1.1.1. In providing services to the Merchants and/or other users (“Users”) of the Company’s website, the Company collects, uses, processes and, in some circumstances, shares the “personal information”, as this term is defined in the Protection of Personal Information Act, 2013 (the “POPI Act”) (“Personal Information”) of Users in and through this website.
1.1.2. The Company respects the rights of Users of the Company’s website whose Personal Information is collected, and used and/or processed by it, including their right to protection against the unlawful collection, retention, sharing and use of such Personal Information.
1.2. Collection and processing of Personal Information
1.2.1. The Company shall only collect your Personal Information for a specific, explicitly defined and lawful purpose relating to a function or activity of the Company’s business.
1.2.2. Such purposes may include the decision whether or not to enter into a contract with you.
1.2.3. The Company will not sell your Personal Information to any third party without your prior written consent.
1.3. General conditions for processing Personal Information
1.3.1. The Company shall comply with all laws, contracts or regulations when it processes Personal Information.
1.3.2. The Company shall respect your right to privacy at all times. If there is another way in which it can achieve the same goal without posing any risk of harm to your privacy rights, then it endeavours to try to elect to use that option.
1.3.3. The Company shall ensure that the Personal Information that is collected and processed is and remains relevant to the identified purposes for such processing, and that such information is and remains adequate, but not excessive, for achieving the identified purposes.
1.3.4. The Company shall ensure that, regardless of the stated purposes for processing personal information, the rights and interests of Users will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.
1.3.5. If the Company no longer needs to process Personal Information to achieve the purpose originally specified, it will stop using that information.
1.4. Disclosure and sharing of Personal Information
1.4.1. The Company may, in the course of providing any content or services on this website, or for the purposes of concluding or performing any transaction with the User, share certain Personal Information with third party operators who perform certain processing activities on behalf of the Company.
1.4.2. The categories of third party operators with whom it is shared includes, but is not limited to, the following:
126.96.36.199. banks or other financial institutions where the User maintains or has maintained bank accounts, loan accounts or other financial or investment accounts;
188.8.131.52. credit bureau service providers;
184.108.40.206. gateway payment providers;
220.127.116.11. service providers who provide the Company with legal assistance, accounting or auditing services, payroll services and/or other utilised to effectively operate the Company’s business; and
18.104.22.168. delivery and courier service providers.
1.5.1. You acknowledge that by the nature of this application and any agreement that may be concluded, the Company will obtain direct and/or indirect access to the Personal Information, of various persons, including members, employees, directors and consultants of you, existing customers and/or clients of yours and their members, employers, employees, trustees and other service providers to the clients, and will act as a “responsible party” (as defined in the POPI Act) in respect of that Personal Information.
22.214.171.124. the types of personal information to be processed;
126.96.36.199. the specific processing activities to be undertaken;
188.8.131.52. the specific purposes for such processing; and
184.108.40.206. the possible consequences for the User that may arise from such processing.
1.5.5. Should the User wish to withdraw any consent previously given, the User must notify the Company’s information officer in writing. You have the right to withdraw any consent at any time, demand that the processing of the personal data be terminated and the gathered personal data be deleted or closed and that the Company user account be closed, provided that the User does not have any valid agreement or any open or failed applications in the Company.
Accordingly, the Company warrants that it will at all times comply with all applicable laws relating to data protection and privacy laws, including but not limited to the POPI Act (whether or not all of the provisions thereof are fully in force and effect), and in particular as set out hereunder:
1.6.1. Security measures. The Company shall establish and maintain security measures to secure the integrity and confidentiality of any Personal Information that it processes, and will follow the requirements in section 19 of the POPI Act and shall not provide or give access to Personal Information to any third party where this is not related to a function or activity of the Company’s business, without the prior, written consent of the User;
1.6.2. Processing limitation. The Company shall only process Personal Information in relation to an application and/or any agreement concluded and the requirements under the POPI Act,
1.6.1. Further processing. The Company shall not process (as such term has been defined in the POPI Act) the Personal Information of a User obtained as a result of an application for any purpose other than to provide the services contemplated;
1.6.2. Notification. The Company undertakes to immediately notify the User where there are reasonable grounds to believe that Personal Information processed by it has been accessed or acquired by any unauthorised person;
1.6.3. Access to information. The Company shall, to the extent reasonably required, help the User to comply with any valid requests it receives for access to Personal Information;
1.6.4. Personnel and contractors. The Company shall bind its personnel with appropriate confidentiality and non-use obligations in relation to any Personal Information;
1.6.5. Disaster Recovery. The Company shall have a disaster recovery facility and plan in respect of the Personal Information obtained and/or processed. In the event of a disaster, the Company shall implement its disaster recovery plan; and
1.6.6. Trans-border Data flows. The Company shall ensure that the transfer of any Personal Information across a country border complies with applicable laws.