Privacy Policy

Sand Technologies Privacy Policy

Last updated October 2023

This policy explains

  • who we are
  • why we collect personal data
  • what kinds of personal data we collect 
  • where we get it from
  • how we use it;
  • direct marketing;
  • who we might share it with;
  • how we store and secure it; 
  • how long we keep it; 
  • your rights; and
  • how to complain about our use of personal data.

WHO WE ARE

Sand Tech Holdings Limited (“Sand”, “we”, “us”) is a company registered in Mauritius.

Business registration number: C14117099

Registered office address: Level 6, Tower A, 1 Exchange Square, Wall Street, Ebène 72201 MAURITIUS

We act as a ‘controller’ of the personal data to all information collected through our website (www.sandtech.com), “Website”, “Sand Tech”, “Sand Technologies” or collected for the Services, as identified below.

WHY WE COLLECT PERSONAL DATA

Sand Technologies is ​​a community of passionate, courageous ‘doers’ where we help the world’s top talent to fulfil their potential and get connected with customers or employers all over the world. At Sand Technologies, people find employment and business opportunities, co-founders, investors, and a thriving community to connect with others and find information.   

Our privacy policy applies to any customer, potential customer and their representatives or contact persons of Sand Technologies and generally to any visitor to the Website or applications operated by Sand Technologies, for any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”). We detail below the purposes of processing, type of personal data and legal basis for the processing.

We never sell personal data to anyone for any purpose. We do not give personal data to others for their own use.

WE HOPE YOU TAKE SOME TIME TO READ THROUGH THIS PRIVACY POLICY CAREFULLY, AS IT IS IMPORTANT. IF THERE ARE ANY TERMS IN THIS PRIVACY POLICY THAT YOU DO NOT AGREE WITH, PLEASE DISCONTINUE USE OF OUR WEBSITE AND OUR SERVICES.

HOW WE USE PERSONAL DATA ABOUT YOU

Under the law, we must process your data lawfully, fairly, and transparently. We rely on one of the legal bases below for processing personal data, depending on what the data is and what we use it for:
  • our legitimate interests;
  • to comply with the law;
  • your consent; or
  • to perform our contract with you (providing your user account)

We do not collect any “special categories” of personal data as defined in the Data Protection Act 2017 (Mauritius) or the GDPR (European Union).
Why we process itType of personal dataOur legal basis
Providing the Services, including related communication










Identification details of the customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

Publicly available personal information (such as maiden name, nickname; current and former address; phone numbers; email addresses; business email; business phone number; information available on the LinkedIn profile (including data available after initial data) and other similar data		to perform our contract with you (tailoring our offer and providing the Services)






Providing and managing the Website (www.sandtech.com), including user support/inquiries and related communication






Identification details of customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

IP address and referral IP addresses and usage data, for all visitors

payment data (your payment instrument number (such as a credit card number), and the security code associated with your payment instrument)		to perform our contract with you (providing the Website)







Why we process itType of personal dataOur legal basis
Commercial communication with you (marketing)

(e.g. sending commercial communications, including promoting events, newsletters or other commercial information, awarding)

and

Organising marketing events and webinars		Identification details of customers/prospective customers and their representatives and contact persons (e.g. full name, business e-mail, phone number, country of residence, company represented and company website)

For communication via social media (e.g. Telegram, WhatsApp, Instagram, or Facebook/Meta, Tiktok, LinkedIn), relevant profiles

Data on outreach and deliverability of communications:
– advert engagement data (e.g. views, clicks, keywords used, posts engaged with, sentiment reports) 
– Website Conversion Actions (e.g. form fills, link clicks) and user traffic source. 
– browsing patterns (e.g. , device type, operation system, number of sessions, pages viewed, time spent on website, link engagement, bounce rate) 

Image (for marketing of events; photos/videos)

IP (for webinars), user logs (e.g. for e-mail communications, for webinars)		Consent for direct marketing

Legitimate interest for existing customers
Feedback and SurveysIdentification details of the individual (e.g.  name, address, country of origin, country of residence, age, gender, photo)

Contact data (email, phone number)		Your consent
Data analysis, statistics and reporting

(including to identify usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our services, products, marketing and your experience, business intelligence, market research)		For any individual, name, e-mail, location, age, IP address and referral IP addresses, referral URLs, user activity logs, device type, operating system 

Data on outreach and deliverability of communications:
– advert engagement data (e.g. views, clicks, keywords used, posts engaged with, sentiment reports) 
– Website Conversion Actions (e.g. form fills, link clicks) and user traffic source. 
– browsing patterns (e.g. , device type, operation system, number of sessions, pages viewed, time spent on website, link engagement, bounce rate)
– user behaviour (e.g., browsing history, preferences) 

Data is aggregated for this purpose.		Legitimate interest
   
Why we process itType of personal dataOur legal basis
For our IT operations management, security purposes and to diagnose technical issuesall the personal data we collect for the ServicesTo comply with the law 
(securing personal data 
from unauthorised access) and for our legitimate interest
Compliance with legal requests from public authorities, with our legal obligations, or for the establishment, exercise, or defence of legal claimsall the personal data we collect for the ServicesTo comply with the law and for our legitimate interest
For reorganisation of our business (such as transfers, mergers, spin-off)all the personal data we collect for the ServicesOur legitimate interest
For our internal collaboration and communicationall the personal data we collect for the ServicesPerformance of a contract and our legitimate interest to improve our product and your experience

Some of your legal rights will depend on which legal basis we are relying on for processing. Please see the Your Rights section below.

DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at membership@sandtech.com.

WHERE WE GET YOUR PERSONAL DATA FROM

We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when contacting us on the Website, expressing an interest in obtaining information about us or our products and Services, when participating in activities initiated by us (such as events, webinars or entering competitions, contests, giveaways, other activities) or otherwise contacting us.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

The personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use, including publicly available personal information as detailed above. 

DIRECT MARKETING

If you are an existing or previous member of part of the Sand ecosystem, we may send you promotional emails about initiatives or Services that are similar to what you have done with us before. You have the right to opt out of receiving these emails at any time by:

However, we will still need to send you service-related emails that are necessary for the administration and use of the Services.

In all other circumstances, we will only send marketing emails to your individual email if you have explicitly opted in to our marketing list in advance.

We never sell personal data to anyone for any purpose. Also, we will not give your data to others for their own use without your permission.

WHO WE SHARE PERSONAL DATA WITH

We may need to process your data or share your personal information in the following situations:

I. We may share your data with third-party vendors, service providers, consultants, contractors or agents who perform services for us or on our behalf and require access to such information to do that work, such as: 

  1. IT maintenance and service providers, providers of software applications through which our IT systems and document management activities are carried out (including Google workspace, especially for e-mail and document storage), as well as the hosting of these software applications,
  2. data analysis, data statistics, surveys/feedback, customer service. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data about how you interact with the Website over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity.
  3. service providers which we use for managing and the Website, payment processing, for lead generation and for marketing communications, third-party advertisers to serve ads when you visit the Website, of workflow (CRM), productivity software solutions, e-mail delivery and e-mail outreach service providers, e-mail validation service providers, providers of self-service ticketing platform for live experiences, providers of video-conference solution or of the asynchronous video interview solution.
  4. service providers for our administrative / secretarial services, internal organisational flows, such as our digital productivity, collaboration, and organisational app, video-conferencing solutions and calendar application services. 

 

Such third-party service providers are also not allowed to reuse your personal data for their own purposes. 

II. We sometimes share personal data with third parties as part of providing our services or to comply with our legal duties. These third parties can include:

  • public authorities. We may share your information with law enforcement agencies, public authorities or other organizations, if legally required to do so. This includes tax authorities, auditors, various categories of consultants or institutions with powers to carry out inspections and controls our activity and assets, who request us to provide information, by virtue of our legal obligations, courts, public notaries, bailiffs, official company registry;
  • group and affiliated companies. We may share your information within entities affiliated to us by common control, management or ownership;
  • business partners. We may share your information to offer you certain products, services or promotions. We do this when we work together with our partners on a common purpose. One of our main partners is ALU Foundation; or
  • to third party acquirers/potential acquirers and to their auditors and consultants. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

HOW WE STORE AND SECURE PERSONAL DATA

The Services data is held in AWS cloud, and hosted in the United States of America. Generally, we only store data with a provider if we are satisfied they protect it with robust policies and cybersecurity measures.

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the services within a secure environment.

All external processors have contracts with us. They are required not to reuse your personal data for their own purposes unless they observe the applicable privacy requirements.

Transferring your personal data to other countries

The Services data is transferred to the United State of America (by using several service providers which host data in the United State of America, such as AWS, HubSpot, SuperSet, SalesForce, Google suite). Also, sometimes we need to send personal data to other countries, such as when we send data to another office / local hub in our corporate group (Egypt, Kenya, South Africa, Malawi, Nigeria, Ghana, Ethiopia, Morocco, Rwanda, Romania, UK, Estonia).

We take note here of the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework, which concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred to US companies under the new framework. AWS, HubSpot, SalesForce, Google are already part of the EU-U.S. Data Privacy Framework.

When we send data to a country that does not have “adequate” data protection laws according to the European Commission, we will only send the data after agreeing to the standard data protection contract clauses approved by the EC. You can see a copy of these standard clauses on the EC website here: Standard Contractual Clauses (SCC) (europa.eu). We will also take supplementary measures, if necessary, to compensate for any lack of protection afforded by the laws of the recipient country.

If you would like further information about data transfers to other countries please contact us.

HOW LONG WE KEEP PERSONAL DATA

We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law (such as tax, accounting or other legal requirements).

No purpose in this policy will require us keeping your personal information for longer than 90 days past the termination of you contacting us on the Website, without entering into further negotiations or concluding an agreement with us. 

Generally, when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.

YOUR RIGHTS

You can ask us to:

  • provide you with a copy of your personal data;
  • correct mistakes in data we hold about you;
  • delete your personal data from our records (subject to some exceptions in the Data Protection Act 2017 or another applicable privacy law);
  • restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the data; and
  • in certain situations, provide you with a copy of the personal data you provided to us in an easily portable format.

You can object: 

  • at any time to your personal data being processed for direct marketing;
  • in certain other situations, to our continued processing of your personal data, such as where we carry out processing based on our legitimate interests.

If we are relying on your consent (permission) to use your personal data, you can withdraw your consent any time. However, in some cases if you withdraw consent:

  • we may still process your personal data without your consent as required or permitted by law, for example to defend our legal rights or to obey a legal requirement to keep the data; or
  • we may no longer be able to provide you with goods or services (we’ll let you know when this would be the case)

For further information on your rights, please contact us by email or post:

Privacy Team

Sand Tech Holdings Limited 

6th Floor, Tower A 

1 Cybercity 

Ebène 

Mauritius 

legal@sandtech.com. 

DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have contacted us on the Website or for the Services, you have the right to request removal of unwanted data that you shared with us. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your correspondence and a statement that you reside in California. We will make sure the data is not publicly displayed, but please be aware that the data may not be completely or comprehensively removed from our systems.

COMPLAINTS

If you wish to complain about our use of personal data, we would appreciate the chance to deal with your concerns first. If you still wish to complain, please consult the Mauritius Data Protection Office  website at https://dataprotection.govmu.org/

If you are resident in the EEA (which includes the EU), the GDPR also gives you right to lodge a complaint with your local data protection regulator.

CHANGES TO THIS PRIVACY POLICY

This privacy policy was published on 20 October 2023. We periodically review this policy, and we will publish any changes on this Website which will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

HOW TO CONTACT US

Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you:

Privacy Team

Sand Tech Holdings Limited 

6th Floor, Tower A 

1 Cybercity 

Ebène 

Mauritius 

membership@sandtech.com