Traydstream  Privacy Policy 2025

As a leading technology platform provider, Traydstream Limited together with its affiliates,
(“we”, “us” or “Traydstream”) takes your privacy seriously. It is fundamental to how we operate.
This policy explains how we collect, use, share, and protect your information.

Definitions

1) Personal information – “personal information” refers to the types of information we may collect and use

• Contact details such as your name, email address, postal address and telephone number.
• For employees’ personal information will also include emergency contact details, salary, date of birth, gender, marital status (if required by law in that country)
• Professional background information.
• Comments, feedback, posts and other content submitted.
• Interests and communication preferences including marketing permissions where appropriate.
• Location information (e.g. the country in which you are based); and
• IP address information and information relating to your use of the website.
• non-identifiable information which, when combined with other information to which Traydstream is likely to have access, can be used to identify an individual

2) “Data subject” – Individuals that are identified or identifiable by Personal Information “Processing” means any operation that is performed on Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, blocking, disabling or destruction.

3) “Sensitive Personal Information” – is a subset of Personal Information, which due to its sensitive nature has been classified by law or policy as requiring additional privacy protection.

4) “Third Party or Third Party Service Provider” – is any natural or legal person, public authority, agency, or other body apart from Traydstream that processes or stores Personal Information solely on behalf of and under the instructions of Traydstream.

Processed only when required by law or provided voluntarily with explicit consent.

External entities that process or store data on behalf of Traydstream, under contractual obligation and in compliance with privacy laws.

WHAT DATA DO WE COLLECT?

We collect only the Personal Information necessary to deliver our services, fulfil contracts, and meet legal obligations. This includes:

• Identification and contact data.

• Employment-related data (for internal HR purposes).

• Preferences and interests.

• Technical and usage data via cookies.

• Sensitive Personal Information where legally required or voluntarily provided.

HOW DO WE USE THE DATA?

We process your Personal Information for:

• Delivering and improving our services.

• Communicating with you and responding to inquiries.

• Managing recruitment and HR processes.

• Complying with legal obligations.

• Conducting marketing (with proper consent).

• Preventing fraud and securing systems.

PRIVACY PRINCIPLES

Traydstream will only share your Personal Information with others for the following purposes:

• At your request.

• To process or service a transaction or product authorized or requested by you; this may include sharing within the Traydstream group of entities.

• When required by law to disclose such information to appropriate authorities.

• To companies that assist us in marketing, recruiting, placement and servicing our products and services; for example, in order to support our information technology or to handle mailings on our behalf.

• To a hotel we are hosting an event at, as part of the registration process.

We collect only the personal information necessary to deliver the products and services you request, to protect against fraud, and to fulfil legal and regulatory requirements.

COOKIES

Our website utilizes standard technology called “cookies” and web server logs to collect information about how our website is used. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website. Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the website visited just before and just after our website. This information is collected on an aggregate basis. None of this information is associated with you as an individual. You can, of course, disable cookies on your computer by indicating this in the preferences or options menus in your browser. However, it is possible that some parts of our website will not operate correctly if you disable cookies. You should consult with your browser’s provider/manufacturer if you have any questions regarding disabling cookies.

HOW TO MANAGE COOKIES?

You can control cookie usage via your browser settings. Disabling cookies may affect the functionality of certain website features. Refer to your browser’s help documentation for detailed guidance.

STORING AND RETAINING YOUR INFORMATION

We store the aforementioned information on Azure and Amazon web servers located in the United States of America and Europe. We keep Personal Information obtained through cookies for 30 days. Once that time period has expired, the information will be disposed of and any cookies will be reset. Other Personal Information obtained will be stored for the duration of our relationship and 120 days after the relationship has ended and/or consent (if applicable)
is withdrawn.

SECURITY

The security of all information including Personal Information is extremely important to Traydstream.

• We implement and maintain a data security program that includes appropriate standard administrative, technical, physical and operational safeguards designed to:

(a) Maintain the security and confidentiality of Personal Information entrusted to us; and
(b) Protect Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use that could result in harm.

• We implement and maintain practices designed to secure the access, storage and transmission of Personal Information.

• We maintain appropriate security upon the disposal and destruction of records containing Personal Information.

• The nature and extent of protection maintained will correspond to applicable local laws and regulations.

• We restrict access to Personal Information to those employees of Traydstream who need to know that information to provide our Services. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Personal Information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

• We have implemented protocols to verify ongoing compliance with this Policy and to enforce disciplinary action against those who violate the privacy and security practices. To report a privacy violation, contact info@traydstream.konceptslab.com

DATA INTEGRITY

We endeavour to keep Personal Information accurate and current; and we update it whenever we receive a request to do so, as described below under “Rights”.

• We take reasonable steps to ensure the Personal Information we have collected is accurate, complete, and current.

• We rely on the accuracy and completeness of the Personal Information that has been provided to us to perform the Services requested.

YOUR RIGHTS
Based on jurisdiction, there may be certain access, erasure, and other rights which individuals may have to their Personal Information, including the right to manage our treatment of their Personal Information and the way in which it is processed.

As an EU citizen
As a data subject under EU data protection laws [the UK is expected to maintain/have equivalent protections after Brexit], you have specific legal rights relating to the Personal Information we collect from you. We will respect your individual rights and will deal with your concerns adequately.

• Right to withdraw consent: Where you have given consent for the processing of your Personal Information, you may withdraw your consent at any moment.

• Right to rectification: You may obtain from us rectification of your Personal Information. We make reasonable efforts to keep Personal Information in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.

• Right to restriction: You may require us to restrict the processing of your Personal Information, if:
• The accuracy of your Personal Information is in doubt.
• The Personal Information processing is believed to be unlawful, and you request the restriction of processing rather than erasure of your Personal Information.
• There is no longer a need for storing your Personal Information, but you require it for the establishment, exercise or defence of legal claims; or
• You object to the processing while we verify whether our legitimate grounds override yours.

• Right to access: You may request information regarding Personal Information that we hold about you, including information as to which categories of Personal Information we have in our possession or control, what they are being used for, where we collected them (if not from you directly), and to whom they have been disclosed, if applicable.
• We will provide you with a copy of your Personal Information upon request. If you request further copies of your Personal Information, then we can charge you with a reasonable fee that we base on administrative costs.
• If we transfer your Personal Information to a country outside the EU and EEA, you have the right to request information about the safeguards in place for our transfer of that data to the receiving country.

• Right to portability: You have the right to receive Personal Information that you have provided to us, and, where technically feasible, request that we transmit such Personal Information to another organization.
• You have these two rights if:
o We process your Personal Information by automated means.
o We base the processing of your Personal Information on your consent, or our processing of your Personal Information is necessary for the execution or performance of a contract to which you are a party.
• You provided your Personal Information to us; and
• The transmission of your Personal Information does not adversely affect the rights and the freedoms of other persons.
• You have the right to receive your Personal Information in a structured, commonly used and machine-readable format.
• Your right to receive your Personal Information must not adversely affect the rights and the freedoms of other persons. This may be the case if a transmission of your Personal Information to another organization also involves the transmission of the personal data of other (non-consenting) individuals.
• Your right to have your Personal Information transmitted from us to another organization is a right you have only if such transmission is technically feasible.

• Right to erasure: You have the right to request that we delete the Personal Information we process about you. We must comply with this request if we process your Personal Information, unless the data is necessary:
• For exercising the right of freedom of expression and information.
• For compliance with a legal obligation that binds us.
• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
• For the establishment, exercise or defense of legal claims.

• Right to object: You may object – at any time – to the processing of your Personal Information due to your particular situation, provided that the processing is not based on your consent, but on our legitimate interests or those of a third party. In this event, we shall no longer process your Personal Information, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defence of legal claims. If you object to the processing, please specify whether you also wish the erasure of your Personal Information; otherwise, we will only restrict it.
• You may always object to the processing of your Personal Information for direct marketing purposes, even if it was based on our legitimate interest for any reason. If the marketing was based on your consent, you can withdraw consent.

• Right to lodge a complaint: You can lodge a complaint to the data protection authority in your Member State or to the data protection authority in the Republic of Ireland.

CHILDREN’S ONLINE PRIVACY PROTECTION
• Our website and services are not intended for children under 16 years of age. We do not knowingly collect Personal Information from children. If we learn that we have collected information from a child without appropriate consent, we will delete it.

PLEASE NOTE
• Time period: We will try to fulfil your request within 30 days, which may be extended due to specific reasons relating to the specific legal right or the complexity of your request. In all cases, if this period is extended, we will inform you about the cause and anticipated length of the extension.
• Restriction of access: In certain situations, we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
• No identification: In some cases, we may not be able to look up your Personal Information due to the choice of identifiers provided in your request. In such cases, where we cannot identify you as a data subject, we will not be able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification. We will inform you and give you the opportunity to provide such additional details.
• Exercise your legal rights: In order to exercise your legal rights, please contact us in writing (including electronically) at the contact details provided below.

RECORDS
• Access control list for Privacy Data (HR database)

ICO REGISTRATION NUMBER
The ICO Registration number: ZA522383

DOCUMENT CONTROL
This Policy needs to be formally reviewed on a yearly basis or if required changes are identified to address one or more of the following:

• A change in business activities, which will or could possibly affect the current operation of the TS Information Security Management System, and the relevance of this document.
• A change in the way the TS manages or operates its information assets and/or their supporting assets, which may affect the accuracy of this document.
• An identified shortcoming in the effectiveness of this Policy, for example because of a reported information security incident, formal review or an audit finding.
• The current version of this Policy / Procedure / Guideline, together with its previous versions, shall be recorded below.