## Privacy

openrand (Inhok Co. product) Privacy Policy Your privacy is important to us. It is openrand's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including via our app, openrand, and its associated services. Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use an app or online service.

We, openrand, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.

This policy is effective as of 17 January 2024. If consent was the lawful basis for processing personal data and that consent has been withdrawn. openrand relies on consent to process personal data in very few circumstances. Last updated: 17 January 2024 Information We Collect To enquire about openrand's privacy policy, or to report violations of user privacy, you may contact our Data Protection Officer using the details in the Contact us section of this privacy policy.

As PIPEDA refers to personal information using the term Personally Identifying Information (PII), any references to personal information and PII in this privacy policy, and in official communications from openrand, are intended as equivalent to one another in every way, shape and form.

While openrand endeavors to keep, store and handle customer data within locations in Canada, it may use agents or service providers located in the United States (U.S.), European Economic Area (EEA) or United Kingdom (UK) to collect, use, retain and process personal information as part of providing services to you. While we use all reasonable efforts to ensure that personal information receives the same level of security in any other jurisdiction as it would in Canada, please be aware that privacy protections may vary.

Accountability. openrand is responsible for the PII under its control and will designate one or more persons to ensure organizational accountability for compliance with the ten principles of privacy under PIPEDA, whose details are included below. All personnel are accountable for the protection of customers' personal information. When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device's Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage. Identifying purposes. openrand identifies the purposes for which personal information is collected at or before the time the information is collected. Consent. Consent is required for openrand's collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law. In addition, when customers access a product or service offered by us, consent is deemed to be granted. Express consent may be obtained verbally, in writing or through electronic means. Alternatively, consent may be implied through the actions of customers or continued use of a product or service following openrand's notification of changes. Limiting collection. Personal information collected will be limited to that which is necessary for the purposes identified by openrand. Personal Information Accuracy. Personal information will be maintained by openrand in an accurate, complete and up-to-date format as is necessary for the purpose(s) for which the personal information was collected.

To enquire about openrand's privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact us section of this privacy policy. Email openrand e@openrand.africa Phone/mobile number Home/mailing address Financial Identity Proof Web Links of Users Sensitive Information 'Sensitive information' or 'special categories of data' is a subset of personal information that is given a higher level of protection. Examples of sensitive information include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information, or biometric information.

The types of sensitive information that we may collect about you include:

Identity Proof Financial We will not collect sensitive information about you without first obtaining your consent, and we will only use or disclose your sensitive information as permitted, required, or authorized by law.

User-Generated Content We consider 'user-generated content' to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication on our platform, app or re-publishing on our social media channels. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be public after posting (and subsequent review or vetting process). Once published it may be accessible to third parties not covered under this privacy policy.

Legitimate Reasons for Processing Your Personal Information We only collect and use your personal information when we have a legitimate reason for doing so. In which instance we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information We may collect personal information from you when you do any of the following on our app:

Register for an account

<div className="max-w-3xl mx-auto px-4 py-12 text-justify text-lg leading-relaxed">
## Privacy

Openrand (Inhok Co. product) Privacy Policy

Your privacy is important to us. It is Openrand's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including via our app, Openrand, and its associated services.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use an app or online service.

We, Openrand, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.

This policy is effective as of 17 January 2024.

If consent was the lawful basis for processing personal data and that consent has been withdrawn, Openrand relies on consent to process personal data in very few circumstances.

Last updated: 17 January 2024

### Information We Collect

To enquire about Openrand's privacy policy, or to report violations of user privacy, you may contact our Data Protection Officer using the details in the Contact us section of this privacy policy.

As PIPEDA refers to personal information using the term Personally Identifying Information (PII), any references to personal information and PII in this privacy policy, and in official communications from Openrand, are intended as equivalent to one another in every way, shape and form.

While Openrand endeavors to keep, store and handle customer data within locations in Canada, it may use agents or service providers located in the United States (U.S.), European Economic Area (EEA) or United Kingdom (UK) to collect, use, retain and process personal information as part of providing services to you. While we use all reasonable efforts to ensure that personal information receives the same level of security in any other jurisdiction as it would in Canada, please be aware that privacy protections may vary.

Accountability. Openrand is responsible for the PII under its control and will designate one or more persons to ensure organizational accountability for compliance with the ten principles of privacy under PIPEDA, whose details are included below. All personnel are accountable for the protection of customers' personal information.

When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device's Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage.

Identifying purposes. Openrand identifies the purposes for which personal information is collected at or before the time the information is collected.

Consent. Consent is required for Openrand's collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law. In addition, when customers access a product or service offered by us, consent is deemed to be granted. Express consent may be obtained verbally, in writing or through electronic means. Alternatively, consent may be implied through the actions of customers or continued use of a product or service following Openrand's notification of changes.

Limiting collection. Personal information collected will be limited to that which is necessary for the purposes identified by Openrand.

Accuracy. Personal information will be maintained by Openrand in an accurate, complete and up-to-date format as is necessary for the purpose(s) for which the personal information was collected.

To enquire about Openrand's privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact us section of this privacy policy.

**Contact**

Openrand

c@openrand.africa

The personal information we collect is stored and/or processed in the United Kingdom by us. Following an adequacy decision by the EU Commission, the UK has been granted an essentially equivalent level of protection to that guaranteed under UK GDPR.

On some occasions, where we share your data with third parties, they may be based outside of the UK, or the European Economic Area ("EEA"). These countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information.

If we transfer your personal information to third parties in other countries:

(i) we will perform those transfers in accordance with the requirements of applicable law; and

(ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Data Subject Rights

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.

Right to be Informed: You have the right to be informed with how your data is collected, processed, shared and stored.

Right of Access: You may request a copy of the personal information that we hold about you at any time by submitting a Data Subject Access Request (DSAR). The statutory deadline for fulfilling a DSAR request is 90 calendar days from our receipt of your request.

Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by organisations. However this is a qualified right; it is not absolute, and may only apply in certain circumstances.

Right to Portability: Individuals have the right to get some of their personal data from an organisation in a way that is accessible and machine-readable, for example as a csv file. Associated with this, individuals also have the right to ask an organisation to transfer their personal data to another organisation.

This privacy policy is a living document. We may update it periodically to reflect changes in our practices or legal requirements. Please check this page occasionally for any updates.

You may contact us at any time, using the information provided in the Contact Us section of this privacy policy if you believe your PII on our systems is incorrect or incomplete.

If we cannot agree on changing the information, you have the right to have your concerns recorded with the Office of the Privacy Commission of Canada.

Compliance with PIPEDA's Ten Principles of Privacy This privacy policy complies with the PIPEDA's requirements and ten principles of privacy, which are as follows:

Accountability. eduai is responsible for the PII under its control and will designate one or more persons to ensure organizational accountability for compliance with the ten principles of privacy under PIPEDA, whose details are included below. All personnel are accountable for the protection of customers' personal information. Identifying purposes. eduai identifies the purposes for which personal information is collected at or before the time the information is collected. Consent. Consent is required for eduai's collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law. In addition, when customers access a product or service offered by us, consent is deemed to be granted. Express consent may be obtained verbally, in writing or through electronic means. Alternatively, consent may be implied through the actions of customers or continued use of a product or service following eduai's notification of changes. Limiting collection. Personal information collected will be limited to that which is necessary for the purposes identified by eduai. Limiting use, disclosure and retention. We will not use or disclose personal information for purposes other than those for which the information was collected, except with your consent or as required by law. We will retain personal information only for as long as is necessary to fulfill the purposes for collecting such information and compliance with any legal requirements. Accuracy. Personal information will be maintained by eduai in an accurate, complete and up-to-date format as is necessary for the purpose(s) for which the personal information was collected. Safeguards. We will protect personal information with security safeguards appropriate to the sensitivity of such information. Openness. We will make our policies and practices relating to the collection and management of personal information readily available upon request, including our brochures or other information that explain our policies, standards, or codes. Customer access. We will inform customers of the existence, use and disclosure of their personal information and will provide access to their personal information, subject to any legal restrictions. We may require written requests for access to personal information and in most cases, will respond within 30 days of receipt of such requests. Customers may verify the accuracy and completeness of their personal information, and may request the personal information be corrected or updated, if appropriate. Challenging compliance Customers are welcome to direct any questions or inquiries concerning our compliance with this privacy policy and PIPEDA requirements using the contact information provided in the Contact Us section of this privacy policy. Cookie Compliance Our email interactions with our customers are compliant with Canadian Anti-Spam Legislation. The Company does not send unsolicited email to persons with whom we have no relationship. We will not sell personal information, such as email addresses, to unrelated third-parties. On occasion, your personal information may be provided to our third-party partners to administer the products and services you request from us.

When you leave our website by linking to another website, you are subject to the privacy and security policies of the new website. We encourage you to read the privacy policies of all websites you visit, especially if you share any personal information with them.

Please refer to our Cookie Policy for more information.

Enquiries, Reports and Escalation To enquire about eduai's privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact us section of this privacy policy.

If we fail to resolve your concern to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada:

30, Victoria Street Gatineau, Quebec K1A 1H3 Toll Free: 1.800.282.1376 www.priv.gc.ca

Contact Us For any questions or concerns regarding your privacy, you may contact us using the following details:

eduai c@edu.africa