GCᵌH Privacy Information
This notice elaborates on how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
At GGᵌH we are committed to protecting your privacy and ensuring that your personal information is collected and used properly, lawfully and transparently.
Information we collect
We collect information directly from you when you voluntarily provide us with your personal details. Where possible, we will inform you what information you are required to provide to us and what information is optional.
How we use your information
We use your personal information only for the purposes for which it was collected and agreed with by you.
To gather contact information;
To confirm and verify your identity or to verify that you are an authorised user for security purposes;
For the detection and prevention of fraud, crime, money laundering or other malpractice;
To conduct market or customer satisfaction research or for statistical analysis;
For audit and record-keeping purposes;
In connection with legal proceedings.
Disclosure of information
We may disclose your personal information to our service providers who are involved in the delivery of products or services to you.
We may also disclose your information:
Where we have a duty or a right to disclose in terms of law or industry codes;
Where we believe it is necessary to protect our rights.
We are legally obliged to take reasonable steps to provide protection for the personal information we hold to prevent unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
Computer and network security;
Access to personal information;
Security in contracting out activities or functions;
Retention and disposal of information;
Acceptable usage of personal information;
Governance and regulatory issues;
Monitoring access and usage of private information;
Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Access to information
You have the right to request a copy of your personal information we hold. To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to payment of a legally allowable fee.
Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate.
Definition of personal information
According to the Act ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act, personal information also includes the following items:
All addresses including residential, postal and email addresses.
Change of name – for which we require copies of the marriage certificate or official change of name document issued by the department of home affairs.
GCᵌH makes use of PayFast as the payment portal on our website. Please see PayFast’ privacy terms below:
This policy applies to you if you are:
a visitor to our website; or
a user/customer/merchant who registers for an account on PayFast by completing the appropriate form in order to access the services provided.
Personal information includes:
certain information that we collect automatically when you visit our website or;
make use of our services by means of a merchants website;
certain information collected on registration (see below);
certain information collected on submission; and
optional information that you provide to us voluntarily.
permanently de-identified information that does not relate or cannot be traced back to you specifically;
non-personal statistical information collected and compiled by us; and
information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy).
Personal information includes information we collect (i) automatically when you visit our website or make use of our services by means of a merchants website, (ii) on registration, (iii) on submission, and (iv) from you voluntarily. It excludes (i) anonymous, (ii) de-identified, (iii) non-personal statistical, and (iv) public information
Common examples of the types of personal information which we may collect and process include your:
such as your name, date of birth, or identification number of any kind;
such as your phone number or email address;
such as your physical or postal address; or
Sensitive personal information
Depending on the goods or services that you require, we may also collect sensitive personal information including your:
such as your bank account details.
You must accept all the terms of this policy when you register for an account or request the use of our services. If you do not agree with anything in this policy, then you should not register for an account or make use of PayFast’s services.
You may not access our website or request our services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.
By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.
You may only send us your own personal information or, if you are sharing the information of another data subject, where you have their permission to do so.
Notification of changes
PayFast may change the terms of this policy at any time by updating this web page. We will notify you of any changes by placing a notice in a prominent place on the website. If you do not agree with the changes, then you must stop using the website and our services. If you continue to use the website and our services following notification of a change to the policy, the changed terms will apply to you and you will be deemed to have accepted those updated terms.
PayFast is, however, under no obligation to inform the User of such changes when they happen, although it is assumed that any changes will be minor and will not fundamentally impact the User. Should the change be deemed by PayFast to be significant, we will endeavour to inform the User of these changes through whatever means we deem necessary (banner on home page, email notification etc.) in a timely manner.
Information we collect on registration
In the course of service provision to the User we may collect certain forms of information. The types of information that we may collect are detailed below:
Information you provide:
When you register for an account on PayFast by completing the appropriate form, we ask you for personal information. We may combine the information you submit under your account with information from other services or third parties in order to provide you with a better experience and to improve the quality of our service.
In the course of providing a service to you, PayFast may ask for financial information (bank account details, credit card details etc.). Such information will be treated with the utmost privacy, will be stored encrypted on our systems, will only be communicated across a secure link and will not be provided to any third parties except where necessary to provide PayFast‘s service to you.
Once you register on our website, you will no longer be anonymous to us. You will provide us with certain personal information when you register on our website.
This personal information will include:
your name and surname;
your email address;
your telephone number;
ID number and ID type;
Photo on ID;
Country of Registration;
Bank Account details;
Credit Card details;
your company name, company registration number, and VAT number;
your postal address or street address; and
your username and password.
We will use this personal information to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.
PayFast collects and records certain Log information your browser sends.
When you use PayFast, our server automatically records information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
PayFast collects certain information from your web browser, including your Internet usage information when you visit our website.
PayFast collects certain information from web beacons on our website to compile anonymous information about our website.
Our website may contain electronic image requests that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal information. We merely use them to compile anonymous information about our website.
When you send email or other communication to PayFast, we may retain those communications in order to process your enquiries, respond to your requests and improve our services.
PayFast may present links in a format that enables us to keep track of whether these links have been followed and who followed them, either on the website or in electronic communications. We use this information to improve the quality of our service, customised content and advertising.
PayFast may monitor and record any telephone calls that you make to our Customer Support Teams. All call recordings are kept for quality assurance and will only be retained as necessary and in line with PayFast policy on retention of data.
Purpose for collection
We may use or process any goods or services information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal information, disclosing it, and combining it with other personal information. We generally collect and process your personal information for various purposes, including:
goods or service purposes
supply our services including providing our payments processing services to our merchants and consumers;
such as pursuing lawful related marketing activities;
such as internal audit, accounting, business planning, other proposed and actual transactions; and better understand our data subjects’ needs when doing so;
such as handling claims, complying with regulations, or pursuing good governance.
We may use your usage information for the purposes described above and to:
remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
monitor website usage metrics such as total number of visitors and pages accessed; and
track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
We may use any of your personal information that you provide to us for the purposes that you indicated when you agreed to provide it to us. PayFast processes personal information on web hosting servers which may not be in your present country.
Consent to collection
PayFast collects information from the User at several different points on the Site. PayFast is the sole owner of the information collected on PayFast‘s website “the Site”. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement.
Consent can be express (e.g. signing an agreement) or implied (e.g. if the User is given an opportunity to opt-out of a specific form of information sharing, but chooses not to do so, PayFast implies that the User chooses to share this information with us).
We will obtain your consent to collect personal information:
in accordance with applicable law;
when you provide us with any registration information or optional information.
We will get your consent to collect your personal information in accordance with applicable law or when you provide us with registration or optional information.
How information is used/ Our obligations
We may use your personal information to fulfil our obligations to you.
PayFast collects user information for the purposes described below:
providing a service to our users, including the display of customised content and advertising;
auditing, research and analysis in order to maintain, protect and improve our service;
ensuring the technical functioning of our equipment and resources;
developing new services.
While mostly this information will be used to provide a service to our users, it may also be used to provide our own services.
We may use your information to send you administrative messages and email updates to you regarding service announcements and for marketing purposes where lawful.
PayFast may send the User, site and service announcement updates on an irregular basis. Users are not able to unsubscribe from service announcements, which contain important information about our service.
On occasion PayFast will email newsletters to provide the User with information that we think the User will find useful, including information about new products and services. We might also contact the User by email to see if the User is interested in participating in market research regarding PayFast. We may also contact the User by email to respond to customer-service complaints that the User has submitted, to address a problem affecting the User’s use of the service or to verify the User’s account information if the User submits a password request.
We may use your information for targeted content in certain, specified instances.
We may also share your personal information with:
PayFast may share de-identified aggregated demographic information with our advertisers or information collection companies, but will not reveal any personally identifiable information in these instances. These companies do not retain, share, store or use personally identifiable information for any secondary purposes. We may also partner with third parties to provide specific services. When the User signs up for these services, we will only share the information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services;
PayFast may share a User’s contact information with other registered Users for the purposes of resolving support queries relating to PayFast or the service provided to a User by another User. This contact information includes, but is not limited to, name, surname, email address and phone number. Typically, this would be providing a buyer’s contact details to a seller or vice versa, where PayFast has the necessary information to assist, but cannot actually resolve a support query;
Other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services);
Our goods or services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit);
Banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you utilise the services to receive payments and you meet their criteria)
We may share your personal information with third parties for the purposes of fulfilling our obligations to you among other purposes.
We may disclose your personal information as required by law or governmental audit.
We may disclose personal information if required:
by a subpoena or court order;
to comply with any law;
to protect the safety of any individual or the general public; and
to prevent violation of our customer relationship terms.
We may generate and disclose personal information to third parties if required for legal reasons.
We may generate and disclose anonymized and aggregated statistics and data about personal information to Payfast’s customers and partners regarding transactional patterns, fraud and other trends.
We may need to disclose personal information to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.
Change of ownership
Change of ownership
We take the security of personal information very seriously and always do our best to comply with applicable data protection laws. Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent unauthorized access, disclosure and destruction of data from internal or external threats..
PayFast adheres and complies to the Payment Card Industry Data Security Standard (“PCI-DSS”) requirements and maintains such to the best of its abilities in its possession, storage, processing and/or transmission of cardholder data on behalf of our merchants and customers.
In the unlikely event of personal information about a User being inadvertently leaked or PayFast’s security being unlawfully breached by any unauthorised party, PayFast shall as soon as reasonably possible identify the relevant Users who may be affected by the security breach, and shall attempt to contact them at their last known email address or contact details or by the quickest means possible.
PayFast shall provide sufficient information to the User to allow him or her to take the necessary protective measures against the potential consequences of the compromise, or shall advise Users of the steps to be taken by them and the possible consequences that may ensue from the breach for them.
Our website is hosted on a secure server and uses security measures to prevent unauthorized access, disclosure and destruction of data from internal or external threats.
We will try to keep the personal information we collect as accurate, complete and up to date as is necessary for the purposes defined in this policy. From time to time we may request you to update your personal information on the website. You are able to review or update any personal information that we hold on you by accessing your account online, emailing us, or phoning us. Please note that in order to better protect you and safeguard your personal information, we take steps to verify your identity before granting you access to your account or making any corrections to your personal information.
Please keep your personal information accurate and up to date by accessing your account online, emailing us, by phoning us.
We will only retain your personal information for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:
retention of the record is required or authorised by law; or
you have consented to the retention of the record.
During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information.
We will only retain your personal information for as long as is necessary
Transfer to another country
We process personal information outside of South Africa. We will only transfer data to other countries who have similar privacy laws to South Africa’s, or recipients who can guarantee the protection of personal information to the same standard we must protect it. You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be to the same standard as what we must protect.
You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be to the same standard as what we must protect.
Updating or removingYou may choose to correct or update the personal information you have submitted to us, by editing your Profile menu under your logged in session on our website or contacting us by phone or email.
You may choose to update or remove the personal information you have submitted to us.
LimitationWe are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third party websites.
Enquiries and contact information
The terms “The User” and “User” are used interchangeably and refer to all individuals and/or entities accessing this web site for any reason whatsoever.
The terms “we” and “PayFast” are used interchangeably and refer to PayFast itself and all individuals and/or entities acting directly on behalf of PayFast.
The term “the Site” are used interchangeably and refer to the PayFast web site that are being accessed by individuals or entities.