Norovari (Pty) Ltd

Last Updated: 16 May 2026

​

---

​

1. Purpose

​

This Data Processing Agreement (“DPA”) outlines how Norovari (Pty) Ltd (“Processor”) processes personal information and vehicle-generated data on behalf of clients, partners, insurers, fleet operators, or authorised entities (“Responsible Party” or “Controller”).

​

This DPA is intended to support lawful, transparent, secure, and accountable processing activities in alignment with POPIA and aligned international data protection principles.

​

---

​

2. Scope of Processing

​

Norovari processes information only:

- to provide agreed services
- according to documented instructions
- for authorised operational, analytical, security, or reporting purposes
- in accordance with applicable law and contractual obligations

​

Processing activities may include vehicle telemetry, operational event records, analytical outputs, system interaction records, and related connected-device information where applicable.

​

---

​

3. Security and Integrity Measures

​

Norovari implements reasonable technical and organisational safeguards designed to protect processed information against unauthorised access, misuse, disclosure, alteration, or destruction.

​

Safeguards may include:

- encryption of data in transit
- access control restrictions
- secure infrastructure hosting
- monitoring and incident detection
- audit logging
- integrity-verification controls
- tamper-evident safeguards where applicable

​

Specific operational security mechanisms are not publicly disclosed where doing so could reasonably affect system integrity or security.

​

---

​

4. Transparency and Governance

​

Norovari supports principles of accountable and transparent data governance.

Where appropriate and technically feasible, processing activities may support:

- access visibility
- auditability
- authorised data portability
- controlled data-sharing mechanisms

​

---

​

5. Sub-Processors

​

Norovari may engage authorised third-party providers to support infrastructure, communications, analytics, security, hosting, or operational functions.

All sub-processors are subject to written obligations requiring:

- confidentiality
- security safeguards
- restricted processing instructions
- applicable legal and contractual compliance obligations

​

---

​

6. Cross-Border Processing

​

Where information is processed outside South Africa, Norovari implements reasonable safeguards consistent with:

- POPIA requirements
- contractual protections
- confidentiality obligations
- applicable international transfer principles

​

---

​

7. Data Breach Notification

​

Norovari will notify the Responsible Party without undue delay upon becoming aware of a confirmed personal information breach affecting processed information, subject to applicable legal and operational considerations.

​

---

8. Return, Retention, or Deletion of Data

Upon termination of services, processed information may be:

- returned
- securely deleted
- anonymised
- retained where legally or operationally required

Retention may occur where necessary for lawful evidentiary, regulatory, fraud prevention, security, or contractual purposes.

​

---

​

9. Contact

​

info@norovari.com