Last Updated: 16 May 2026

​

---

​

1. Overview

​

This policy outlines categories of third-party providers (“sub-processors”) that may support Norovari’s vehicle intelligence, data processing, infrastructure, security, analytics, communication, and operational services.

Norovari recognises the increasing importance of transparent and accountable governance relating to vehicle-generated and connected-device data.

 

---

​

2. Categories of Sub-Processors

​

Norovari may engage authorised providers in the following categories:

- cloud infrastructure and hosting providers
- data storage and processing providers
- analytics and operational monitoring platforms
- communication and notification service providers
- security, authentication, and fraud prevention providers
- infrastructure reliability and performance monitoring services
- logistics, fulfilment, and operational support providers (where applicable)

 

---

3. Purpose of Use

​

Sub-processors may be engaged strictly to:

- operate and maintain services
- support secure infrastructure and system availability
- enable authorised communications and service delivery
- improve operational reliability and performance
- support lawful, secure, and accountable processing activities

​

Norovari does not permit unauthorised use of personal or vehicle-generated data by sub-processors.

​

---

​

4. Data Governance and Restrictions

​

Sub-processors are required to:

- maintain confidentiality obligations
- implement appropriate technical and organisational safeguards
- process data only under documented instructions
- comply with applicable legal and contractual obligations
- support reasonable security, integrity, and access-control measures

 

Where applicable, processing activities may be subject to audit, verification, or oversight requirements.

​

---

​

5. Integrity and Security Controls

​

Norovari may implement security, auditability, integrity-verification, logging, and tamper-evident safeguards designed to support trustworthy and reliable processing activities across operational systems.

​

Specific security mechanisms are not publicly disclosed where doing so could reasonably affect operational security or system integrity.

​

---

​

6. Cross-Border Processing

​

Certain authorised providers may operate outside South Africa.

 

Where cross-border processing occurs, Norovari implements reasonable safeguards consistent with:

- POPIA requirements
- contractual protections
- confidentiality obligations
- applicable international data transfer principles

​

---

​

7. Transparency Commitment

​

Norovari aims to select providers based on:

- security standards
- operational reliability
- compliance alignment
- governance capabilities
- integrity and accountability considerations

​

We aim to maintain appropriate transparency regarding categories of delegated processing activities while protecting operational security and confidential infrastructure information.

​

---

​

8. Contact

​

info@norovari.com