shape shape

Privacy Policy

1.0 Purpose

The purpose of this Privacy Policy is to assure that nuvoteQ (Pty) Ltd (hereinafter referred to as nuvoteQ) adhere to the Protection of Personal Information Act 4 of 2013 (hereinafter “POPIA”), the Electronic Communications and Transactions Act 25 of 2002 (hereinafter “ECTA”), the European Union General Data Protection Regulation (hereinafter “GDPR”), the Health Insurance Portability and Accountability Act (hereinafter “HIPAA”) and other applicable data protection laws (hereinafter “Data Protection Laws”).

2.0 Scope and responsibilities

This Privacy Policy applies to Personal Information (subject hereto that such Personal Information falls within the application of POPIA) that nuvoteQ collects from you during your interactions with nuvoteQ, including through nuvoteQ’s websites (including mobile sites) and social media sites, mobile sites/applications and/or other online platforms (collectively “Online Services”) that link to this Privacy Policy, in writing or orally, or Personal Information that nuvoteQ may collect offline or receive from third parties.

This Privacy Policy applies to you if you:

  • Are a visitor to the nuvoteQ website;
  • Create a user account on a nuvoteQ Online Services/Electronic Platform;
  • Add to and manage your personal profile on a nuvoteQ Online Service/ Electronic Platform;
  • Contact or communicate with nuvoteQ via an Online Service/Electronic Platform.

You accept all the terms of this Privacy Policy when you register on a nuvoteQ Online Service. If you do not agree with anything in this Privacy Policy or subsequent updates (refer to Section 19.0 below), then you may be able to modify your browser and/or mobile device settings so you are notified when receiving cookies, or you can choose to restrict or block cookies. Please be aware that parts of our websites may not function correctly if you disable cookies.

Any suspected Security Breach or compromise of Personal Information or Confidential Information will be addressed as detailed in PC-GM-03 “Privacy, Security and Protection of Personal Information”.

3.0 Templates


4.0 Key definitions and clarifications

Confidential Information: All business information, operations, products or plans, personal information or plans which are not known to the general public and disclosed by nuvoteQ will be deemed to be Confidential Information. Confidential Information will include all information disclosed to nuvoteQ by a Client and that was clearly marked as ‘’Confidential’’.

Consent: Any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information.

Cookies: A small text file (up to 4KB) created by a website that is stored in the user’s computer either temporarily for that session only or permanently on the hard disk (persistent cookie). Cookies provide a way for the website to recognise you and keep track of your preferences.

Data: Information, facts and statistics used for reference or analysis in electronic form. For this Policy, all references to Data may include Personal Information and/or Confidential Information.

Data Protection Officer (DPO): Is someone, either an employee or a professional hired externally, who has responsibility for ensuring that their organisation is compliant with GDPR.

Data Subject: The person to whom the personal information relates.

Electronic Platform: A secure electronic system used by authorised nuvoteQ staff in accordance with their documented access rights for the delivery of electronic information (including, without limitation, documents).

General Data Protection Regulation (GDPR): The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Information Officer: The “head” of a private body (such as a company) or the most senior person of a particular public body, or any person duly authorised by such acting person. “Data Protection Officer” will have a corresponding meaning.

Information Regulator: An independent body established in terms of Section 39 of POPIA, empowered to monitor and enforce compliance by public and private bodies with the provisions of POPIA. “Regulator” will have a corresponding meaning.

IP address: A unique address that identifies a device on the internet or a local network.

Key Definition: A clarification of terminology applicable to a specific PROC DOC. These terms may be listed for clarity or additional information to the specific PROC DOC and may not necessarily be referred to again in the remainder of the PROC DOC. Reoccurring definitions may be listed in the nuvoteQ Glossary and not in the Key Definition section of a Procedural Document as per the Authors discretion. Commonly used roles may also be defined to indicate associated department or function within the organisation. The customised nuvoteQ Glossary is an alphabetical list of common terms and abbreviations nuvoteQ uses in their day-to-day operations. Definitions for those terms are available on the internal shared drive.

Online Services: A system/platform that collects Data during a user’s interaction with that system/platform and includes without limitation the nuvoteQ website (including mobile sites) and social media sites (Facebook, LinkedIn etc.) mobile sites/applications and/or other online platforms.

Personal Information: Information relating to an identifiable, living natural person, and where it is applicable, and identifiable, existing juristic person, including, but not limited to (a) information relating to the race, gender sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture or employment history of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views, or preference of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the content of the original correspondence; (g) the views or opinions of other individuals about the person; and (h) the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person. “Personal Data” has a corresponding meaning. Without limiting the generality of the foregoing, Personal Information must always be treated as Confidential Information, even after the individual’s death. It should be noted that Personal Information which has undergone Pseudonymisation and/or was de-identified, and which can be attributed to a Data Subject by the use of additional information and/or deidentified should be considered as Personal Information.

Processing: Any operation or activity or set of operations, whether by automatic means, concerning Personal Information, including (a) the collection, receipt, recording, organisation, collation, storage, dating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking as well as restriction, degradation, erasure or destruction of information. “Process”, “processes”, and “processed” shall have the corresponding meaning.

Promotion of Access to Information (PAIA): The Promotion of Access to Information Act Number 2 of 2000, as amended, is South Africa’s access to information law and it enables people to gain access to information held by both public and private bodies. PAIA gives legislative effect to the right of access to information in accordance with section 32 of the Constitution of the Republic of South Africa, 1996.

Protection of Personal Information Act (POPIA): The Protection of Personal Information Act, Number 4 of 2013, as amended. POPIA regulates the lawfulness of processing activities of South Africa’s Personal Information.

Pseudonymisation: A technique that replaces or removes information in a data set that identifies an individual. According to the European General Data Privacy Regulation (GDPR); “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.” To note Pseudonymised data and Anonymised data are not the same.

Records: Any recorded information that a business holds in any form or medium (paper and electronic). Records also include records that third parties created (and are now under the control of the business/responsible party) regardless of when it came into existence. Records include email and other recorded electronic communications.

Security Breach: Any potential or actual breach of information security, whether intentional or unintentional that has an effect on Personal Information and the Responsible Party and/or the Operator’s company resources and reputation, including without limitation viruses or other malicious codes, hacking or computer theft. “Security Incident” or “Privacy Incident” has a corresponding meaning.

Traffic data: Any data processed for the purposes of the conveyance of a communication on an electronic communications network in respect of that communication and includes data relating to the routing, duration or time of a communication.

User: A person who uses a computer and/or other devices to access an Online Service.

Web browser: An application used to access and view this website. Well known web browsers include Internet Explorer, Google Chrome and Safari.

5.0 Related documents

ML-HR-01: Employee Manual.

PC-HR-01: Code of Conduct.

ML-GM-01: Promotion of Access to Information Manual.

OP-GM-03: Confidentiality of Information.

PC-GM-03: Privacy, Security and Protection of Personal Information.

WI-GM-01: Good Documentation Practice.

OP-IT-01: Security, Management and Use of Information Technology.

6.0 Personal Information that nuvoteQ collects

Users that communicate with nuvoteQ through an Online Service/Electronic Platform will no longer be anonymous to nuvoteQ, since the users will provide certain Personal Information to nuvoteQ.

Personal Information is any information that identifies users as an individual or relates to users as an identifiable individual. Depending on how users interact with nuvoteQ, Personal Information that nuvoteQ collects may include without limitation, a user’s name and surname, email address, telephone number, log-in and account information for authentication purposes and account access, gender, qualification and experience details and other detail relating to nuvoteQ’s Online Services/Electronic Platforms, including, but not limited to, traffic data, location data, weblogs and other communication data; information that users provide to nuvoteQ, including Records of correspondence; marketing and other preference information; and social media account information.

nuvoteQ may also collect other information that does not personally identify users. Such other information includes browser and device information, website and application usage data, IP addresses, demographic information such as marketing preferences, geographic location, primary language, and information collected through cookies and other technologies or information that has been anonymised or aggregated. If nuvoteQ links this information with user’s Personal Information, nuvoteQ will treat that linked information as Personal Information.

Note: It is possible to modify and/or block the installation of cookies sent by the website of nuvoteQ, however the quality of the operations of the services may be affected (PC-GM-03).

Users can choose not to provide Personal Information to nuvoteQ when requested. However, if this is necessary to provide users with nuvoteQ’s solutions and services, access to nuvoteQ’s Online Services/Electronic Platforms, or to perform administrative functions, nuvoteQ may be unable to do perform these functions.

7.0 Sensitive Personal Information

nuvoteQ does not collect sensitive Personal Information about users, e.g. information relating to health, religion, political beliefs, race or sexual orientation via our Online Services and asks that users do not send or provide this information to nuvoteQ unless specifically requested to do so in writing and via a documented Consent process (ML-GM-01,PC-GM-03).

8.0 How nuvoteQ collects your Personal Information

nuvoteQ may collect Personal Information from users in a variety of ways when users interact with nuvoteQ, including without limitation when:

  • You access nuvoteQ’s Online Services or interact with nuvoteQ in any other way.
  • You reach out to nuvoteQ regarding potential business opportunities and/or nuvoteQ’s services, you create an account with nuvoteQ on one of our online platforms or Electronic Platforms, perform administrative and business functions and when you communicate with nuvoteQ.
  • nuvoteQ responds to your enquiries and requests, obtains feedback from you about our services or you apply for employment with nuvoteQ.

nuvoteQ collects Personal Information from third parties, including public databases, social media sites, business partners with whom nuvoteQ offers services or engage in joint marketing activities and third parties that provide list enhancement or similar services.

When users use nuvoteQ’s Online Services/Electronic Platforms, nuvoteQ and third parties nuvoteQ engages with may automatically collect data, including Personal Information through use of cookies and similar technologies.

9.0 Legal basis for Processing Personal Information

When nuvoteQ process Personal Information in connection with the purposes set out in this Privacy Policy, nuvoteQ may rely on one or more of the following legal bases, depending on the purpose for which the Processing activity is undertaken and the nature of nuvoteQ’s relationship with the user:

  • Our legitimate business interests (or those of a third party with whom we share users Personal Information) for the purpose of managing, operating or promoting our business, include marketing, for business and administrative purposes, except where such interests are overridden by users interests or fundamental rights or freedoms which require protection of Personal Information; and/or
  • Where this is necessary to comply with a legal obligation on nuvoteQ; and/or
  • To protect the vital interests of any individual; and/or
  • Where users have Consented to the use of their Personal Information.

10.0 Use of Personal Information

nuvoteQ may use Personal Information to enable users to effectively use and to improve nuvoteQ’s Online Services/Electronic Platforms. For example, to:

  • Perform administrative and business functions and internal reporting.
  • Send administrative information to users.
  • Obtain feedback from users about our services including through client satisfaction surveys, in which event, nuvoteQ will only use Personal Information for the sole purpose of sending users a survey (through our third-party email delivery provider).
  • Respond to enquiries and fulfil requests by users.
  • Assess the performance of Online Services/Electronic Platforms and to improve their operation.
  • Inform users about and provide users with nuvoteQ’s services and solutions.
  • Update nuvoteQ’s Records and keep contact details up to date.

nuvoteQ engages in these activities to manage nuvoteQ’s contractual relationship with clients/users, to comply with nuvoteQ’s legal obligations, or for nuvoteQ’s legitimate business interests.

11.0 Sharing Personal Information

nuvoteQ may share Personal Information for the purposes set out in this Privacy Policy (as applicable):

  • With nuvoteQ’s direct and indirect affiliates and subsidiaries for the purposes set out in this Privacy Policy. nuvoteQ is the party responsible for the management of jointly used Personal Information.
  • With business partners with whom nuvoteQ offers services or engage in joint marketing activities.
  • With service providers to provide operational services or facilitate transactions on nuvoteQ’s behalf, including but not limited to Processing of orders, assisting with services, client support, email delivery, data analytics and auditing.
  • Where Data Subjects Consent to the sharing of their Personal Information.
  • In connection with, any joint venture, merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of nuvoteQ’s business by or to another company.
  • For other legal reasons.
  • nuvoteQ may share Personal Information in response to a request for information by a competent authority in accordance with, or required by any applicable law, regulation or legal process (ML-GM-01):
    • Where necessary to comply with judicial proceedings, court orders or government orders; or
    • To protect the rights, property or safety of nuvoteQ, its business partners, Data Subjects, or others, or as otherwise required by applicable law.

Any third parties with whom we share Personal Information are contractually required to implement appropriate data protection and security measures to protect Personal Information and are not permitted to use Personal Information for any purpose other than the purpose for which they are provided with or given access to Personal Information.

12.0 Security of your Personal Information

nuvoteQ is committed to protecting Personal Information from accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure by using a combination of physical, administrative and technical safeguards and contractually requiring that third parties to whom nuvoteQ discloses Personal Information do the same.

However, while nuvoteQ have implemented reasonable technical and organisational precautions to protect the security and integrity of Personal Information, due to the inherent nature of the internet as an open global communications vehicle, nuvoteQ cannot guarantee that information, during transmission through the internet or while stored on nuvoteQ’s systems or otherwise in nuvoteQ’s care, will be absolutely safe from intrusion by others, such as hackers.

nuvoteQ maintains physical, electronic and procedural safeguards to protect Personal Information. We strive to protect information transmitted on or through nuvoteQ’s Online Services/Electronic Platforms, however, nuvoteQ cannot and do not guarantee the security of any data or information nuvoteQ transmits on or through the Online Services/Electronic Platforms, and users do so at their own risk. nuvoteQ cannot and do not guarantee the security of users’ data or information.

13.0 Cross border transfers

As a global company, nuvoteQ may transfer Personal Information to countries where nuvoteQ does business or to international organisations in connection with the purposes identified above and in accordance with this Privacy Policy.

Where nuvoteQ transfers Personal Information to a country or international organisation that does not provide a level of protection for Personal Information which the POPIA Information Regulator deems adequate, nuvoteQ enters into a Data Processing Agreement to ensure adequate protection measures.

14.0 Data Subject’s rights under Data Protection Laws

nuvoteQ adheres to applicable Data Protection Laws in South Africa as well as the European Union (GDPR), which provide Data Subjects with certain rights relating to Personal Information (subject hereto that such Personal Information fall within the application of the POPIA and further subject to the limitations as set out in POPIA). Data Subjects’ rights include without limitation:

  • The right to access Personal Information that nuvoteQ processes about them.
  • The right to rectify inaccurate Personal Information nuvoteQ holds about them without undue delay and taking into account the purposes of the Processing, to have incomplete Personal Information about them completed.
  • The right to ask nuvoteQ to delete their Personal Information without undue delay in certain circumstances.
  • The right to restrict the Processing of their Personal Information in certain circumstances.
  • Where nuvoteQ processes Personal Information based on a Data Subject’s Consent, the Data Subject has the right to withdraw his/her Consent at any time for future Processing .
  • Where nuvoteQ processes Personal Information based upon nuvoteQ’s legitimate interests of a third party, the Data Subject has the right to object to the Processing of Personal Information at any time (including to any profiling).
  • Where nuvoteQ processes Personal Information for direct marketing purposes, the Data Subject has the right to object to Processing of his/her Personal Information at any time, including profiling to the extent that it is related to such direct marketing.
  • The right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning Data Subjects or similarly significantly affects Data Subjects.
  • The right to lodge a complaint to the Information Regulator.

nuvoteQ will consider such requests and respond to requestors within 30 (thirty) days. nuvoteQ may require verification of a requestor’s identity before providing a copy of the Personal Information, as permitted by law (ML-GM-01).

15.0 Cookies and Similar Technologies

When users access nuvoteQ’s Online Services/Electronic Platforms, nuvoteQ uses Cookies and similar technologies. nuvoteQ uses Cookies to assist with activities such as:

  • Ensuring that web pages can function properly.
  • Know user navigation and user experience.
  • Collect anonymous statistical information, such as which sections have been visited, and how long a user has been in the nuvoteQ environment.

These technologies collect information that users’ browsers send to nuvoteQ’s Online Services/Electronic Platforms including an user’s browser type, information about IP address (a unique identifier assigned to a user’s computer or device which allows a user’s PC or device to communicate over the Internet), together with the date, time and duration of a user’s visit, the pages users view and the links users click (PC-GM-03).

16.0 Links to third party websites and applications

nuvoteQ’s Online Services/Electronic Platforms may contain links to third party websites and applications. Some of the content, advertising, and functionality on nuvoteQ’s Online Services/Electronic Platforms may be provided via third parties that are not affiliated with nuvoteQ. For example, nuvoteQ enables users to share certain materials with others through social networking services such as Facebook and LinkedIn. nuvoteQ are not responsible for and make no representations or warranties in relation to the privacy practices or content of any third-party websites, service functionality provided and applications. These third parties may collect or receive certain information about users of the websites (including through the use of cookies, beacons, and similar technologies) and such information may be collected over time and combined with information collected across different websites and online services. nuvoteQ do not control the data collection and use practices of these companies and users should check the relevant privacy notices and policies before using the services provided by these companies. Users use of such sites and applications are subject to the applicable third-party privacy statement/policy and are at users own risk.

17.0 Direct marketing

nuvoteQ may send direct marketing communications about nuvoteQ’s solutions and services. Recipients thereof can choose whether they wish to receive marketing communications from nuvoteQ by email, SMS, and phone.

Recipients may opt out of receiving marketing materials from nuvoteQ at any time and manage their communication preferences by contacting nuvoteQ using the contact details on nuvoteQ’s website. Recipients should include their contact details and a description of the marketing material they no longer wish to receive from nuvoteQ. nuvoteQ will comply with such requests as soon as is reasonably practicable.

If recipients opt out of receiving marketing related communications from nuvoteQ, nuvoteQ may still send recipients administrative messages as part of their ongoing use of our solutions and services, which recipients will be unable to opt out of.

nuvoteQ do not provide Personal Information to unaffiliated third parties for direct marketing purposes or sell, rent, distribute, or otherwise make Personal Information commercially available to any third party.

18.0 Retaining Personal Information

nuvoteQ will retain Personal Information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations, resolve disputes, protect assets or enforce agreements (PC-GM-03, ML-GM-01, OP-SD-01). The criteria nuvoteQ uses to determine retention periods include without limitation, whether:

  • nuvoteQ’s legal, contractual or other obligation to retain Personal Information, or as part of a business agreement, an investigation or for litigation purposes.
  • Personal Information is needed to maintain accurate business and financial Records.
  • There are automated means to enable users to access or update their Personal Information at any time.
  • The Personal Information is sensitive Personal Information in which event nuvoteQ will generally retain this for a specific purpose and limited period of time.
  • You have Consented to nuvoteQ retaining your Personal Information for a longer retention period, in which case, nuvoteQ will retain Personal Information in accordance with your Consent.

19.0 Updates to this Privacy Policy

nuvoteQ reserves the right to update, amend or modify this Privacy Policy at any time without prior notice. The “Document History” section at the bottom of this Privacy Policy reflects all updates, amendments and modifications made to this Privacy Policy.

We encourage you to regularly review this Privacy Policy to stay informed about our privacy practices.

20.0 How to contact us

If you have any questions about how your Personal Information is processed by nuvoteQ, you have a privacy concern or you wish to make a request or a complaint relating to your Personal Information, please contact our Information Officer/Data Protection Officer by using the following email address and/or the contact details and process as set out in the nuvoteQ PAIA Manual with is available on the website of nuvoteQ at

21.0 References and Regulatory Documents

  • Electronic Communications and Trans-actions Act 25 of 2002, as amended.
  • European Union (EU) Data Protection Directive (95/46/EC).
  • Health Insurance Portability and Accountability Act (HIPAA) of 2013, as amended.
  • ICH E6(R2) Integrated Addendum to ICH E6(R1): Guideline for Good Clinical Practice (2016) and subsequent versions.
  • Protection of Personal Information Act no 4 of 2013 (POPIA), as amended.
  • Promotion of Access to Information Act 2 of 2000 (PAIA), as amended.
  • Regulation (EU) 2016/679 of the European Parliament, repealing Directive 95/46/EC (General Data Protection Regulation).
  • South African Good Clinical Practice: Clinical Trial Guidelines. Third edition, 2020. Department of Health, South Africa, and subsequent updates.
  • United Kingdom Data Protection Act (2018), as amended.
  • United States Privacy Act of 1974, as amended.