POPI and Privacy Policy

Protection of Personal Information and Privacy Policy

1. INTRODUCTION

1.1. eZi Remit (Pty) Ltd (hereinafter referred to as ‘eZi’, ‘we’, ‘our’ or ‘us’) We know your privacy is important to you, it is also important to us. Our intention is to be open and honest with you about the information we gather about you, how we use it, and who we share it with. In simple terms, this Notice explains what we do with your personal information.

1.2. We are committed to protecting your privacy. This Privacy Policy (hereinafter referred to as ‘Privacy Policy or ‘Policy’) applies to all persons using our services, website environment (available at support@eziremit.co.za), use any of eZi Remit’s application(s), or when you otherwise do business or contact us. This Policy governs our online privacy practices, the methods and types of personal information that we received, collect, disclose and store, how the personal information is used, with whom it may be shared, what choices are available to you regarding the collection, use, and distribution of your personal information, what kind of security procedures are in place to protect the loss, misuse or alteration of the information under our control, your rights regarding your personal information and whom to contact with questions or concerns.

1.3. This Privacy Policy explains how eZi as well as its affiliates (hereinafter referred to as “eZi Operators”), including but not limited to legal persons, unincorporated organizations, and teams that provide services collect, use, process, disclose, share, transfer, and protect personal information obtained through eZi and its partners. So, the terms we, us, and our, refer to eZi and eZi Operators collectively.

1.4. By using our website environment (available at www.eziremit.com (“Website” or “Platform” as the context may require), our applications, or our services, you (‘User’ ‘You’, ‘You’re’) consent to this Policy and to the data practices described in it, in addition to consenting to it explicitly when using the Website. If you do not agree with the data practices described in this Policy, you may choose to stop using our services, or the Website. We periodically update this, Policy. We encourage you to review this Policy periodically.

1.5. Please carefully read this Protection of Personal Information and Privacy Policy, because it applies to the eZi Remit website or eZi Remit mobile application, along with related services, information and communications, materials, and any software that we make available that allows you to access relevant services and eZi software, communication, and mail operations regardless of whether you register or log in to use the services or not.

When visiting Platforms, you acknowledge, understand, and consent to all provisions described in this Privacy Policy. We will not use your personal information for any purpose not covered in this Privacy Policy or the Terms and Conditions (including any other business rules of eZi) without prior notification to you and your consent. If you do not agree with any part of this Privacy Policy, please stop using services immediately.

2. PURPOSE

2.1. This Policy has been developed for purposes of compliance with the Protection of Personal Information Act 2013 (“POPIA") and other data protection-oriented provisions within applicable regulations, as eZi offers services to residents in Africa and the Republic of South Africa. The Policy shall serve as part of your initial customer relationship with us and our ongoing commitments to you.

2.2. In order to promote our services to You, we may send you information about our products, features, promotions, surveys, news, updates, and events. We also aim to tailor our marketing messages to your preferences. If you prefer not to receive marketing communications, you can choose to opt out during the account creation process. Additionally, you have the option to unsubscribe from our marketing emails at any time or submit a support ticket to request removal from our marketing list.

2.3. To oversee and uphold your account within our system and to identify and prevent any fraudulent or unauthorized utilization of our products and services.

2.4. When you are asked to provide personal information, you may decline, but if you choose not to provide data that is necessary to enable us to make our services available to you, you may not be able to sign up for our services and some features may be limited. If you fail, neglect, and/or refuse to or are unable to provide us any Personal Information which we necessarily need to provide you with services, or that we need to collect by law, we may not be able to provide you services. In this case, we have the right to discontinue the provision of services to you and/or close your account. In such a situation, we will notify you at the earliest.

2.5. eZi collects certain personal information to enable us to operate effectively, and to provide you with the best experiences on our website and our operations. eZi prides itself on transparency and as such, you have choices about the personal information we collect.

2.6. eZi collects the personal information to enhance the quality of products and services that are offered, while also innovating to create new offerings.

2.7. Some of the information we obtain is collected to comply with applicable laws and regulations, of the Protection of Personal Information Act (POPI). This Policy explains:

The types of information we collect about you
How we use information about you
Types of information we disclose to third parties and the types of such third parties
How we protect your personally identifiable information; and
How you may instruct us not to disclose certain information about you that we are otherwise permitted to disclose by law.

3. INFORMATION WE COLLECT FROM YOU

3.1. The kinds of Personal Information we collect will depend on the type of interaction you have with us (for example Telephone calls to us may also be recorded for training and quality assurance purposes). Generally, we collect the following information (‘Information’) about you if you are:

3.2. Natural Person (Individual customers)

Identification information, such as your name, email address, and home address (including documents such as current utility bill i.e., electricity, telephone, gas, or mobile phone bill, documents issued by a government department that shows the end user’s address, bank statement (not older than 3 months) that shows the end user’s address), contact number, date of birth, gender, demographic and location data, billing address, username, along with identification details of documents confirming such details (such as passport, driver’s license, National identity card);
Country of birth;
ID expiry details;
Source of funds;
Purpose of transactions; and
Method of payments.

Legal Entity (Corporate customers)

Copies of Commercial License/Trade License (or equivalent)
Copies of the Certificate of incorporation
Copies of Certificate of Incumbency
Copies of Memorandum of Association (MoA)
Copies of Share Certificate/Share Register (where details of shareholders are not available in MoA)
Copies of Documents providing details of Ultimate Beneficial Owners
Purpose and nature of the intended business relationship. (BOR)
Copies of identification document of Owner(s) (passports/ID cards)
Authorization letter must be taken for a representative of the legal entity who carries out transactions on its behalf
Copies of documents providing details of the relationship with the company and powers of authorized signatories who have the authorization to carry out transactions on behalf of the Company along with their identification documents.

Notwithstanding the foregoing we shall further collect the following Information:

Information you provide when you participate in promotions offered by us or our partners, respond to our surveys or otherwise communicate with us
Information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions
Information about the location of your device and some other device specifics, including your hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with our services
Information about how you use our services, including your carrier operating system, connection type, referring URLs, access time, browser type and language, and Internet Protocol (‘IP’) address, as well as other information which may be collected and used by us automatically through the browser on your device or otherwise
Information contained in or relating to any communication that you send to us with or without our request, including without limitation.
Information collected by Cookies and Web beacons (defined below), including using web beacons and sending cookies to your device
Your connections with others whose personal information we may collect or hold

3.3. Information may also include information we collect about your individual preferences. We may collect the Information in course of your signing up for our services, in course of our identity or account verification process, or course of your use of our services.

3.4. This policy applies to your Information when you use our website and interact generally with us but does not apply to Third-Party Sites. We are not responsible for the privacy policies or content of Third-Party Sites.

3.5. For the avoidance of doubt, unless stated otherwise, this policy will govern our collection of your Personal Information irrespective of the forum. Your continued usage of our website and/or services will be taken to indicate your acceptance of the terms of this privacy policy insofar as it relates to our website.

3.6. We do not knowingly collect data from, or market to, children below the legal age as established under POPIA. By using the services, you represent that you are at least the age of majority or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the services. If we learn that personal Information from users who are less than the age of majority has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

4. MODE OF COLLECTION

4.1. We usually collect and store information including in paper, the physical and electronic forms provided by you when you communicate with us by telephone, email, web-based form, letter, or other means, including when:

We provide you with our services via telephone, email, or our website.
You participate in our functions, events, or activities or on our social media pages.
You request that we provide you with information concerning our products or services.
You upload or submit information to us or our website; or
You complete any forms requesting information from you, including on registration with us, complete any survey or provide feedback to us concerning our products or services.

4.2. We may also collect personal information about you from third parties and other sources such as our related entities, business partners, credit reporting bodies, publicly available sources, social media platforms, government agencies, regulators, and service providers.

4.3. We collect information electronically through our website, applications, cookies, web beacons, server logs and other similar technologies that help us improve your experience and the services we provide.

4.4. We may collect information automatically when you use our website, applications, products and services, including information about your device, browser, operating system, network information, IP address, usage data and transaction information.

4.5. We may combine information collected from different sources and use it together with information we already hold about you in order to improve our services, verify your identity, prevent fraud, comply with legal obligations and better understand our customers.

4.6. We may also collect information through communications with you, including when you contact our customer support team, complete surveys, participate in promotions, submit feedback, or otherwise communicate with us.

4.7. Where permitted by law, we may monitor and record telephone conversations and electronic communications for training, quality assurance, compliance, fraud prevention and security purposes.

4.8. By providing personal information to us, you consent to us collecting, storing, using and disclosing your personal information in accordance with this Privacy Policy and applicable laws.

5. HOW WE SHARE AND USE YOUR INFORMATION

5.1. We shall share and use your information with and for:

Any person that works with us as well as the companies that form part of the EWealth Group.
To our related entities, employees, officers, agents, contractors, other companies that provide services to us, sponsors, government agencies, or other third parties to satisfy the purposes for which the information was collected or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose.
Any entity that forms part of eZi to process your payments that you have authorised and to provide you with the goods and services that you have opted for.
Any financial and other institutions to facilitate authorized payment processing and to deliver our range of products and services.
Entities and firms that offer services to us, encompassing technical infrastructure, marketing, and analytics, as well as web and app development.
Entities and organizations that support us in the realm of fraud prevention services and to aid us in identity verification and safeguarding against fraud or financial misconduct, taking appropriate actions as warranted by the outcomes of such investigations.
Our professional advisers, consultants, and other similar services.
Any financial and other institutions to facilitate authorized payment processing and to deliver our range of products and services.
The selected and trusted group of third party/parties to fulfil our obligations under our contract with you and to meet government, regulatory, and law enforcement requests, and to continue providing you with the services. We will only disclose your personal information to third-party service providers under strict terms of confidentiality. We do not allow our third-party service providers to use your personal information for their purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
The third parties who help us to verify the identity of our clients and customers, and other software service providers who assist us to provide the services we provide to you.
The third parties who help us analyse the information we collect so that we can administer, support, improve or develop our business and the services we provide to you including cloud hosting services, off-site backups, and customer support.
The third parties who shall use your information to let you know about goods and services which may be of interest to you by the applicable laws.
The merchants and the recipients of funds to identify you as the sender of the funds and to a party who sends you funds in connection with a transfer to you of funds.
Law enforcement or government agency or is required by law, or legal processes, such as a subpoena, court, or another legal process with which we are required to comply, including about our obligations under applicable privacy laws and regulations.
Enforcing the terms of this policy or to enforce any of our terms and conditions with you.
Our professional advisers such as consultants, bankers, professional indemnity insurers, brokers, and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business.
Any other person, with your consent (express) to facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers.
Any other person, with your consent (express) to protect the interests of our users, clients, customers, and third parties from cyber security risks or incidents and other risks or incidents.
Any other person, with your consent (express) to maintain the integrity of our Website and protect our rights, interests, and property and those of third parties.
In addition to the above recipients, we will disclose your personal information if we are requested to do so by law or if the disclosure is made in connection with either the normal operation of our business in a way that you might reasonably expect, for example, if such disclosure is incidental to IT services being provided to our business or for the resolution of any dispute that arises between you and us.

5.2. In the event of a proposed restructuring or sale of our business (or part of our business) or where a company proposes to acquire or merge with us, we may disclose personal information to the buyer and their advisers without your consent subject to compliance with the applicable privacy regulations. If we sell the business and the sale is structured as a share sale, you acknowledge that this transaction will not constitute the ‘transfer’ of Personal Information.

6. WE PROCESS AND USE AGGREGATED, ANONYMISED, AND DE-IDENTIFIED DATA

6.1. We may also create, process, collect, use, and share aggregated, anonymized, or de-identified Information such as statistical or demographic data for any purpose which may be derived from your Personal Information. We may use this data to comply with legal or regulatory obligations and for any business purpose, including to better understand users’ needs and behaviours, improve our products and services, conduct business intelligence and marketing, and detect security threats.

6.2. We may share such Information with members of our group, service providers, and our key partners. Some of these third parties may be in a jurisdiction outside South Africa as stated in this Policy, in which case we will take all necessary steps to ensure that your Personal Information is treated securely and that such transfers are permitted under the applicable data protection laws.

6.3. We may also use any or all the personal information above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorized payments), and to enforce our Terms and Conditions or any other contract to which we may be a party to.

7. HOW WE SHALL SECURE YOUR PERSONAL INFORMATION

7.1. We place a significant emphasis on ensuring the security of your personal data.

7.2. We regularly assess and implement appropriate and reasonable technical and organizational security measures to ensure the safety of your personal information.

7.3. Our employees undergo training to handle personal data securely and with the utmost respect. Failure to adhere to these standards may result in disciplinary actions. While we take measures to safeguard your personal data, we cannot guarantee its absolute security. In the event of a data breach, please refer to the "Data breaches" section below. It is essential for you to take responsibility for securing your account login credentials and complying with eZi Terms of Use regarding account security.

8. CONSENT MECHANISM

By creating an eZi Account, you are consenting to our processing, storage, utilization, and sharing of your personal information in accordance with this Privacy Policy. If you disagree with any aspect of this Privacy Policy or the Terms and Conditions, or if you wish to withdraw any previously given consent, please contact us at support@eziremit.co.za. It's important to note that if you withdraw any essential permissions or revoke consent for processing and storing information such as your eZi Account data, Financial and KYC Information, or any other information required to offer you our Services, we may be required to discontinue providing those Services to you.

9. RETENTION OF PERSONAL INFORMATION WITHOUT CONSENT

9.1. In certain cases, we may process your personal information without your explicit knowledge or consent, but only in cases where such processing is mandated or allowed by applicable law.

9.2. We will keep it for period of 5 years after termination of the business relationship to serve our legitimate business interests. These interests include meeting legal requirements, preventing fraud, resolving disputes, upholding agreements, safeguarding the interests of eZi and its customers, and as mandated by applicable laws.

10. MARKETING

10.1. We may contact you with information regarding our products, services, news, and promotions, or engage in communication for marketing purposes through various channels such as email, push notifications, in-app messages, text messages, or other means. Our marketing communications will always adhere to relevant laws, including consent and opt-out regulations.

10.2. You have the option to opt out of receiving marketing communications at any time. This can be done by selecting the "Unsubscribe" option, which is included in all marketing messages sent to you. Additionally, you can manage your communication preferences by accessing your account settings within our app or on our website.

10.3. It's important to note that opting out of marketing content will not affect your receipt of critical communications related to the security or functioning of your account.

11. THIRD-PARTY ADVERTISING AND ANALYTICS

11.1. Our websites or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their privacy policies. If you click on a third-party link, you will be directed to that third party’s platform. We strongly advise you to review the privacy policy of every platform you visit. We are not responsible for the privacy policies of these third-party websites, regardless of whether they were accessed using the links from our website. We have no control over and assume no liability for the content, privacy policies, or practices of any third-party platforms or services.

12. CONSENT FOR PERFORMANCE OF CONTRACT; LEGAL OBLIGATIONS

12.1. You grant consent for the processing of your personal information. This processing will be done to fulfil all legal obligations stemming from contracts involving you, or to provide services that you have contracted us to deliver, or to take necessary actions upon your request before entering a contract with you.

12.2. When you apply for or sign up for our services, you grant us the authorization and consent to obtain information about you from third parties and share such information with them. This process is carried out in the context of identity or account verification, fraud detection, collection procedures, or as otherwise permitted or mandated by applicable law.

12.3. You have the option to revoke this consent at any time. Please note that withdrawing your consent will not impact the legality of processing that occurred based on your previous consent. The withdrawal of consent will become effective within 30 calendar days of your request submission. If you wish to make such a request, kindly contact us at support@eziremit.co.za.

12.4. We provide detailed, clear, and easily revocable explanations about the specific information we gather, how we collect it, the reasons behind its collection, how we share it, and the duration for which we retain it in this Policy.

12.5. We will store your data only for the duration necessary to fulfil our obligations or achieve the intended purposes for which the information was gathered, and in accordance with applicable law. The determination of the appropriate retention period will consider factors such as the quantity, nature, and sensitivity of the data; potential risks associated with unauthorized use or disclosure of the data; the purposes for which we process the data and whether alternate methods can achieve those purposes; and relevant legal requirements. Unless required otherwise by the law, upon the conclusion of the retention period, we will either delete personal data from our systems and records or take suitable measures to ensure their proper removal from our system.

13. YOUR DATA PROTECTION RIGHTS

13.1. Right to be informed: This means you have a right to know:

a. The identity and contact details of the Company.

b. The purposes of processing your personal information as well as the legal basis for the processing.

c. The legitimate interests pursued by us or by a third party who processes your personal information.

d. Recipients or categories of recipients of your personal information.

e. Our intention to transfer your personal information to a third country or international organisation and reference to the appropriate safeguards and the means to obtain their copy.

f. The period for which your personal information will be stored, or if that is not possible, the criteria used to determine that period.

g. Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obligated to provide the personal information and of the possible consequences of failure to provide such data.

h. The existence of automated decision-making, including profiling and meaningful information about the logic involved.

Where we intend to further process your personal information for a purpose other than that for which the personal information was collected, we must explain to you, before such further processing, information on those other purposes and any other relevant information.

13.2. Right of access: This is your right to see what personal information is held about you by us. Particularly you have the right to:

a. Receive confirmation as to whether your personal information is being processed.

b. Access your personal information which we are processing along with the purposes of the processing; the categories of personal information being processed; the recipients or categories of recipients to whom the personal information has been or will be disclosed; the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period; where the personal information is not collected from you, any available information as to their source.

c. Where your personal information is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer.

d. A copy of your personal information being processed; and

e. Any further copies requested by you, upon paying a reasonable fee.

13.3. Right to rectification: This is your right to have your personal information corrected, rectified, or amended if what is held by us or a third party onboarded by us is incorrect/inaccurate in some way.

13.4. Right to erasure: This is your right, under certain circumstances, to ask for your personal information to be deleted. This would apply if your personal information is no longer required for the purposes it was collected for, your consent for the processing of that data has been expressly withdrawn, or where your personal information has been unlawfully processed. Once deleted all your data will be removed from our systems and will not be recoverable.

13.5. Right to withdraw consent: If you wish for the Company to stop processing your personal information, it is your right to withdraw consent, preventing the Company from further processing the same personal information.

13.6. Right to restrict processing: This is your right to ask for a temporary halt or pause in processing your data, such as in the case where a dispute or legal case must be concluded, or the data is being corrected.

13.7. Right to erasure: This is your right to ask for your personal information supplied directly to us, which we have processed under your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.

13.8. Right to data portability: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation, and direct marketing.

13.9. Right to object: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation, and direct marketing.

13.10. Rights in relation to automated decision-making and profiling: This is your right not to be subject to a decision based solely on automated processing.

We aim to respond to all legitimate requests without undue delay and within thirty (30) calendar days of receipt of any request from you. Occasionally it may take us longer than thirty (30) calendar days, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

If you wish to exercise any of them, please contact us at support@eziremit.co.za. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.