ShieldIQ
Governance, Risk & Compliance Platform
| Operating entity | Business Risk Solutions Namibia CC |
|---|---|
| Platform | ShieldIQ — an AI-assisted GRC / IMS Software-as-a-Service product of Business Risk Solutions Namibia CC |
| Country of domicile | Namibia |
| Information Officer | The designated Information Officer of Business Risk Solutions Namibia CC, contactable via support@myshieldiq.com |
| Privacy contact | support@myshieldiq.com |
| Security contact | security@myshieldiq.com |
ShieldIQ processes personal information in two capacities:
For the purpose of this Policy, "personal information" has the meaning given in the Protection of Personal Information Act 4 of 2013 (POPIA) for South African data subjects, and any equivalent meaning under other data-protection legislation applicable to the relevant data subjects. Namibia does not yet have comprehensive data-protection legislation in force (a Data Protection Bill is pending); ShieldIQ nonetheless applies POPIA-equivalent standards to all personal information it processes.
The Promotion of Access to Information Act 2 of 2000 (PAIA) governs requests for access to records and is separate from the data-protection rules above. PAIA may be downloaded from http://www.lawsofsouthafrica.up.ac.za/index.php/current-legislation.
We process personal information where we have a lawful basis to do so, including:
When processing as an operator on behalf of a client, the lawful basis is determined by the client as responsible party.
| Category | Examples |
|---|---|
| Waitlist & account data | Name, work email address, organisation name, role, and login credentials. |
| Subscription & billing data | Billing contact, elected billing period, transaction records and invoices. Card data is entered on DPO Pay's secure site — see clause 7. |
| Client content (uploaded data) | Documents and files uploaded to the IMS library, risk register entries, evidence logs, and any personal information contained within them. |
| Usage & technical data | Log data, device and browser information, IP address, access timestamps and notifications activity. |
| Support data | Correspondence and information you provide when contacting support. |
We process personal information to:
ShieldIQ uses AI features (such as automated document analysis) solely to provide the Services to the relevant tenant. We confirm that:
Card transactions are acquired via DPO Pay, the approved payment gateway for Namibian acquiring banks. DPO Pay uses the strictest form of encryption, namely Transport Layer Security (TLS). Customer details are stored by ShieldIQ separately from card details, which are entered by the client on DPO Pay's secure site. ShieldIQ never receives, stores or has access to full card numbers or CVV codes. The merchant outlet country is Namibia and the transaction currency is the Namibian Dollar (NAD).
We do not sell personal information. We share it only as necessary to operate the Services, with sub-processors who are vetted for adequate security and bound by written confidentiality and data-protection obligations consistent with this Policy:
| Recipient | Purpose |
|---|---|
| DPO Pay | Payment acquiring and card processing. |
| Amazon Web Services (S3) | Encrypted storage and hosting of uploaded files. |
| Service providers | Vetted vendors supporting hosting, email delivery, analytics and support. |
| Legal & regulatory bodies | Where required by law, court order, or to protect rights and safety. |
A current list of sub-processors is available on request to support@myshieldiq.com. Where we intend to engage a new sub-processor that materially affects the processing of client content, we will give affected clients reasonable prior notice.
ShieldIQ shall take all reasonable steps to protect personal information. Technical and organisational controls include:
While we take all reasonable steps to safeguard information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
If ShieldIQ becomes aware of a security compromise affecting personal information, we will take reasonable steps to contain and investigate the incident and will notify affected clients (and, where ShieldIQ is the responsible party, affected data subjects and the relevant regulator) as soon as reasonably possible and without undue delay. Where ShieldIQ acts as operator, it will notify the client (the responsible party) so that the client can meet its own notification obligations. Report suspected security issues to security@myshieldiq.com.
Client content is stored in Amazon S3. Where personal information is processed or stored outside the data subject's country of residence (for example in cloud infrastructure hosted in another region), ShieldIQ takes reasonable steps to ensure such transfers are subject to appropriate safeguards and are carried out in accordance with applicable data-protection legislation and the client's lawful instructions. The applicable hosting region can be confirmed on request.
We retain personal information only for as long as necessary for the purposes set out in this Policy:
| Data | Retention |
|---|---|
| Client content | For the duration of the subscription. After termination, retained for an export window of 30 days, then deleted unless a longer period is required by law. |
| Account data | For the life of the account, then deleted or anonymised after a reasonable wind-down period. |
| Billing & tax records | Retained for the period required by applicable tax and accounting law. |
| Support & logs | Retained for a limited period for security, troubleshooting and audit purposes. |
A certificate of deletion is available on written request following termination.
Subject to applicable law, data subjects may have the right to:
To exercise any right, contact support@myshieldiq.com. We may need to verify your identity before responding, and we will respond within the timeframe required by applicable law. Where ShieldIQ acts as an operator/processor on behalf of a client, requests from the client's data subjects will be referred to the relevant client, who is the responsible party.
We will only send you electronic marketing communications where permitted by law or where you have opted in. You can withdraw consent or unsubscribe at any time via the unsubscribe link in our emails or by emailing support@myshieldiq.com. Service and transactional messages (such as billing and security notices) are not marketing and will continue while you hold an account.
The ShieldIQ website and platform may use cookies and similar technologies to keep you signed in, remember preferences, maintain security and understand usage. You can manage cookies through your browser settings; disabling certain cookies may affect platform functionality.
The platform is intended for use by businesses and their authorised personnel and is not directed at children. We do not knowingly collect personal information from children.
ShieldIQ may update this Privacy Policy from time to time. The current version is published at https://myshieldiq.com/privacy and the "Last updated" date reflects the most recent revision. Material changes will be communicated where required by law.
| Operating entity | Business Risk Solutions Namibia CC (ShieldIQ is a product/service of this entity) |
|---|---|
| Information Officer / privacy enquiries | support@myshieldiq.com |
| Security enquiries | security@myshieldiq.com |
| Physical address & telephone | Will be furnished on written request to the email address above. |