Privacy Policy

Sand Technologies
Privacy Policy
Last updated October 2023

This policy explains

WHO WE ARE

Sand Tech Holdings Limited (“Sand”, “we”, “us”) is a company registered in Mauritius.
Business registration number: C14117099
Registered office address: Level 6, Tower A, 1 Exchange Square, Wall Street, Ebène 72201 MAURITIUS
We act as a ‘controller’ of the personal data to all information collected through our website (www.sandtech.com), “Website”, “Sand Tech”, “Sand Technologies” or collected for the Services, as identified below.

WHY WE COLLECT PERSONAL DATA

Sand Technologies is ​​a community of passionate, courageous ‘doers’ where we help the world’s top talent to fulfil their potential and get connected with customers or employers all over the world. At Sand Technologies, people find employment and business opportunities, co-founders, investors, and a thriving community to connect with others and find information.  

Our privacy policy applies to any customer, potential customer and their representatives or contact persons of Sand Technologies and generally to any visitor to the Website or applications operated by Sand Technologies, for any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”). We detail below the purposes of processing, type of personal data and legal basis for the processing.

We never sell personal data to anyone for any purpose. We do not give personal data to others for their own use.

WE HOPE YOU TAKE SOME TIME TO READ THROUGH THIS PRIVACY POLICY CAREFULLY, AS IT IS IMPORTANT. IF THERE ARE ANY TERMS IN THIS PRIVACY POLICY THAT YOU DO NOT AGREE WITH, PLEASE DISCONTINUE USE OF OUR WEBSITE AND OUR SERVICES.

HOW WE USE PERSONAL DATA ABOUT YOU

Under the law, we must process your data lawfully, fairly, and transparently. We rely on one of the legal bases below for processing personal data, depending on what the data is and what we use it for:

We do not collect any “special categories” of personal data as defined in the Data Protection Act 2017 (Mauritius) or the GDPR (European Union).

Why we process it
Why we process it
Why we process it
Providing the Services, including related communication
Identification details of the customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

Publicly available personal information (such as maiden name, nickname; current and former address; phone numbers; email addresses; business email; business phone number; information available on the LinkedIn profile (including data available after initial data) and other similar data
to perform our contract with you (tailoring our offer and providing the Services)
Providing and managing the Website(www.sandtech.com), including user support/inquiries and related communication
Identification details of customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

IP address and referral IP addresses and usage data, for all visitors

payment data (your payment instrument number (such as a credit card number), and the security code associated with your payment instrument)
to perform our contract with you (providing the Website)
Why we process it
Type of personal data
Our legal basis
Commercial communication with you (marketing)

(e.g. sending commercial communications, including promoting events, newsletters or other commercial information, awarding)

and

Organising marketing events and webinars
Identification details of customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

For communication via social media (e.g. Telegram, WhatsApp, Instagram, or Facebook/Meta, Tiktok, LinkedIn), relevant profiles

Data on outreach and deliverability of communications:
– advert engagement data (e.g. views, clicks, keywords used, posts engaged with, sentiment reports)
– Website Conversion Actions (e.g. form fills, link clicks) and user traffic source.
– browsing patterns (e.g. , device type, operation system, number of sessions, pages viewed, time spent on website, link engagement, bounce rate)

Image (for marketing of events; photos/videos)

IP (for webinars), user logs (e.g. for e-mail communications, for webinars)
Consent for direct marketing

Legitimate interest for existing customers
Feedback and Surveys
Identification details of the individual (e.g.  name, address, country of origin, country of residence, age, gender, photo)

Contact data (email, phone number)
Your consent
Data analysis, statistics and reporting

(including to identify usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our services, products, marketing and your experience, business intelligence, market research)
For any individual, name, e-mail, location, age, IP address and referral IP addresses, referral URLs, user activity logs, device type, operating system

Data on outreach and deliverability of communications:

– advert engagement data (e.g. views, clicks, keywords used, posts engaged with, sentiment reports)
– Website Conversion Actions (e.g. form fills, link clicks) and user traffic source.
– browsing patterns (e.g. , device type, operation system, number of sessions, pages viewed, time spent on website, link engagement, bounce rate)
– user behaviour (e.g., browsing history, preferences)

Data is aggregated for this purpose.
Legitimate interest
Why we process it
Type of personal data
Our legal basis
For our IT operations management, security purposes and to diagnose technical issues
all the personal data we collect for the Services
To comply with the law (securing personal data from unauthorised access) and for our legitimate interest
Compliance with legal requests from public authorities, with our legal obligations, or for the establishment, exercise, or defence of legal claims
all the personal data we collect for the Services
To comply with the law and for our legitimate interest
For reorganisation of our business (such as transfers, mergers, spin-off)
all the personal data we collect for the Services
Our legitimate interest
For our internal collaboration and communication
all the personal data we collect for the Services
Performance of a contract and our legitimate interest to improve our product and your experience

Some of your legal rights will depend on which legal basis we are relying on for processing. Please see the Your Rights section below.

DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at membership@sandtech.com.

WHERE WE GET YOUR PERSONAL DATA FROM

We collect personal information that you provide to us.We collect personal information that you voluntarily provide to us when contacting us on the Website, expressing an interest in obtaining information about us or our products and Services, when participating in activities initiated by us (such as events, webinars or entering competitions, contests, giveaways, other activities) or otherwise contacting us.All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.The personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use, including publicly available personal information as detailed above.

DIRECT MARKETING

If you are an existing or previous member of part of the Sand ecosystem, we may send you promotional emails about initiatives or Services that are similar to what you have done with us before. You have the right to opt out of receiving these emails at any time by:

However, we will still need to send you service-related emails that are necessary for the administration and use of the Services.
In all other circumstances, we will only send marketing emails to your individual email if you have explicitly opted in to our marketing list in advance.
We never sell personal data to anyone for any purpose. Also, we will not give your data to others for their own use without your permission.

WHO WE SHARE PERSONAL DATA WITH

We may need to process your data or share your personal information in the following situations:

I. We may share your data with third-party vendors, service providers, consultants, contractors or agents who perform services for us or on our behalf and require access to such information to do that work, such as:

HOW WE STORE AND SECURE PERSONAL DATA

The Services data is held in AWS cloud, and hosted in the United States of America. Generally, we only store data with a provider if we are satisfied they protect it with robust policies and cybersecurity measures.

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the services within a secure environment.

All external processors have contracts with us. They are required not to reuse your personal data for their own purposes unless they observe the applicable privacy requirements.

Transferring your personal data to other countries

The Services data is transferred to the United State of America (by using several service providers which host data in the United State of America, such as AWS, HubSpot, SuperSet, SalesForce, Google suite). Also, sometimes we need to send personal data to other countries, such as when we send data to another office / local hub in our corporate group (Egypt, Kenya, South Africa, Malawi, Nigeria, Ghana, Ethiopia, Morocco, Rwanda, Romania, UK, Estonia).

We take note here of the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework, which concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred to US companies under the new framework. AWS, HubSpot, SalesForce, Google are already part of the EU-U.S. Data Privacy Framework.

When we send data to a country that does not have “adequate” data protection laws according to the European Commission, we will only send the data after agreeing to the standard data protection contract clauses approved by the EC. You can see a copy of these standard clauses on the EC website here: Standard Contractual Clauses (SCC) (europa.eu). We will also take supplementary measures, if necessary, to compensate for any lack of protection afforded by the laws of the recipient country.

If you would like further information about data transfers to other countries please contact us.

HOW LONG WE KEEP PERSONAL DATA

We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law (such as tax, accounting or other legal requirements).

No purpose in this policy will require us keeping your personal information for longer than 90 days past the termination of you contacting us on the Website, without entering into further negotiations or concluding an agreement with us.

Generally, when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.

YOUR RIGHTS

You can ask us to:

You can object:

If we are relying on your consent (permission) to use your personal data, you can withdraw your consent any time. However, in some cases if you withdraw consent:

For further information on your rights, please contact us by email or post:

Privacy Team
Sand Tech Holdings Limited
6th Floor, Tower A
1 Cybercity
Ebène
Mauritius
legal@sandtech.com.

DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have contacted us on the Website or for the Services, you have the right to request removal of unwanted data that you shared with us. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your correspondence and a statement that you reside in California. We will make sure the data is not publicly displayed, but please be aware that the data may not be completely or comprehensively removed from our systems.

COMPLAINTS

If you wish to complain about our use of personal data, we would appreciate the chance to deal with your concerns first. If you still wish to complain, please consult the Mauritius Data Protection Office  website at https://dataprotection.govmu.org/

If you are resident in the EEA (which includes the EU), the GDPR also gives you right to lodge a complaint with your local data protection regulator.

CHANGES TO THIS PRIVACY POLICY

This privacy policy was published on 20 October 2023. We periodically review this policy, and we will publish any changes on this Website which will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

HOW TO CONTACT US

Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you:

Privacy Team
Sand Tech Holdings Limited
6th Floor, Tower A
1 Cybercity Ebène
Mauritius
membership@sandtech.com.