1. Introduction
This Privacy Policy explains how Crux Pty Ltd and the Crux Karoo Observatory project collect, use, store, disclose, and protect personal information when you use cruxkaroo.com, submit forms, subscribe to updates, send enquiries, interact with the Science Desk, use public planning tools, or communicate with us.
This policy is intended to align with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), and other applicable South African privacy and consumer protection requirements.
2. Responsible Party
For POPIA purposes, the responsible party is intended to be Crux Pty Ltd, a registered South African private company, registration number 2026/474141/0, unless another responsible party is identified in a specific agreement.
Contact: studio@cruxdesign.co.za.
Information Officer: Heinrich Botha, heinrich@cruxdesign.co.za. Company registration number: 2026/474141/0. Registered / business address: 99 2nd Avenue, Glenlily Estate, Parow, 7500, Western Cape, South Africa.
3. Personal Information We May Collect
Depending on how you interact with the website, we may process:
- identity and contact information, such as name, email address, organisation, role, and communication details;
- enquiry information, such as the nature of your enquiry, messages, project interests, dataset interests, tool feedback, partnership notes, or media requests;
- technical information, such as IP address, browser type, device information, server logs, security logs, timestamps, referrers, and error information;
- tool information, such as planning brief text, target selection, rig choices, dataset estimates, FOV summaries, and submitted capture package details;
- communication records, such as emails, form submissions, replies, and support notes;
- newsletter or signal subscription preferences, if you subscribe to updates.
We do not intentionally collect special personal information through the public website unless clearly requested for a specific lawful purpose and with appropriate safeguards.
4. Why We Process Personal Information
We process personal information for legitimate, specific, and lawful purposes, including to:
- receive, route, and respond to enquiries;
- manage registrations of interest, mailing lists, and project updates;
- understand interest in future datasets, tools, guest programmes, media, partnerships, and education activities;
- operate, secure, monitor, maintain, and improve the website;
- detect spam, abuse, security incidents, form misuse, or technical faults;
- prepare internal project planning, statistics, and service-readiness insights;
- comply with legal, regulatory, accounting, audit, and record-keeping obligations;
- protect the rights, property, safety, and legitimate interests of Crux, users, and third parties.
5. Legal Basis Under POPIA
Where required by POPIA, we rely on appropriate lawful grounds, which may include:
- your consent, for example where you subscribe to updates or submit a voluntary enquiry;
- performance of a contract or pre-contractual steps, where you request information about future services or arrangements;
- compliance with a legal obligation;
- our legitimate interests, including website security, project development, enquiry management, fraud prevention, and internal administration;
- your legitimate interests, for example where we respond to a request you have made.
6. Direct Marketing and Updates
We may send project updates, newsletters, Science Desk signals, or availability notices only where permitted by law, including where you have subscribed, requested updates, or where another lawful basis applies. You may opt out of non-essential direct marketing communications at any time by using the unsubscribe method provided or by contacting us.
7. Cookies, Logs, and Analytics
At present, cruxkaroo.com does not intentionally use non-essential cookies, analytics, advertising pixels, behavioural tracking tools, or marketing trackers.
The website may still generate ordinary technical server logs or security logs through hosting infrastructure. These logs may include information such as IP address, timestamp, requested URL, browser information, and error information, and are used for security, troubleshooting, abuse prevention, and website operation.
If non-essential analytics, advertising, or tracking tools are introduced later, this Privacy Policy should be updated and any legally required consent mechanism should be added before or at the time those tools are used.
8. Sharing Personal Information
We may share personal information where reasonably necessary with:
- hosting providers, email providers, IT support, developers, security tools, backup providers, and other operators who process information for us;
- professional advisers, accountants, insurers, auditors, attorneys, or consultants;
- project partners, only where necessary and lawful for the relevant enquiry or collaboration;
- regulators, law enforcement, courts, or public authorities where required or permitted by law;
- a successor or restructuring party if Crux or a relevant project asset is reorganised, transferred, or merged, subject to legal safeguards.
Operators processing personal information for us should be required to maintain confidentiality and appropriate security safeguards.
9. Cross-Border Transfers
Some service providers, infrastructure, email systems, fonts, scripts, backups, or software tools may be located outside South Africa or may process data through international systems. Where personal information is transferred across borders, we will take reasonable steps to ensure that such transfer is lawful under POPIA and subject to appropriate safeguards.
10. Retention
We retain personal information only for as long as reasonably necessary for the purpose collected, unless a longer period is required or permitted by law, operational needs, dispute management, security, audit, tax, accounting, or legitimate project record-keeping.
General enquiries may be retained for a reasonable period to manage project communications and history. Security logs may be retained for shorter or longer periods depending on hosting and security needs. Records linked to contracts, legal duties, payments, or disputes may be retained for longer.
11. Security
We take reasonable technical and organisational measures to protect personal information against loss, unauthorised access, unlawful processing, disclosure, alteration, or destruction. These measures may include access controls, hosting security, secure form handling, backups, monitoring, and limiting access to those who need it.
No website, email, or internet transmission is completely secure. Users should avoid submitting highly sensitive information through ordinary website forms unless specifically requested through an appropriate secure process.
12. Your POPIA Rights
Subject to POPIA and applicable procedures, you may have the right to:
- ask whether we hold personal information about you;
- request access to your personal information;
- request correction, deletion, or destruction of personal information where permitted by law;
- object to certain processing;
- withdraw consent where processing is based on consent;
- object to direct marketing;
- complain to the Information Regulator of South Africa.
We may require proof of identity before acting on a request.
13. Children
The website is not intended to collect personal information from children without appropriate consent from a parent or guardian where required. Future education programmes involving minors should have dedicated consent and safeguarding processes.
14. Changes to this Policy
We may update this Privacy Policy as the project, website, tools, services, legal requirements, or data practices change. The updated version will be published on this page with a revised date.
15. Contact and Complaints
Privacy requests can be sent to: studio@cruxdesign.co.za.
You may also contact the Information Regulator of South Africa if you believe your personal information has been processed unlawfully.
14. Planning Tool and Capture Package Information
When you use Crux planning tools or submit a Capture Package Builder request, the website may include target names, catalogue identifiers, rig choices, field-of-view summaries, mosaic arrangements, panel-vector references, dataset estimates, delivery preferences, and free-text notes in the submitted enquiry.
This information may be stored with your contact details so that Crux can understand and respond to the enquiry. Users should not submit sensitive personal information in tool notes or free-text fields unless specifically requested and appropriate for the enquiry.
15. Future Planning Calendar
If a public Planning Calendar or availability layer is added later, this Privacy Policy should be reviewed before launch. Calendar-related features may require clearer language about availability requests, provisional holds, operational status, user preferences, and any additional personal information collected through calendar interactions.