Protection of Personal Information Policy

Last updated: May 16, 2025

TUBESENSE is committed to safeguarding the privacy of clients, employees, and stakeholders. We take reasonable and appropriate steps to protect personal information in compliance with applicable U.S. privacy laws and industry standards.

All persons handling data on behalf of the company are expected to adhere to this policy and support ongoing protection efforts.

1. INTRODUCTION

The right to privacy is a fundamental principle. While we operate under U.S. law, we recognize the broader importance of data protection, transparency, and responsible data practices.

In delivering AI-powered services, strategy, software, and digital content, TUBESENSE collects and processes personal information from clients, partners, vendors, contractors, and users. This information is handled with care, stored securely, and only processed for legitimate business purposes.

2. SCOPE

This policy applies to:

• All business units of TUBESENSE
• All staff, vendors, contractors, and any individuals handling personal data on behalf of the company
• All clients, subscribers, partners, and site users who share personal information with us

TUBESENSE is considered the data controller for information collected directly through its systems, forms, software, platforms, and service engagements. In select instances, we may also serve as a data processor acting on behalf of client instructions.

The principles in this policy apply regardless of the format or location of the personal information collected (online or offline, U.S. or international).

3. DEFINITIONS

The following terms are used in line with the Protection of Personal Information Act 4 of 2013 ("POPIA"):

3.1 Personal Information

Any information that can be used to identify a person, including but not limited to:

• Name, contact details, ID numbers, location data
• Email addresses, phone numbers, physical addresses
• Employment, medical, financial, or educational records
• Opinions, preferences, or confidential correspondence

3.2 Data Subject

The natural or juristic person (individual or company) to whom the personal information relates.

3.3 Responsible Party

TUBESENSE, as the entity determining the purpose and means for processing personal information.

3.4 Operator

A third party processing personal information on behalf of the Responsible Party under contract or mandate.

3.5 Information Officer

The individual appointed by TUBESENSE to ensure POPIA compliance, handle data subject requests, and communicate with the South African Information Regulator.

3.6 Processing

Any operation or activity involving personal information, including collecting, recording, organizing, storing, updating, using, distributing, or deleting such data.

3.7 Record

Any recorded information, regardless of format (physical or electronic), that includes personal information.

3.8 Filing System

A structured set of personal information accessible according to specific criteria.

3.9 Unique Identifier

A reference (such as an account or ID number) assigned to uniquely identify a data subject within our systems.

3.10 Consent

Voluntary, specific, and informed agreement by the data subject allowing TUBESENSE to process their personal information.

3.11 Direct Marketing

Any approach to a data subject (by phone, email, or otherwise) to promote or offer goods/services or solicit donations.

3.12 De-identify / Re-identify

Removing or restoring identifiable links to a data subject within processed personal information.

3.13 Biometrics

Personal identifiers based on physical or behavioral traits (e.g., fingerprinting, voice recognition, retinal scans).

4. POLICY PURPOSE

This policy exists to protect TUBESENSE from the legal, operational, and reputational risks associated with mishandling personal information. The purpose is to:

• Ensure compliance with the Protection of Personal Information Act (POPIA) in South Africa.
• Promote responsible data governance across all business units and international operations.
• Create internal processes that respect the privacy rights of data subjects, including clients, employees, and contractors.

This policy supports the following outcomes:

• Confidentiality – Preventing unauthorized disclosure of personal information.
• Choice – Allowing individuals to control how their data is collected and used.
• Reputation – Avoiding reputational damage by demonstrating data protection leadership and good governance.

TUBESENSE is committed to:

• Aligning internal processes with the requirements of POPIA;
• Appointing and empowering an Information Officer to oversee compliance;
• Providing training to employees and stakeholders on data protection practices;
• Managing risk by implementing safeguards, procedures, and regular reviews;
• Giving effect to the privacy rights of data subjects in every relevant interaction.

5. POLICY APPLICATION

This policy applies to the following:

• All divisions, business units, and operations of TUBESENSE;
• All employees, contractors, freelancers, and consultants;
• All service providers and partners who process personal information on our behalf;
• All stakeholders who submit, share, or interact with personal data through our platforms or systems.

This policy must be read in conjunction with:

• The Protection of Personal Information Act 4 of 2013 (South Africa);
• The Promotion of Access to Information Act (PAIA) where applicable;
• Other global data protection frameworks (e.g., GDPR, CCPA) when dealing with international clients or partners.

POPIA applies when:

• Personal information is processed;
• The information is recorded in any form (digital or physical);
• The Responsible Party (TUBESENSE) or the data subject is domiciled in South Africa.

POPIA does not apply when:

• The data is de-identified; or
• The information is processed in a purely personal or household context.

6. RIGHTS OF DATA SUBJECTS

TUBESENSE is committed to respecting and enforcing the rights of data subjects under the Protection of Personal Information Act (POPIA). Where applicable, we will ensure the following rights are upheld:

6.1 The Right to Access Personal Information

Data subjects have the right to know whether we hold their personal information and, if so, to request access to it. Upon request, we will provide confirmation of the information held and the purpose for which it is processed.

6.2 The Right to Have Personal Information Corrected or Deleted

Data subjects may request correction or deletion of their personal information if it is inaccurate, irrelevant, excessive, outdated, incomplete, or obtained unlawfully—or if the company is no longer authorized to retain it.

6.3 The Right to Object to Processing

A data subject has the right to object—on reasonable grounds—to the processing of their personal information. If such an objection is raised, we will evaluate it in the context of legal and contractual obligations and may cease processing if justified.

6.4 The Right to Object to Direct Marketing

Data subjects have the right to object to their personal information being used for direct marketing purposes. Once a data subject has opted out, TUBESENSE will stop sending marketing communication.

6.5 The Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with the Information Regulator of South Africa if they believe that any of their rights under POPIA have been infringed upon.

6.6 The Right to Be Informed

Data subjects have the right to be notified when:

• Their personal information is being collected;
• Their personal information has been accessed or acquired by an unauthorized person (data breach).

7. GENERAL GUIDING PRINCIPLES

All employees, contractors, and third parties acting on behalf of TUBESENSE are expected to follow these core principles when processing personal information. These principles are aligned with POPIA and support a culture of compliance and trust.

7.1 Accountability

The company accepts full responsibility for ensuring that personal information is processed in compliance with POPIA. Each individual involved in data handling is expected to adhere to this policy, and disciplinary or contractual consequences may apply for negligence or willful non-compliance.

7.2 Processing Limitation

We will only process personal information:

• In a lawful, fair, and minimal way;
• For clearly defined and legitimate purposes;
• When relevant to the stated objective of the data collection.

We will not process personal information for unrelated or secondary purposes without proper legal justification or data subject consent.

7.3 Purpose Specification

Data will be collected only for specific, explicitly defined, and lawful purposes that are clear to the data subject. Where required, consent will be obtained before or during collection.

7.4 Further Processing Limitation

Personal information will not be processed further in a manner incompatible with the original purpose of collection. If additional processing is necessary, we will ensure the new purpose is reasonably related or obtain fresh consent from the data subject.

7.5 Information Quality

We take reasonable steps to ensure personal information is complete, accurate, not misleading, and updated where necessary. Where possible, we will confirm information directly with the data subject.

7.6 Openness and Communication

TUBESENSE promotes transparency by informing data subjects when their information is collected, how it will be used, and with whom it may be shared. A publicly accessible "Contact Us" mechanism is maintained for privacy-related queries, access requests, and updates.

7.7 Security Safeguards

We implement reasonable technical and organizational security measures to protect personal information from:

• Loss or destruction;
• Unauthorized access, use, modification, or disclosure.

Security controls are reviewed regularly, and more stringent measures are applied to sensitive personal information.

7.8 Data Subject Participation

We provide mechanisms for data subjects to access, update, correct, or delete their personal information. Unsubscribe links are provided in marketing communications, and correction/update processes are available via our contact portal or support team.

8. INFORMATION OFFICERS

TUBESENSE will appoint an Information Officer, and where necessary, Deputy Information Officers, responsible for ensuring the organization's compliance with POPIA.

The responsibilities of the Information Officer include:

• Monitoring and enforcing this policy;
• Serving as the main contact for all POPIA-related inquiries;
• Overseeing employee training and awareness efforts;
• Managing data subject access and complaint processes;
• Liaising with the Information Regulator in South Africa;
• Ensuring third-party agreements involving data processing include adequate privacy clauses.

The Information Officer will be registered with the Information Regulator prior to executing any official duties under POPIA.

9. SPECIFIC DUTIES AND RESPONSIBILITIES

9.1 Governing Body

The company's leadership remains ultimately accountable for POPIA compliance. While tasks may be delegated, accountability for enforcement, risk oversight, and resourcing remains with the governing body.

The governing body ensures:

• Appointment of an Information Officer;
• Adequate supervision of all data processing activities;
• Awareness among employees of their privacy responsibilities;
• Mechanisms for handling data access and breach notifications;
• A recurring review process to assess compliance and risk exposure.

9.2 Information Officer

The Information Officer is responsible for:

• Ensuring the organization meets all legal requirements under POPIA;
• Reporting breaches to both the Regulator and affected data subjects;
• Regularly reviewing and updating privacy policies and processes;
• Approving contracts and service agreements involving data sharing;
• Ensuring internal controls for lawful data processing are functioning;

© 2025 TUBESENSE. All rights reserved.