Privacy Policy for Dynamics 360°

Last Updated: 10 November 2025

This Privacy Policy describes how DYNAMICS 360° ("the Application," "we," "us," or "our") collects, uses, discloses, and protects your Personal Information. This policy applies to all users (clients, employees, managers, and free users) of our web application.

We are committed to protecting your privacy and ensuring your Personal Information is handled lawfully and securely, in compliance with the South African Protection of Personal Information Act (POPIA) and the EU General Data Protection Regulation (GDPR).

1. Information about the Responsible Party (POPIA) / Data Controller (GDPR)

  • Responsible Party/Data Controller: DYNAMICS 360°
  • Contact Person: Robbert Shemmans
  • Email: info@dynamicsthreesixty.co.za
  • Physical Address: 32 Maxwell St, Vereeniging, Gauteng, South Africa, 1939

2. Information We Collect and Why (Purpose of Processing)

Category Examples Lawful Basis Purpose
Identity/Contact Data Name, Surname, Email, Phone, Company Name. Contract; Legitimate Interest. Account creation, booking requests, core communication.
Profile/Usage Data User Role, Company Code, Login history, IP address. Legitimate Interest; Contract. Authentication, security, service performance analysis.
Assessment Data Archetype scores (Red, Blue, Green, Yellow data points), derived profile. Consent (Explicit for sensitive); Contract. Generate user profile and provide the core assessment service.
Booking Data Preferred session date/time, Notes. Contract. Schedule and manage consultation requests.

3. Your Data Protection Rights

Under POPIA and GDPR, you have extensive rights regarding your Personal Information:

A. South African POPIA Rights

  • Right to Access: To ask what Personal Information we hold about you (Section 23).
  • Right to Correction/Deletion: To request the correction, destruction, or deletion of Personal Information that is inaccurate, irrelevant, excessive, or unlawfully obtained (Section 24).
  • Right to Object: To object, on reasonable grounds, to the processing of your Personal Information (Section 11(3)).
  • Right to Lodge a Complaint: To submit a complaint to the Information Regulator.

B. EU GDPR Rights (Where Applicable)

  • Right of Access (Article 15): To confirm whether your data is being processed and to receive a copy of that data.
  • Right to Rectification (Article 16): To have inaccurate Personal Data corrected.
  • Right to Erasure ('Right to be Forgotten') (Article 17): To request the deletion of your data where there is no compelling reason for its continued processing.
  • Right to Restriction of Processing (Article 18): To limit the way we use your data.
  • Right to Data Portability (Article 20): To receive your Personal Data in a structured, commonly used, and machine-readable format.
  • Right to Object (Article 21): To object to processing based on legitimate interest or for direct marketing purposes.

To exercise any of these rights, please contact the Information Officer via the email provided in Section 1.

4. Disclosure and Cross-Border Transfer

A. Sharing of Information

We will not sell your Personal Information. We may disclose your information only to the following third parties:

  • Internal Access: Shared with the Company Admin or Manager responsible for your organization's subscription solely for the purpose of team development and reporting, as part of the core service.
  • Service Providers (Operators): Cloud hosting providers and email service providers who process data on our behalf. These Operators are obligated to protect your data under contract.
  • Legal Compliance: When required by law, such as a court order or regulatory requirement.

B. Cross-Border Transfers (POPIA & GDPR)

Your data is primarily processed and stored within South Africa. If we transfer your Personal Information outside of South Africa, we ensure that:

  • The recipient country provides an adequate level of protection.
  • We have implemented binding contractual agreements (like Standard Contractual Clauses) to ensure the recipient adheres to POPIA and GDPR standards of protection.
  • The transfer is necessary for the performance of a contract (your use of the application) or with your explicit consent.

5. Security and Retention

A. Data Security

We implement appropriate technical and organizational measures to secure your Personal Information, including:

  • Encryption: Using SSL/TLS encryption for data transmission.
  • Hashing: Storing passwords using strong hashing algorithms.
  • Access Control: Implementing role-based access to limit data visibility.

B. Data Retention

We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

  • Account Data: Retained for the duration of your active subscription and a reasonable period thereafter.
  • Booking Data: Retained for 2 years to track communications and service history.

6. Children's Privacy

The application is not intended for use by children under the age of 16. We do not knowingly collect personal data from children without parental or guardian consent. If we learn that we have processed the Personal Information of a child without proper consent, we will take steps to delete the information as soon as possible.