P24_logo

Privacy Policy

PRIVACY NOTICE

  • INTRODUCTION
    • This Privacy Notice explains how we, Payment24 Group (Pty) Limited (company registration number 2017/215391/07, a private company established under the Laws of South Africa, with registered address being Bridgeways Precinct, Sable Corner, 15 Bridgeway, Century City, Cape Town, 7441, together with our affiliates (“us”, “we” or “Payment24”) obtain, use, and disclose your Personal Information , as required by the Protection of Personal Information Act (“POPI”).
    • We protect  your privacy and ensure that your Personal Information  is collected and used correctly, lawfully, and transparently.
    • This Privacy Notice applies to you when we provide you with products and services and it outlines:
      • who we are and how you can contact us;
      • the types of Personal Information we collect and the purposes for which it is collected for;
      • safeguards for transferring Personal Information internationally;
      • how long we retain your Personal Information;
      • the parties to whom we disclose your information to and how we safeguard it;
      • your rights regarding your Personal Information including access, correction, withdrawal of consent, and deletion requests and the process for lodging complaints;
      • any specific provisions or protections for special categories of data (such as health or financial information);
      • how we will make changes to this Privacy Notice; and
      • information about cookies and similar tracking technologies used on our website.
  • WHAT PERSONAL INFORMATION DO WE COLLECT AND WHY WE COLLECT IT
    • We process your Personal Information to provide you with access to our products and services, to help us improve products and services, and for certain other purposes explained below.
    • We will use your Personal Information  only for the purposes for which it was collected or agreed with you, specifically to:
      • to provide our services to you, to process transactions and to maintain our relationship;
      • communicate with you and provide the products and services you have requested;
      • detect and report unlawful behaviour, money laundering, and other crimes through criminal checks; the Mastercard Alert to Control High-Risk Merchants (MATCH) system and the Visa Merchant Alert Service (VMAS) (and similar databases); sanctions screening, anti-bribery checks, and related verifications;
      • assess your creditworthiness, conduct audits, and collect debts;
      • perform statistical analysis and identify market trends to improve our business and develop new products and services;
      • respond to queries from banks, regulators, and industry bodies;
      • market and provide similar and related business services and products to you;
      • enable you to participate in and make use of value-added solutions;
      • record and monitor communication between you and us (we use these recordings to verify your instructions, analyse, assess, and improve our services for training and quality purposes, and detect unlawful behaviour);
      • conduct satisfaction surveys, promotional activities, and other competitions to comply with applicable Laws and industry requirements, including the Financial Intelligence Centre Act, 2001 (as amended) and the Prevention and Combating of Corrupt Activities Act, 2004;
      • to identify you and your beneficial owners;
      • engage in litigation;
      • respond to requests or orders from SAPS officials, investigators, court officials, regulators, industry bodies, or public authorities;
      • legitimate interest: We may process your Personal Information  to protect your rights and interests, ours, or a third party’s. This includes:
        • enforcing the terms and conditions of an agreement if you are in default;
        • tracing you to institute legal proceedings against you;
        • developing our business continuity plan;
        • detecting, preventing, and reporting theft, fraud, money laundering, corruption, and other crimes;
        • conducting market, statistical, and behavioural research to determine if you qualify for products and services;
        • determining your fraud and credit risk;
        • fulfil record-keeping obligations; and
        • any other related purpose.
    • By engaging with us, you consent to us processing information relating to your directors, and beneficial owners, including identity details, verification data, and any financial or credit information required for FICA, card-scheme rules, or our risk-assessment processes. You also consent to us conducting director credit checks where necessary to assess your business’s financial standing or to meet regulatory requirements.
    • We may process your Personal Information  in circumstances not described above, where you give us your consent.
    • Where you engage us to manage your loyalty solution on your behalf and you determine how we handle your customers’ Personal Information, we assumes the role of the Operator.

Under this arrangement, we will process your customers’ Personal Information in accordance with your instructions. As the Responsible Party, you are responsible for obtaining the necessary written consent from customers in compliance with POPIA, allowing us to process their Personal Information. We will only process Personal Information exclusively for the purposes outlined in the agreement between you and us. We shall not be held liable for any failure on your part to obtain such consent.

  • HOW WE COLLECT PERSONAL INFORMATION
    • Direct Collection: You provide Personal Information directly to us when you engage with us, apply for our products and services, or establish an agreement with us.
    • Automatic Collection: We automatically collect Personal Information from you through various means, including when you:
      • visit our website; portal; or social media platforms;
      • use our products, services, assets, and facilities;
      • access our premises; and
      • open emails, links in emails or marketing from us.
    • Collection from Third Parties: We also collect Personal Information from third-party sources, such as:
      • databases maintained by entities like the South African Police Service (SAPS), Home Affairs, banks, and credit bureaus.
      • government agencies, payment processors, regulatory bodies, and providers of public records.
      • databases provided by card associations (such as Visa and Mastercard) to identify and manage high-risk merchants;
      • publicly accessible sources like social media platforms, online websites, and open databases;
      • entities like attorneys, tracing agents, and debt collectors involved in agreement enforcement; and
      • law enforcement, fraud prevention agencies, and tax authorities, both locally and internationally.
  • ADDITIONAL REASONS TO USE YOUR PERSONAL INFORMATION
    • When we collect Personal Information from you, we do so with a specific, transparent purpose. However, we may use that same Personal Information for other purposes, but only where the Law allows us and where the purpose of further processing is compatible with the purpose for which we collected your Personal Information. This ensures that you are fully aware of how your data is being used.
    • We may use or process your Personal Information for other purposes if:
      • the record containing Personal Information was obtained from a public record, like the deed’s registry;
      • you made the Personal Information public, like posting on social media;
      • the Personal Information is used for historical, statistical or research purposes;
      • the results will not identify you;
      • proceedings have started or are contemplated in a court or tribunal;
      • it is in the interest of national security;
      • it is required to enable us to adhere to the Law;
      • the Information Regulator has exempted the processing; and
      • we may also further use or process your Personal Information where we have obtained your consent.
  • SPECIAL PERSONAL INFORMATION
    • We may need to process your Special Personal Information under certain circumstances (for example, if we conduct statistical or research activities and meet all legal requirements).
    • We can also use your Special Personal Information if you have made it public. Sometimes, processing this information is necessary to protect a legal right or fulfil a legal obligation, and we are required to do so by Law. Additionally, if you have provided your consent, we may process your Special Personal Information. Lastly, if you have already made this information public, we can process it accordingly.
  • WHO WE SHARE YOUR PERSONAL INFORMATION WITH
    • We may share your Personal Information  with our employees and affiliates for operational purposes and to provide you with products and services.
    • We may disclose Personal Information to regulators and other bodies to comply with any applicable Law or regulation, to comply with or respond to a legal process or Law enforcement or governmental request.
    • We may disclose your Personal Information  to our service providers who are involved in the delivery of services to you for instance (i.e. a courier service provider).
    • This involves working with service providers to make our offerings better for you. When we contract with third parties to provide services to you on our behalf, we impose appropriate security, privacy and confidentiality obligations on them to ensure that your Personal Information  is kept secure.
    • In the event of a merger, sale, or change of control, we may transfer Personal Information to a third party entity that acquires or merges with us.
    • Your Personal Information may also be shared with our current or potential investors or shareholders.
    • Your information will be shared with registered credit bureaus for the purpose of obtaining a credit check as allowed for in the National Credit Act.
    • Other Disclosures: We may disclose Personal Information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the group, our employees, any users, or the public (i.e. regulatory authorities,  the Payments Association of South Africa, acquiring banks; government departments, local and international tax authorities and other persons as required in terms of Law; fraud investigators; organisations that help identify illegal activities and prevent fraud; entities you have authorised to obtain your Personal Information; the Financial Intelligence Centre, qualification information providers; trustees, executors or curators appointed by a court of Law; persons to whom we have ceded rights or delegated obligations to under agreements; or tribunals that require the Personal Information to adjudicate referrals, actions or applications).Please contact us if you would like further information on any of the third parties referred to above.
  • HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
    • We will keep personal information for as long as it is necessary to fulfil the purpose for which it was obtained or for a longer period under the following circumstances:
      • to comply with applicable Laws and in accordance with the timelines determined or recommended by regulators, professional bodies, or associations:
      • if required for statistical research purposes;
      • to comply with contractual commitments; and/or
      • where you have provided consent for us to retain your Personal Information for a longer period.
  • INFORMATION SECURITY

We have implemented technical and organisational measures as required by Law to ensure that your Personal Information is protected. These measures are designed to ensure that your Personal Information remains secure and confidential. We conduct regular audits and continue to review our security controls and related processes to ensure that your Personal Information is secure.

  • TRANSFER OF PERSONAL INFORMATION OUTSIDE SOUTH AFRICA
    • At times, we may need to transfer your Personal Information to another country for processing or storage to fulfil our contractual obligations to you. However, rest assured that we prioritize the protection of your Personal Information . Therefore, any such transfers outside the Republic of South Africa will only occur in countries with similar data privacy Laws or where the recipient agrees to contractual obligations ensuring strict confidentiality and data security. These obligations are no less stringent than those mandated by POPIA.
    • Alternatively, we may transfer your Personal Information  abroad with your explicit consent or in cases where obtaining your consent is not reasonably practical, provided such transfers are for your benefit.
  • YOUR RIGHTS
    • Access
      • You have the right to inquire us on whether we hold your Personal Information, details of the information held.
      • You can also request a copy of the Personal Information we hold about you. Please be aware that there may be a fee associated with this.
    • Updates and Correction
      • You can ask us to update, correct or delete your Personal Information. If you have entered into an agreement with us for products and services you are required to advise us of any changes to your Personal Information in accordance with the terms of such agreement. If you have not entered into an agreement with us for products and services and have provided us with your Personal Information you have the right to ask us to update or rectify any inaccurate Personal Information.
    • Delete, Destroy and Withdraw Consent
      • If you have given us permission to use your information, you have the right to change your mind. If you do, there may be some products and services that we can no longer provide to you.
      • You have the right to request that we destroy or delete records of your Personal Information. We will do so where there is no overriding legal basis or legitimate reason for us to retain it.
      • We will let you know if this is the case. In some situations, we may still need to use your Personal Information  even if you withdraw your consent, if the Law allows or requires us to do so in terms of our good governance.
      • Note: It may take a reasonable time for any changes to be effective.
    • Complaints
    • If you have questions about this Privacy Notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your Personal Information, please contact us at the following email address: legal@payment24.co.za.
      • If you are unsatisfied with how we have handled the complaint, you may contact the Office of the Information Regulator.

The contact details of the Information Regulator are provided below:

The Information Regulator:

Email address

POPIAComplaints@inforegulator.org.za

Telephone number: general enquiries

010 023 5200

To exercise any of the above rights please contact us or refer to the procedure described in our Promotion of Access to Information Manual.

  • HOW WE USE YOUR PERSONAL INFORMATION FOR MARKETING?
    • We may market payment related products and services to you.
    • We will do this by post, telephone, or electronic channels such as SMS, email, social media and our website.
    • We will only market electronic communications with your consent. In any event, you can unsubscribe at any time by informing us directly.
  • WHEN WILL WE USE YOUR PERSONAL INFORMATION TO MAKE AUTOMATED DECISIONS ABOUT YOU?
    • An automated decision is made when your Personal Information is analysed without human intervention in the decision-making process.
    • We may use your Personal Information  to make an automated decision as the Law allows. An example of automated decision-making is the approval or decline of an application when you apply to use any of our products and services. You have the right to query any such decisions made.
  • COOKIES
    • When you visit a website, it may store or retrieve information on your browser, mostly cookies.
    • A cookie is a small piece of data sent, usually in the form of a text file, from a website to your device, such as a computer, smartphone, or tablet. The purpose of a cookie is to provide a reliable way to “remember” your information (keeping track of previous actions). We also use the cookie to prevent fraud.
    • You can choose not to allow some types of cookies. To learn more and change the default settings, click on the different category headings. However, blocking some “cookies” may impact your experience of the website and the products and services we offer.
  • CHANGES TO THIS NOTICE
    • Please note that we may amend this Privacy Notice from time to time. Any such amendment will become effective when published on our website and becomes part of your agreement with us.
    • Please check this website periodically to inform yourself of any changes.

 

By providing us with Personal Information, you acknowledge and understand that your Personal Information will be processed for the purposes listed in this Privacy Notice .

If you provide us with Personal Information belonging to a third party, you must ensure that you have obtained their written consent. You are responsible for ensuring that all Personal

Information provided to us is correct and current. You indemnify us against any loss suffered or incurred due to your provision of Personal Information of third parties to us in an unlawful manner.

  • DEFINITIONS
    • “consent” means the permission you provide to enable us to process your Personal Information.
    • “Law” means a set of rules that we are required to comply with including any statute, regulation, directive, by-law, policy or any other enactment of legislative measure of government statutory or regulatory body which has the force of law.
    • “Operator” means a person or entity who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party. These persons for illustration purposes may include verification agencies, payroll outsourcing companies, auditors, legal practitioners, organs of state, government, provincial and municipal bodies.
    • “Personal Information” means information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to their:
      • name; marital status, age; language; birth; education;
      • financial history (e.g. income, expenses, assets and liabilities, money management behaviours, account transactions, including banking account information provided to us);
      • gender or sex (e.g. for statistical purposes or as required by the Law);
      • criminal history;
      • identifying number (e.g. bank account number, identity number, passport number, registration number, VAT number, tax number);
      • contact information (e.g. e-mail address; physical address, residential address, work address, telephone number);
      • location information (e.g. geolocation or GPS location);
      • online and other unique identifiers; social media profiles;
      • biometric information (e.g. fingerprints, signature, voice- and facial recognition);
      • race (e.g. for statistical purposes as required by the Law).
      • “processing” / “process” or “processed” means in relation to Personal Information, the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including by way of physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing.
      • “Special Personal Information” means Personal Information relating to race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition.
      • “Responsible Party” means us, when we determine the purposes for which, and the manner in which, any Personal Information is processed, as contemplated under POPIA.