1. Introduction
Welcome to Konsensus ("we", "us", "our"). We are committed to protecting your privacy and ensuring the security of your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection legislation.
This Privacy Statement explains how we collect, use, store, share, and protect your personal information when you use the Konsensus platform—our technology-powered collective decision-making solution for voluntary associations.
Company Details
- Legal Name: NeM Systems (Pty) Ltd
- Registration Number: 2024 / 446663 / 07
- Physical Address: 53 Blue Valley Avenue, Hout Bay, 7806, South Africa
- Email: dpo@konsensus.tech
- Information Officer: Deon Botha
2. Definitions
For purposes of this Privacy Statement:
- "Personal Information"
- means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person.
- "Processing"
- means any operation or activity concerning personal information, including collection, storage, use, modification, dissemination, or deletion.
- "Platform"
- means the Konsensus technology solution accessible via web and mobile applications.
- "User"
- means any individual who accesses or uses the Platform.
- "Association"
- means the voluntary association (sectional title scheme, school, sports club, community organization, etc.) that subscribes to our services.
3. Information We Collect
3.1 Information You Provide Directly
When you register and use Konsensus, we collect:
- Account Information: Name, surname, email address, phone number, username, password
- Profile Information: Role within your association, preferences, profile picture (optional)
- Association Information: Name and details of the association you represent or belong to
- Content Data: Discussion posts, comments, poll responses, voting records, opinions, suggestions, and other contributions
- Communication Data: Messages sent through the Platform, feedback, and support inquiries
3.2 Information Collected Automatically
When you use the Platform, we automatically collect:
- Usage Data: Features accessed, pages viewed, time spent on Platform, interaction patterns
- Device Information: Device type, operating system, browser type, IP address, unique device identifiers
- Log Data: Access times, error logs, system activity
- Analytics Data: Aggregated usage statistics and engagement metrics
3.3 Information from Third Parties
We may receive information from:
- Association Administrators: Member lists, roles, and contact information
- Authentication Services: If you use third-party login services (e.g., Google, Microsoft)
- Payment Processors: Transaction records for subscription payments
4. How We Use Your Information
We process your personal information for the following lawful purposes:
4.1 Service Delivery (Contract Performance)
- Providing access to the Konsensus Platform
- Facilitating discussions, voting, and consensus-building activities
- Enabling AI-powered features including sentiment analysis, bias detection, topic structuring, and compromise identification
- Managing your account and authentication
- Providing customer support and responding to inquiries
4.2 Platform Improvement (Legitimate Interest)
- Analysing usage patterns to improve features and user experience
- Developing new functionalities and services
- Conducting research and analytics on collective decision-making processes
- Testing and optimising AI algorithms for discussion facilitation
4.3 Communication (Legitimate Interest / Consent)
- Sending service-related notifications and updates
- Providing information about discussions requiring your input
- Sharing Platform updates and new features
- Marketing communications (only with your explicit consent, which you may withdraw at any time)
4.4 Legal Compliance and Security (Legal Obligation / Legitimate Interest)
- Complying with POPIA and other applicable laws
- Preventing fraud, abuse, and security incidents
- Maintaining records for dispute resolution
- Enforcing our Terms of Service
4.5 Association Governance (Legitimate Interest)
- Maintaining institutional memory and searchable archives
- Creating audit trails for decision-making processes
- Ensuring regulatory compliance for associations
- Facilitating knowledge transfer and succession planning
5. Legal Basis for Processing
We process your personal information based on one or more of the following lawful grounds under POPIA:
1. Consent
You have given explicit permission
2. Contract
Processing is necessary to perform our contract with you or your association
3. Legal Obligation
We must process your information to comply with the law
4. Legitimate Interest
Processing is necessary for our legitimate interests or those of your association, provided this does not override your rights
6. How We Share Your Information
6.1 Within Your Association
Your contributions, voting records, and participation data are visible to other members of your association according to the visibility settings configured by your association's administrators. Some features allow anonymous participation to protect sensitive feedback.
6.2 Service Providers
We share information with trusted third-party service providers who assist us in: cloud hosting, payment processing, email services, analytics, AI/ML services, and customer support. All service providers are contractually bound to protect your information and use it only for specified purposes.
6.3 Legal Requirements
We may disclose your information when required by law, court order, or regulatory authority, or to:
- Protect our legal rights
- Prevent fraud or illegal activities
- Protect the safety of users or the public
- Respond to lawful requests from authorities
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
6.5 Aggregated and Anonymised Data
We may share aggregated, anonymised data that cannot identify you personally for research, marketing, or analytics purposes.
7. Data Retention
We retain your personal information for as long as:
- Your account remains active
- Required to provide services to your association
- Necessary for legal, regulatory, or contractual obligations
- Required for legitimate business purposes (e.g., institutional memory, dispute resolution)
Specific Retention Periods:
You may request deletion of your personal information, subject to our legal and contractual obligations. Some data may need to be retained for historical record-keeping required by your association's governance framework.
8. Data Security
We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction, including:
Encryption
Data encrypted in transit (TLS/SSL) and at rest
Access Controls
Role-based access restrictions and authentication protocols
Security Monitoring
Continuous monitoring for suspicious activity
Regular Audits
Periodic security assessments and penetration testing
Staff Training
Regular privacy and security training for personnel
Backup Systems
Secure, encrypted backups with disaster recovery procedures
⚠ While we take reasonable measures to protect your information, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.
9. International Data Transfers
Your information may be processed and stored in countries outside South Africa, including jurisdictions that may not provide the same level of data protection. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by data protection authorities
- Adequacy decisions recognising equivalent protection
- Binding corporate rules for intra-group transfers
By using our Platform, you consent to international transfers as described in this Privacy Statement.
10. Your Rights Under POPIA
You have the following rights regarding your personal information:
10.1 Right of Access
Request confirmation of whether we hold your personal information and obtain a copy of such information.
10.2 Right to Correction
Request correction, updating, or completion of inaccurate or incomplete information.
10.3 Right to Deletion
Request deletion of your personal information, subject to legal and legitimate retention requirements.
10.4 Right to Object
Object to processing of your information for direct marketing or based on legitimate interests.
10.5 Right to Restriction
Request restriction of processing in certain circumstances.
10.6 Right to Data Portability
Receive your personal information in a structured, commonly used format and transmit it to another controller.
10.7 Right to Withdraw Consent
Withdraw consent for processing at any time (where processing is based on consent).
10.8 Right to Lodge a Complaint
Lodge a complaint with the Information Regulator if you believe your rights have been violated.
To exercise your rights, contact our Information Officer at: dpo@konsensus.tech. We will respond to your request within 30 days or as required by law.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Maintain your session and preferences
- Analyse Platform usage and performance
- Provide personalised features
- Ensure security and prevent fraud
You can manage cookie preferences through your browser settings. Disabling cookies may affect Platform functionality.
12. Children's Privacy
While Konsensus serves associations including schools, the Platform is not intended for direct use by children under 18 without parental or guardian consent. If you are under 18, please ensure your parent or guardian reviews this Privacy Statement and consents to your use of the Platform.
If we become aware that we have collected personal information from a child under 18 without proper consent, we will take steps to delete such information.
13. AI-Powered Features
Our Platform uses artificial intelligence and machine learning for:
Sentiment Analysis
Analysing tone and emotional content of discussions
Bias Detection
Identifying potentially exclusionary or biased language
Topic Structuring
Organising discussions into themes
Compromise Identification
Suggesting solutions based on stated preferences
Impact Assessment
Predictive modelling of decision impacts
These AI features process your discussion content and contributions. You can opt out of certain AI features through your account settings, though this may limit Platform functionality.
14. Third-Party Links
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
15. Changes to This Privacy Statement
We may update this Privacy Statement periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of material changes by:
- Posting the updated statement on the Platform with a new "Last Updated" date
- Sending email notification to registered users
- Displaying a prominent notice on the Platform
Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Statement.
16. Contact Information
For questions, concerns, or requests regarding this Privacy Statement or our data practices:
Information Officer
Name: Deon Botha
dpo@konsensus.tech
Information Regulator (South Africa)
If you wish to lodge a complaint:
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
inforeg@justice.gov.za
www.justice.gov.za/inforeg/
17. Consent
By creating an account and using the Konsensus Platform, you acknowledge that you have read, understood, and agree to this Privacy Statement and consent to the collection, use, and disclosure of your personal information as described herein.
For processing activities requiring explicit consent (such as marketing communications), we will obtain your separate, specific consent at the time of collection.