# Value10x Privacy Policy
**Effective Date:** 10 August, 2025
**Last Updated:** 10 August, 2025
—
## Table of Contents
1. [Introduction](#introduction)
2. [Information We Collect](#information-we-collect)
3. [How We Use Your Information](#how-we-use-your-information)
4. [Legal Basis for Processing](#legal-basis-for-processing)
5. [Information Sharing and Disclosure](#information-sharing-and-disclosure)
6. [Cookies and Tracking Technologies](#cookies-and-tracking-technologies)
7. [Data Security](#data-security)
8. [Data Retention](#data-retention)
9. [Your Rights and Choices](#your-rights-and-choices)
10. [Cross-Border Data Transfers](#cross-border-data-transfers)
11. [Platform-with-a-Service Specific Provisions](#platform-with-a-service-specific-provisions)
12. [Consulting Services Privacy](#consulting-services-privacy)
13. [Third-Party Services and Integrations](#third-party-services-and-integrations)
14. [Children’s Privacy](#childrens-privacy)
15. [Changes to This Privacy Policy](#changes-to-this-privacy-policy)
16. [Contact Information](#contact-information)
17. [Jurisdiction-Specific Rights](#jurisdiction-specific-rights)
—
## 1. Introduction
Value10x (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our Platform-with-a-Service (PwaS) offerings, engage our consulting services, or interact with our Value10x OS™ platform.
As a Platform-with-a-Service provider, we understand that trust is fundamental to our relationship with you. We have designed our privacy practices to comply with applicable data protection laws, including the Protection of Personal Information Act (POPIA) in South Africa and the General Data Protection Regulation (GDPR) in the United Kingdom and European Union.
Our commitment to privacy extends beyond mere compliance. We believe that transparent data practices are essential for building the long-term partnerships that drive exponential business growth. This policy reflects our dedication to protecting your privacy while delivering the transformational results that define our Platform-with-a-Service approach.
### Our Privacy Principles
**Transparency**: We provide clear, understandable information about our data practices and your rights regarding your personal information.
**Purpose Limitation**: We collect and process personal information only for specific, legitimate business purposes that are clearly communicated to you.
**Data Minimization**: We collect only the personal information that is necessary for the purposes for which it is processed.
**Accuracy**: We take reasonable steps to ensure that personal information we hold is accurate, complete, and up-to-date.
**Security**: We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.
**Accountability**: We take responsibility for our data processing activities and can demonstrate compliance with applicable privacy laws.
### Scope of This Policy
This Privacy Policy applies to all personal information we collect and process in connection with:
– Our website and online services
– Our Value10x OS™ platform and related services
– Our consulting and professional services
– Our marketing and business development activities
– Our customer support and account management services
– Any other interactions you may have with Value10x
This policy does not apply to third-party websites, applications, or services that may be linked to or integrated with our services, even if accessed through our platform. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.
—
## 2. Information We Collect
We collect various types of information to provide and improve our Platform-with-a-Service offerings, deliver consulting services, and enhance your overall experience with Value10x. The information we collect falls into several categories:
### 2.1 Information You Provide Directly
**Account and Registration Information**: When you create an account or register for our services, we collect information such as your name, email address, phone number, company name, job title, business address, and other contact details. For our Platform-with-a-Service offerings, we may also collect information about your business needs, current systems, and transformation objectives.
**Profile and Preference Information**: We collect information you provide when setting up your user profile, including preferences for communications, platform configurations, and service customizations. This may include your preferred communication methods, time zones, language preferences, and specific business requirements.
**Payment and Billing Information**: When you purchase our services, we collect billing information including your name, billing address, and payment method details. Payment processing is handled by secure third-party payment processors, and we do not store complete credit card numbers or sensitive payment information on our systems.
**Communication and Correspondence**: We collect information from your communications with us, including emails, phone calls, chat messages, support tickets, and feedback. This includes the content of your communications, timestamps, and any attachments or files you share with us.
**Consulting Services Information**: When you engage our consulting services, we collect detailed information about your business operations, challenges, goals, and requirements. This may include confidential business information, operational data, performance metrics, and strategic planning information necessary to deliver our consulting services effectively.
**Survey and Feedback Information**: We may collect information through surveys, feedback forms, and other research activities to improve our services and understand your needs better.
### 2.2 Information Collected Automatically
**Platform Usage Data**: Our Value10x OS™ platform automatically collects information about how you use our services, including features accessed, time spent on different sections, user interactions, configuration changes, and system performance data. This information helps us optimize platform performance and improve user experience.
**Website Analytics**: We use analytics tools including Google Analytics and Microsoft Clarity to collect information about your website usage, including pages visited, time spent on pages, click patterns, scroll behavior, and navigation paths. This information is collected through cookies and similar tracking technologies.
**Device and Technical Information**: We automatically collect technical information about the devices and browsers you use to access our services, including IP addresses, device identifiers, browser types and versions, operating systems, screen resolutions, and network connection information.
**Log Files and System Data**: Our systems automatically generate log files that contain information about system access, errors, performance metrics, and security events. These logs may include IP addresses, timestamps, user actions, and system responses.
**Location Information**: We may collect general location information based on your IP address to provide localized services, comply with local regulations, and optimize service delivery. We do not collect precise geolocation data unless explicitly authorized by you.
### 2.3 Information from Third-Party Sources
**Business Intelligence and Lead Generation**: We may collect publicly available business information from legitimate sources to support our marketing and business development activities. This may include company information, contact details of business decision-makers, and industry data.
**Integration and API Data**: When you connect third-party services to our platform, we may receive information from those services as necessary to provide integrated functionality. This is done only with your explicit authorization and in accordance with the privacy policies of those third-party services.
**Partner and Referral Information**: We may receive information about you from our business partners, referral sources, or other third parties who recommend our services, provided they have obtained appropriate consent to share such information.
**Social Media and Public Sources**: We may collect information from social media platforms and other public sources to better understand your business needs and provide relevant services, always in compliance with the terms of service of those platforms and applicable privacy laws.
### 2.4 Sensitive Personal Information
In the course of providing our consulting services, we may occasionally process sensitive personal information as defined by applicable privacy laws. This may include:
– Financial information related to business performance and transformation metrics
– Strategic business information that could impact competitive positioning
– Employee data when consulting on organizational transformation
– Customer data when optimizing customer relationship management systems
We process sensitive personal information only when necessary for our legitimate business purposes, with appropriate safeguards, and in compliance with applicable legal requirements. We obtain explicit consent when required by law and implement enhanced security measures for all sensitive information.
### 2.5 Information About Your Customers and End Users
As a Platform-with-a-Service provider, our platform may process personal information about your customers and end users on your behalf. In these situations, you act as the data controller, and we act as a data processor. We process this information solely according to your instructions and in accordance with our Data Processing Agreement.
The types of end-user information that may be processed through our platform include:
– Contact information (names, email addresses, phone numbers)
– Communication preferences and interaction history
– Purchase history and transaction data
– Website behavior and engagement metrics
– Support and service interaction records
– Marketing campaign response data
We implement appropriate technical and organizational measures to protect this information and ensure that our processing activities comply with applicable data protection laws.
—
## 3. How We Use Your Information
We use the information we collect for various legitimate business purposes that enable us to deliver our Platform-with-a-Service offerings, provide consulting services, and continuously improve our solutions. Our use of your information is always guided by the principles of necessity, proportionality, and transparency.
### 3.1 Service Provision and Platform Operations
**Platform Delivery**: We use your information to provide access to and operation of our Value10x OS™ platform, including user authentication, account management, feature delivery, and system optimization. This includes processing your configuration preferences, maintaining your account settings, and ensuring platform security and performance.
**Consulting Services**: We use information collected during our consulting engagements to analyze your business requirements, develop transformation strategies, implement solutions, and measure results. This includes processing confidential business information to deliver our Impact-as-a-Service methodology and achieve the exponential growth outcomes that define our approach.
**Customer Support**: We use your information to provide technical support, troubleshoot issues, respond to inquiries, and resolve service problems. This includes analyzing platform usage patterns to identify and address technical issues proactively.
**Service Customization**: We use information about your business needs, preferences, and usage patterns to customize our platform and services to better meet your specific requirements. This includes configuring automated workflows, personalizing user interfaces, and optimizing system performance for your use cases.
### 3.2 Business Operations and Administration
**Account Management**: We use your information to manage your account, process payments, maintain billing records, and handle subscription management. This includes sending account-related communications, processing service upgrades or downgrades, and managing contract renewals.
**Legal and Regulatory Compliance**: We use your information to comply with applicable laws, regulations, and legal obligations, including data protection laws, financial regulations, and industry-specific requirements. This may include maintaining records for audit purposes, responding to legal requests, and ensuring compliance with cross-border data transfer requirements.
**Risk Management and Security**: We use information to protect our systems, prevent fraud, detect security threats, and maintain the integrity of our platform. This includes monitoring for suspicious activities, implementing access controls, and conducting security assessments.
**Business Analytics and Improvement**: We analyze aggregated and anonymized information to understand usage patterns, identify improvement opportunities, and enhance our services. This includes analyzing platform performance metrics, user engagement data, and service effectiveness measures.
### 3.3 Marketing and Business Development
**Marketing Communications**: We use your contact information to send you marketing communications about our services, including newsletters, product updates, case studies, and promotional offers. We only send marketing communications to individuals who have provided consent or where we have a legitimate interest in doing so, and we always provide easy opt-out mechanisms.
**Lead Generation and Qualification**: We use information to identify potential customers, qualify leads, and develop business opportunities. This includes analyzing business information to understand potential fit for our Platform-with-a-Service offerings and consulting services.
**Event and Webinar Management**: We use your information to manage your participation in our events, webinars, and educational programs, including registration processing, communication delivery, and follow-up activities.
**Content Personalization**: We use information about your interests, business needs, and engagement history to personalize the content we provide, including website content, email communications, and educational resources.
### 3.4 Research and Development
**Service Innovation**: We use aggregated and anonymized information to research and develop new features, services, and solutions. This includes analyzing usage patterns to identify opportunities for platform enhancements and new service offerings.
**Industry Research**: We may use anonymized business information to conduct industry research, develop benchmarks, and create thought leadership content that benefits our entire client community.
**Performance Optimization**: We use technical information and usage data to optimize platform performance, improve system reliability, and enhance user experience across our services.
### 3.5 AI and Automation Services
**AI-Powered Features**: Our platform includes artificial intelligence and automation capabilities that process your information to deliver intelligent insights, automated workflows, and predictive analytics. This processing is designed to enhance your business operations and support the exponential growth outcomes that define our Platform-with-a-Service approach.
**Machine Learning Improvements**: We may use aggregated and anonymized data to improve our AI algorithms and machine learning models, ensuring that our automated systems become more effective over time while maintaining strict privacy protections.
**Predictive Analytics**: We use historical data and usage patterns to provide predictive insights that help you optimize your business operations, identify growth opportunities, and prevent potential issues.
### 3.6 Integration and Third-Party Services
**Service Integrations**: We use your information to facilitate integrations between our platform and third-party services you choose to connect, ensuring seamless data flow and functionality across your business systems.
**API and Data Exchange**: When you use our platform’s API capabilities or data exchange features, we process your information to enable these functionalities while maintaining appropriate security and privacy protections.
**Partner Services**: We may share limited information with authorized partners and service providers who help us deliver our services, always under strict contractual obligations to protect your privacy and security.
### 3.7 Legal Basis Summary
Our use of your information is based on one or more of the following legal bases:
– **Consent**: Where you have provided specific consent for particular processing activities
– **Contract Performance**: Where processing is necessary to perform our contractual obligations to you
– **Legitimate Interests**: Where we have legitimate business interests that are not overridden by your privacy rights
– **Legal Obligation**: Where processing is required to comply with applicable laws and regulations
– **Vital Interests**: In rare cases where processing is necessary to protect vital interests
We will always inform you of the specific legal basis for processing your information and provide you with appropriate rights and controls over that processing.
—
## 4. Legal Basis for Processing
Under applicable data protection laws, including POPIA and GDPR, we must have a valid legal basis for processing your personal information. We rely on the following legal bases:
### 4.1 Consent
We process your personal information based on your consent when:
– You subscribe to our marketing communications
– You participate in surveys or feedback activities
– You provide optional information for service enhancement
– You authorize specific integrations or data sharing activities
You have the right to withdraw your consent at any time, and we provide easy mechanisms for doing so. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
### 4.2 Contract Performance
We process your personal information when necessary to perform our contractual obligations, including:
– Providing access to our Platform-with-a-Service offerings
– Delivering consulting services as specified in our agreements
– Processing payments and managing billing
– Providing customer support and technical assistance
### 4.3 Legitimate Interests
We process your personal information based on our legitimate interests when:
– Improving and optimizing our services and platform performance
– Conducting business analytics and research for service development
– Protecting our systems and preventing fraud or security threats
– Managing our business operations and administrative functions
– Pursuing business development and marketing activities
We always balance our legitimate interests against your privacy rights and will not process your information where your interests or fundamental rights override our legitimate interests.
### 4.4 Legal Obligation
We process your personal information when required by law, including:
– Complying with data protection and privacy regulations
– Meeting financial and tax reporting requirements
– Responding to valid legal requests and court orders
– Maintaining records for regulatory compliance purposes
—
## 5. Information Sharing and Disclosure
We are committed to protecting your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the limited circumstances described below, always with appropriate safeguards and in compliance with applicable privacy laws.
### 5.1 Service Providers and Processors
We work with trusted third-party service providers who help us deliver our Platform-with-a-Service offerings and consulting services. These providers may process your personal information on our behalf, but only according to our instructions and under strict contractual obligations to protect your privacy and security.
**Technology Infrastructure Providers**: We use cloud computing and infrastructure services to host our platform and store data securely. These providers are carefully selected based on their security capabilities and compliance with international data protection standards.
**Payment Processors**: We use secure third-party payment processors to handle billing and payment transactions. These processors are PCI DSS compliant and implement industry-standard security measures to protect financial information.
**Analytics and Performance Monitoring**: We use analytics services to monitor platform performance, understand user behavior, and improve our services. These services process information according to their privacy policies and our data processing agreements.
**Communication and Support Tools**: We use third-party tools for email delivery, customer support, and communication management. These providers process information only as necessary to deliver these services.
### 5.2 Business Partners and Integrations
**Authorized Integrations**: When you choose to connect third-party services to our platform, we may share relevant information with those services to enable the integration functionality. This sharing is always done with your explicit authorization and according to the privacy policies of those services.
**Strategic Partners**: We may share limited information with strategic business partners who help us deliver enhanced services or reach new markets. Any such sharing is governed by strict confidentiality agreements and data protection requirements.
### 5.3 Legal and Regulatory Requirements
We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:
– Comply with legal obligations, court orders, or regulatory requirements
– Protect and defend our rights, property, or safety, or that of our users or the public
– Investigate potential violations of our terms of service or other policies
– Respond to claims of illegal activity or infringement of third-party rights
### 5.4 Business Transactions
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice of any such transfer and ensure that the receiving party commits to protecting your information according to standards at least as protective as this Privacy Policy.
### 5.5 Aggregated and Anonymized Information
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include industry benchmarks, usage statistics, and research findings that help advance best practices in business transformation and platform services.
—
## 6. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience with our website and platform, analyze usage patterns, and improve our services. This section explains what these technologies are, how we use them, and how you can control them.
### 6.1 What Are Cookies and Tracking Technologies
**Cookies** are small text files stored on your device when you visit our website. They help us recognize your browser and remember certain information about your preferences and activities.
**Web Beacons** (also called pixel tags or clear GIFs) are small graphic images embedded in web pages or emails that allow us to track whether content has been accessed or viewed.
**Local Storage** technologies allow websites to store information locally on your device, providing functionality similar to cookies but with greater storage capacity.
**Analytics Tools** collect information about how you interact with our website and platform, helping us understand user behavior and improve our services.
### 6.2 Types of Cookies We Use
**Essential Cookies**: These cookies are necessary for our website and platform to function properly. They enable core functionality such as user authentication, security features, and basic navigation. These cookies cannot be disabled without affecting the functionality of our services.
**Performance and Analytics Cookies**: We use analytics services to collect information about how visitors use our website and platform. This includes:
– **Website Analytics**: We use analytics tools to understand website traffic, user behavior, and content effectiveness. This helps us optimize our website design and content to better serve your needs.
– **User Experience Analytics**: We use session recording and heatmap technologies to understand how users interact with our platform, identify usability issues, and improve user experience design.
– **Performance Monitoring**: We use monitoring tools to track platform performance, identify technical issues, and ensure optimal service delivery.
**Functional Cookies**: These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, and customization choices.
**Marketing and Advertising Cookies**: We may use cookies to deliver relevant marketing content and measure the effectiveness of our marketing campaigns. These cookies help us:
– Show you relevant content based on your interests
– Measure the effectiveness of our marketing campaigns
– Prevent you from seeing the same advertisements repeatedly
– Provide social media features and functionality
### 6.3 Third-Party Tracking Technologies
We use several third-party services that may place cookies or use other tracking technologies:
**Analytics Services**: We use professional analytics services to gain insights into website and platform usage. These services collect information about your interactions with our services and may use this information according to their own privacy policies.
**Customer Experience Tools**: We use tools that help us understand user behavior and improve customer experience. These tools may record user sessions, create heatmaps, and analyze user interactions to help us optimize our services.
**Marketing and Advertising Platforms**: We may use marketing platforms that place cookies to help us deliver relevant advertising and measure campaign effectiveness across different websites and platforms.
**Social Media Integration**: Our website may include social media features that allow you to share content or connect with us on social platforms. These features may place cookies or use other tracking technologies according to the privacy policies of the respective social media platforms.
### 6.4 Managing Your Cookie Preferences
You have several options for managing cookies and tracking technologies:
**Browser Settings**: Most web browsers allow you to control cookies through their settings. You can typically:
– View which cookies are stored on your device
– Delete existing cookies
– Block cookies from specific websites
– Block all cookies (though this may affect website functionality)
**Opt-Out Tools**: Many advertising networks and analytics providers offer opt-out tools that allow you to prevent tracking across multiple websites.
**Platform Settings**: Our platform includes privacy settings that allow you to control certain types of data collection and processing.
**Cookie Consent Management**: We provide cookie consent tools that allow you to manage your preferences for different types of cookies and tracking technologies.
### 6.5 Do Not Track Signals
Some browsers include “Do Not Track” features that send signals to websites requesting that they not track user activities. Currently, there is no universal standard for how websites should respond to these signals. We continue to monitor developments in this area and may update our practices as standards emerge.
### 6.6 Mobile Device Tracking
When you access our services through mobile applications or mobile browsers, we may collect device identifiers and other information to provide and improve our services. You can typically control mobile tracking through your device settings, including:
– Limiting ad tracking
– Resetting advertising identifiers
– Managing app permissions
– Controlling location services
—
## 7. Data Security
Protecting your personal information is fundamental to our Platform-with-a-Service approach. We implement comprehensive security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction.
### 7.1 Technical Security Measures
**Encryption**: We use industry-standard encryption to protect your information both in transit and at rest. All data transmissions between your devices and our platform are protected using Transport Layer Security (TLS) encryption. Sensitive information stored in our systems is encrypted using advanced encryption standards.
**Access Controls**: We implement strict access controls to ensure that personal information is accessible only to authorized personnel who need it to perform their job functions. This includes multi-factor authentication, role-based access controls, and regular access reviews.
**Network Security**: Our platform infrastructure is protected by multiple layers of network security, including firewalls, intrusion detection systems, and network monitoring tools that continuously scan for potential threats.
**Secure Development**: We follow secure development practices throughout our software development lifecycle, including security code reviews, vulnerability testing, and regular security assessments.
### 7.2 Organizational Security Measures
**Employee Training**: All employees receive regular training on data protection principles, security best practices, and their responsibilities for protecting personal information.
**Background Checks**: We conduct appropriate background checks for employees who have access to personal information, ensuring that only trustworthy individuals handle sensitive data.
**Confidentiality Agreements**: All employees, contractors, and service providers who have access to personal information are bound by strict confidentiality agreements.
**Incident Response**: We maintain a comprehensive incident response plan that enables us to quickly detect, respond to, and recover from security incidents while minimizing impact on your information.
### 7.3 Infrastructure Security
**Data Centers**: Our platform is hosted in secure data centers that meet international security standards, including physical security controls, environmental protections, and redundant systems to ensure availability.
**Regular Audits**: We conduct regular security audits and assessments to identify potential vulnerabilities and ensure that our security measures remain effective against evolving threats.
**Vendor Management**: We carefully evaluate the security practices of all third-party service providers and require them to maintain security standards that are consistent with our own.
**Backup and Recovery**: We maintain secure backup systems and disaster recovery procedures to protect against data loss and ensure business continuity.
### 7.4 Monitoring and Detection
**Continuous Monitoring**: We use automated monitoring systems to detect potential security threats and unusual activities in real-time.
**Log Analysis**: We maintain detailed logs of system activities and regularly analyze these logs to identify potential security issues.
**Threat Intelligence**: We use threat intelligence services to stay informed about emerging security threats and adjust our defenses accordingly.
### 7.5 Data Breach Response
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
– Contain and investigate the breach promptly
– Assess the risk to affected individuals
– Notify relevant supervisory authorities within 72 hours where required by law
– Notify affected individuals without undue delay when required
– Take appropriate measures to mitigate the impact of the breach
– Implement additional safeguards to prevent similar incidents
—
## 8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
### 8.1 General Retention Principles
**Purpose Limitation**: We retain information only for as long as necessary to achieve the specific purposes for which it was collected.
**Legal Requirements**: We may retain information for longer periods when required by applicable laws, regulations, or legal obligations.
**Business Needs**: We consider legitimate business needs, including contract performance, customer support, and regulatory compliance, when determining retention periods.
**Data Minimization**: We regularly review stored information and delete or anonymize data that is no longer needed.
### 8.2 Specific Retention Periods
**Account Information**: We retain account information for the duration of your relationship with us and for a reasonable period thereafter to handle any post-termination obligations or inquiries.
**Platform Usage Data**: We typically retain platform usage data for up to 3 years to support service improvement, analytics, and customer support activities.
**Communication Records**: We retain communication records, including support tickets and correspondence, for up to 7 years to support customer service and legal compliance requirements.
**Financial Records**: We retain billing and payment information for up to 7 years to comply with financial record-keeping requirements and tax obligations.
**Consulting Services Records**: We retain consulting project information for up to 10 years to support ongoing client relationships, warranty obligations, and professional liability requirements.
**Marketing Information**: We retain marketing communication preferences and related information until you opt out or for up to 3 years of inactivity.
### 8.3 Deletion and Anonymization
When retention periods expire, we securely delete or anonymize personal information using industry-standard methods. Anonymized information may be retained indefinitely for research, analytics, and service improvement purposes.
**Secure Deletion**: We use secure deletion methods that make information unrecoverable using standard forensic techniques.
**Anonymization**: When appropriate, we may anonymize information by removing or modifying identifying elements so that individuals cannot be reasonably identified.
**Backup Systems**: Information may persist in backup systems for additional periods necessary to maintain system integrity and disaster recovery capabilities.
—
## 9. Your Rights and Choices
We respect your privacy rights and provide you with meaningful choices about how your personal information is collected, used, and shared. Your specific rights may vary depending on your location and applicable laws.
### 9.1 Access Rights
**Right to Access**: You have the right to request access to the personal information we hold about you. We will provide you with a copy of your personal information and details about how it is being processed.
**Right to Information**: You have the right to receive clear information about our data processing activities, including the purposes of processing, categories of data, and recipients of your information.
### 9.2 Correction and Update Rights
**Right to Rectification**: You have the right to request correction of inaccurate or incomplete personal information. We will make reasonable efforts to correct any errors promptly.
**Account Management**: You can update much of your personal information directly through your account settings in our platform.
### 9.3 Deletion Rights
**Right to Erasure**: In certain circumstances, you have the right to request deletion of your personal information, including when:
– The information is no longer necessary for the original purposes
– You withdraw consent and there is no other legal basis for processing
– The information has been unlawfully processed
– Deletion is required for compliance with legal obligations
**Account Deletion**: You can request deletion of your account and associated personal information, subject to our legitimate business needs and legal obligations.
### 9.4 Processing Limitation Rights
**Right to Restrict Processing**: You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of information or object to processing.
**Objection Rights**: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
### 9.5 Data Portability
**Right to Data Portability**: Where technically feasible, you have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another service provider.
**Export Functionality**: Our platform includes export functionality that allows you to download your data in standard formats.
### 9.6 Consent Management
**Withdrawal of Consent**: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.
**Granular Controls**: We provide granular controls that allow you to manage different types of consent and processing activities.
### 9.7 Marketing Communications
**Opt-Out Rights**: You can opt out of marketing communications at any time using the unsubscribe links in our emails or by contacting us directly.
**Preference Management**: We provide preference management tools that allow you to control the types and frequency of communications you receive.
### 9.8 Exercising Your Rights
To exercise any of these rights, you can:
– Use the privacy controls in your account settings
– Contact us using the information provided in the Contact section
– Submit a request through our privacy request portal
We will respond to your requests within the timeframes required by applicable law, typically within 30 days. We may need to verify your identity before processing certain requests to protect your privacy and security.
### 9.9 Complaints and Appeals
If you are not satisfied with how we handle your privacy rights or have concerns about our data processing activities, you have the right to:
– Contact us directly to resolve the issue
– File a complaint with the relevant supervisory authority in your jurisdiction
– Seek legal remedies where appropriate
—
## 10. Cross-Border Data Transfers
As a Platform-with-a-Service provider operating in multiple jurisdictions, we may transfer your personal information across international borders to provide our services effectively. We ensure that all such transfers are conducted with appropriate safeguards and in compliance with applicable data protection laws.
### 10.1 Transfer Mechanisms and Safeguards
**Adequacy Decisions**: Where possible, we transfer personal information to countries that have been deemed to provide an adequate level of data protection by relevant authorities.
**Standard Contractual Clauses**: For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by relevant authorities to ensure appropriate safeguards for your personal information.
**Binding Corporate Rules**: We may implement Binding Corporate Rules to govern transfers within our corporate group while maintaining consistent privacy protections.
**Certification and Codes of Conduct**: We may rely on approved certification mechanisms and codes of conduct that demonstrate appropriate safeguards for international transfers.
### 10.2 Specific Transfer Scenarios
**Platform Infrastructure**: Our platform infrastructure may be distributed across multiple geographic regions to ensure optimal performance, reliability, and data residency compliance. We ensure that all infrastructure providers maintain appropriate security and privacy protections.
**Service Providers**: We may engage service providers located in different countries to support our operations. All such providers are contractually required to maintain appropriate safeguards for personal information.
**Consulting Services**: Our consulting services may involve collaboration across multiple jurisdictions. We ensure that all cross-border activities comply with applicable data protection requirements.
**Business Operations**: We may transfer information for legitimate business purposes, including customer support, technical operations, and business development activities, always with appropriate safeguards.
### 10.3 Data Residency Options
**Regional Data Processing**: Where required by law or customer preference, we offer options for processing and storing data within specific geographic regions.
**Local Data Centers**: We utilize data centers in multiple regions to support data residency requirements and optimize service performance.
**Compliance Flexibility**: Our platform architecture supports various data residency and sovereignty requirements to meet diverse regulatory and business needs.
### 10.4 Your Rights Regarding Transfers
You have the right to:
– Receive information about the countries to which your data may be transferred
– Request copies of the safeguards we use for international transfers
– Object to transfers in certain circumstances
– Request that transfers be limited to specific jurisdictions where technically feasible
—
## 11. Platform-with-a-Service Specific Provisions
Our Platform-with-a-Service model involves unique data processing arrangements that require specific privacy considerations. This section explains how we handle data in our role as both a platform provider and service provider.
### 11.1 Data Controller and Processor Relationships
**Value10x as Data Controller**: We act as a data controller for information we collect directly from you, including account information, platform usage data, and information collected through our website and marketing activities.
**Value10x as Data Processor**: When you use our platform to process information about your customers or end users, we typically act as a data processor, processing that information according to your instructions and our Data Processing Agreement.
**Joint Controller Arrangements**: In some consulting engagements, we may act as joint controllers with our clients for certain processing activities. We establish clear agreements defining each party’s responsibilities in such arrangements.
### 11.2 Customer Data Processing
**Processing Instructions**: When processing customer data on your behalf, we follow your documented instructions and the terms of our Data Processing Agreement.
**Purpose Limitation**: We process customer data only for the purposes specified in our agreement and do not use such data for our own business purposes unless explicitly authorized.
**Sub-Processor Management**: We maintain a list of approved sub-processors and provide you with notice of any changes to our sub-processor arrangements.
**Data Security**: We implement appropriate technical and organizational measures to protect customer data, including encryption, access controls, and security monitoring.
### 11.3 Platform Integration and API Data
**Integration Data**: When you connect third-party services to our platform, we process integration data according to your configuration and the permissions you grant.
**API Data Processing**: Data processed through our APIs is handled according to the specific terms of our API agreements and your processing instructions.
**Data Synchronization**: We may synchronize data across integrated systems to provide seamless functionality while maintaining appropriate security and privacy protections.
### 11.4 AI and Automation Processing
**AI-Powered Features**: Our platform includes AI and automation capabilities that process your data to provide intelligent insights and automated workflows. This processing is designed to enhance your business operations while maintaining privacy protections.
**Machine Learning**: We may use aggregated and anonymized data to improve our AI algorithms, but we do not use your specific business data to train models that benefit other customers.
**Automated Decision-Making**: Where our platform makes automated decisions that significantly affect individuals, we provide appropriate transparency and control mechanisms.
### 11.5 Multi-Tenant Architecture
**Data Isolation**: Our platform uses multi-tenant architecture with strict data isolation to ensure that your data is not accessible to other customers.
**Shared Infrastructure**: While infrastructure may be shared, logical separation ensures that your data remains private and secure.
**Tenant-Specific Controls**: We provide tenant-specific privacy and security controls that allow you to configure data processing according to your requirements.
### 11.6 Platform Analytics and Optimization
**Usage Analytics**: We collect and analyze platform usage data to optimize performance, identify issues, and improve functionality. This analysis uses aggregated and anonymized data that cannot identify specific individuals.
**Performance Monitoring**: We monitor platform performance and system health using technical data that helps us maintain service quality and reliability.
**Feature Development**: We may use aggregated usage patterns to guide feature development and platform improvements, always protecting individual privacy.
—
## 12. Consulting Services Privacy
Our consulting services involve unique privacy considerations due to the confidential and strategic nature of the information we process. This section outlines our specific privacy practices for consulting engagements.
### 12.1 Confidential Information Handling
**Professional Confidentiality**: We maintain strict professional confidentiality standards for all information shared during consulting engagements, treating such information as confidential regardless of whether it constitutes personal data.
**Non-Disclosure Obligations**: All consulting team members are bound by comprehensive non-disclosure agreements that protect the confidentiality of client information.
**Information Classification**: We classify consulting information according to sensitivity levels and apply appropriate handling procedures for each classification.
### 12.2 Business Intelligence and Analysis
**Strategic Analysis**: Our consulting services may involve analysis of business data, market information, and operational metrics to develop transformation strategies and recommendations.
**Benchmarking**: We may use anonymized and aggregated client data to develop industry benchmarks and best practices, always ensuring that individual clients cannot be identified.
**Case Studies**: We may develop case studies based on consulting engagements, but only with explicit client consent and after removing all identifying information.
### 12.3 Consulting Team Access
**Need-to-Know Basis**: Access to consulting information is limited to team members who need the information to deliver the specific services outlined in our engagement agreement.
**Role-Based Access**: We implement role-based access controls that ensure consultants can access only the information necessary for their specific responsibilities.
**Access Logging**: We maintain detailed logs of who accesses consulting information and when, enabling us to monitor and audit information access.
### 12.4 Client Collaboration and Communication
**Secure Communication**: We use secure communication channels for sharing sensitive consulting information, including encrypted email, secure file sharing platforms, and protected collaboration tools.
**Document Management**: We maintain secure document management systems that protect consulting deliverables and work products throughout the engagement lifecycle.
**Information Retention**: We retain consulting information according to professional standards and contractual obligations, typically for periods that support ongoing client relationships and professional liability requirements.
### 12.5 Third-Party Involvement
**Sub-Consultant Management**: When we engage sub-consultants or specialists, we ensure they are bound by the same confidentiality and privacy obligations that apply to our internal team.
**Client Authorization**: We obtain explicit client authorization before sharing any consulting information with third parties, including sub-consultants, technology providers, or other service providers.
**Vendor Due Diligence**: We conduct thorough due diligence on any third parties who may have access to consulting information, ensuring they maintain appropriate privacy and security standards.
—
## 13. Third-Party Services and Integrations
Our Platform-with-a-Service offerings include integrations with various third-party services to provide comprehensive business solutions. This section explains how we handle privacy in relation to these third-party relationships.
### 13.1 Integration Partners
**Authorized Integrations**: We offer integrations with carefully selected third-party services that enhance our platform capabilities. These integrations are designed to provide seamless functionality while maintaining appropriate privacy protections.
**Due Diligence**: We conduct privacy and security due diligence on all integration partners to ensure they maintain standards consistent with our privacy commitments.
**Data Sharing Controls**: You have control over which integrations you enable and what data is shared with each integrated service. We provide clear information about data sharing before you authorize any integration.
### 13.2 Third-Party Privacy Policies
**Independent Policies**: Third-party services have their own privacy policies that govern their collection and use of information. We encourage you to review these policies before using any integrated services.
**No Control Over Third Parties**: We do not control the privacy practices of third-party services and are not responsible for their data handling practices.
**Updates and Changes**: Third-party services may update their privacy policies independently. We recommend regularly reviewing the privacy policies of services you use.
### 13.3 Data Processing Agreements
**Processor Agreements**: Where third-party services process personal data on our behalf, we enter into appropriate data processing agreements that ensure compliance with applicable privacy laws.
**Controller-to-Controller Transfers**: When data is shared between independent controllers, we ensure appropriate legal bases and safeguards are in place.
**Cross-Border Considerations**: We ensure that any cross-border data sharing with third parties includes appropriate transfer mechanisms and safeguards.
### 13.4 Analytics and Marketing Services
**Website Analytics**: We use third-party analytics services to understand website usage and improve user experience. These services may collect information according to their own privacy policies.
**Marketing Platforms**: We may use third-party marketing platforms to deliver communications and measure campaign effectiveness. These platforms process information according to their privacy policies and our instructions.
**Customer Experience Tools**: We use third-party tools to analyze user behavior and improve customer experience. These tools are configured to respect user privacy preferences and comply with applicable laws.
—
## 14. Children’s Privacy
Our Platform-with-a-Service offerings and consulting services are designed for business use and are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate parental consent.
### 14.1 Age Restrictions
**Minimum Age**: Our services are intended for individuals who are at least 16 years old or the minimum age required to provide consent in their jurisdiction, whichever is higher.
**Business Context**: Our services are designed for business and professional use, and we expect that users will be adults acting in a business capacity.
### 14.2 Inadvertent Collection
**Detection and Deletion**: If we become aware that we have inadvertently collected personal information from a child under the applicable minimum age, we will take steps to delete that information promptly.
**Parental Rights**: Parents or guardians who believe we may have collected information from their child can contact us to request deletion of that information.
### 14.3 Educational and Training Programs
**Supervised Access**: In cases where our services are used in educational or training contexts that may involve minors, we require appropriate supervision and consent from parents, guardians, or educational institutions.
**Limited Processing**: Any processing of information related to minors in educational contexts is limited to the specific educational purposes and is conducted with appropriate safeguards.
—
## 15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. We are committed to providing you with clear notice of any material changes and ensuring that you understand how such changes may affect your privacy rights.
### 15.1 Types of Changes
**Service Updates**: We may update this policy to reflect new features, services, or functionality that we offer.
**Legal Requirements**: We may update this policy to comply with new or changed legal requirements, regulatory guidance, or court decisions.
**Best Practices**: We may update this policy to incorporate evolving privacy best practices and industry standards.
### 15.2 Notice of Changes
**Advance Notice**: We will provide advance notice of material changes to this Privacy Policy, typically at least 30 days before the changes take effect.
**Communication Methods**: We will notify you of changes through email, platform notifications, website notices, or other appropriate communication methods.
**Opportunity to Review**: We will provide you with a reasonable opportunity to review changes and understand how they may affect your privacy rights.
### 15.3 Consent to Changes
**Continued Use**: Your continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.
**Opt-Out Rights**: If you do not agree with material changes, you may discontinue use of our services or exercise your rights to delete your account and personal information.
**Granular Consent**: For certain types of changes, we may seek your explicit consent before implementing new processing activities.
### 15.4 Version Control
**Effective Dates**: Each version of this Privacy Policy includes an effective date that indicates when the changes take effect.
**Historical Versions**: We maintain records of previous versions of this Privacy Policy for reference and compliance purposes.
**Change Summaries**: We may provide summaries of material changes to help you understand what has been updated.
—
## 16. Contact Information
We are committed to addressing your privacy questions, concerns, and requests promptly and effectively. You can contact us using any of the following methods:
### 16.1 Privacy Contact Information
**Email**: privacy@value10x.com
**Phone**: [Phone Number]
**Address**: [Physical Address]
**Privacy Officer**: Our designated Privacy Officer is responsible for overseeing our privacy program and can assist with privacy-related inquiries and requests.
### 16.2 Data Protection Representatives
**South Africa**: For matters related to POPIA compliance and South African data protection law, you can contact our South African representative at [contact information].
**United Kingdom**: For matters related to UK GDPR compliance and UK data protection law, you can contact our UK representative at [contact information].
### 16.3 Response Timeframes
**General Inquiries**: We typically respond to general privacy inquiries within 5 business days.
**Rights Requests**: We respond to requests to exercise privacy rights within the timeframes required by applicable law, typically within 30 days.
**Urgent Matters**: For urgent privacy or security matters, please contact us immediately using the phone number provided above.
### 16.4 Information to Include
When contacting us about privacy matters, please include:
– Your name and contact information
– A clear description of your inquiry or request
– Any relevant account information (without including sensitive details like passwords)
– The specific privacy right you wish to exercise, if applicable
—
## 17. Jurisdiction-Specific Rights
This section provides additional information about privacy rights that may apply to you based on your location and the applicable privacy laws in your jurisdiction.
### 17.1 South Africa (POPIA Rights)
Under the Protection of Personal Information Act (POPIA), you have the following rights:
**Right to Access**: You can request access to your personal information and details about how it is being processed.
**Right to Correction**: You can request correction of inaccurate or incomplete personal information.
**Right to Deletion**: You can request deletion of your personal information in certain circumstances.
**Right to Object**: You can object to the processing of your personal information for direct marketing purposes or other legitimate interests.
**Right to Restrict Processing**: You can request restriction of processing in certain circumstances.
**Complaint Rights**: You can file a complaint with the Information Regulator of South Africa if you believe your privacy rights have been violated.
### 17.2 United Kingdom (UK GDPR Rights)
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:
**Right to be Informed**: You have the right to clear information about our data processing activities.
**Right of Access**: You can request access to your personal data and information about how it is processed.
**Right to Rectification**: You can request correction of inaccurate or incomplete personal data.
**Right to Erasure**: You can request deletion of your personal data in certain circumstances.
**Right to Restrict Processing**: You can request restriction of processing in certain circumstances.
**Right to Data Portability**: You can request your personal data in a portable format.
**Right to Object**: You can object to processing based on legitimate interests or for direct marketing.
**Rights Related to Automated Decision-Making**: You have rights related to automated decision-making and profiling.
**Complaint Rights**: You can file a complaint with the Information Commissioner’s Office (ICO) if you believe your privacy rights have been violated.
### 17.3 European Union (GDPR Rights)
If you are located in the European Union, you have the same rights as described above for UK GDPR, and you can file complaints with the supervisory authority in your EU member state.
### 17.4 Other Jurisdictions
**California (CCPA/CPRA)**: If you are a California resident, you may have additional rights under the California Consumer Privacy Act and California Privacy Rights Act.
**Other US States**: Various US states have enacted or are considering privacy laws that may provide additional rights.
**International**: We monitor privacy law developments globally and update our practices to comply with applicable requirements in jurisdictions where we operate.
—
## Conclusion
This Privacy Policy represents our commitment to protecting your privacy and ensuring transparent data practices in all aspects of our Platform-with-a-Service offerings and consulting services. We believe that strong privacy protections are essential for building the trust relationships that enable exponential business growth.
We encourage you to review this policy regularly and contact us with any questions or concerns about our privacy practices. Your privacy is important to us, and we are committed to continuously improving our privacy program to meet your expectations and comply with applicable laws.
**Last Updated**: [Date]
**Next Review Date**: [Date]
—
*This Privacy Policy is designed to comply with applicable privacy laws including POPIA, UK GDPR, and other relevant regulations. However, this policy should be reviewed by qualified legal counsel to ensure compliance with specific legal requirements and business circumstances.*