PRIVACY POLICY

  1. WHO ARE WE?

Ozow, registered as Ozow (Pty) Ltd (Company Registration Number: 2013/214663/07) (“Ozow”) provides an instant Electronic Funds Transfer (“EFT”) payment system (the “Payment System”) to consumers and businesses to perform simple, fast and secure transactions. The Payment System enables easy payment integration with existing merchant solutions, while providing the flexibility of performing secure digital payments in the continuously evolving mobile environment.

Ozow is registered as a Systems Operator and a Third Party Payment Provider with the Payment Association of South Africa.

While the official website operated by Ozow is https://ozow.com/ (the “Website”), the Payment System is integrated on the various sites operated by our merchants (the “Merchant Websites”).

This Privacy Policy complies with and facilitates the obligations required from the South African Protection of Personal Information Act No. 4 of 2013 (“POPI”), as amended, and applies to users and customers of Ozow (“you”), that is anyone that is using the Ozow Payment System.

  1. WHY DO WE HAVE A PRIVACY POLICY?

We care about your privacy. As a responsible payment solutions service, secure processing of your personally identifiable information (“Personal Information”) is of utmost importance to us.  As such, we ensure that we collect, use, store and transfer (“process”) your Personal Information in keeping with laws and regulations that are aimed at protecting the integrity of your Personal Information.

Our Privacy Policy will assist you in understanding the manner in which your Personal Information is processed by us. Therefore it is necessary to read it carefully before you use our Payment System.  It is important that you read this Privacy Policy together with Ozow’s Promotion of Access to Information Act No. 2 of 2000 (“PAIA”) manual so that you are fully aware of how and why we are using your Personal Information.

You should not be using our Payment System if:

    • you do not agree with any of the terms of our Privacy Policy, or
    • you are younger than 18 years old and do not have legal capacity to conclude legally binding contracts. We do not have any intention of collecting or processing Personal Information for individuals that do not have the legal capacity to conclude legally binding contracts.

By communicating electronically with us through the use of our Payment System, you confirm that you have read this Privacy Policy and the PAIA manual and that you consent to the manner in which we process your Personal Information as set out in this Privacy Policy and the PAIA manual.

  1. WHAT TYPE OF INFORMATION DO WE COLLECT AND WHY?

Currently, we collect the following information:

Customer information we collect

Merchant information we collect

Payment information – the name of the bank; bank account number; the cost of the good or service you are purchasing; and the seller of the goods or services you are purchasing.

In registering for use of the Payment System, you will be asked to provide such Personal Information including your name, surname, company name, company registration number, registered address, VAT number, telephone number, email address and password.

Device information – such as the IP address; and browser settings. In gaining device information we may use web traffic tools that permit us to analyse user activity.

You may provide additional Personal Information to us on a voluntary basis.

Information about how you interact with our Payment System. This includes us collecting any proof of payment documentation issued by the bank that you used to administer the payment, indicating in such terms as the relevant bank necessitates, that payment has been successfully completed by you through the use of the Ozow’s EFT payment solution and through your selected bank account.

 

Geographical information.

 

If you subscribe for tokenisation, you will provide us with your bank account log-in information.

 

You will be required to provide your name and cellphone number in order for SMS payment requests to be sent to your cellphone number.

 

 

Reason we process your information

Legal basis for processing your information

To provide you with the full scope of our Payment System and appropriately automate your payment.  

Fulfill contractual obligations and pursue legitimate interests.  

For internal troubleshooting, data analysis, testing, research, and statistical purposes.

Pursue legitimate interests.  

To ensure that content is presented in the most effective manner for you and for your device.  

Fulfill contractual obligations.  

To carry out risk analysis, fraud prevention and risk management.  

Comply with laws and pursue legitimate interests.  

To improve our Payment System and for general business development purposes.  

Pursue legitimate interests.  

To comply with applicable laws, such as anti-money laundering and regulatory requirements.

Comply with laws.  

We process your data as needed to fulfill our contractual fulfillment towards you and as required by statutory retention periods or necessary to pursue our legitimate interests.

  1. WHO WILL WE SHARE YOUR INFORMATION WITH?

Credit bureaus and similar providers. Your personal data may be shared with credit bureaus, providers of identity lookups and fraud prevention agencies to comply with our regulatory obligations and to protect you and other customers from fraud.

Ozow group. Your information may be shared with companies within the Ozow group.

Authorities. Ozow may disclose necessary information to authorities, such as regulatory bodies, if we are required by law or you agreed to it (for instance, for anti-money laundry or counter-terrorism).

Divestments. Ozow may transfer any Personal Information we hold about you to any entity involved in a re-organisation of Ozow (where such re-organisation may be by way of a merger, sale, dissolution, disposal of all or part of our assets or similar event).

Business. Ozow may disclose Personal Information to our merchants and distributors for legitimate business purposes.

  1. WHERE DO WE STORE YOUR PERSONAL INFORMATION?

We strive to process your data within South Africa which data is stored on a virtual machine that could be hosted on a physical server anywhere in the world. Ozow will ensure all reasonable contractual, legal, technical, and organisational measures are taken to adequately secure your Personal Information.

As a customer, if you opt in for tokenisation, your bank account log-in information is stored encrypted and securely to prevent unauthorised access or decrypting of this information. In this way, no single party, including Ozow is able to decrypt this information without you, the customer, initiating the payment process.

  1. HOW DO WE ENSURE THE SECURITY OF INFORMATION?

We are committed to implementing leading data security safeguards.

We have specialised security teams who constantly review and improve our measures to protect your Personal Information from unauthorised access, accidental loss, disclosure or destruction, and ensure that your Personal Information is only utilised and stored by us solely in an authorised manner.

Ozow has taken due cognisance of the Payment Card Industry Data security standard (“PCI DSS”), this being a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Given that Ozow does not process credit card payments, PCI DSS certification is not strictly required.  However, Ozow has taken an extremely cautious approach to security by being PCI DSS Level 1 compliant, ensuring that it maintains the same security features as industry players that actually process credit card payments.

Ozow has an EV SSL Certificate issued by Thawte under which traffic is encrypted between users and servers so as protect against interception of your sensitive data.

In addition, the internet banking second-factor authentication still applies to you when making a payment using the Payment System, further preventing any fraudulent interception when payment is being made.

If applicable and selected by customers of Ozow, tokenisation provides an additional safeguard for customers bank account information. This information is stored using Ozow’s patent pending tokenisation method to ensure the safe storage of this information and to prevent unauthorised access to this information. This solution has been audited by a renowned information security company to ensure that this information can only be decrypted when the customer initiates payment.

  1. YOUR RIGHTS REGARDING THE INFORMATION THAT WE PROCESS

Your legal rights pertaining to your Personal Information will always be respected by us.

In the event that you would like – (i) access to your Personal Information; (ii) to correct or amend your Personal Information; (iii) to request the deletion of your Personal Information; (iv) to object to the processing of your Personal Information; (v) a copy or description of the record containing your Personal Information; (vi) the identity or categories of third parties who have access to your Personal Information, or (vii) to have your Personal Information deleted, you may inform us of your request in writing, using one of the following methods:

    • Email: [email protected]; or
    • Mail: 30 Melrose Boulevard, Mezzanine Level, Off MO213, Melrose Arch, Melrose North, Johannesburg, Gauteng, South Africa, 2196.

We will attend to requests for access to Personal Information within a reasonable time. You may be required to pay a prescribed fee to receive copies or descriptions of records, or information about third parties. Your request for access may be refused in certain circumstances and access may be limited by certain applicable legislation.

Upon the provision by you of adequate documentation that we deem sufficient to support your identity, we will inform you of the changes that we are legally capable of making to your Personal Information, as permitted by applicable legal and ethical reporting standards imposed on us. The changes in Personal Information will be reflected on our systems as soon as is reasonably possible.

Please refer to Ozow’s PAIA manual for further information on how you can give effect to your legal rights outlined herein. The PAIA manual is located on our Website. This PAIA manual details, amongst other things, the process you should follow to give effect to your rights, the applicable fees and grounds for refusal of access.

  1. COOKIES

A cookie is a small text file that is placed on your hard disk by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. No Personal Information is stored in cookies.

We may use technologies, such as cookies, to collect information about the pages you view, the links you click and other actions you take on our sites and services. We use the information we collect for statistical purposes and to study how the Website is used so that we may improve and enhance your experience on the Website.

  1. LINKS TO OTHER WEBSITES

Our Website as well as Merchant Websites may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply that we endorse these websites, nor can we confirm the adequacy of the privacy policies of the third parties that operate such websites.

Ensure that you have gained the necessary comfort regarding the legality of such websites, together with their privacy policies prior to your use of such websites.

  1. COMPLIANCE AND ENFORCEMENT OF THIS PRIVACY POLICY

Our compliance with this Privacy Policy will be monitored on a regular basis. Ozow reserves the right to modify this Privacy Policy with any updates to our security protocol and processing methods. The Privacy Policy posted at any time via the Website shall be deemed to be the Privacy Policy then in effect. We therefore encourage you to check this page regularly.

Any queries regarding this Privacy Policy, the way in which your Personal Information is treated or any aspects of our Payment System may be made by emailing [email protected] or sending a written letter to the address set out in Item 7 above.  We will store any correspondence from you at our offices.

  1. GOVERNING LAW

This Privacy Policy and all disputes and claims arising from it shall be governed by and construed in accordance with the laws of the Republic of South Africa.