1. Who we are

When we refer to “The Atriam” or “we” or “us” in this privacy policy we mean The Atriam (Pty) Ltd.

 and/or any of its subsidiaries and/or any other legal entity, joint venture

and/or partnership, wherever situated or operating (and irrespective of structure and/or legal

nature/regime) that is associated with The Atriam and which renders services or otherwise conducts

business under a name which includes The Atriam or any variation thereof (including

their subsidiaries, parties that are related or inter-related to them and/or their affiliated companies, to the

extent applicable) and/or any trust founded by any member of The Atriam for its own operations

and/or any entities that are related and/or inter-related to those trusts, as the case may be, and all such

entities’ successors-in-title and/or consultancy, (wherever any such members may be located, including in

countries which may not have data-protection laws similar to those of the country in which your personal

information was collected) for as long as they remain associated with The Atriam.

2. Application of this privacy policy

2.1. This privacy policy applies to the personal information The Atriam collects in connection

with:

2.1.1. our website, https://www.The Atriam.com/;

2.1.2. our social media properties;

2.1.3. our events, marketing and business development activities;

2.1.4. our business communications and other online and offline business interactions;

2.1.5. our AI technologies and professional services;

2.1.6. our CCTV cameras at our offices;

2.1.7. our subscription to any member of The Atriam’s services, publications or

marketing database;

2.1.8. third party service providers, including analytics, advertising networks; search

information, technical, payment and delivery services providers; Unlabeled graphicUnlabeled graphic2

Version | ExternalPrivacyPolicy-202106-007

2.1.9. publicly available sources;

2.1.10. request/s for tenders, quotations, proposals and the like made by or to us;

2.1.11. the supply of products and services to us.

2.2. This privacy policy does not apply to the personal information that we collect about employees

and other personnel, contractors, or applicants and candidates.

3. Purpose of this policy

3.1. The Atriam respects your privacy and is committed to protecting your personal

information (as defined in applicable data protection legislation).

3.2. This is our main general privacy policy which applies across our business, although we may

publish additional privacy policies or country-specific schedules that apply to our operations in

specific countries in order to help ensure our compliance with local data protection requirements.

3.3. You warrant that you are lawfully entitled to provide personal information of any third party

whose personal information you provide to any member of The Atriam.

3.4. You indemnify The Atriam against any loss, liability, damage or expense

(including interest and penalties) suffered or incurred by any member of The Atriam

due to your provision of personal information of third parties to us in an unlawful

manner.

4. Privacy and security

4.1. The relevant members of The Atriam have implemented reasonable technical and

organisational measures to keep personal information secure and in compliance with applicable

data protection laws.

4.2. You indemnify and hold The Atriam harmless from any loss, damages or injury

that you may incur as a result of:

4.2.1. any security compromise of personal information to unauthorised persons; or

4.2.2. your acts or omissions during the provision of personal information to any

member of The Atriam.

5. Personal information which The Atriam may collect

5.1. The Atriam may collect the following personal information:

5.1.1. name, address (including proof of address), other contact details (e.g. email and

telephone numbers), gender, marital status, date and place of birth, nationality,

employer, job title, financial records and employment history, and family details,

including their relationship to you;

5.1.2. identification numbers issued by government bodies or agencies, such as your

identity number, passport number, tax identification number and driving licence

number and company registration number;

5.1.3. demographic information such as your address, preferences and interests;

5.1.4. information relevant to the provision of our products and services;

5.1.5. information relevant to the procurement of products and services from suppliers;

5.1.6. bank account or payment card details, income or other financial information;

5.1.7. information that you provide to us as part of us providing products and services to

you, which depends on the nature of your instructions to any employee or member

of The Atriam;

5.1.8. special or sensitive personal information as defined in applicable data protection

legislation, including information about your health, racial or ethnic origin, political

opinions, religious or philosophical beliefs and trade union membership; your genetic

and biometric information;; 4

Version | ExternalPrivacyPolicy-202106-007

5.1.9. relevant information as required by applicable laws, including anti-money laundering

legislation and as part of our client onboarding procedures, including evidence of

source of funds;

5.1.10. information you provide to us for the purposes of attending meetings and events,

including dietary requirements which may reveal information about your health or

religious beliefs;

5.1.11. still and video images captured by CCTV at our offices. We use CCTV to help provide

a safe and secure environment and you may be recorded when you visit our offices.

5.1.12. identity data, contact data and special personal information from publicly available

sources or third parties, service providers and the like who conduct screening on any

member of The Atriam’s clients or vendors for anti-money laundering

purposes, or third parties with whom any member of The Atriam hosts

events.

6. Quality of information

In certain jurisdictions, The Atriam is obliged to keep personal information accurate and up to

date. Please help us to do this by advising us of any changes to your personal information.

7. Purpose of processing of personal information

7.1. The Atriam may process the personal information it collects for a number of lawful

purposes including:

7.1.1. to register you as a client of The Atriam;

7.1.2. to conduct sanctions screening against any list that The Atriam may elect in its

sole discretion;

7.1.3. to comply with requirements under applicable laws;

7.1.4. to carry out AI, IT, consulting and technologies solutions or other services;

7.1.5. to carry out requests and instructions provided to any employee or member of The Atriam

Group for AI technologies or other services;

7.1.6. to provide you with any other services, products or offerings that you may have

requested or otherwise consented to, or which may be ancillary thereto, or

associated therewith, and to notify you about changes to such services, products or

offerings;

7.1.7. to manage marketing preferences;

7.1.8. to manage The Atriam’s relationship with you which may include :

7.1.8.1. notifying you about changes to any member of The Atriam’s

terms and conditions (including to this policy);

7.1.8.2. asking you to leave a review or take a survey;

7.1.8.3. assessing and dealing with complaints and requests;

7.1.8.4. managing payments, fees, charges and accounts (including collecting

and recovering money owed to The Atriam);

7.1.9. to keep any work product or other documentation (including but not limited to

Advices, technologies, services, solutions, agreements and other documents drafted, prepared or designed by The Atriam (or any of its services providers, sub-contractors, agents etc.

Group and/or other professional firm/s and/or other documents received and/or

prepared in connection with any particular matter/s) as part of The Atriam’s

internal know-how;

7.1.10. to verify your identity or the identity of your beneficial owners;

7.1.11. to comply with lawful requests for information received from local or foreign law

enforcement, government and tax collection agencies;

7.1.12. to comply with measures designed to protect or advance persons, or categories of

persons, disadvantaged by unfair discrimination;

7.1.13. to monitor, keep record of and have access to all forms of correspondence or

communications received by or sent from any member of The Atriam or

any of its employees, agents or contractors, including monitoring, recording and

using as evidence, where applicable, all telephone and online communication

software communications between us and you;

7.1.14. to detect and prevent fraud and money laundering and/or in the interest of security

and crime prevention; and protect The Atriam’s business and website (including

troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);

7.1.16. for operational, marketing, auditing, legal and record keeping requirements;

7.1.17. to conduct market research and provide you with information about The Atriam’s products or services from time to time via email, telephone or other means;

7.1.18. to deliver relevant website content and newsletters and other information to you

(which may include direct marketing material);

7.1.19. to use data analytics to improve The Atriam’s website, products/services, newsletters, customer relationships and experiences;

7.1.20. to make suggestions and recommendations to you about goods or services that may

be of interest to you;

7.1.21. to disclose personal information to third parties for reasons set out in this policy or

where it is not unlawful to do so;

7.1.22. to improve or evaluate the effectiveness of any member of The Atriam’s business or products, services or offerings;

7.1.23. for submissions to awards and rankings agencies;

7.1.24. for purposes of material aimed to promote The Atriam

7.1.25. to prevent and control any disease;

7.1.26. where you have unsubscribed from certain direct marketing communications, to take

steps to implement your instruction;

7.1.27. to procure goods and services;

7.1.28. to respond to requests for quotations and tenders.

8. Direct marketing

8.1. You have the right to object to receiving direct marketing (opt out) at any time by unsubscribing

9. Disclosure of Personal Information

The Atriam may share personal information with the parties set out below for the purposes set

out in this policy:

9.1. Internal third parties

9.1.1. The members of The Atriam share personal information with other

members within The Atriam. This may involve transferring personal

information outside the country where The Atriam has collected that

personal information, to entities in countries which may not have data protection laws

which are similar to those of the country where the personal information was

collected.

9.2. External Third Parties

9.2.1. The Atriam may, as we may deem necessary for any one or more of the

purposes set out in this policy or other lawful purposes, transfer personal information

to third parties or service providers, including to service providers in countries which

may not have data protection laws which are similar to those of the country where

the personal information was collected, including to:

9.2.1.1. service providers acting as operators or processors or responsible parties or controllers who provide information technology and system administration services;

9.2.1.2. professional advisors acting as operators or processors or responsible

parties or controllers, including lawyers, bankers, auditors and insurers

who provide IT, consultancy, AI, banking, legal, insurance, accounting and

other services;

9.2.1.3. service providers and the like who conduct screening on any member of

The Atriam’s clients (or their beneficial owners) or suppliers for

anti-money laundering purposes;

9.2.1.4. regulators and other authorities if any member of The Atriam

is legally obliged to do so, or if instructed by you to do so, for purposes

of preventing, detecting and reporting fraud and criminal activities, the

identifying of the proceeds of unlawful activities and the combatting of

crime;

9.2.1.5. any person if any member of The Atriam is under a duty to

disclose or share personal information in order to comply with any

applicable laws, or to protect the rights, property or safety of any member

of The Atriam, other clients or other third parties, or the

reputation of The Atriam;

9.2.1.6. your agent or any other person acting on your behalf, or an introducer;

9.2.1.7. tracing agents, sheriffs and the like;

9.2.1.8. various awards and rankings agencies;

9.2.1.9. clients and prospective clients for purposes of rendering IT, AI cnosultnig and technologies services,

proposals, quotations, tenders and the like; and

9.2.1.10. a third party/parties whom The Atriam may choose to sell,

transfer or merge parts of The Atriam’s business or assets.

Alternatively, The Atriam may seek to acquire other

businesses or merge with them. If a change happens to The Atriam

Group’s business, then the new owners may use personal information in

the same way as set out in this policy.

10. Transborder transfers

10.1. The Atriam operates globally and we provide crossjurisdictional AI, IT, consulting, technologies solutions and related services to our clients.

10.2. The multi-national nature of our business means that your personal information may be

transferred across national boundaries, including, potentially, to countries that do not have similar

data protection laws to those where the personal information was collected.

10.3. If we transfer your personal information across national boundaries, we will make those transfers

in compliance with applicable data protection laws.

11. Access to, correction and deletion of personal information

11.1. Under certain circumstances, you may have some or all of the rights set out below under the data

protection laws that may be applicable in relation to your personal information which

The Atriam holds.

11.1.1. Request access to personal information (commonly known as a “Data Subject

access request”), including the right to receive a copy of the personal information.

11.1.2. Request correction of any incomplete or inaccurate personal information.

11.1.3. Request erasure of personal information if The Atriam is not authorised to process

 the personal information.

11.1.4. Object to processing of personal information, if The Atriam is relying on its

legitimate interest (or those of a third party) to process the personal information, but

as a result of your particular situation such processing impacts on your fundamental

rights and freedoms.

11.1.5. Request restriction of processing of personal information whilst a complaint is

being investigated.

11.1.6. Withdraw consent at any time if The Atriam is relying on consent to process

personal information. If you withdraw your consent, The Atriam may not be able to

provide certain products or services to you. This will be considered on a case-bycase basis.

12. Electronic and website links

12.1. The Atriam’s website, newsletters and/or events marketing pages may include links to

third party websites, plug-ins and applications. Clicking on those links or enabling those

connections may allow third parties to collect or share your personal information.

12.2. The Atriam does not control these third party websites and is not responsible for their

privacy policies. When you leave The Atriam’s website, we encourage you to read all

applicable privacy policies.

13. Complaints

13.1. If you are not satisfied with The Atriam’s use of your personal information or our

response to any request by you to exercise your rights, or if you think that we have breached any

relevant data protection laws, you are encouraged to send an email to info@The Atriam.com.

14. Latest Version

14.1. The Atriam keeps this policy under regular review, and may amend this policy from time to time.

14.2. Any such amendment will come into effect when published on the The Atriam’s website and become part of any agreement that you have with any member of The Atriam.

14.3. You must ensure that you obtain the latest version of this policy before any action is taken based

hereon. It is your responsibility to check the The Atriam website often.

COUNTRY-SPECIFIC SCHEDULES South Africa

1. Responsible party

1.1. If the South African Protection of Personal Information Act, 2013 (“POPIA”) applies to the processing of your personal information, then this privacy policy schedule applies in addition to

The Atriam Privacy Policy available above.

1.2. (“The Atriam” or “we” or “us”) is an AI Technologies services and solutions firm based in the Republic of South Africa

 and is the responsible party in respect of personal information that we process in terms of POPIA.

2. Personal information

2.1. Any reference to personal information in our Policy and this South African specific schedule

shall include personal information relating to identifiable, living natural persons and identifiable,

existing, juristic persons.

3. Complaints

3.1. The Information Regulator is the competent authority to deal with complaints and claims in

relation to non-compliance with the personal information protection requirements under POPIA.

The Information Regulator’s contact details are available at

4. Contact us

4.1. If you have any questions, please send an email to info@The Atriam.com.