1. PURPOSE OF THE POLICY
1.1. We, Adumo (Pty) Limited (company registration number 2015/427833/07, a private company established in accordance with the Laws of South Africa, and our registered address being 3 Muswell Road, Block C & E Wedgewood Office Park, Bryanston, Gauteng, 2191) and our Affiliates (hereinafter referred to as “we”, “us”, “ours” or “our”), will process your Personal Information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”), which regulates and controls the processing of a person’s Personal Information in South Africa.
1.2. In accordance with the requirements of POPIA and because your privacy and trust is important to us, we set out below how we, the Responsible Party, collects, uses, and shares your Personal Information and the reasons why we need to use and share your Personal Information.
1.3. This Privacy Policy applies to the Personal Information we collect:
1.3.1. when you engage us about our goods and services and/or enter into a business relationship with us for products and services;
1.3.2. when you communicate with us (whether by email, telephone or on social media platforms);
1.3.3. when you visit our website and social media platforms;
1.3.4. from third parties (such as banks, credit bureaus, regulators and industry bodies) in order to provide products and services and fulfill our regulatory or contractual obligations; and/or
1.3.5. when we market our products and services and from performing surveys.
1.4. By providing us with Personal Information you acknowledge and understand that your Personal Information will be processed for the purposes listed in this Privacy Policy.
1.4.1. If you provide us with Personal Information belonging to a third party, you shall ensure that you have first obtained their written Consent to do so.
1.4.2. You are also responsible for ensuring that all Personal Information provided to us is correct and up to date.
1.4.3. You indemnify us against any loss suffered or incurred due to your provision of Personal Information of third parties to us in an unlawful manner.
1.5. Definitions: The following words and phrases will be used throughout this document:
1.5.1. "Affiliates” means any subsidiary of Adumo or any entity that controls, is controlled by, or is under common control with, Adumo. The terms "subsidiary" and "holding company" will have the meanings assigned to them in Chapter 1 of the Companies Act 71 of 2008.
1.5.2. "Consent” means the permission you provide to enable us to process your Personal Information.
1.5.3. “Children” means natural persons under the age of 18 years.
1.5.4. "Law” means a set of rules that we are required to comply with including any statute, regulation, directive, by-law, policy or any other enactment of legislative measure of government statutory or regulatory body which has the force of law.
1.5.5. "Personal Information" means information relating to any identifiable, living, natural person, and an identifiable, existing juristic person, including, but not limited to their:
1.5.5.1. name; marital status, age; language; birth; education;
1.5.5.2. financial history (e.g. income, expenses, assets and liabilities, money management behavior, account transactions, including banking account information provided to us);
1.5.5.3. gender or sex (e.g. for statistical purposes or as required by the Law);
1.5.5.4. criminal history;
1.5.5.5. identifying number (e.g. bank account number, identity number, passport number,
registration number, VAT number, tax number);
1.5.5.6. contact information (e.g. e-mail address; physical address, residential address, work address, telephone number);
1.5.5.7. location information (e.g. geolocation or GPS location);
1.5.5.8. online and other unique identifiers; social media profiles;
1.5.5.9. biometric information (e.g. fingerprints, signature, voice- and facial recognition);
1.5.5.10. race (e.g. for statistical purposes as required by the Law).
1.5.6. "processing" / “process” or “processed” means in relation to Personal Information, the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including by way of physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing.
1.5.7. “Special Personal Information” means Personal Information relating to race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, DNA analysis, retinal scanning and voice recognition.
1.5.8. "Responsible Party” means us, as the person which determines the purposes for which, and the manner in which, any Personal Information is processed, as contemplated under POPIA.
2. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION
2.1. We may process your Personal Information for the following reasons:
2.1.1. Contract: If you have entered into a contract with us for goods and services, we may use your Personal Information to:
2.1.1.1. communicate with you and provide you with the products and services you have requested;
2.1.1.2. detect and report unlawful behavior, money laundering and/or other crimes by conducting criminal, sanctions screening, anti-bribery and other related checks (including ongoing verification checks);
2.1.1.3. to assess your credit worthiness and for audit and debt collection purposes;
2.1.1.4. carry out statistical analysis and to identify market trends to improve our business and develop new products and services;
2.1.1.5. respond to queries from banks, regulators and industry bodies.
2.1.1.6. market and provide similar and related business services and products to you;
2.1.1.7. monitor and maintain our online channels;
2.1.1.8. process transactions;
2.1.1.9. enable you to participate in and make use of value-added solutions;
2.1.1.10. record and monitor communication between you and us, and use these recordings to verify your instructions in order to analyze, assess and improve our services to you, for training and quality purposes and to detect unlawful behavior and/or for completing.
2.1.1.11. satisfaction surveys, promotional and other competitions
2.1.2. Law: We may process your personal information to:
2.1.2.1. comply with applicable Laws and industry requirements including but not limited to the Financial Intelligence Centre Act, 2001 (as amended) and the Prevention and Combating of Corrupt Activities Act, 2004, to comply with legal obligations;
2.1.2.2. identify you and your beneficial owners;
2.1.2.3. litigate; and / or
2.1.2.4. to respond to a request or order from a SAPS official, investigator or court official, regulator industry body, or public authority.
2.1.3. Legitimate Interest: We may process your Personal Information to protect your rights and interests and/or ours and/or a third party to whom the Personal Information is supplied. We are protecting our legitimate interests when we:
2.1.3.1. enforce the terms and conditions of an agreement if you are in default;
2.1.3.2. trace you in order to institute legal proceedings against you;
2.1.3.3. develop our business continuity plan;
2.1.3.4. detect, prevent and report theft, fraud, money laundering, corruption and other crimes;
2.1.3.5. conduct market, statistical and behavioral research, to determine if you qualify for products and services,
2.1.3.6. determine your fraud and credit risk; and
2.1.3.7. any other related purpose
2.1.4. Consent: We may process your Personal Information in any other circumstances other than as described above where you have provided us with your consent.
2.2. SPECIAL PERSONAL INFORMATION: We may process Special Personal Information if:
2.2.1. the processing is for statistical or research purposes, and all legal conditions are met;
2.2.2. if the Special Personal Information was made public by you;
2.2.3. the processing is required to protect a right or obligation in Law or if it is required by Law;
2.2.4. you have provided your Consent; or
2.2.5. if the special Personal Information was made public by you.
2.3. At the time that we collect Personal Information from you we will have a specific purpose for the collection. We may however use that same Personal Information for other purposes and we will only do this where the Law allows us, and where the purpose of further processing is compatible with the purpose for which we collected your Personal Information.
2.4. We may further use or process your Personal Information if:
2.4.1. the record containing Personal Information was obtained from a public record, like the deed’s registry;
2.4.2. you made the Personal Information public, like posting on social media;
2.4.3. the Personal Information is used for historical, statistical or research purposes,
2.4.4. the results will not identify you;
2.4.5. proceedings have started or are contemplated in a court or tribunal;
2.4.6. it is in the interest of national security;
2.4.7. it is required to enable us to adhere to the Law;
2.4.8. the Information Regulator has exempted the processing.
2.4.9. We may also further use or process your Personal Information where we have obtained your Consent.
3. SOURCES OF INFORMATION – HOW AND WHERE WE COLLECT PERSONAL INFORMATION
3.1. Depending on the requirements, we will collect and obtain Personal Information either directly from you, third parties or from other sources which are described below:
3.1.1. Direct collection: You provide Personal Information to us when you communicate with us, apply for our products and services and/or enter into an agreement with us.
3.1.2. Automatic collection: We collect Personal Information automatically from you when you:
3.1.2.1. search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms;
3.1.2.2. use our products, services, assets and facilities;
3.1.2.3. access our premises or access, use, or download content from us;
3.1.2.4. open emails or click on links in emails or advertisements from us;
3.1.2.5. otherwise interact or communicate with us.
3.1.3. Collection from third parties: We collect Personal Information from third parties, such as:
3.1.3.1. third party data bases such as the South African Police Service (SAPS), Home Affairs, banks, industry bodies, credit bureaus and other similar agencies;
3.1.3.2. government agencies, payment processing service providers, card schemes, regulators and others who release or publish public records;
3.1.3.3. Mastercard Alert to Control High-risk Merchants (“MATCH”);
3.1.3.4. other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain;
3.1.3.5. attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements;
3.1.3.6. Law enforcement and fraud prevention agencies and local and international tax authorities.
4. HOW WE SHARE PERSONAL INFORMATION
4.1. We share Personal Information with the following categories of recipients:
4.1.1. Employees and Affiliates: We may share your Personal Information amongst our employees and Affiliates for operational purposes and to provide you with products and services;
4.1.2. Third-party service providers: We may share Personal Information with our third-party service providers in order to:
4.1.2.1. fulfil or perform tasks on our behalf or other legal obligation, including with third parties that provide goods or services to us and are involved in the provision of goods and services and associated tasks in respect of our goods and services (i.e. a courier service provider);
4.1.2.2. assist us in offering, providing, analyzing, improving, and personalizing our services or products.
4.1.3. Regulators and Law enforcement agencies. We may disclose Personal Information to regulators and other bodies in order to comply with any applicable Law or regulation, to comply with or respond to a legal process or Law enforcement or governmental request
4.1.4. In the event of Merger, Sale, or Change of Control. We may transfer Personal Information to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.
4.1.5. Investor and shareholders. We may share Personal Information with current or potential investors or shareholders.
4.1.6. Credit bureaus. Your information will be shared with registered credit bureaus for the purpose of obtaining a credit check as allowed for in the National Credit Act.
4.1.7. Other Disclosures. We may disclose Personal Information to third parties if we reasonably believe that disclosure of such information is helpful or reasonably necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of the group, our employees, any users, or the public (i.e. regulatory authorities, industry ombuds, government departments, local and international tax authorities and other persons as required in terms of law; fraud investigators; organizations that help identify illegal activities and prevent fraud; entities you have authorised to obtain your Personal Information; the Financial Intelligence Center, qualification information providers;
trustees, executors or curators appointed by a court of law; persons to whom we have ceded rights or delegated obligations to under agreements; or tribunals that require the Personal Information to adjudicate referrals, actions or applications).
5. HOW WE SECURE YOUR PERSONAL INFORMATION
5.1. The security of your Personal Information is important to us.
5.2. To prevent your Personal Information from being accessed or shared without authorisation, we have implemented technical and organizational measures (in accordance with the minimum standard required by Law) designed to protect the security of Personal Information by taking into account the nature and purposes of processing Personal Information, and by considering the risks to individuals being of varying likelihood and severity.
5.3. We conduct regular audits regarding the safety and the security of your Personal Information.
6. THE RETENTION OF PERSONAL INFORMATION
6.1. Personal Information will be retained by us for as long as it is required to fulfill the purpose for which it was obtained; or for a longer period in the following circumstances:
6.1.1. to meet the timelines determined or recommended by regulators, professional bodies, or associations,
6.1.2. to comply with applicable Laws,
6.1.3. we require your Personal Information for statistical research purposes;
6.1.4. to comply with contractual commitments; or
6.1.5. where you have provided Consent for us to retain your Personal Information for a longer retention period.
6.1.6. Take Note: We may retain your Personal Information even if you no longer have an agreement with us (if the Law permits).
6.1.7. Once the purpose for processing has been fulfilled and all contractual and/or legal requirements satisfied, the Personal Information will be destroyed, deleted or de-identified in accordance with our records management policy.
7. TRANSFER OF PERSONAL INFORMATION ABROAD
7.1. We may transfer your Personal Information outside the Republic of South Africa where the transfer is necessary for us to enter into, or perform our contractual obligations to you.
7.2. Personal Information will only be transferred outside the Republic of South Africa to those countries which have similar data privacy Laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which in particular will be to a no lesser set of standards than those imposed by POPIA.
8. HOW WE USE YOUR PERSONAL INFORMATION FOR MARKETING?
8.1. We may market services, products, payment and other related payment solutions to you.
8.2. We will do this in person, by post, telephone, or electronic channels such as SMS, email, social media and our website.
8.3. We will only market electronic communications with your Consent. In any event you can unsubscribe at any time by informing us directly.
9. WHEN WILL WE USE YOUR PERSONAL INFORMATION TO MAKE AUTOMATED DECISIONS ABOUT YOU?
9.1. An automated decision is made when your Personal Information is analyzed without human intervention in the decision-making process.
9.2. We may use your personal information to make an automated decision as allowed by Law. An example of automated decision making is the approval or declining of an application when you apply to use any of our products and services. You have the right to query any such decisions made.
10. CHILDREN’S PERSONAL INFORMATION
We will collect and process the Personal Information of Children only with the Consent of a competent person (whether a parent, legal guardian or other person) or if we are lawfully
allowed to do so.
11. YOUR RIGHTS
11.1. You have the right to know what we know about you and what we do with that information:
11.1.1. The right of access
You may ask us to confirm whether we have any of your Personal Information, if we do then you may request a record of such Personal Information.
11.1.2. The right to rectification
If you have entered into an agreement with us for goods and services you are required to advise us of any changes to your Personal Information in accordance with the terms of such agreement. If you have not entered into an agreement with us for goods and services and have provided us with your Personal Information you have the right to ask us to update or rectify any inaccurate Personal Information.
11.1.3. The right to erasure (the ‘right to be forgotten’)
You have the right to request us to destroy or delete records of your Personal Information where there is no overriding legal basis or legitimate reason for us to process your Personal Information, and the legal retention period has expired.
11.1.4. The right to object to and restrict further processing
There may be circumstances where although we are processing your Personal Information lawfully, such processing impacts you, in which case you may object to us processing your Personal Information by completing the prescribed Form 1.
11.1.5. The right to withdraw Consent
Where Consent has been provided, you have the right to subsequently withdraw such Consent. If Consent is withdrawn then we may not be able to provide certain products and services to you and we will inform you if this is the case. We may proceed to process Personal Information even if Consent is withdrawn, if the Law permits or requires it. It may take a reasonable time for any changes to be effective.
11.1.6. The right to complain
If you have a concern or complaint, please raise the complaint with us directly by contacting us (contact details are provided below) and we will do our best to address your compliant. Should you be unsatisfied with the manner in which we have
addressed the complaint you may contact the office of the Information Regulator.
The contact details of the Information Regulator are provided below: The Information Regulator:
Email address
POPIAComplaints@inforegulator.org.za
Telephone number: general enquiries
010 023 5200
11.2. To exercise any of the above rights please contact us or refer to the procedure described in our Promotion of Access to Information Manual.
12. COOKIES
12.1. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data that is sent (usually in the form of a text file) from a website to your device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” your information (keeping track of previous actions).
12.2. We may also use the cookie to prevent fraud.
12.3. You can choose not to allow some types of cookies. You can click on the different category headings to find out more and change the default settings. However, blocking some types of cookies may impact your experience of the website and the products and services we are able to offer to you.
13. LINKS TO OTHER WEBSITES
13.1. Our website and other online platforms may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's website.
13.2. We have no control over the nature, availability and content available on any third-party websites and platforms.
13.3. In no event will we be liable for any losses which may arise from your use of the third-party website (including the unauthorized use of, or access to, your Personal Information when using the third-party website).
13.4. You herewith agree not to hold us liable for any such losses.
14. CHANGES TO THIS POLICY
14.1. We reserve the right to amend the Privacy Policy at any time, for any reason, and without prior notice to you. The latest version of the Privacy Policy will replace all earlier versions, unless otherwise indicated and will be made available on our website.
14.2. Any such amendment will come into effect when published on our website and becomes part of any agreement that you have with u.
14.3. It is your responsibility to check our website often.
14.4. If you have entered into an agreement with us, we will advise you of any material changes to this Privacy Policy in accordance with the terms of the agreement.
15. CONTACT US
Any comments, questions or suggestions about this Policy or our handling of your Personal Information can be emailed to Paul@adumo.com (the Information Officer) or Jarret@adumo.com (Deputy Information Officer).
16. FORMS
16.1. Form 1: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
16.2. Form 2: REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013)
