Just Kinetics (collectively referred to as “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy details our practices under the General Data Protection Regulation (GDPR), the UK GDPR, and the Protection of Personal Information Act (POPIA) in South Africa.
1. Overview of Roles
Depending on the context, Just Kinetics operates as both a data controller and a data processor:
- Data Controller: We are the controller for personal data collected through our website (justkinetics.com), contact forms, marketing efforts, and demo requests.
- Data Processor: When you use our Nexus Platform, we process health observations and patient demographics on behalf of clinical organizations (the Data Controllers). Our processing of client/patient health data is governed strictly by our Data Processing Agreement (DPA).
2. Information We Collect
We collect personal information under the following categories:
- Demo & Inquiry Data: Name, work email, phone number, clinic name, country of operation, and area of interest (e.g. Nexus, Dyneelax).
- Website Telemetry & Cookies: IP addresses, browser types, referral sources, and page interactions captured via GA4 and Microsoft Clarity (only active after explicit consent).
- Clinical Assessment Metadata (Nexus): Biomechanical sensor values, joint angles, force outputs, isokinetic metrics, and user logs.
3. Hosting and Subprocessors
Nexus is hosted on secure Microsoft Azure infrastructure in high-availability, georedundant data centers. Subprocessors assisting in data operations include:
| Subprocessor | Service Category | Data Location |
|---|---|---|
| Microsoft Azure | Cloud Hosting, DB & Storage | EU (Dublin) / SA (Johannesburg) |
| SendGrid / Twilio | Email & Alert Dispatch | United States / EU |
| Google Analytics 4 | Website Traffic Statistics | Global / EU Servers |
4. Data Subject Rights
Under GDPR, UK GDPR, and POPIA, you have the following rights regarding your personal information:
- Right to access your personal data and request portability.
- Right to rectify inaccurate or incomplete records.
- Right to erase your personal data (“Right to be forgotten”).
- Right to object to or restrict processing.
- Right to file a complaint with regulatory authorities (e.g. the SA Information Regulator, or European DPA).
To exercise any of these rights, please email us directly at privacy@justkinetics.com.
5. Retention and Security
We retain your information only as long as necessary to fulfill the services requested or comply with statutory requirements. Data is encrypted in transit using TLS 1.3 and at rest using AES-256 standard encryption on Microsoft Azure. We conduct routine vulnerability scanning and security audits to maintain clinical-grade compliance.