- Why We Collect and Process Personal Data
- Personal Data We Process
- Lawful Processing of Personal Data
- Consequences of Your Refusal to Provide Personal Data
- Persons who will Access your Personal Data
- Transfers to Third-Party Countries
- Protection and Retention of your Personal Data
- Marketing Activities
- Receipt of Your Information from a Third Party
- Laws Authorising or Requiring the Collection of Personal Data
- Your Rights
- Data Protection Officer
- Personal Data Regulators
- Changes to Data Protection Policy
- Enquiries, Requests and/or Concerns
A. Why We Collect and Process Personal Data
In operating our business and providing our services as a third-party payments processor, we collect and process Personal Data for several reasons but mostly to:
- provide our services to our clients as a third-party payments processor;
- manage our supplier and service provider relationships;
- recruitment and hiring processes;
- manage our relationship with our employees, independent contractors and other members of staff; and
- manage our other stakeholder relationships.
B. Personal Data We Process
The Personal Data we collect and/or process may differ depending on our purpose of collecting and processing your Personal Data. We may collect and/or process your Personal Data subject to the purpose above, which may include, but is not limited to:
|PERSONAL DATA:||Full name|
|Contact details, including telephone numbers, email addresses, physical addresses, postal addresses etc.|
|Identifying details (including identity or passport numbers)|
|Payment card details, including card numbers, expiry dates and CVV numbers|
|Video and voice recordings|
|Income tax numbers|
|Bank account details|
|SPECIAL PERSONAL DATA:
(We generally don’t collect and/or process special Personal Data when providing our services. If we do collect and/or process special Personal Data then it will only be for a specific purpose and with consent)
|Race or ethnic origin|
|Personal Data of children|
We collect and/or process Personal Data that you provide directly to us through our services and it will be apparent from the context in which you provide the information, which Personal Data we are collecting:
|WHEN YOU CONTACT US:||Through our website:||We process:
|Telephonically or over electronic platforms such as e-mail, instant messenger or video call:||We process the information you choose to provide us with, for example:
|As an existing client:||We may process additional information in order to verify your identity and act on your instructions.|
|During a recruitment process:||We will collect and process the Personal Data you provide to us, for example:
|As an employee, independent contractor or other member of staff:||We will process your:
|WHEN WE ARE INSTRUCTED BY OUR CLIENTS:||To process a transaction using your payment card details, as a third-party payment provider:||We may process your:
|To perform KYC checks on cardholders:||We may process your name:
|To create a card for you:||We may process your:
We also process Personal Data automatically on our website and through cookies and other technologies. These technologies record information about you, including:
- Location, browser and device data, such as IP Address, device type, operating system and Internet browser type, operating system name and version, device manufacturer and model, language, plug-ins, add-ons.
- Usage data, such as time spent on the website, pages visited, links clicked, and the pages that led or referred you to our website, and methods used to browse away from our website.
C. Lawful Processing of Personal Data
We only process your Personal Data, if such:
- Processing is necessary to carry out actions for the conclusion or performance of a contract to which you are a party;
- Processing is needed to provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- To notify you about changes to our service.
- To ensure that the content from our website is presented most effectively for you and your computer.
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- As part of our efforts to keep our website safe and secure.
- To improve our products and services.
- If you have linked an email account to the website.
- To periodically update the above information to enable us to provide the best possible service.
- When you get in touch with us with a question, complaint, comment or feedback.
- Processing is required to fulfil a legal obligation such as providing information to regulators, professional bodies, supervisory authorities, statutory bodies, law enforcement;
- Processing protects your legitimate interest;
- Processing is necessary for pursuing our or a third party’s legitimate request; and/or
- Processing was agreed to by you in the form of consent.
Where allowed under relevant national laws regulating the processing of Personal Data, as a business we process Personal Data about you. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose Personal Data we process. The following list sets out the business purposes that we have identified as legitimate:
- To fulfil our contractual and statutory obligations to our:
- clients as a third-party payment processor,
- employees, independent contractor and other members of staff when
- maintaining ongoing obligations, and
- the relationship comes to an end,
- contractors or suppliers when concluding and ending a business relationship, and
- third-party service providers that provide services on our behalf.
- Reporting to the relevant authorities, regulators and payment associations;
- Detecting, monitoring and preventing fraud and unauthorised payment transactions;
- Mitigating financial loss, claims, or other harm to our clients, cardholders and ourselves;
- Responding to enquiries and providing support to our clients;
- Improving our systems and tools as well as developing new products or services;
- Enable network and information security throughout Paymentology; and
- Sharing Personal Data among our affiliates for administrative purposes.
D. Consequences of Your Refusal to Provide Personal Data
It could hinder our ability to perform our duties and responsibilities if you refuse to provide or allow us to collect your Personal Data, where our purpose for such collection is based on a contractual requirement, legal obligation and/or our legitimate interest,.
E. Persons who will Access your Personal Data
Our employees, independent contractors, staff members and/or third party entities who are contracted by us as sub-processors will have access to your Personal Data to administer and manage our inclusive services and our various stakeholder relationships. Your Personal Data will further be shared with third parties, subject to the purpose of us collecting and processing your information, including but not limited to:
- Third party sub-processors, who process Personal Data for us in terms of a contract or mandate, without coming under our direct authority for example service providers etc. with whom we have contractual arrangements and security mechanisms in place to protect the Personal Data and to comply with our data protection, confidentiality and security standards. Such third party contractors are our sub-processors and we maintain a list of sub-processors with whom your information has been shared. This list can be requested by forwarding a query to our Data Protection Officer, whose details are set out below.
- We may share your information with selected third parties including:
- If we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets;
- If Paymentology or substantially all of its assets are acquired by a third party, in which case Personal Data held by it will be one of the transferred assets;
- Government agencies and law enforcement. If we are under a duty to disclose or share your Personal Data to comply with any legal obligation.
F. Transfers to Third-Party Countries
We may transfer your Personal Data to recipients who may carry out services on our behalf (including our other entities), which recipients may be located in a third-party country. When transferring your Personal Data to a third-party country we will take all necessary steps to protect your Personal Data in-line with relevant national laws regulating the processing of Personal Data.
G. Protection and Retention of your Personal Data
We will take the necessary steps to secure the integrity and confidentiality of Personal Data in our possession and under our control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of your Personal Data and unlawful access to or processing of Personal Data, regardless of the format in which it is held.
We will retain your Personal Data for a period as required to achieve the purpose of which the Personal Data was collected initially or subsequently processed, unless retention is required or authorised for legal reasons, or we reasonably require the records for lawful purposes related to our functions or activities or is required by a contract or you have consented to the retention of the record.
We may retain your Personal Data for periods longer than these periods for historical, statistical or research purposes based on us maintaining appropriate safeguards against the records being used for any other purposes.
In the event in which we used your Personal Data record to decide whether to act for you or not, we shall retain the record for such a period that may be required or prescribed by law or code of conduct or if there is no law of code of conduct, retain the record for a period sufficient to afford you a reasonable opportunity, taking all considerations relating to the use of the Personal Data into account, to request access to the record.
H. Marketing Activities
We may contact you periodically to provide information regarding our services and content that may be of interest to you. If the relevant national law regulating the processing of Personal Data requires that we receive your consent before we send you certain types of marketing communications, we will only send such communications after receiving your consent.
If you do not wish to receive further marketing communications from us, you can click on the unsubscribe link in the marketing communication to withdraw your consent. Note that all withdrawal of your consent will not affect the lawfulness of processing based on the consent before its withdrawal. Upon withdrawal of your consent, we will no longer be able to inform you of our services, publishing topics etc.
I. Receipt of Your Information from a Third Party
In some instances, we may receive your Personal Data (including your name and contact details) from a third party and we will notify you of our collecting your Personal Data as soon as reasonably practicable after it has been collected.
J. Laws Authorising or Requiring the Collection of Personal Data
Under certain circumstances, we are authorised or required for legal reasons to collect your Personal Data. We will only collect such Personal Data as we are required to collect in terms of such legal reasons and such collection, processing, storing, and destruction will be done in compliance with any relevant national laws regulating the processing of Personal Data.
We further confirm that we use Personal Data to verify the identity of our users to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. We may be required to record and verify a your identity for compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties and to submit to third-party verification audits.
K. Your Rights
You, as a data subject, have certain rights which you may exercise against us where applicable. You have the right to:
- have your Personal Data processed in-line with the conditions of lawful processing;
- be notified that your Personal Data is being collected;
- be notified that your Personal Data has been accessed or acquired by an unauthorised person;
- request confirmation of whether we hold Personal Data about you;
- request the record or a description of the Personal Data we hold about you, including information about the identity of all the third parties or categories of third parties who have or have had access to your information;
- request us to correct or delete your Personal Data in our possession or under our control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, or destroy or delete a record of your Personal Data we are no longer authorised to retain;
- object to the processing of your Personal Data, subject to the relevant lawful purpose of processing, on reasonable grounds relating to your particular situation;
- object to the processing of Personal Data for direct marketing;
- request that the processing of your Personal Data is restricted under certain circumstances, subject to relevant national law regulating the processing of Personal Data; and
- request that Personal Data held by us be transferred to another entity.
Should you wish to exercise any of the above rights you may contact our Data Protection Officer.
L. Data Protection Officer
|Data Protection Officer:||Jolene Mouyis|
M. Personal Data Regulators
Should you believe that the processing of your Personal Data is in contravention with applicable Paymentologys, you can lodge a formal complaint with:
Republic of South Africa:
The Information Regulator (IRSA)
Follow the link for contact details: https://www.justice.gov.za/inforeg/contact.html
The Information Commissioner’s Office (ICO)
Follow the link for contact details: https://ico.org.uk/global/contact-us/
N. Changes to Data Protection Policy
- “Personal Data” is information that directly or indirectly relates to an identified or identifiable natural person or, where applicable, a juristic person, through an identifying factor.
- “Paymentology” depending on the context means either:
- Paymentology Ltd., Registration Number: 9670444 a United Kingdom registered and trading company.
- Paymentology DMCC, Registration Number: DMCC68141 a Dubai Multi Commodities Center company registered and trading in the United Arab Emirates, or
- Paymentology (Pty) Ltd., Registration Number: 1999/02004/07, a Republic of South Africa registered and trading company.
- “we”, “our”, or “us” is the pronoun of Paymentology.
P. Enquiries, Requests and/or Concerns
You may address all your enquiries, requests and/or concerns regarding this Policy or the processing of Personal Data (including your right to be forgotten) to our Data Protection Officer.