Privacy
Policy.

Anorion Dynamics is the responsible party as defined under POPIA and the data controller as defined under GDPR in respect of personal information processed in connection with the operation of our business, including through the Anorion CSIP platform and our corporate website.

In respect of personal information of individuals detected, monitored, or recorded at premises where Anorion CSIP is deployed by our clients, those clients are the responsible party and data controller. Anorion Dynamics processes such information solely as operator and data processor, acting on documented instructions from the client. Individuals seeking to exercise rights in respect of surveillance data collected at a client's premises should direct their requests to the relevant client organisation.

For all privacy-related enquiries, rights requests, or complaints in respect of processing for which Anorion Dynamics is the responsible party, contact our designated Information Officer at privacy@anoriondynamics.com.

This Statement governs the collection, use, storage, and disclosure of personal information by Anorion Dynamics in the following contexts:

This Statement does not apply to personal information processed by Anorion Dynamics on behalf of clients as operator. Where we are operator, we process personal information solely on the client's documented instructions, in accordance with the applicable data processing agreement. Clients bear primary legal responsibility as responsible party for the lawfulness of surveillance operations conducted using Anorion CSIP at their premises.

Anorion Dynamics does not use personal information for advertising, does not sell or commercially exploit personal information to third parties, and does not process personal information for purposes beyond those described in this Statement.

Anorion CSIP performs automated processing that produces assessments and classifications with potential real-world impact on individuals. The platform's automated processing includes breach classification, threat stage determination, injury risk scoring, behavioural anomaly assessment, watchlist matching, and subject re-identification across camera networks. These automated assessments are generated continuously as part of the platform's core security intelligence function.

All automated assessments produced by the platform are presented to a human security operator who retains sole authority over any consequential intervention decision. The platform does not autonomously direct physical action or dispatch response personnel. Automated classifications serve as intelligence inputs to human decision-making, not as final determinations.

Individuals who are subject to automated processing by the platform may have the right to object to such processing, to request human review of classifications that have affected them, and to receive an explanation of the basis for an automated assessment. Requests should be directed to the client organisation operating the relevant premises as responsible party, or to Anorion Dynamics at privacy@anoriondynamics.com where Anorion Dynamics is the appropriate point of contact.

In its capacity as operator on behalf of subscribing clients, Anorion CSIP processes categories of personal information that attract heightened protection under applicable data protection law. These include biometric data generated through the platform's subject re-identification capabilities, and visual appearance data produced by AI-assisted analysis of detection imagery. Such data constitutes special personal information under POPIA and sensitive personal data under GDPR.

The processing of special category data through Anorion CSIP is conducted solely for the physical security and threat detection purposes contracted by the client as responsible party. Clients are required under their agreements with Anorion Dynamics to establish and document a lawful basis for the processing of special category data at their premises, including where required a documented legitimate interest assessment, and to ensure that appropriate notices are displayed at all monitored locations.

Anorion Dynamics implements heightened access controls, enhanced audit logging, and accelerated deletion protocols in respect of special category data processed through the platform.

Anorion Dynamics does not sell, rent, or commercially exploit personal information. We disclose personal information only in the following circumstances:

Anorion Dynamics operates globally and engages service providers located in multiple jurisdictions. Accordingly, personal information processed by us may be transferred to and stored in countries other than the Republic of South Africa. Where personal information is transferred to a jurisdiction that does not provide an equivalent level of data protection to that afforded under POPIA or GDPR, we implement appropriate safeguards to ensure that the transfer is conducted in accordance with applicable law.

Such safeguards include data processing agreements incorporating standard contractual clauses approved by the applicable regulatory authority, and binding contractual obligations requiring recipient parties to maintain data protection standards consistent with those applicable to us. You may request information regarding the specific safeguards applicable to any international transfer of your personal information by contacting us at privacy@anoriondynamics.com.

We retain personal information for as long as is necessary for the purposes for which it was collected, in accordance with this Statement and applicable law. The criteria we apply in determining retention periods include: the duration of an active subscription or business relationship; the period necessary to fulfil contractual obligations; the period required to comply with applicable legal, regulatory, tax, and accounting obligations; the period necessary to resolve disputes, establish legal defences, and enforce our agreements; and our internal risk management and security requirements.

Upon termination or expiration of a subscription, Anorion Dynamics will delete or irreversibly anonymise all personal information associated with the relevant account within the period specified in the applicable subscription agreement, save for information that we are required or permitted to retain under applicable law. Billing records and financial transaction data are retained for the period required under South African tax legislation.

Security detection data processed as operator on behalf of a client is retained in accordance with the retention policy configured by that client as responsible party, subject to the minimum and maximum retention periods specified in the applicable service agreement.

Anorion Dynamics implements and maintains technical and organisational security measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and unauthorised access. Our security programme encompasses encryption of personal information in transit and at rest, role-based access controls enforcing the principle of least privilege, multi-factor authentication for administrative access, intrusion detection and prevention systems, continuous security monitoring and logging, vulnerability management, penetration testing in accordance with our annual security assessment policy, and a documented incident response process.

The security of personal information also depends in part on the measures taken by subscribers and users to protect their account credentials and access devices. Subscribers are responsible for maintaining the confidentiality of platform access credentials and for ensuring that access to the platform is restricted to authorised personnel.

In the event of a personal information breach, Anorion Dynamics will notify affected clients and relevant supervisory authorities in accordance with applicable data protection law and will take all steps reasonably necessary to contain and remediate the breach and mitigate its impact on affected individuals.

Anorion CSIP is a business-to-business platform not directed at individuals under the age of 18. We do not knowingly collect personal information directly from minors in connection with our own business operations.

In the context of security deployments at commercial premises, minors may be incidentally detected as part of legitimate premises surveillance conducted by the client as responsible party. Such processing is not initiated or directed by Anorion Dynamics. Clients are required under their agreements with Anorion Dynamics to ensure that their surveillance operations, including any incidental processing of data of minors, are conducted on a lawful basis and in compliance with applicable law, including any requirements specific to the processing of personal information of children. The legal basis for such processing is the legitimate security interest of the client organisation, not consent.

Depending on the jurisdiction in which you are located, you may have the following rights in respect of personal information processed by Anorion Dynamics as responsible party or data controller. These rights are not absolute and are subject to the limitations and exceptions provided under applicable law, and may be restricted or denied where their exercise would compromise national security, active law enforcement investigations, the prevention and detection of crime, or the physical safety of others.

To exercise any of the above rights, submit a written request to privacy@anoriondynamics.com. We will acknowledge your request promptly and respond within the period required by applicable law. We may require you to verify your identity before processing your request. We will not charge a fee for processing rights requests except where requests are manifestly unfounded or excessive, in which case a reasonable administrative fee may apply.

Anorion Dynamics is subject to the Protection of Personal Information Act 4 of 2013. Our designated Information Officer, responsible for ensuring compliance with POPIA, may be contacted at privacy@anoriondynamics.com.

If you believe that Anorion Dynamics has interfered with the protection of your personal information as defined under POPIA, you may submit a complaint to the Information Regulator of South Africa at the following address:

We encourage you to contact us directly in the first instance so that we may attempt to resolve your concern before escalation to the Information Regulator.

Where the EU GDPR or UK GDPR applies to our processing of your personal data, the following additional provisions apply. The rights described in Section 12 of this Statement correspond to the rights afforded under Articles 15 through 22 of the GDPR. These rights are subject to the limitations and derogations provided under the GDPR and applicable national implementing legislation.

Where we transfer personal data from the European Economic Area or the United Kingdom to a third country, we do so only where an adequacy decision applies, or where we have implemented appropriate safeguards in the form of standard contractual clauses adopted by the European Commission or the UK Secretary of State, as applicable. You may request a copy of the applicable transfer mechanism by contacting us at privacy@anoriondynamics.com.

If you are located in the European Economic Area and you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority of the EU Member State in which you are habitually resident, in which you work, or in which the alleged infringement occurred. Details of EU supervisory authorities are available at edpb.europa.eu.

If you are located in the United Kingdom, you may lodge a complaint with the Information Commissioner's Office at ico.org.uk.

We may update this Statement from time to time to reflect changes in our processing activities, applicable law, or regulatory guidance. Where we make material changes that affect the rights of individuals whose personal information we process, we will provide notice to affected subscribers by email and will post the updated Statement at anoriondynamics.com/privacy-policy with a revised effective date. Your continued use of Anorion CSIP following notice of a material change constitutes acceptance of the updated Statement. We maintain a version history of this Statement and prior versions are available on request.

For all privacy-related enquiries, rights requests, complaints, or requests for further information regarding this Statement or our data processing activities, contact our Information Officer: