PRIVACY POLICY.

GLOBAL DATA PRIVACY CHARTER

Version: 2.7 (2026)

Applicability: Global (Cross-Jurisdictional)

Regulatory Alignment: POPIA (South Africa), GDPR (EU/UK), PIPL (China), APPI (Japan), CCPA/CPRA (USA), LGPD (Brazil).

1. Our Privacy Philosophy

Rockellon serves as a strategic operating partner for global infrastructure firms. We operate in mission-critical environments where data integrity and confidentiality are paramount. Our Privacy Charter is built on the “Highest Standard” Principle: where regional laws differ, Rockellon applies the most stringent protection standard to ensure universal data safety.

2. Information We Collect and Process

We collect information only to the extent necessary to evaluate and execute infrastructure partnerships:

  • Professional Identity: Name, role, and corporate affiliation.

  • Programme Intelligence: Technical scopes, market entry strategies, and tender-specific data.

  • Digital Footprint: IP addresses and session data required for secure portal functionality.

3. Global Lawful Basis for Processing

Rockellon processes data under the following internationally recognized legal pillars:

  • Contractual Necessity: For the evaluation and performance of partnership mandates.

  • Legal Obligation: To satisfy global anti-corruption, B-BBEE, and procurement standards.

  • Legitimate Interest: To maintain the security and structural integrity of our infrastructure programmes.

4. Cross-Border Data Sovereignty

We respect the data sovereignty of every nation where our partners reside. We facilitate secure transborder data flows using:

  • Standard Contractual Clauses (SCCs): To satisfy EU/UK GDPR requirements.

  • Security Assessments: To comply with Chinese PIPL cross-border transfer mandates.

  • Adequacy Frameworks: To meet South African POPIA (Section 72) and Japanese APPI standards.

5. Universal Data Subject Rights

Regardless of your location, Rockellon affords you the following “Gold Standard” rights:

  • Right of Access & Portability: Request a copy of your data in a structured, machine-readable format.

  • Right to Erasure: Request the permanent deletion of data once a commercial evaluation or contract is concluded.

  • Right to Explanation: Understand the logic behind our data processing and structural evaluation.

  • Non-Discrimination: We do not penalize any partner for exercising their privacy rights.

6. Institutional Security Measures

As an operator of technical infrastructure, our digital security mirrors our physical execution:

  • Encryption: Data is encrypted at rest and in transit using industry-standard protocols.

  • Access Control: Information is restricted to the Rockellon Structural Delivery Team on a “Need-to-Know” basis.

  • Breach Notification: In the event of a high-risk data breach, we commit to notifying the relevant global regulators and affected subjects within 72 hours.

7. Data Retention & Minimization

We do not store data longer than required for professional purposes.

  • Enquiry Phase: Data is retained for the duration of the commercial evaluation.

  • Active Partnership: Data is retained for the project lifecycle plus the statutory period required by South African commercial law.

8. Contact Our Global Data Office

For enquiries regarding data sovereignty or to exercise your privacy rights: Global Information Officer Email: info@rockellon.co.za

Subject: Global Privacy Enquiry / Data Subject Request