DPO SOUTH AFRICA PRIVACY POLICY

Your data privacy is of utmost importance to DPO South Africa. Please see our privacy policy below. You can also view our PCI, GDPR and, PAIA policies on the links indicated.

  1. INTRODUCTION
    1. DPO South Africa (PayGate Pty Ltd) and all its legal entities operate mainly throughout South Africa. We have taken steps to ensure that we comply with our obligations in terms of relevant data protection laws and act as both a controller (including a Responsible Party under POPIA) and a processor (including an Operator under POPIA), on behalf of data subjects that we perform processing for.
    2. The Board of Directors and management of DPO Group, located at 3G Direct Pay Limited, Suite #3, Ulysses House, Foley Street #1, Dublin 1, Ireland, Tel +353 1 8881005,3G Direct Pay Limited, Suite #3, Ulysses House, Foley Street #1, Dublin 1, Ireland, Tel +353 1 8881005, are committed to compliance with all relevant laws in respect of personal information, and the protection of the “rights and freedoms” of individuals whose information DPO collects and processes in accordance with the relevant data protection laws.
    3. This Privacy Policy is intended to provide transparency to data subjects about what happens with their personal information.
  2. What is personal information?
    1. Personal information includes:
      1. certain information that we will collect automatically when you visit our
        website;
      2. certain information collected on registration (see below);
      3. certain information collected on submission; and
      4. optional information that you provide to us voluntarily (see below);
        but excludes:
      5. information that has been made anonymous so that it does not identify a specific person;
      6. permanently de-identified information that does not relate or cannot be traced back to you specifically;
      7. non-personal statistical information collected and compiled by us.
  3. Which personal information is collected and processed?
    1. We endorse and adhere to the principal of ’data minimization’ whereby we only collect, process or store the minimum amount of data that we require to provide the requested service.
    2. Depending on the service provided, this can include any or all the following data:
      1. Name
      2. Email address
      3. Contact telephone number
      4. Delivery address
      5. Bank card or account details
      6. Passport or National ID.
      7. Username and password for DPO account access
      8. Photo
    3. In certain cases we may require additional information for either the service provided or any other legitimate reason. In these instances we will always seek consent from the data subject, together with an explanation of why the additional information is necessary.
  4. Purpose for which we collect personal information.
    1. We use your personal information in a number of different ways, including but not limited to:
      1. providing the services requested by you;
      2. providing you or a controller with customer support inquiries;
      3. providing you with information on new products;
      4. for analysis of information to establish user trends and needs;
      5. to communicate with the you on changes to services, policies, terms and conditions or other important information.
    2. We may use online public domain information about the data subjects in order to confirm the identity of the cardholder or for any anti-fraud purposes.
    3. We will obtain your consent to collect personal information:
      1. in accordance with applicable law;
      2. when you provide us with any registration information or optional information.
  5. Security & quality of personal information.
    1. We protect and secure all our data in line with its PCI-DSS Level 1 compliance.
    2. We aim at the highest standards of quality data processing, in line with our PCI- DSS Compliance and DPO will shortly be ISO27001 compliant a well.
    3. We record all personal data in line with our data protection impact assessment and data inventory policies. These policies are reviewed and updated at least annually.
    4. Where personal information is compromised and the breach is likely to result in a high risk to the rights and freedoms of natural persons, We will communicate the personal information breach to the data subject without undue delay, and as clearly and simply put as possible.
    5. Where we have reasonable doubts concerning the identity of the natural person making a request, we may request the provision of additional information necessary to confirm your identify.
  6. Your rights.
    1. You may request access to your personal information to receive a copy of the personal information that we hold on you.
    2. You may choose to correct or update the personal information you have submitted to us, by clicking the relevant menu in any of the pages on our website or contacting us by phone or email.
    3. You may withdraw your consent where we are relying on consent as a lawful justification to process.
    4. You may also object to our processing where we are relying on another lawful justification for processing. Please note that if you do so, we might not be able to provide services to you.
    5. We may need to request additional information from you to verify your identify for you to access these rights. This is to ensure that your personal information is not disclosed to an unauthorised person.
  7. Retention of personal and other data.
    1. We retain personal and processing information in line with PCI-DSS standards.
    2. All data that is required to be retained for compliance, legal, archiving, client support or ongoing processing is retained for only as long as is absolutely required and in line with our PCI-DSS compliance, whereafter it is erased and disposed of.
  8. Consent
    1. By giving your consent, you give us permission to process your personal information specifically for the purposes set out in this Privacy Policy.
  9. Reasons we may share personal information.
    1. We may share your personal information with:
      1. other divisions or companies within the group of companies to which we
        belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their services);
      2. an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
      3. our services providers under contract who help provide certain services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these services providers only use your information in connection with the services they supply or services they perform for us and not for their own benefit);
      4. credit bureaus to report account information, as permitted by law;
      5. banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you utilise the services to
        receive payments and you meet their criteria); and
      6. other third parties who provide us with relevant services where appropriate.
    2. We may disclose your personal information as required by law or governmental audit.
    3. We may disclose personal information if required:
      1. by a subpoena or court order;
      2. to comply with any law;
      3. to protect the safety of any individual or the general public; and
      4. to prevent violation of our terms of service.
    4. We will not sell personal information. No personal information will be disclosed to anyone except as provided in this privacy policy.
    5. We may disclose aggregate statistics (information about the customer population in general terms) about the personal information to advertisers or business partners.
    6. We may need to disclose personal information to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.
    7. If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.
  10. General information.
    DPO have appointed a board approved Data Protection Officer to ensure the enforcement and compliance with applicable data protection laws. Any requests, complaints, or communications by staff, third parties, service provides, data subject, controllers, processors, or the data security authority should be directed to the following email, namely dataprotectionofficer@dpogroup.com
  11. Transfer to another country.
    DPO may transmit or transfer personal information outside of the country in which it was collected to a foreign country and process it in that country. Personal information may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal information may not be as stringent as the laws in the country in which it was collected. You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be less stringent.
  12. Changes
    We may change the terms of this policy at any time by updating this web page. We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated. If you do not agree with the changes, then you must stop using the website and our services. If you continue to use the website or our services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.
  13. Limitation
    We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third party websites.
  14. Enquiries
    If you have any questions or concerns arising from this privacy policy or the way in which we handle personal information, please contact us at dataprotectionofficer@dpogroup.com