CIRT Terms & Conditions

Privacy Policy.

What does this Privacy Policy Cover

CONSUMPTION INFORMATION REAL TIME (PTY) LTD AND ITS SUBSIDIARIES INCLUDING BUT NOT LIMITED TO CIRT RETAIL INTELLIGENCE SOLUTION (PTY) LTD (“​RIS”, “we”, “us” or “our”​) respects your privacy and is committed to protecting your Personal Data. ​

This Privacy Policy describes how we process Personal Data when we provide the following services: (i) the RIS website ​www.cirt.co.za​ (the “​Sites​”) (ii) the RIS mobile application and whitelabel derivatives thereof is a self shopping / checkout mobile application for Android and iOS ​(add links to apps)​, (the “Apps”), (iii) the RIS Q-Hop self check-out kiosk that weighs the purchased items and may contain a camera for product recognition (the “​KIOSK​”), and (iv) our partners in creation this solutions AuthGate describe their Terms of Use available at https://authgate.com/termsofuse​ (together with the Sites, Apps and the Kiosk, the “​Services”​).

This Privacy Policy aims to clarify how we collect and processes Personal Data of individuals that uses the Services, including any data you may provide using the Services in accordance with the data protection laws and rules (including marketing and cookies laws, together with associated guidance) that we are required to comply with (the “Data Protection Laws”). Throughout this Privacy Policy, the capitalised terms that we use have the same meaning as set out in the EU General Data Protection Regulation (“GDPR”).  

We will post and notify individuals on any modifications or changes to this Privacy Policy on this page. Please check back frequently to see any updates or changes to this Privacy Policy. This Privacy Policy supplements any other fair processing or privacy notice that may be provided to you from time to time.

For the purposes of the Data Protection Laws, RIS is the Controller of your Personal Data for the purposes set out below and we are responsible for looking after it. We are the Controller in respect of your personal data where we decide the purposes (why the personal data is collected) and means (how the personal data is processed) of the processing.      

How to contact us.

You can contact us by emailing: ​support@q-hop.com, on any query related to a Service. Questions, comments or concerns regarding this Privacy and Cookie Policy or our use of your personal data are welcomed.

Understanding rights of your Personal Data

Your rights retained on your Personal Data

The Data Protecion Laws give you the following rights in respect of your Personal Data in certain circumstances:

  • Be informed: Through this Privacy Policy and any other privacy notices we make available to you, we will keep you informed about the Personal Data we hold about you.
  • Request access to your Personal Data​. You may acquire a copy of the Personal Data we hold about you to determine that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you​. You may inform us of any incomplete or inaccurate information that we hold about you and ask us to correct it.
  • Request erasure of your Personal Data​. You may request that we delete the Personal Data we hold about you where we no longer need it for the reason that we collected it. You may also request us to delete or remove your Personal Data where you have exercised your right to object to processing or you withdraw your consent (see below).
  • Object to processing of your Personal Data​. You may object to our processing of the Personal Data we hold about you where our lawful basis is for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the Personal Data which override your rights or which are for the establishment, exercise or defence of legal claims .
  • Request the restriction of processing of your Personal Data​. In certain circumstances you may ask us to restrict our use of Personal Data we hold about you, for example you dispute its accuracy or where you have the right to ask us to delete your Personal Data, but you would prefer that our processing is restricted instead.
  • Request the transfer of your Personal Data​. In certain circumstances, you may ask us to provide to you, or a third party you have chosen, the Personal Data that you have given us in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent​. If we rely on your consent as our lawful basis for pcoessing your Personal Data, you may withdraw your consent at any time. If you do so, this may result in us being unable to provide you with access to the certain specific functionalities of our Services. We will notify you if this is applicable at the time you withdraw your consent.

How to exercise your rights

To exercise your rights described above, please contact us using the contact details under the How to Contact Us section above.

Typically, there is no charge to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive, or, we may refuse to comply under these circumstances.

We may as a security precaution require specific information from you to assist in confirming your identity and ensure your right to access the Personal Data (or to exercise your rights). We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Your request may take longer if particularly complex or you have made a number of requests. In such a case, we will notify you and keep you updated.

Complaints

Any complaints regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us using the contact details shown under the How to Contact Us section above.

If your request has not been adequately resolved to your liking, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the ​Information Commissioner’s Office. Their address is: First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

Marketing communications preferences

You may occasionally receive push notifications from our Apps containing marketing materials. If you prefer not to receive push notifications, you may disable it at any time in your device’s app settings.

When opting out of push notifications, you may still receive support and administrative emails from time to time regarding your use of the Services including, for example, changes to our terms and conditions and policies, updates to our Services and security alerts.

What Personal Data we collect

All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.

For the purposes of this Policy, Personal Data is information about an individual, from which that individual is either directly identified or can be identified.

Anonymous data is ​not​ included (i.e., information where the identity of the individual has been permanently removed).

However, it ​does​ include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular  person).

                  

 

Category of Personal Data collected

What this means

Identity

First name, surname, date of birth.

Contact

Email address, telephone numbers and address.

Financial

No​ financial or payment credentials are stored, only selected payment methods are stored.

Transaction

Any details about payments to and from you and other details of services you have purchased from us. Data in respect of your transactions with third parties.

Service

Your data that you provide to us when you report a problem or ask a question in respect of our Services or when you request further services from us. If youcontact us, we may keep a record of that correspondence.

Technical

This includes:

● Device information: We may collect information about the device you use to access the Services, including time zone setting and location, operating system and platform, mobile network information, telephone number and other technology on the devices you use toaccess our Services.

● Location information: When you use one of our location-enabled Apps or Services, we may collect and process data about your actual location.

● Video footage: When you use the kiosk all video footage will only be  used to identify purchased items, and will ​not​ be used for any other processes, identification, shared with a third party, retained for extended periods or leave our system.

● Log information: We may automatically collect and store certain information about your use of the Services in server logs, including but not limited to internet protocol (IP) addresses, internet service provider, clickstream data.

● Unique application numbers: When you install or uninstall an App containing a unique application number or when such an App searches for automatic updates, that number and information about your installation, for example the type of operating system, may be sent to us.

 

Aggregated Data

We also collect, use and share ​Aggregated Data​ such as statistical, shopping habits or demographic data as deemed fit. Aggregated Data may be derived from your Personal Data, but once in aggregated form users does not directly or indirectly reveal your identity and will not be considered Personal Data. For example, we may aggregate any Behavioural or Usage Data for marketing, shopping habits or brand preferences. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

No Special Categories of Personal Data

We do not collect any ​Special Categories of Personal Data​ about

 

you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your Personal Data and why

We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so.

What is our legal basis for processing your Personal Data?

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legal basis for that use. Most commonly, we will rely on one of the following legal bases:

  • Where we need to perform a contract we are about to enter into or have entered into with you (Contractual Necessity​).
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (​Legitimate Interests​). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below.
  • Where we need to comply with a legal or regulatory obligation (​Compliance with Law​).
  • Where we have your specific consent to carry out the processing for the Purpose in question (​Consent​).

Generally we do not rely on your Consent as a legal basis for using your Personal Data. Where we have determined, acting reasonably and considering the circumstances, that we are able to rely on Legitimate Interests as the legal basis on which to process your personal information in certain circumstances, we have reached this decision by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual.

We consider that it is reasonable for us to process your information for the purposes of our legitimate interests as: (a) we process your information only so far as is necessary to achieve our intended purpose; and (b) it can be reasonably expected for us to process your information in this way. 

We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.

Purpose

Category(ies) ofPersonal Data

Why do we do this

Our legal basis for this use of data

Account Creation

● Identity

● Contact

● Technical

To register you as a new customer.

Contractual Necessity.

 

To processtransaction

 

● Identity

● Contact

● Financial

● Transaction

To prevent theft items purchased,purchase history, selected paymentmethod.

 

Contractual Necessity.

Troubleshooting

● Identity ● Contact

● Service

● Technical

● Transaction

To track issues that might beoccurring on our or partner systemsand to notify you of updates andsecurity alerts.

Legitimate Interests. It is in our legimiate interests that we are able to monitor and ensure the proper operation of ourServices and associated systems and services.

Data analysis, andimprovements to ourServices

 

● Identity

● Contact ● Service

● Behavioural

● Technical

 

To carry out audits and data analysis to identify usage trends, improve the Services and improve the effectiveness of our communications.

Legitimate Interests It is in our legitimateinterests that we are able to use audit and data analysis to improve. the Services and improve the effectiveness of ourcommunications.

Customer Services

● Identity ● Contact

● Service

● Technical

 

To provide customer service,including to respond to yourenquiries and fulfil any of yourrequests for information in respect of the Services.

Contractual Necessity.

 

Personalisation

● Identity ● Service

● Behavioural

● Technical

 

To personalise your experience onour Apps by presenting informationtailored to you and your geographiclocation.

Legitimate Interests.

It is in our legitimate interests that we are able to provide a more personalised service to you to improve yourexperience of the Services.

Compliance with law and regulation

 

● All relevant data

 

We may use data as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process and our regulators; (c) to respond to requests from public and government authorities; (d) toenforce or apply this Privacy andCookie Policy or our Terms of Use;(e) to protect our operations; (f) toprotect our rights, privacy, propertyor safety, and/or that of you or others; and (g) to allow us to pursueavailable remedies or limit thedamages that we may sustain.

Depending on the circumstances, our legal basis may be:

● Compliance with a legal obligation towhich we are subject;

● Necessity to protect your vitalinterests or those of another person;

● Legitimate interests.

 

Who we share your Personal Data with.

The table below describes who we share your Personal Data with, what we share and why we share it.

Recipients

Category(ies) of Personal Data

Why we share it

Our Customers

● Identity ● Contact

Our customers (retailers) help us provide our service and help manage our customer relationships (including providingcustomer support, customer liaison etc).

Service Providers

● Identity ● Contact

● Technical

Our service providers provide us with IT and system administration services.

Professional advisers

 

● Contact

● Behavioural ● Technical ● Transactional

 

Our lawyers, bankers, auditors and insurers provide consultancy, banking, legal, insurance and accounting services.

 

Regulators and other authorities

 

● Identity

● Contact

● Identity

Authorities may require reporting of processing activities in certain circumstances.

Analytics Providers

 

 

Our analytics providers will use this information for the purpose of evaluating your use of our Services, compiling reports on Service activity and providing other services relating to Service activity and internet usage. Our analytics providers may also transfer this information to third parties where required to do so by law, or where such third parties process the information onour analytics providers’ behalf. Improving our classifications and analysis with respect to all aspects of the system.

Phone Features and Usage

Phone FeaturesUsesInformation Collected
CameraBarcode scanning to use the core features of the Application
  • Barcode information of products scanned
  • Other meta data in like stock levels on shelves for analysis
BluetoothIdentifying your basket and phone to the Kiosk
  • Phone IEM
  • Bluetooth identifier
Location Based ServicesIdentifying which store you in or picking up your purchases from
  • Location of your phone to display on the map
  • Stock check based on your location
  • Shopping list feature based on your location
Data/WiFiIf you use your own data for the application to transmit information to the cloud instead of instore WiFi
  • Basket information including barcode, quantity of items, price of items, taxes, description of item etc.

Data transfers

 

[Note: The GDPR requires policies to say that personal data will be transferred outside of the EEA to a country that has not been determined by the EU Commission to have “adequate” protections for personal data (known as an adequacy decision).  The policy should also state the appropriate safeguard which will apply to that transfer – this must be one of a list of specific steps to take to protect the personal data transferring to a country without an adequacy decision. Given that the data is not going to originate in the EEA, it doesn’t make sense to take the usual GDPR approach to this section – perhaps we can (as suggested below) identify the location/ region where data may be hosted and say that you may transfer personal data internationally, but when you do so, it will be in accordance with the applicable Data Protection Laws.]  

To be completed after above table, depending where we host our services and where data will be transferred across borders

How we store your Personal Data securely.

We store all your Personal Data under appropriate security measures to it from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

We limit access to your Personal Data (as shown in the table above) to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.

How long we store your Personal Data.

We will only retain your Personal Data for so long as we reasonably need to use it for the purposes set out above How we use your Personal Data and why, or until you execute your rights to remove it, unless a longer retention period is required by law (for example for regulatory purposes).

The table below shows our standard retention practices:

 

 

Category of Personal Data

Retention period

Identity

For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)

Contact

For so long as you remain a customer of ours.

Transaction

For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why).

Service

For so long as you remain a customer of ours.

Technical

For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why).

 

Third party links.

The Services may include links to third-party websites, plug-ins and applications. We are not responsible for the privacy or other practices of any such third parties. Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Services, we encourage you to read the privacy policy of every site you visit.