Privacy Policy

1. INTRODUCTION

1.1 Wallety (Pty) Ltd, registration number 2023/212376/07 (hereinafter referred to as Wallety)  in order to carry out its goals and business objectives as a computer application and  technologies company, does and will on an ongoing basis process personal information. 

1.2 The Protection of Personal Information Act 4 of 2013 (hereinafter referred to as POPIA)  aims to give effect to the constitutional right to privacy by introducing measures that regulate  every step of how personal information belonging to both individuals and juristic entities is  collected, stored, transferred and used by both private and public bodies from the moment of  collection until the moment of destruction, in order to ensure that personal information is  processed and managed in a fair, transparent and secure manner. 

1.3 Wallety is committed to protecting individuals and juristic entities right to privacy and in  consequence undertakes to responsibly process personal information in line with the  provisions of POPIA. Wallety does this not only to comply with the provisions of POPIA, but  also to protect its reputation, as well as to be a good corporate citizen. 

1.4 The purpose of this policy is to create a general framework aimed at setting out the  manner in which Wallety processes personal information. 

1.5 This privacy policy is applicable to all of Wallety’s day-to-day operations and electronic  platforms and facilities, including but not limited to social media platforms, websites and  emails. 

1.6 This privacy policy is also applicable to all of Wallety’s employees, clients, vendors,  contractors, suppliers and any other third parties whose personal information may be  collected, stored, transferred, used or processed in any other way by Wallety. 

2. DEFINITIONS

2.1 The following definitions apply to this policy; 

2.1.1 Client – The term Client is expansively defined in this Privacy Policy and means the  person to whom personal information relates which may include employees, clients,  prospective clients, vendors, contractors, suppliers and any other third parties whose  personal information may be lawfully processed by Wallety. 

2.1.2 CPA – means the Consumer Protection Act, 68 of 2008; 

2.1.3 Companies Act – means the Companies Act, 71 of 2008; 

2.1.4 Competent person – means any person who is legally competent to consent to any  action or decision being taken in respect of any matter concerning a minor; 

2.1.5 Consent – means any voluntary, specific and informed expression of will in terms of  which permission is given for the processing of personal information; 

2.1.6 Data Subject – means the person to whom personal information relates;

2.1.7 FICA – mean the Financial Intelligence Centre Act, 38 of 2001; 

2.1.8 Information Officer – means the Chief Executive Officer or the Managing Director or  equivalent officer of Wallety or any person duly authorised by the Chief Executive Officer or  the Managing Director to act as Information Officer; 

2.1.9 Operator – means a person who processes personal information for Wallety in terms of  a contract or mandate, without coming under the direct authority of Wallety 

2.1.10 PAIA – means the Promotion of Access to Information Act, 2 of 2000 

2.1.11 Personal Information – means information relating to an identifiable, living, natural  person, and where it is applicable, an identifiable, existing juristic person, including, but not  limited to— 

2.1.11.1 information relating to the race, gender, sex, pregnancy, marital status, national,  ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being,  disability, religion, conscience, belief, culture, language and birth of the person; 

2.1.11.2 information relating to the education or the medical, financial, criminal or  employment history of the person; 

2.1.11.3 any identifying number, symbol, e-mail address, physical address, telephone number,  location information, online identifier or other particular assignment to the person; 

2.1.11.4 the biometric information of the person; 

2.1.11.5 the personal opinions, views or preferences of the person; 

2.1.11.6 correspondence sent by the person that is implicitly or explicitly of a private or  confidential nature or further correspondence that would reveal the contents of the original  correspondence; 

2.1.11.7 the views or opinions of another individual about the person; and 

2.1.11.8 the name of the person if it appears with other personal information relating to the  person or if the disclosure of the name itself would reveal information about the person; 

2.1.12 POCDATARA Act – means the Protection of Constitutional Democracy Against Terrorist  and Related Activities Act, 33 of 2004 

2.1.13 Processing – means any operation or activity or any set of operations, whether or not  by automatic means, concerning personal information, including— 

2.1.13.1 the collection, receipt, recording, organisation, collation, storage, updating or  modification, retrieval, alteration, consultation or use; 

2.1.13.2 dissemination by means of transmission, distribution or making available in any  other form; or 

2.1.13.3 merging, linking, as well as restriction, degradation, erasure or destruction of  information;

2.1.14 Responsible Party – means a public or private body or any other person which, alone  or in conjunction with others, determines the purpose of and means for processing personal  information; 

2.1.15 Special Personal Information – means information relating to— 

2.1.15.1 the religious or philosophical beliefs, race or ethnic origin, trade union membership,  political persuasion, health or sex life or biometric information of a data subject; or 

2.1.15.2 the criminal behaviour of a data subject to the extent that such information relates  to— 

2.1.15.2.1 the alleged commission by a data subject of any offence; or 

2.1.15.2.2 any proceedings in respect of any offence allegedly committed by a data subject or  the disposal of such proceedings. 

2.1.16 UIF – means the Unemployment Insurance Act, 63 of 2001.

3. PERSONAL INFORMATION COLLECTED

3.1 In order to conduct its business Wallety may collect the following personal information  and special personal information: 

3.1.1 The Client’s Identity number, name, surname, race, gender, nationality, age, language  preference, date of birth, email address, and telephone number. 

3.1.2.Iinformation relating to education, financial, criminal or employment history of a person,  identifying numbers such as identity or passport number, tax identification numbers or tax  reference numbers 

3.1.3 The Client’s financial information, biometrics information and banking details. 

3.2 Wallety may collect additional pieces of personal information and special personal  information by agreement between itself and the Client. 

3.3. Wallety do not process special personal information in the ordinary course of business.  We will process other special personal information only if we obtain your consent or have  another valid justification to do so. 

4. PROCESSING PURPOSES

4.1 Wallety undertakes to process the personal information of the Client to the extent, and in  such a manner as is necessary to provide the services agreed upon and in accordance with  the written instructions of the Client, unless required to do otherwise by law. 

4.2 Wallety further undertakes to, at all times, reasonably process personal information and is  accordingly committed to processing personal information in an adequate, relevant and non excessive manner. 

4.3 Wallety will process the personal information of its Clients for the following purposes:

4.3.1 To act on or respond to instructions or requests for the provision of computer  application, technological and other related services; 

4.3.2 To fulfil any contractual obligations and/or responsibilities which may arise in terms of a  contract entered into with Wallety as a Responsible Party, Operator, Data Subject or  contracting party in any other capacity; 

4.3.3 In order to comply with any compulsory obligations and/or responsibilities under South  African laws and regulations, including but not limited to POPIA, FICA, POCDATARA Act, CPA,  UIF and the Companies Act; 

4.3.4 For Human Resources and Labour Relations purposes in the case of prospective,  existing and former employees; 

4.3.5 For market research, analytical and statistical purposes; 

4.3.6 For general administrative purposes; 

4.3.7 For direct marketing purposes in limited circumstances; 

4.3.8 For the purpose of identifying other products and services which might be of interest to  Clients; 

4.3.9 For business transaction purposes such as but not limited to a merger, acquisition or  any form of sale of any assets; 

4.3.10 For the purpose of helping Wallety improve and customize Client’s website experience,  which will include but is not limited to the processing of personal information in the form of  http cookies; and 

4.3.11 For any other purpose related to the functions and activities of Wallety.

5. PERSONAL INFORMATION SHARING

5.1 In order to perform the purposes described above, Wallety may from time to time share a  Clients personal information with the following parties; 

5.1.1 Wallety’s employees, which will only be done on a need-to-know basis; 

5.1.2 Wallety’s suppliers and vendors, which will only be done on a need-to-know basis; 

5.1.3 Wallety’s carefully selected business partners who provide products and services which  may be of benefit to a Client, which will only be done on a need-to-know basis; 

5.1.4 Wallety’s operators such as service providers and agents who perform services on  behalf of Wallety, which will only be done on a need-to-know basis and in terms of a Wallety  operator agreement. 

5.2 Wallety does not share or process Clients personal information with any third parties who  have not been described in clause 5.1 above, unless: 

5.2.1 Wallety is legally obliged to provide such information to another to comply with an  obligation imposed by law;

5.2.2 It is necessary for the purpose of fulfilling the contractual obligations of a contract  entered into between the Client and Wallety; 

5.2.3 It is necessary for pursuing the legitimate interests of Wallety or of a third party to whom  the information is supplied; 

5.2.4 it is necessary in order to protect a legitimate interest of the Client; or 

5.2.5 where the consent of the Client has been obtained. 

5.3 Under all the above-mentioned circumstances Wallety will take reasonable measures to  ensure that such personal information is only provided to the recipient, if such recipient  undertakes to keep the personal information secure and confidential. 

5.4 The duty of security and confidentiality held by the recipient will continue even after the  termination or expiry of their services. 

5.5 Wallety is committed to ensuring that the personal information that it processes is  obtained directly from its Clients. 

5.6 Notwithstanding the provisions of clause 5.5, Wallety may and will process personal  information not obtained directly for its Clients in the following circumstances: 

5.6.1 The personal information is contained in or derived from a public record or has  deliberately been made public by the Client; 

5.6.2 The Client or a competent person where the Client is a minor has consented to the  collection of the information from another source; 

5.6.3 The collection of the personal information from another source would not prejudice a  legitimate interest of the Client; 

5.6.4 The collection of the information from another source is necessary to comply with an  obligation imposed by law; 

5.6.5 The collection of the information from another source is necessary for the purpose of  proceedings in any court of law or tribunal that has commenced or is reasonably  contemplated; 

5.6.6 The collection of the information from another source is necessary to maintain the  legitimate interest of Wallety or of a third party to whom the information is supplied; 

5.6.7 Obtaining the personal information directly from the Client would prejudice the lawful  purpose for which it is collected; and where; 

5.6.8 Obtaining the personal information directly from the Client is not reasonably practicable. 

5.7 The personal information of Clients may also be further processed by Wallety, but only in  accordance or in a manner compatible with the purpose for which the personal information  was obtained as provided for in clause 4.3 above.

6. HOW PERSONAL INFORMATION IS COLLECTED

6.1. Directly from the data subject: Wallety will not collect your personal information without  your consent, except where it is required or permitted by law. Wallety collect most of the  personal information which is processed directly from the data subject or an authorised  representative of the data subject, for example when an application form or client take-on  form is completed or an investment mandate is concluded. 

5.2. From third party sources: Wallety also collect or process personal information obtained  from third party sources or sources in the public domain. 

5.3. During the course of our business relationship with a data subject and in the course  performing a service to that data subject Wallety may obtain information from product  providers. 

7. INFORMATION OFFICER

7.1 Wallety has appointed and registered the following person as Information Officer: 

7.1.1 Name : MR Timothy Mgodi 

7.1.2 Contact Details: [email protected] 

7.2 Wallety has appointed and registered the following person as Deputy Information Officer; 

7.2.1 Name : Ms Zamambatha Ndlela 

7.2.2 Contact Details : [email protected]

7.3 The Information Officer has the authority to designate and delegate any power and duty to  a Deputy Information Officer. 

8. SECURITY SAFEGUARDS

8.1 Wallety has implemented the appropriate technical and organisational security measures  which are required in order to protect all personal information which it holds, from and  against unauthorised access, accidental or willful manipulation and loss or destruction. 

8.2 While Wallety takes all reasonable efforts to safeguard the personal information which it  holds, it cannot be held responsible for any loss or unauthorised processing of personal  information which is beyond Wallety’s reasonable control. 

8.3 Wallety’s website may contain links to other website outside of Wallety’s control,  accordingly Wallety is not responsible for the content, privacy or security of these other third  party-controlled websites; 

8.4 Wallety has placed cookies on its website which may make contact with a Client’s device  to help make the Wallety’s social media and electronic platforms website better. 

8.5 Wallety makes use of social plugins of social networks such as Facebook, Youtube, Twitter,  Instagram, LinkedIn and Google. Kindly note that Wallety has no influence on or control over 

the extent of the data retrieved by the social networks interfaces and Wallety can accordingly  not be held responsible or liable for any processing or use of personal information transmitted  via these social plugins. 

8.6 For information on the purpose and extent of the data retrieval by the social network  concerned, and about the rights and settings which are available to protect the personal  information of Client, please refer to the privacy policy provided by the social network  concerned. 

9. DATA RETENTION

9.1 Wallety will not retain the personal information of Clients for longer than is necessary for  achieving the purpose for which the information was collected, stored, transferred, used or  processed in any other way. 

9.2 Personal information obtained for any of the purposes set out in clause 4.3 will be  retained for as long as there is an active and existing relationship between Wallety and the  Client. 

9.3 The personal information of inactive former Clients will be retained only when it is  required or authorised by law, for any lawful purposes related to Wallety’s functions or  activities, by a contract between Wallety and the former Client, by consent of the former  Client or a competent person where the information relates to a minor. 

9.4 Should there be no valid reason as set out in 8.3 for retaining the personal information of  former clients, the record of personal information will be destroyed or deleted or alternatively  de-identified. 

9.5 The destruction or deletion of a record of personal information in terms of clause 8.4 will  be done in a manner that prevents its reconstruction in an intelligible form. 

9.6 Wallety will not process personal information if its accuracy is contested by the Client.

10. CLIENT PARTICIPATION AND INFORMATION QUALITY

10.1 A Client, having provided adequate proof of identity, may request Wallety to confirm, free  of charge, whether or not Wallety holds personal information about the Client. 

10.2 A Client, having provided adequate proof of identity, may also request the record or  description of the personal information about the Client that is held by Wallety. This record or  description of the record will be provided within a reasonable time, at a prescribed fee. 

10.3 Whilst Wallety will take reasonably practicable steps to ensure the integrity and accuracy  of a Clients personal information, this may not at all times be possible. It is accordingly the  responsibility of the Client to update Wallety of any changes to their personal information. 

10.4 Clients have the right to access or request a correction or deletion of any personal  information which Wallety may have and where applicable may ask Wallety to update any 

inaccuracies in such personal information. Any such requests must be done by way of  completing the appropriate form and be submitted to the Information Officer. 

10.5 Clients have the right to request the destruction or deletion of any record of personal  information which Wallety may have. Any such request must be done by way of completing  the appropriate form and must be submitted to the Information Officer. 

10.6. Clients have the right to have their personal information processed in accordance with  the conditions for the lawful processing of personal information as set out in POPIA. Clients  also have the rights as set out below which we need to make clients aware of.

11. PROCESSING OF PERSONAL INFORMATION BELONGING TO MINORS

11.1 If Wallety collects, stores, transfers, uses or processes in any way the personal  information of a minor, it will do so only with the consent of the minor’s parent or legal  guardian, unless the processing is necessary for the establishment, exercise or defence of a  right or obligation in law. 

12. CROSS BORDER TRANSFER OF PERSONAL INFORMATION

12.1 Wallety will not transfer personal information about a Client to a third party who is in a  foreign country, unless the third party who is the recipient of the information is subject to a  law, binding corporate rules or binding agreement which provide an adequate level of  protection that is the same or substantially similar to the level of projection offered by POPIA. 

12.2 Wallety may also transfer the personal information of a Client to a third party who is in a  foreign country in the following circumstances; 

12.2.1 Where the Client consents to the transfer; 

12.2.2 Where the transfer is necessary for the performance of a contract between the Client  and Wallety; 

12.2.3 Where the transfer is for the benefit of the Client and it is not reasonably practicable to  obtain the consent of the Client to that transfer and if it were reasonably practicable to obtain  such consent, the Client would be likely to give it. 

13. REVOCATION OF CONSENT

13.1 A Client may at any time withdraw their consent to the processing of any of their personal  information held by Wallety. 

13.2 Clients have the right to request the withdrawal of their consent to the processing of any  personal information held by Wallety. Any such request must be done by way of completing  the appropriate form and must be submitted to the Information Officer

13.3 The lawfulness of the processing of personal information before the withdrawal of  consent will not be affected.

14. RIGHT OF ACCESS

14.1. In terms of section 23 of POPIA, clients are entitled to request Wallety to: 

14.1.1. confirm, free of charge, whether or not Wallety hold personal information about the  client. 

14.1.2. provide a record or a description of the personal information Wallety holds, including  information about the identity of all the third parties, or categories of third parties who have,  or have had, access to the personal information. 

14.2. Clients will need to provide Wallety with adequate proof of identity before Wallety  respond to a request. If a client requests a record, Wallety will respond within a reasonable  time. Wallety may charge the fee under applicable law for providing copies of records to the  client.

15. INCIDENT RESPONSE

15.1 Wallety shall notify the Client within a reasonable time in writing and shall place notice  on its website, if it becomes aware or has reasonable grounds to believe that the personal  information of Clients has been accessed or acquired by unauthorised persons. 

15.2 Wallety undertakes further to promptly take action, at its own reasonable expense, to  investigate any such suspected breach and to identify, prevent and mitigate the effects of any  such breach. 

15.3 Wallety will as soon as is reasonably possible after the discovery of the compromise  provided for in clause 13.1, in writing and in accordance with the provisions of POPIA notify  the Information Regulator.

16. REVISION OF POLICY

16.1 Wallety reserves the right to and may from time-to-time update or amend this Privacy  Policy. 

16.2 If material amendments are made in how personal information is collected, stored,  transferred, used or processed in any other way, this Privacy Policy will be updated and  notices will be provided where appropriate. 

16.3 Any general updates or amendments of this Privacy Policy will be published as such on  the Wallety website 

16.4 By continuing to use the Wallety website or any of the other Wallety’s services following  any updates or amendments, the Client will be deemed to have agreed to such changes. 

16.5 Clients are advised to visit and re-read this Privacy Policy on a regular basis

17. COMPLAINTS

17.1 Should a Client believe that Wallety has used their personal information contrary to this  Privacy Policy, the Client has the right to lodge a complaint with the Information Regulator. 

17.2 Notwithstanding the provisions of clause 15.1, Wallety encourages Clients to first follow  internal complaints processes in order to resolve the complaint. In this regard Clients are  encouraged to contact the information Officer. 

17.3 If, thereafter, Clients feel that Wallety has not adequately resolved their complaint, kindly  contact the Information Regulator, whose contact details are as follows; 

17.3.1 Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 

17.3.2 Postal address; P.O Box 31533, Braamfontein, Johannesburg, 2017 

17.3.3 Complaints email: [email protected] 

17.3.4 General enquiries email: [email protected]