Privacy Policy

Effective Date: 9 July 2025 and approved by Managing Director Mr C Swanepoel

This Privacy Policyapplies to all companies within the iCobus Group (“we”, “us”, “our”), includingoperations in the European Union, United Kingdom, Ireland, South Africa, andthe United States. It sets out unified privacy rules and standards for the collection,use, disclosure, and protection of personal data across the iCobus Group,ensuring compliance with the General Data Protection Regulation (GDPR) and allother applicable data protection laws.

1. Introduction

At iCobus and the iCobus Group, we are committed to protecting the privacy and personal data of our clients, business partners, employees, contractors and allindividuals whose data we process. This policy ensures that all iCobus Group companies uphold the highest standards of data protection and comply with allrelevant legislation, including the GDPR.

2. Scope

Thispolicy applies to all companies, subsidiaries, and affiliates in the iCobus Group, covering jurisdictions such as the European Union, United Kingdom, Ireland, South Africa, United States, and any other country where the iCobus Group operates. It applies to clients, employees, contractors, and other individuals whose personal data is processed by the iCobus Group.

3. Identity and Contact Details

TheiCobus Group and its group companies act as data controllers. For privacy matters, please contact our Data Protection Officer or designated contact person at the details provided in our official communications.

4. Principles of Data Processing

All iCobus Group companies adhere to the following principles:

•               Lawfulness, fairness, and transparency in all data processing activities.

•               Collection of data only for specified, explicit, and legitimate purposes.

•               Limiting data collection to what is necessary for those purposes.

•               Ensuring data is accurate and kept up to date.

•               Retaining data only as long as necessary.

•               Processing data securely to prevent unauthorized access, loss, or  

•               damage.

•               Demonstrating accountability and compliance at all times.

5. Categories of Personal Data Collected

Depending on your relationship with us, we may collect:

•               Names, contact details, and identificationnumbers

•               Employment and business information

•               Payment and transaction data

•               Other information you provide directly

6. Purposes and Legal Bases for Processing

We process personal data for the following purposes:

•               Providing and managing our products and services

•               Fulfilling contracts and business relationships

•               Processing payments and communications

•               Meeting legal and regulatory obligations

•               Improving security and operational efficiency

The legal bases for processing include consent, contract performance, legal obligations, and legitimate interests, as required by applicable law.

7. Data Sharing and Disclosure

Personal data may be shared within the iCobus Group for internal administrative and operational purposes, with trusted service providers and business partners under strict confidentiality, and with legal or regulatory authorities where required by law. We do not sell personal data to third parties.

8. International Data Transfers

When personal data is transferred outside the EU/EEA, we ensure appropriate safeguards such as standard contractual clauses or Binding Corporate Rules arein place, in accordance with the GDPR and other applicable laws.

9. Data Security

We implement robust technical and organizational measures, including encryption, secure storage, access controls, staff training, and regular security assessments to protect personal data.

10. Data Retention

Personal data is retained only as long as necessary for the purposes for which it wascollected or as required by law. Data is securely deleted or anonymized when no longer needed.

11. Data Subject Rights

Individuals have the right to:

•               Be informed about data processing

•               Access their personal data

•               Rectify inaccurate data

•               Request erasure (“right to be forgotten”)

•               Restrict processing

•               Exercise data portability

•               Object to processing

•               Withdraw consent at any time (where applicable)

•               Lodge a complaint with a supervisory authority

We have clear procedures in place for exercising these rights.

12. Automated Decision-Making

Wedo not use personal data for automated decision-making or profiling that produces legal or similarly significant effects, unless required by law andwith appropriate safeguards.

13. Policy Updates

We may update this policy to reflect changes in law or our practices. The latest version will always be available through official iCobus Group communications, with the effective date clearly indicated.

14. Contact and Complaints

For any questions about this policy or to exercise your rights, contact our DataProtection Officer at the contact details provided. If you are not satisfied with our response, you may contact your local data protection authority.

This policy is intended to provide a unified standard for privacy and data protection across all companies in the iCobus Group, including compliance with the GDPR and other relevant legal frameworks. For specific operational details, refer to the internal data protection procedures of each iCobus Group company.

‍