of the above, we have established and implemented the
following, amongst others, security practices and procedures to secure your
Personal Information:

1. password and/or biometric protection for electronic files, device access
and app software;

2. securing paper files and physical access restrictions;

3. physical and electronic access control to our buildings and servers;

4. limitation on those employees who have access to your Personal
Information to those employees who require access to fulfil their designated
responsibilities;

5. storage and transfer of Personal Information in electronic databases
containing safeguards such as firewalls, data encryption;

6. continuous internal training, self-audits, data privacy impact
assessments and ongoing awareness campaigns to ensure employees of
Quasistellar adhere to the compliance framework aimed to ensure appropriate
safeguards;

7. ensuring that any Operator that we share your Personal Information with
agrees in writing to treat your Personal Information with the same level of
protection as we are obliged to in terms of POPIA.

12. Storage of your Personal Information

◦ We will not keep your Personal Information longer than we need to fulfil
the Purposes, unless we are legally required to do so, we are authorised to
do so by law, or we require the record for lawful purposes related to our
functions or activities.

◦ We take legal requirements, contractual obligations, the functions and
activities of the Services, and the expectations and requirements of our
clients into account when we determine how long we should retain your
Personal Information.

◦ As soon as reasonably practicable after we no longer need your Personal
Information, we will delete, destroy and/or de-identify your Personal
Information in accordance with POPIA

13. Failure to provide us with your Personal Information

◦ You acknowledge that any Personal Information you provide us is Personal
Information that you voluntarily provide, however you acknowledge that the
Personal Information requested by us is mandatory for the provision of the
Services. Where we need to collect Personal Information by law, or under the
terms of a contract for the provision of a Service, and you fail to provide
the required Personal Information, we may not be able to comply with our
obligations in terms of the law and/or contract. In such an instance, we may
have to deny providing the Service to you or cancel the Service.

14. Your Rights in terms of POPIA

◦ You have the right to:

1. be notified that your Personal Information is being collected;

2. be notified of security compromises where reasonable grounds exist for us
to believe that your Personal Information has been accessed or acquired by
an unauthorised person;

3. ask us what Personal Information we have processed and request access to
such Personal Information;

4. ask what Personal Information was sent to our service providers or any
other third party;

5. ask us to update, correct or delete any Personal Information we have in
our possession about you where it is inaccurate, irrelevant, excessive, out
of date, incomplete, misleading or obtained unlawfully;

6. unsubscribe from any direct marketing communications we may send you and
object to the Processing of your Personal Information;

7. request us to delete or remove your Personal Information where there is
no legal and/or legitimate reason for us continuing to process same;

8. request restrictions on Processing of your Personal Information;

9. withdraw your consent at any time where we are relying on consent to
process your Personal Information;

10. to submit a complaint to the Information Regulator regarding an alleged
infringement with POPIA, however, we do encourage you to first allow our
internal compliance process to resolve the complaint. Please contact our
Information Officer as set out in clause 16, whereafter if you feel that
your complaint has not adequately been resolved, you can contact the
Information Regulator (South Africa) at:

SALU Building

33 Hoofd Street

Forum III

3rd Floor Braampark

P.O. Box 31533 Braamfontein

Tel No. +27 (0) 10 023 5207

Cell No. +27 (0) 82 746 4173

inforeg@justice.gov.za

11. Please see the contact details in clause 16 in order to exercise your
rights described above.

15. Access to and Correction of your Personal Information

◦ You can, having provided the adequate proof of identity, request us to
confirm, free of charge, whether or not we hold Personal Information about
you.

◦ You can, having provided the adequate proof of identity, request us, at a
prescribed fee, to provide record or a description of the Personal
Information held by us about you, including the identity of all Operators
who we have given access to your Personal Information.

◦ We may or must, as the case may be, refuse to disclose the Personal
Information requested in terms of this clause to which the grounds for
refusal of access to records set out in the applicable sections of Chapter 4
of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information
Act 2 of 2000 (“PAIA”) applies.

◦ You have the right to request us to correct or delete the Personal
Information we have in our possession where it is inaccurate, irrelevant,
excessive, out of date, incomplete, misleading or obtained unlawfully. You
may further request us to destroy or delete a record Personal Information
about you that we are no longer authorised to retain.

◦ Should you wish to exercise your rights as set out in this clause, please
contact us as per the contact details provided in clause 16. We are entitled
to respond to you within a reasonable time which can take us up to 21
business days due to procedures that we are required to follow.

◦ In certain circumstances, if we are unable to reach agreement on your
request as contained in this clause, you are entitled to request that we
take such steps as are reasonable in the circumstances, to attach to the
Personal Information in such a manner that it will always be read with the
information, an indication that a correction of the Personal Information has
been requested but has not been made.

16. Contact our Information Officer

◦ Name: Dewald Bodenstein

◦ Email: admin@quasistellar.co.za

17. Direct Marketing

◦ Quasistellar will only process your Personal Information for the purpose
of direct marketing by means of electronic communication where you have
given your consent.

◦ Where Quasistellar has processed your Personal Information in the context
of the Services and you have not objected to Quasistellar using your
electronic details at the time the Personal Information was collected or on
each occasion of each communication is sent to you for the purpose of
marketing, Quasistellar will continue to send you electronic communication
for the purpose of direct marketing until such time that you request that
such communication cease or your communication preference is amended by
following the unsubscribe process as indicated on the communication itself.

◦ Where you wish to amend the contact details we have in our possession for
purposes of sending you direct marketing, you may request such amendment by
contacting us as per our contact details provided on our website.

18. Data breaches

◦ We will notify our clients of any confirmed data breaches that have
occurred. It is our customers’ responsibility to notify relevant supervisory
authority and any affected data subjects of the data breach.