Eride Technologies — Privacy Policy

Effective date: 12 August 2025
Last updated: 12 August 2025

Thank you for trusting Eride Technologies with your information. This Privacy Policy explains how we collect, use, disclose, secure and retain personal information when you interact with Eride Technologies, our services, products and websites — including our AI Travel Assistant for SADC Travellers and DHA Vlist-Assist: South Africa Visa Overstay Appeal System. It also explains your rights and how you can exercise them.

This is a comprehensive, plain-English policy. Where we refer to legal obligations and data-subject rights, we align our approach with recognised data-protection frameworks (for example POPIA in South Africa and the EU GDPR) and with regulator guidance on automated decision-making. Please read it carefully and contact us if you have questions. (POPIA, EUR-Lex, ICO)

Important: This policy is a statement of Eride Technologies’ practices. It is not legal advice. If you require a version that quotes local legal clauses verbatim, or that is certified for a specific procurement process, please ask and we will work with your legal counsel.

Who we are (Controller / Responsible party)
Eride Technologies (trading as “Eride”, “we”, “us”, “our”) is the organisation responsible for deciding how and why personal information is processed in connection with the services described in this policy.

Contact for privacy requests (replace with your details):
Email: info@eridetech.africa

Scope / Where this policy applies
This Privacy Policy applies to personal information we collect: via our web sites and mobile/web apps; when you sign up for or use the AI Travel Assistant or Vlist-Assist; when you contact our customer support or sales teams; through integrations and partner services; and when we receive data from third parties on your behalf.

Definitions (brief)

  • Personal information / personal data — any information that identifies you or can be linked to you (name, passport number, contact details, travel history, etc.).

  • Special / sensitive personal information — highly sensitive categories (health information, biometric data, criminal or immigration status where present). We treat this with additional safeguards.

  • Processing — collecting, storing, using, sharing, analysing or erasing personal information.

  • Automated decision-making / profiling — use of algorithms or AI to make or assist decisions about a person. See the “AI & automated decisions” section. (ICO)

Personal information we collect — categories & examples

We collect and process categories of personal information that are necessary to provide our services. Examples include:

  1. Identity & identity documents — full name, date of birth, nationality, gender, ID / passport numbers, passport scans and photo pages, visa documents and stamps.

  2. Contact details — email address, mobile telephone, postal address, emergency contact.

  3. Travel & immigration information — travel itinerary, flight bookings, entry/exit data, visa types, previous overstays, reasons for travel, appeal histories.

  4. Sensitive (special) personal information — health records or medical certificates (if uploaded in support of an appeal), criminal conviction information or immigration enforcement details when required for an appeal. We only process this where you have given explicit consent or another lawful basis applies.

  5. Payment & billing data — billing names, invoices, transaction references (we do not store full card numbers — our payment partners handle card data).

  6. Usage, device & technical data — IP address, device identifiers, browser, operating system, crash logs, analytics, cookies, approximate or precise location (only when you allow it).

  7. Communications & support data — chat transcripts, emails, uploaded documents, call recordings (where permitted) and dispute records.

  8. Derived & profile data — AI-generated assessments (eligibility scores, checklist completion status), preferences and other inferred data used to personalise services.

How we obtain personal information

  • You give it to us directly (account registration, forms, chat, uploads).

  • We collect it automatically when you use our website or apps (cookies, analytics, logs).

  • We receive it from third parties you instruct us to work with (travel agents, payment providers, partners, or government agencies such as Home Affairs where lawful and necessary).

  • We may receive publicly available information or information from verification providers.

Why we process personal information — purposes & lawful grounds

We process personal information to provide, secure and improve our services:

  • To operate and deliver the AI Travel Assistant and Vlist-Assist (document checking, mock assessments, appeal generation, reminders and alerts). (Necessary for contract performance and to fulfil your service request.)

  • To verify identities and documents, and to screen eligibility for appeals. (Necessary for contract performance and to comply with legal obligations.)

  • To communicate with you (notifications, support, status updates and regulatory communications). (Necessary for contract performance, consent for marketing.)

  • To process payments and invoices. (Necessary for contract performance and accounting/legal obligations.)

  • To detect and prevent fraud, abuse, security incidents and to comply with law enforcement or court orders. (Legitimate interests and legal obligations.)

  • To improve and personalise services and product development (analytics, experimentation, machine-learning training on anonymised datasets). (Legitimate interests; where required we obtain consent.)

  • For marketing communications (only with your consent; you can opt out at any time).

For users in jurisdictions governed by POPIA or GDPR, our processing aligns with the permission/conditions those laws describe (consent, contractual necessity, legal obligation, legitimate interests and similar lawful grounds). Where automated decisions have legal or similarly significant effects, we offer human review and explanation options described below. (POPIA, EUR-Lex)

AI, profiling and automated decision-making — what we do and your rights

Both our AI Travel Assistant and Vlist-Assist use algorithmic processes to help you prepare documents, to run mock embassy assessments, to generate appeal letters and to produce personalised alerts and recommendations. These processes can include profiling and automated inferences (for example: predicted likelihood of appeal success; checklist completeness; travel risk flags).

Key points:

  • Human oversight & review. Automated outputs are used as assistance and are subject to human review, especially where outcomes have legal or materially adverse effects on a person (for example a recommendation that an appeal is unlikely to succeed). You can request a human review of any automated decision.

  • Explainability. You may request meaningful information about the logic involved and the main factors that influenced an automated decision.

  • Opt-out / objection. Where feasible and subject to service functionality, you may object to solely automated processing that produces legal or similarly significant effects. We will consider such requests and offer alternatives where possible.

  • Accuracy & correction. AI outputs depend on the data you provide. You may correct or update your data and request re-assessment.

  • Limitations & advice. AI recommendations are advisory only and do not replace legal advice or official determinations by the Department of Home Affairs (DHA). We encourage users to verify critical decisions with a qualified legal adviser or with the relevant authority.

We follow recognised regulator guidance on automated decision-making and profiling to keep systems fair, transparent and contestable. (ICO)

Special handling: DHA Vlist-Assist (Visa Overstay Appeal System)

Vlist-Assist is designed to help travellers who have overstayed or are at risk of overstaying by guiding them through appeal workflows, verifying eligibility, generating appeal letters, and tracking submissions to the Department of Home Affairs.

Specific considerations:

  • Sensitive data: appeals often require sensitive information (medical evidence, police reports, travel disruptions). We treat such data as special categories and only process it where you have provided explicit consent or where a lawful basis exists.

  • User responsibility: users are responsible for the accuracy of documents and statements uploaded to Vlist-Assist. We do not represent you legally — we provide technological facilitation and document automation. You should seek legal advice where necessary.

  • Interaction with DHA: where you instruct us to communicate with DHA or authorise us to submit information on your behalf, we will do so in accordance with your instructions and applicable law. We may retain records of submissions for our operational and compliance needs.

  • Retention for disputes and compliance: appeal files may be retained for longer periods where required to respond to inquiries, investigations or audits.

Who we share data with (recipients)

We may disclose personal information to:

  • Service providers and processors (cloud hosts, payment processors, analytics, email/campaign providers, identity-verification and document-scanning providers).

  • Government agencies such as the Department of Home Affairs or other official authorities when required by law or when you authorise disclosure.

  • Professional advisers (lawyers, auditors) acting under confidentiality.

  • Affiliates and partners where necessary to provide integrated services (for example travel partners).

  • Successors and buyers in the event of a business sale, merger or reorganisation (subject to confidentiality and appropriate safeguards).

  • Law enforcement or courts when compelled or permitted by law.

Where third-party processors are used, we require contractual safeguards, confidentiality and security controls and only provide the minimum data necessary for the processor to perform its services.

Cross-border transfers

Your information may be transferred to, stored and processed in countries other than the country where you live (for example cloud servers or service providers in other jurisdictions). When we transfer personal information internationally we will implement appropriate safeguards — such as standard contractual clauses, binding corporate rules, adequacy decisions, or explicit consent where permitted — and we will only transfer the minimum data needed for the service. We follow POPIA’s cross-border transfer requirements and international good practice for transfers. (CMS Law, DLA Piper Data Protection)

Cookies, similar technologies and analytics

We use cookies and similar technologies to run, protect and improve our sites and services, to remember your preferences and to provide analytics. You can control cookies through your browser and our cookie-consent interfaces. For detailed cookie settings and opt-outs, see our Cookie Policy [link to cookie policy or settings page].

Data retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, to meet legal or regulatory obligations, to resolve disputes and to enforce our agreements. Typical retention examples: account and transaction records — retained while the account is active and for a reasonable period thereafter for legal, tax and compliance purposes (commonly up to 7 years); support logs and backups — retained for operational needs (commonly 1–3 years); anonymised or aggregated data — may be retained indefinitely for analytical purposes. We will delete or anonymise data when no longer required, subject to legal exceptions.

Security

We apply industry-standard technical and organisational measures to protect personal information — including encryption in transit and (where appropriate) at rest, access controls, logging, regular security reviews, staff training and incident response procedures. However no system is 100% secure; if we become aware of a security compromise that creates a risk to the rights and freedoms of data subjects we will follow legal requirements to notify the Information Regulator and affected individuals as required and as soon as reasonably practicable. See Information Regulator guidance on security compromise notifications. (Empowered Compliance Monitoring, Inside Privacy)

Breach notification

If a security incident results in unauthorised access to personal information and is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Regulator and affected persons without undue delay and will include information about the likely consequences and mitigation steps. We keep a register of all incidents and take steps to prevent recurrence. (POPIA requires such notification as soon as reasonably practicable.) (Empowered Compliance Monitoring, POPIA)

Your rights and how to exercise them

Subject to local law, data-subjects have rights including (but not limited to):

  • The right to be informed about processing;

  • The right of access (to request a copy of personal information);

  • The right to rectification (correct inaccurate data);

  • The right to erasure (delete data where lawful);

  • The right to restrict processing;

  • The right to object (including to direct marketing);

  • The right to withdraw consent (where processing is based on consent);

  • Rights in relation to automated decisions and profiling (request human review and explanations); and

  • Where applicable, the right to data portability.

How to make a request: contact us at info@eridetech.africa (or use our online Data Subject Request form [link]). We will acknowledge your request and respond within a reasonable time. For South African residents, you may also lodge a complaint with the Information Regulator if you remain unsatisfied; the Information Regulator publishes complaint forms and guidance (see their complaints and contact pages). (POPIA, Empowered Compliance Monitoring)

Fees and verification for requests

Where permitted by law we may require proof of identity to process your request and, in some jurisdictions, we may charge a reasonable fee for manifestly unfounded or excessive requests. We will not charge for ordinary access requests except where lawfully permitted.

Children and minors

Our services are intended for adults. We do not knowingly collect personal information from children under the age of 18 without parental or guardian consent. If you believe we have collected data about a child without appropriate consent, please contact us and we will promptly take steps to remove that personal information.

Third-party links, embedded content and services

Our services may include links to third-party websites and integrations (for example payment gateways or identity verification providers). This Privacy Policy does not apply to third parties; please read their privacy terms. We are not responsible for third-party practices.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on our site with the effective date. We encourage you to review this policy regularly.

Contact & complaints

For privacy enquiries, data subject requests or complaints:

Eride Technologies — Privacy Team
Email: info@eridetech.africa
Postal address: [Insert registered office address]

If you are in South Africa and remain dissatisfied after contacting us, you may lodge a complaint with the Information Regulator (POPIA complaints email and guidance): see the Information Regulator’s complaints page and guidance for forms and contact channels. (Empowered Compliance Monitoring)

Annex A — Practical examples (short)

  • If you upload a passport scan to Vlist-Assist: we will store the scan to verify identity and to generate appeal documents. We will only use it for the appeal and related compliance, and we will delete or archive it when no longer required except where retention is mandated by law.

  • If you use the AI Travel Assistant to run a mock assessment: the AI will examine the data you provide and return a checklist and recommendation. You can ask for a human review and correct any data that influenced the recommendation.

Annex B — Data protection impact assessments & AI governance

We perform risk assessments and Data Protection Impact Assessments (DPIAs) where required — particularly for high-risk processing such as automated decision tools and systems that process special categories of personal information. We also maintain an internal AI governance checklist to review fairness, accuracy, explainability and mitigation of bias.

Acknowledgement & confirmation

By using Eride Technologies’ services (including AI Travel Assistant and Vlist-Assist), you acknowledge that you have read and understood this Privacy Policy and consent to the processing activities described, in accordance with applicable law.