1. WHO ARE WE?
Ozow, registered as Ozow (Pty) Ltd (Company Registration Number: 2013/214663/07) (“Ozow”) provides an instant Electronic Funds Transfer (“EFT”) payment system (the “Payment System”) to consumers and businesses to perform simple, fast and secure transactions. The Payment System enables easy payment integration with existing merchant solutions, while providing the flexibility of performing secure digital payments in the continuously evolving mobile environment.
Ozow is registered as a Systems Operator and a Third Party Payment Provider with the Payment Association of South Africa.
While the official website operated by Ozow is https://ozow.com/ (the “Website”), the Payment System is integrated on the various sites operated by our merchants (the “Merchant Websites”) and the various products which Ozow may make available to its merchants in which the Payment System is utilised, or directly to consumers (such as through OZOW ME).
We care about your privacy. As a responsible payment solutions service, secure processing of your personally identifiable information (“Personal Information” or “PI”) and “special personal information” (as defined in POPIA) is of utmost importance to us. As such, we ensure that we collect, use, store and transfer (“process”) your Personal Information and special personal information (as the case may be) in keeping with laws and regulations that are aimed at protecting the integrity of your Personal Information and special personal information (as the case may be).
You should not be using our Payment System if:
- you are younger than 18 years old and do not have legal capacity to conclude legally binding contracts. We do not have any intention of collecting or processing Personal Information or special personal information (as the case may be) for individuals that do not have the legal capacity to conclude legally binding contracts.
- making transfers of or sharing your Personal Information and special personal information (as the case may be) on Ozow corporate systems or its other relevant systems, to other entities, agents, Ozow affiliates, subcontractors, or to other relevant business service providers (“partners”), which may in turn store your Personal Information and special personal information (as the case may be) outside of the jurisdiction of South Africa and in accordance with the relevant regulatory standards of such jurisdiction in keeping with POPIA or the General Data Protection Regulations (“GDPR”). When making such transfers, Ozow will ensure that the necessary protections are in place to safeguard your Personal Information and special personal information (as the case may be) transferred in accordance with applicable laws;
- processing your Personal Information and special personal information (as the case may be), and in doing so you acknowledge that you understand and accept the purposes for which it is required and for which it will be used as detailed below; and
3. WHAT TYPE OF INFORMATION DO WE COLLECT AND WHY?
Currently, we collect the following information:
- As a merchant or customer:
o Your “Personal Information” as defined in POPIA and the General Data Protection Regulation, as amended from time to time, which includes but is not limited to: your name, surname, identity number, residential address, company name, company registration number, registered address, VAT number, bank account information, telephone number, email address and password.
o Any additional Personal Information you wish to provide on a voluntary basis.
- As a current employee or prospective employee:
o Your Personal Information and “special personal information” as defined in POPIA, as amended from time to time, which information includes but is not limited to: your name, surname, identity number, residential address, company name, company registration number, registered address, VAT number, bank account information, telephone number, email address and password, race, gender, disability status.
o Any additional Personal Information or special personal information you wish to provide on a voluntary basis.
- As a customer:
o Payment information, including but not limited to the name of the bank, bank account number, bank account log-in information, the cost of the good or service you are purchasing, and the seller of the goods or services you are purchasing.
o Device information such as the IP address and browser settings. In gaining device information we may use web traffic tools that permit us to analyse user activity.
o Information about how you interact with our Payment System. This includes us collecting any payment documentation issued by the bank that you used to administer the payment, indicating in such terms as the relevant bank necessitates,
that payment has been successfully completed by you through the use of Ozow’s EFT payment solution and through your selected bank account.
o Geographical information.
Reason we process your information
Legal basis for processing your information
To provide you with the full scope of our Payment System and appropriately automate your payment.
Fulfil contractual obligations and pursue legitimate interests.
For internal troubleshooting, data analysis, testing, research, and statistical purposes.
Pursue legitimate interests.
To ensure that content is presented in the most effective manner for you and for your device.
Fulfil contractual obligations.
To carry out risk analysis, fraud prevention and risk management.
Comply with applicable laws and pursue legitimate interests.
To improve our Payment System and for general business development purposes.
Pursue legitimate interests.
To comply with applicable laws, such as anti-money laundering and regulatory requirements.
Comply with applicable laws.
To run data analytics and thereby enhance our business offering.
Fulfil contractual obligations and pursue legitimate interests.
To conduct human resources enquiries and implement related processes.
Comply with applicable laws, fulfil contractual obligations and pursue legitimate interests.
We process your data as needed to fulfil our contractual fulfilment towards you and as required by
statutory retention periods or necessary to pursue our legitimate interests.
You warrant that the information that you have provided to Ozow is accurate, current, true and correct and that it does not impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything. You undertake to advise Ozow should your information change in this respect and undertake to fully indemnify Ozow in the event that Ozow suffers any losses whatsoever as a result of your breach of this warranty.
Where applicable and should you provide Ozow with your customer’s PI or PI that you do not own, you further warrant that you have obtained the requisite consent in compliance with applicable laws, particularly POPIA, and if applicable the Regulation 6 Form 4 consent in line with section 69 of POPIA, from the relevant customers and owners of the PI for the processing, cross border transfer, marketing and other relevant processing and use of their PI, as determined by the merchant sharing the PI and Ozow, on a case by case basis. In such instances, you agree to promptly notify Ozow should any of your customers or the owner of the PI inform you of its decision to revoke consent in any manner and you undertake to keep records of the consent, which records Ozow may request from time to time.
Ozow confirms that any processing of PI in respect of the aforementioned will be carried out in accordance with the relevant applicable laws.
4. WHO WILL WE SHARE YOUR INFORMATION WITH?
Credit bureaus and similar providers. Your Personal Information and special personal information may be shared with credit bureaus, providers of identity lookups, fraud prevention agencies and any other third parties to comply with our regulatory obligations and/or to protect you and other customers from fraud and other criminal offences, and to investigate any suspected or alleged fraud and other criminal offences.
Ozow group. Your Personal Information and special personal information may be shared with companies within the Ozow group.
Authorities. Ozow may disclose necessary Personal Information and special personal information to authorities, such as regulatory bodies, if we are required by law or you agreed to it (for instance, for anti-money laundry or counter-terrorism).
Divestments. Ozow may transfer any Personal Information and special personal information we hold about you to any entity involved in a re-organisation of Ozow (where such re-organisation may be by way of a merger, sale, dissolution, disposal of all or part of our assets or similar event).
Business. Ozow may disclose Personal Information and special personal information to our merchant and distributors for legitimate business purposes.
Third party service providers. Ozow may disclose Personal Information and special personal information securely and in accordance with applicable data protection legislation to third party service providers including but not limited to, data analytics providers, customer support service providers, cloud service providers, BEE consultants and other similar technical service providers.
Other third parties. Ozow may share Personal Information or special personal information, as the case may be, with other third parties for purposes of data matching and related services.
5. WHERE AND FOR HOW LONG DO WE STORE YOUR PERSONAL INFORMATION AND SPECIAL
We strive to process your data within South Africa which data is stored on a virtual machine that could be hosted on a physical server anywhere in the world. Ozow will ensure all reasonable contractual, legal, technical, and organisational measures are taken to adequately secure your Personal Information.
As a customer, if you opt in for Ozow Pin, your bank account log-in information is stored encrypted and securely to prevent unauthorised access or decrypting of this information. In this way, no single party, including Ozow is able to decrypt this information without you, the customer, initiating the payment process.
We may store your Personal Information or special personal information indefinitely, however, we will only store it if there is a lawful purpose to do so.
6. HOW DO WE ENSURE THE SECURITY OF INFORMATION?
We are committed to implementing leading data security safeguards.
We have specialised security teams who constantly review and improve our measures to protect your Personal Information from unauthorised access, accidental loss, disclosure or destruction, and ensure that your Personal Information is only utilised and stored by us solely in an authorised manner.
Ozow has taken due cognisance of the Payment Card Industry Data security standard (“PCI DSS”), this being a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Given that Ozow does not process credit card payments, PCI DSS certification is not strictly required. However, Ozow has taken an extremely cautious approach to security by being PCI DSS Level 1 compliant, ensuring that it maintains the same security features as industry players that actually process credit card payments.
All traffic between the users and servers is encrypted using SSL to protect against interception of your sensitive data.
In addition, the internet banking second-factor authentication still applies to you when making a payment using the Payment System, further preventing any fraudulent interception when payment is being made.
If applicable and selected by customers of Ozow, Ozow Pin provides an additional safeguard for customers bank account information. This information is stored using Ozow’s patent pending Ozow Pin method to ensure the safe storage of this information and to prevent unauthorised access to this information. This solution has been audited by a renowned information security company to ensure that this information can only be decrypted when the customer initiates payment.
7. YOUR RIGHTS REGARDING THE INFORMATION THAT WE PROCESS
Your legal rights pertaining to your Personal Information will always be respected by us.
In the event that you would like – (i) access to your Personal Information; (ii) to correct or amend your Personal Information; (iii) to request the deletion of your Personal Information; (iv) to object to the processing of your Personal Information; (v) a copy or description of the record containing your Personal Information; (vi) the identity or categories of third parties who have access to your Personal Information, or (vii) to have your Personal Information deleted, you may inform us of your request in writing, using one of the following methods:
- Email: [email protected]; or
- Mail: 30 Melrose Boulevard, Mezzanine Level, Off MO213, Melrose Arch, Melrose North, Johannesburg, Gauteng, South Africa, 2196.
We will attend to requests for access to Personal Information within a reasonable time. You may be required to pay a prescribed fee to receive copies or descriptions of records, or information about third parties. Your request for access may be refused in certain circumstances and access may be limited by certain applicable legislation.
Upon the provision by you of adequate documentation that we deem sufficient to support your identity, we will inform you of the changes that we are legally capable of making to your Personal Information, as permitted by applicable legal and ethical reporting standards imposed on us. The changes in Personal Information will be reflected on our systems as soon as is reasonably possible.
Please refer to Ozow’s PAIA manual for further information on how you can give effect to your legal rights outlined herein. The PAIA manual is located on our Website. This PAIA manual details, amongst other things, the process you should follow to give effect to your rights, the applicable fees and grounds for refusal of access.
A cookie is a small text file that is placed on your hard disk by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. No Personal Information is stored
We may use technologies, such as cookies, to collect information about the pages you view, the links you click and other actions you take on our sites and services. We use the information we collect for statistical purposes and to study how the Website is used so that we may improve and enhance your experience on the Website.
9. LINKS TO OTHER WEBSITES
Our Website as well as Merchant Websites may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply that we endorse these websites, nor can we confirm the adequacy of the privacy policies of the third parties that operate such websites.
Ensure that you have gained the necessary comfort regarding the legality of such websites, together with their privacy policies prior to your use of such websites.
11. GOVERNING LAW
12. HOW TO LODGE A COMPLAINT WITH THE INFORMATION REGULATOR
You may also lodge a complaint with the Information Regulator. The contact details of the Information Regulator are available on its website at https://justice.gov.za/inforeg/.