Description automatically generated
1.1. Ezaga Holdings (Pty) Ltd (hereinafter referred to as ‘Ezaga’, ‘we’, ‘our’ or ‘us’) We know your privacy is important to you, it is also important to us. Our intention is to be open and honest with you about the information we gather about you, how we use it, and who we share it with. In simple terms, this Notice explains what we do with your personal information.
1.4. By using our website environment (available at www.ezagaholdings.com (“Website” or “Platform” as the context may require), our applications, or our services, you (‘User’ ‘You’, ‘You’re’) consent to this Policy and to the data practices described in it, in addition to consenting to it explicitly when using the Website. If you do not agree with the data practices described in this Policy, you may choose to stop using our services, or the Website. We periodically update this, Policy. We encourage you to review this Policy periodically.
2.1. This Policy has been developed for purposes of compliance with the Protection of Personal Information Act 2013 (“POPIA”) and other data protection-oriented provisions within applicable regulations, as Ezaga offers services to residents in Africa and the Republic of South of Africa. The Policy shall serve as part of your initial customer relationship with us and our ongoing commitments to you.
2.2. In order to promote our services to You, we may send you information about our products, features, promotions, surveys, news, updates, and events. We also aim to tailor our marketing messages to your preferences. If you prefer not to receive marketing communications, you can choose to opt out during the account creation process. Additionally, you have the option to unsubscribe from our marketing emails at any time or submit a support ticket to request removal from our marketing list.
2.3. To oversee and uphold your account within our system and to identify and prevent any fraudulent or unauthorized utilization of our products and services.
2.4. When you are asked to provide personal information, you may decline, but if you choose not to provide data that is necessary to enable us to make our services available to you, you may not be able to sign up for our services and some features may be limited. If you fail, neglect, and/or refuse to or are unable to provide us any Personal Information which we necessarily need to provide you with services, or that we need to collect by law, we may not be able to provide you services. In this case, we have the right to discontinue the provision of services to you and/or close your account. In such a situation, we will notify you at the earliest.
2.5. Ezaga collects certain personal information to enable us to operate effectively, and to provide you with the best experiences on our website and our operations. Ezaga prides itself on transparency and as such, you have choices about the personal information we collect.
2.6. Ezaga collects the personal information to enhance the quality of products and services that are offered, while also innovating to create new offerings.
2.7. Some of the information we obtain is collected to comply with applicable laws and regulations, of the Protection of Personal Information Act (POPI) . This Policy explains:
· The types of information we collect about you
· How we use information about you
· Types of information we disclose to third parties and the types of such third parties
· How we protect your personally identifiable information; and
· How you may instruct us not to disclose certain information about you that we are otherwise permitted to disclose by law.
3. Information We Collect from You
3.1. The kinds of Personal Information we collect will depend on the type of interaction you have with us (for example Telephone calls to us may also be recorded for training and quality assurance purposes). Generally, we collect the following information (‘Information’) about you if you are:
3.2. Natural Person (Individual customers)
· Identification information, such as your name, email address, and home address (including documents such as current utility bill i.e., electricity, telephone, gas, or mobile phone bill, documents issued by a government department that shows the end user’s address, bank statement (not older than 3 months) that shows the end user’s address), contact number, date of birth, gender, demographic and location data, billing address, username, along with identification details of documents confirming such details (such as passport, driver’s license, National identity card);
· Country of birth;
· ID expiry details;
· Source of funds;
· Purpose of transactions; and
· Method of payments.
Legal Entity (Corporate customers)
· Copies of Commercial License/Trade License (or equivalent)
· Copies of the Certificate of incorporation
· Copies of Certificate of Incumbency
· Copies of Memorandum of Association (MoA)
· Copies of Share Certificate/Share Register (where details of shareholders are not available in MoA)
· Copies of Documents providing details of Ultimate Beneficial Owners
· Purpose and nature of the intended business relationship. (BOR)
· Copies of identification document of Owner(s) (passports/ID cards)
· Authorization letter must be taken for a representative of the legal entity who carries out transactions on its behalf
· Copies of documents providing details of the relationship with the company and powers of authorized signatories who have the authorization to carry out transactions on behalf of the Company along with their identification documents.
Notwithstanding the foregoing we shall further collect the following Information:
· Information you provide when you participate in promotions offered by us or our partners, respond to our surveys or otherwise communicate with us
· Information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions
· Information about the location of your device and some other device specifics, including your hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with our services
· Information about how you use our services, including your carrier operating system, connection type, referring URLs, access time, browser type and language, and Internet Protocol (‘IP’) address, as well as other information which may be collected and used by us automatically through the browser on your device or otherwise
· Information contained in or relating to any communication that you send to us with or without our request, including without limitation.
· Information collected by Cookies and Web beacons (defined below), including using web beacons and sending cookies to your device
· Your connections with others whose personal information we may collect or hold
3.3. Information may also include information we collect about your individual preferences. We may collect the Information in course of your signing up for our services, in course of our identity or account verification process, or course of your use of our services.
3.4. This policy applies to your Information when you use our website and interact generally with us but does not apply to Third-Party Sites. We are not responsible for the privacy policies or content of Third-Party Sites.
3.6. We do not knowingly collect data from, or market to, children below the legal age as established under POPIA. By using the services, you represent that you are at least the age of majority or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the services. If we learn that personal Information from users who are less than the age of majority has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
4. Mode of Collection
4.1. We usually collect and store information including in paper, the physical and electronic forms provided by you when you communicate with us by telephone, email, web-based form, letter, or other means, including when:
· We provide you with our services via telephone, email, or our website.
· You participate in our functions, events, or activities or on our social media pages
· You request that we provide you with information concerning our products or services.
· You upload or submit information to us or our website; or
· You complete any forms requesting information from you, including on registration with us, complete any survey or provide feedback to us concerning our products or services.
4.2. Where practicable we will only collect information from you. However, we will also collect your Information through our partners and third parties who supply services to us or utilise automated tools, whom you have authorized to share such personal information with other parties, including but not limited to, channels such as public databases, credit bureaus, ID verification partners, marketing partners and resellers, advertising partners and analytics providers.
4.3. Please note that we use our own and third-party computer servers including our website hosts, data backups, and payment gateway(s), which may be located outside of the Republic of South Africa.
4.4. We also collect information from your computer or mobile device automatically when you browse our website. This information may include:
· the date and time of your visit;
· your domain;
· operating system;
· the server your computer or mobile is using to access our Website;
· your browser and version number;
· search terms you have entered to find our Website or access our Website;
· pages and links you have accessed both on our Website and other websites;
· the pages of our Website that you access;
· the device you use to access our Website; and your IP Address.
4.5. While we do not use some of this information to identify you personally, we may record certain information about your use of our websites such as which pages you visit and the time and date of your visit, and that information could potentially be used to identify you.
4.6. It may be possible for us to identify you from information collected automatically from your visit(s) to our website. If you have registered an account with us, we will be able to identify you through your username and password when you log into our website. Furthermore, if you access our website via links in an email, we have sent you, we will be able to identify you.
4.7. The device you use to access our website may collect information about you including your location using longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation. For information about your ability to restrict the collection and use of such information, please use the settings available on your device.
4.8. We will retain your Information for a period of 5 years after termination of the business relationship as defined in POPIA, and The Financial Intelligence Centre Act (FIC)
5. How We Share and Use Your Information
5.1. We shall share and use your information with and for:
· Any person that works with us as well as the companies that form part of the Ezaga Group.
· To our related entities, employees, officers, agents, contractors, other companies that provide services to us, sponsors, government agencies, or other third parties to satisfy the purposes for which the information was collected or for another purpose if that other purpose is closely related to the primary purpose of collection and an individual would reasonably expect us to disclose the information for that secondary purpose.
· Any entity that forms part of Ezaga to process your payments that you have authorised and to provide you with the goods and services that you have opted for.
· Any financial and other institutions to facilitate authorized payment processing and to deliver our range of products and services.
· Entities and firms that offer services to us, encompassing technical infrastructure, marketing, and analytics, as well as web and app development.
· Entities and organizations that support us in the realm of fraud prevention services and to aid us in identity verification and safeguarding against fraud or financial misconduct, taking appropriate actions as warranted by the outcomes of such investigations.
· Our professional advisers, consultants, and other similar services.
· Any financial and other institutions to facilitate authorized payment processing and to deliver our range of products and services.
· The selected and trusted group of third party/parties to fulfil our obligations under our contract with you and to meet government, regulatory, and law enforcement requests, and to continue providing you with the services. We will only disclose your personal information to third-party service providers under strict terms of confidentiality. We do not allow our third-party service providers to use your personal information for their purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
· The third parties
v who help us to verify the identity of our clients and customers, and other software service providers who assist us to provide the services we provide to you.
v who help us analyse the information we collect so that we can administer, support, improve or develop our business and the services we provide to you including cloud hosting services, off-site backups, and customer support.
v Who shall use your information to let you know about goods and services which may be of interest to you by the applicable laws.
· The merchants and the recipients of funds to identify you as the sender of the funds and to a party who sends you funds in connection with a transfer to you of funds.
· Law enforcement or government agency or is required by law, or legal processes, such as a subpoena, court, or another legal process with which we are required to comply, including about our obligations under applicable privacy laws and regulations.
· Enforcing the terms of this policy or to enforce any of our terms and conditions with you.
· Our professional advisers such as consultants, bankers, professional indemnity insurers, brokers, and auditors so that we can meet our regulatory obligations, and administer, support, improve or develop our business.
· Any other person, with your consent (express) to;
v Facilitate the sale of all or a substantial part of our assets or business or to companies with which we propose to merge or who propose to acquire us and their advisers.
v Protect the interests of our users, clients, customers, and third parties from cyber security risks or incidents and other risks or incidents; and
v Maintain the integrity of our Website and protect our rights, interests, and property and those of third parties.
· In addition to the above recipients, we will disclose your personal information if we are requested to do so by law or if the disclosure is made in connection with either the normal operation of our business in a way that you might reasonably expect, for example, if such disclosure is incidental to IT services being provided to our business or for the resolution of any dispute that arises between you and us.
5.2. In the event of a proposed restructuring or sale of our business (or part of our business) or where a company proposes to acquire or merge with us, we may disclose personal information to the buyer and their advisers without your consent subject to compliance with the applicable privacy regulations. If we sell the business and the sale is structured as a share sale, you acknowledge that this transaction will not constitute the ‘transfer’ of Personal Information.
6. We Process and Use Aggregated, Anonymised, and De-Identified Data
6.1. We may also create, process, collect, use, and share aggregated, anonymized, or de-identified Information such as statistical or demographic data for any purpose which may be derived from your Personal Information. We may use this data to comply with legal or regulatory obligations and for any business purpose, including to better understand users’ needs and behaviours, improve our products and services, conduct business intelligence and marketing, and detect security threats.
6.2. We may share such Information with members of our group, service providers, and our key partners. Some of these third parties may be in a jurisdiction outside South Africa as stated in this Policy, in which case we will take all necessary steps to ensure that your Personal Information is treated securely and that such transfers are permitted under the applicable data protection laws.
6.3. We may also use any or all the personal information above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorized payments), and to enforce our Terms and Conditions or any other contract to which we may be a party to.
7. How We Shall Secure Your Personal Information
7.1. We place a significant emphasis on ensuring the security of your personal data.
7.2. We regularly assess and implement appropriate and reasonable technical and organizational security measures to ensure the safety of your personal information.
8. Consent Mechanism
9. Retention of Personal Information Without Consent
9.1. In certain cases, we may process your personal information without your explicit knowledge or consent, but only in cases where such processing is mandated or allowed by applicable law.
9.2. We will keep it for period of 5 years after termination of the business relationship to serve our legitimate business interests. These interests include meeting legal requirements, preventing fraud, resolving disputes, upholding agreements, safeguarding the interests of Ezaga and its customers, and as mandated by applicable laws.
10.1. We may contact you with information regarding our products, services, news, and promotions, or engage in communication for marketing purposes through various channels such as email, push notifications, in-app messages, text messages, or other means. Our marketing communications will always adhere to relevant laws, including consent and opt-out regulations.
10.2. You have the option to opt out of receiving marketing communications at any time. This can be done by selecting the “Unsubscribe” option, which is included in all marketing messages sent to you. Additionally, you can manage your communication preferences by accessing your account settings within our app or on our website.
10.3. It’s important to note that opting out of marketing content will not affect your receipt of critical communications related to the security or functioning of your account.
11. Third-Party Advertising and Analytics
12. Consent for Performance of Contract; Legal Obligations
12.1. You grant consent for the processing of your personal information. This processing will be done to fulfil all legal obligations stemming from contracts involving you, or to provide services that you have contracted us to deliver, or to take necessary actions upon your request before entering a contract with you.
12.2. When you apply for or sign up for our services, you grant us the authorization and consent to obtain information about you from third parties and share such information with them. This process is carried out in the context of identity or account verification, fraud detection, collection procedures, or as otherwise permitted or mandated by applicable law.
12.3. You have the option to revoke this consent at any time. Please note that withdrawing your consent will not impact the legality of processing that occurred based on your previous consent. The withdrawal of consent will become effective within 30 calendar days of your request submission. If you wish to make such a request, kindly contact us at email@example.com.
12.4. We provide detailed, clear, and easily revocable explanations about the specific information we gather, how we collect it, the reasons behind its collection, how we share it, and the duration for which we retain it in this Policy.
12.5. We will store your data only for the duration necessary to fulfil our obligations or achieve the intended purposes for which the information was gathered, and in accordance with applicable law. The determination of the appropriate retention period will consider factors such as the quantity, nature, and sensitivity of the data; potential risks associated with unauthorized use or disclosure of the data; the purposes for which we process the data and whether alternate methods can achieve those purposes; and relevant legal requirements. Unless required otherwise by the law, upon the conclusion of the retention period, we will either delete personal data from our systems and records or take suitable measures to ensure their proper removal from our system.
13. Your DATA Protection Rights
13.1. Right to be informed: This means you have a right to know
a. The identity and contact details of the Company
b. The purposes of processing your personal information as well as the legal basis for the processing
c. The legitimate interests pursued by us or by a third party who processes your personal information
d. Recipients or categories of recipients of your personal information
e. Our intention to transfer your personal information to a third country or international organisation and reference to the appropriate safeguards and the means to obtain their copy.
f. The period for which your personal information will be stored, or if that is not possible, the criteria used to determine that period
g. Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obligated to provide the personal information and of the possible consequences of failure to provide such data
h. The existence of automated decision-making, including profiling and meaningful information about the logic involved.
Where we intend to further process your personal information for a purpose other than that for which the personal information was collected, we must explain you, before such further processing, with information on those other purposes and with any other relevant information.
13.2. Right of access: This is your right to see what personal information is held about you by us. Particularly you have the right to:
a. Receive confirmation as to whether your personal information is being processed
b. Access your personal information which we are processing along with the purposes of the processing; the categories of personal information being processed; the recipients or categories of recipients to whom the personal information has been or will be disclosed; the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period; where the personal information is not collected from you, any available information as to their source.
c. Where your personal information is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer.
d. A copy of your personal information being processed; and
e. Any further copies requested by you, upon paying a reasonable fee.
13.3. Right to rectification: This is your right to have your personal information corrected, rectified, or amended if what is held by us or a third party onboarded by us is incorrect/ inaccurate in some way.
13.4. Right to erasure: This is your right, under certain circumstances to ask for your personal information to be deleted. This would apply if your personal information is no longer required for the purposes it was collected for, your consent for the processing of that data has been expressly withdrawn, or where your personal information has been unlawfully processed. Once deleted all your data will be removed from our systems and will not be recoverable.
13.5. Right to withdraw consent: If you wish for the Company to stop processing your personal information, it is your right to withdraw consent, preventing the Company from further processing the same personal information.
13.6. Right to restrict processing: This is your right to ask for a temporary halt or pause in processing your data, such as in the case where a dispute or legal case must be concluded, or the data is being corrected.
13.7. Right to erasure: This is your right to ask for your personal information supplied directly to us, which we have processed under your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.
13.8. Right to data portability: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation, and direct marketing.
13.9. Right to object: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation, and direct marketing.
13.10. Rights in relation to automated decision-making and profiling: This is your right not to be subject to a decision based solely on automated processing.
We aim to respond to all legitimate requests without undue delay and within thirty (30) calendar days of receipt of any request from you. Occasionally it may take us longer than thirty (30) calendar days, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
If you wish to exercise any of them, please contact us at firstname.lastname@example.org . We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.
14. Legal Recourse to Relevant Authorities
14.1. If there has been a potential violation of the POPI Act, you have the right to file a complaint with the Information Regulator of South Africa at any time.
14.2. However, before reaching out to any such authority, we would appreciate the opportunity to address and resolve your concerns. Please contact us as the initial step in resolving your complaint promptly and to your satisfaction. You can reach us via email at email@example.com
15. We do Not Misuse Your Personal Information
15.1. Without your explicit consent, we do not engage in the sale, trade, or transfer of your information, whether it is public or private, for any purpose whatsoever.
15.2. We collect, process, and utilize information about you for the following purposes:
· To deliver our products and services to you, which includes processing your transactions and carrying out your requests to utilize our services.
· To enhance, personalize, and facilitate your utilization of our products and services.
· To gauge, tailor, and enrich our services, encompassing the design, content, and functionality of our website, as well as monitoring and assessing trends and usage in connection with our services.
· To conduct research, verify and ensure the accuracy of information, compile and analyse statistics pertinent to our business operations.
· To enhance our customer service and effectively manage our relationship with you.
15.3. Subject to your prior consent, we may send you periodic emails containing news, updates, and information related to our services. Additionally, we may conduct surveys to gather feedback. These communications aim to keep you informed about our products, services, promotions, discounts, incentives, and rewards, which may be offered by us or carefully chosen partners. These communications will be based on your chosen communication preferences, as well as applicable legal requirements, and will be directed to the email address you provided for such purposes.
15.4. We use your information for various purposes, including but not limited to:
· Managing our internal information processing and IT systems.
· Operating our website and providing our services, with a focus on ensuring their security.
· Maintaining backups of our databases and complying with our internal policies, procedures, and privacy laws.
· Communicating with you, which includes delivering requested information and support, technical notices, security alerts, and administrative messages. It also involves resolving disputes, collecting fees, and assisting with service-related issues.
· Establishing, exercising, or defending legal claims, whether in court proceedings or other legal procedures, to protect our rights, your rights, and the rights of others.
· Managing and mitigating risks, obtaining professional advice, and fulfilling our legal obligations as required by law or through written agreements with third parties.
· Displaying transaction history for your reference.
· Protecting the rights, property, security, or integrity of our services.
· Facilitating corporate acquisitions, mergers, or transactions.
· Developing new products and services.
· Protecting our rights, enforcing our Terms and Conditions or other applicable agreements or policies, verifying your identity, investigating and preventing fraud, security breaches, and other potentially prohibited or illegal activities, and complying with any relevant laws, regulations, or legal processes.
16. Security Precautions and Measures
16.1. We are deeply committed to ensuring the security of your information. To prevent any unauthorized access or disclosure, we have implemented robust physical, electronic, and managerial procedures to protect and secure the data we collect online. We adhere to industry-standard technical measures, and we require our affiliates and vendor partners to employ data encryption technology. Here are some of the specific measures we take:
· Physical Measures: We store materials containing your personal information in secure, locked facilities.
· Electronic Measures: Electronic records containing your personal information are stored in computer systems and storage media with stringent login restrictions.
· Management Measures: Only authorized employees with a clear understanding of our internal confidentiality rules are allowed access to your personal information. We have also established strict physical access controls for our premises and files.
· Technical Measures: We use encryption technologies like PCI Scanning and Secured Sockets Layered Encryption for transmitting and storing your personal data. We employ various general security technologies and management systems to minimize the risk of unauthorized access, disclosure, damage, misuse, or alteration of your information. Our web server is protected by a firewall.
· Other Measures: We regularly scan our facilities for security vulnerabilities to ensure their integrity. Your personal information is stored behind secure networks and can only be accessed by a limited number of individuals who have been granted special access rights and are bound to maintain confidentiality.
16.2. While we make every effort to secure your data, it’s important to note that no method of transmission over the Internet or electronic storage can be guaranteed 100% secure. Nevertheless, we are dedicated to safeguarding your data and limiting access to it.
16.3. We do not guarantee that your data will never be accessed, disclosed, altered, or destroyed due to breaches of our physical, technical, or managerial safeguards. We advise you to verify the legitimacy of any website requesting financial or payment information related to our services, as there is a risk of impersonation by hackers.
16.4. If you receive any suspicious communication or requests, please do not provide your information and report it to us immediately at firstname.lastname@example.org . Notify us promptly at if you become aware of any unauthorized access to or use of your account.
16.5. As we cannot guarantee against all possible risks, it’s essential to take steps to protect your personal information, including selecting a strong and unique password and not sharing it with third parties.
16.6. Additionally, please be aware that we cannot ensure the security or confidentiality of data transmitted via the internet, email, phone, WhatsApp, SMS, or other wireless connections, as we have no control over the data’s protection once it leaves and until it reaches our systems. If you suspect your data’s security has been compromised, contact us at email@example.com
16.7. In the unlikely event of a data breach with a significant impact on your rights, we will promptly inform you of the breach’s nature, potential consequences, and the measures we have taken to address and mitigate its effects. Please reach out to us at firstname.lastname@example.org in such a scenario for further information and advice on mitigating potential adverse effects.
16.8. We also conduct comprehensive security risk assessments to enhance the effectiveness of our risk mitigation controls and protect your data’s integrity.
17. How Can You Contact Us
17.1. If you have any questions or concerns regarding this policy, if you want to access or rectify the information we have on record about you, or if you wish to file a complaint, please get in touch with us in writing at email@example.com
17.2. To provide you with access to your information, we may request certain details from you, including but not limited to verifying your identity. Depending on the nature of the request, there might be a fee associated with accessing your Personal Information. We will notify you of any applicable fees before proceeding with your request. We aim to handle all requests for Personal Information within a reasonable timeframe, ideally within 14 days, but in any case, no later than 30 calendar days from the date of your request.
17.3. If you want to have your personal information removed, please reach out to us using the contact information provided above. We will take reasonable steps to delete the information, unless we are required to retain it for legal or auditing purposes. It’s important to note that in cases where personal information is stored on a blockchain, it may be impractical, unfeasible, or impossible to completely delete.
17.4. You may also have the ability to view, access, edit, or delete (where possible) your personal information through your user dashboard on our website. However, please be aware that certain data or information may be restricted from editing or deletion to ensure your continued access to our website.
18. Changes to this Policy
18.1. From time to time, we may revise, amend, or supplement this Policy to reflect necessary changes in law, our personal information collection and usage practices, the features of our offerings, or certain advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on our Website. However, the onus is also on you to occasionally familiarize yourself with the contents of this Policy, for your information, and particularly to do so every time you access our website, play the game or make use of our services.
18.2. Changes to this Policy are effective when they are published.