- WHO ARE WE?
Ozow, registered as Ozow (Pty) Ltd (Company Registration Number: 2013/214663/07) (“Ozow”) provides an instant Electronic Funds Transfer (“EFT”) payment system (the “Payment System”) to consumers and businesses to perform simple, fast and secure transactions. The Payment System enables easy payment integration with existing merchant solutions, while providing the flexibility of performing secure digital payments in the continuously evolving mobile environment.
Ozow is registered as a Systems Operator and a Third Party Payment Provider with the Payment Association of South Africa.
While the official website operated by Ozow is https://ozow.com/ (the ”Website”), the Payment System is integrated on the various sites operated by our merchants (the “Merchant Websites”).
We care about your privacy. As a responsible payment solutions service, secure processing of your personally identifiable information (“Personal Information”) is of utmost importance to us. As such, we ensure that we collect, use, store and transfer (“process”) your Personal Information in keeping with laws and regulations that are aimed at protecting the integrity of your Personal Information.
You should not be using our Payment System if:
- you are younger than 18 years old and do not have legal capacity to conclude legally binding contracts. We do not have any intention of collecting or processing Personal Information for individuals that do not have the legal capacity to conclude legally binding contracts.
- making transfers of or sharing your Personal Information on Ozow corporate systems, to other entities, agents, Ozow affiliates, subcontractors, or to other relevant business partners, which may in turn store your Personal Information on a “cloud-based” Amazon web platform in South Africa and the European Union. When making such transfers, Ozow will ensure that the necessary protections are in place to safeguard your Personal Information transferred in accordance with applicable laws;
- processing your Personal Information, and in doing so you acknowledge that you understand and accept the purposes for which it is required and for which it will be used as detailed below; and
- WHAT TYPE OF INFORMATION DO WE COLLECT AND WHY?
Currently, we collect the following information:
- As a merchant or customer:
- Your “Personal Information” as defined in POPI and the General Data Protection Regulation, as amended from time to time, which includes but is not limited to: your name, surname, identity number, residential address, company name, company registration number, registered address, VAT number, telephone number, email address and password.
- Any additional Personal Information you wish to provide on a voluntary basis.
- As a customer:
- Payment information, including but not limited to the name of the bank, bank account number, bank account log-in information, the cost of the good or service you are purchasing, and the seller of the goods or services you are purchasing.
- Device information such as the IP address and browser settings. In gaining device information we may use web traffic tools that permit us to analyse user activity.
- Information about how you interact with our Payment System. This includes us collecting any proof of payment documentation issued by the bank that you used to administer the payment, indicating in such terms as the relevant bank necessitates, that payment has been successfully completed by you through the use of Ozow’s EFT payment solution and through your selected bank account.
- Geographical information.
Reason we process your information
Legal basis for processing your information
To provide you with the full scope of our Payment System and appropriately automate your payment.
Fulfill contractual obligations and pursue legitimate interests.
For internal troubleshooting, data analysis, testing, research, and statistical purposes.
Pursue legitimate interests.
To ensure that content is presented in the most effective manner for you and for your device.
Fulfill contractual obligations.
To carry out risk analysis, fraud prevention and risk management.
Comply with laws and pursue legitimate interests.
To improve our Payment System and for general business development purposes.
Pursue legitimate interests.
To comply with applicable laws, such as anti-money laundering and regulatory requirements.
Comply with laws.
We process your data as needed to fulfill our contractual fulfillment towards you and as required by statutory retention periods or necessary to pursue our legitimate interests.
- WHO WILL WE SHARE YOUR INFORMATION WITH?
Credit bureaus and similar providers. Your personal data may be shared with credit bureaus, providers of identity lookups and fraud prevention agencies to comply with our regulatory obligations and to protect you and other customers from fraud.
Ozow group. Your information may be shared with companies within the Ozow group.
Authorities. Ozow may disclose necessary information to authorities, such as regulatory bodies, if we are required by law or you agreed to it (for instance, for anti-money laundry or counter-terrorism).
Divestments. Ozow may transfer any Personal Information we hold about you to any entity involved in a re-organisation of Ozow (where such re-organisation may be by way of a merger, sale, dissolution, disposal of all or part of our assets or similar event).
Business. Ozow may disclose Personal Information to our merchants and distributors for legitimate business purposes.
- WHERE DO WE STORE YOUR PERSONAL INFORMATION?
We strive to process your data within South Africa which data is stored on a virtual machine that could be hosted on a physical server anywhere in the world. Ozow will ensure all reasonable contractual, legal, technical, and organisational measures are taken to adequately secure your Personal Information.
As a customer, if you opt in for Ozow Pin, your bank account log-in information is stored encrypted and securely to prevent unauthorised access or decrypting of this information. In this way, no single party, including Ozow is able to decrypt this information without you, the customer, initiating the payment process.
- HOW DO WE ENSURE THE SECURITY OF INFORMATION?
We are committed to implementing leading data security safeguards.
We have specialised security teams who constantly review and improve our measures to protect your Personal Information from unauthorised access, accidental loss, disclosure or destruction, and ensure that your Personal Information is only utilised and stored by us solely in an authorised manner.
Ozow has taken due cognisance of the Payment Card Industry Data security standard (“PCI DSS”), this being a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Given that Ozow does not process credit card payments, PCI DSS certification is not strictly required. However, Ozow has taken an extremely cautious approach to security by being PCI DSS Level 1 compliant, ensuring that it maintains the same security features as industry players that actually process credit card payments.
Ozow has an EV SSL Certificate issued by Thawte under which traffic is encrypted between users and servers so as protect against interception of your sensitive data.
In addition, the internet banking second-factor authentication still applies to you when making a payment using the Payment System, further preventing any fraudulent interception when payment is being made.
If applicable and selected by customers of Ozow, Ozow Pin provides an additional safeguard for customers bank account information. This information is stored using Ozow’s patent pending Ozow Pin method to ensure the safe storage of this information and to prevent unauthorised access to this information. This solution has been audited by a renowned information security company to ensure that this information can only be decrypted when the customer initiates payment.
- YOUR RIGHTS REGARDING THE INFORMATION THAT WE PROCESS
Your legal rights pertaining to your Personal Information will always be respected by us.
In the event that you would like – (i) access to your Personal Information; (ii) to correct or amend your Personal Information; (iii) to request the deletion of your Personal Information; (iv) to object to the processing of your Personal Information; (v) a copy or description of the record containing your Personal Information; (vi) the identity or categories of third parties who have access to your Personal Information, or (vii) to have your Personal Information deleted, you may inform us of your request in writing, using one of the following methods:
- Email: [email protected]; or
- Mail: 30 Melrose Boulevard, Mezzanine Level, Off MO213, Melrose Arch, Melrose North, Johannesburg, Gauteng, South Africa, 2196.
We will attend to requests for access to Personal Information within a reasonable time. You may be required to pay a prescribed fee to receive copies or descriptions of records, or information about third parties. Your request for access may be refused in certain circumstances and access may be limited by certain applicable legislation.
Upon the provision by you of adequate documentation that we deem sufficient to support your identity, we will inform you of the changes that we are legally capable of making to your Personal Information, as permitted by applicable legal and ethical reporting standards imposed on us. The changes in Personal Information will be reflected on our systems as soon as is reasonably possible.
Please refer to Ozow’s PAIA manual for further information on how you can give effect to your legal rights outlined herein. The PAIA manual is located on our Website. This PAIA manual details, amongst other things, the process you should follow to give effect to your rights, the applicable fees and grounds for refusal of access.
A cookie is a small text file that is placed on your hard disk by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. No Personal Information is stored in cookies.
We may use technologies, such as cookies, to collect information about the pages you view, the links you click and other actions you take on our sites and services. We use the information we collect for statistical purposes and to study how the Website is used so that we may improve and enhance your experience on the Website.
- LINKS TO OTHER WEBSITES
Our Website as well as Merchant Websites may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply that we endorse these websites, nor can we confirm the adequacy of the privacy policies of the third parties that operate such websites.
Ensure that you have gained the necessary comfort regarding the legality of such websites, together with their privacy policies prior to your use of such websites.
- GOVERNING LAW