Shop2Shop App Privacy Policy

The Shop2Shop group of companies are in the business of helping entrepreneurs to participate in the digital economy by processing payments. This means we will process personal information. You are under no obligation to provide your personal information to us. However, without certain personal information, we may not be able to provide the Services to you.

We are committed to protecting the privacy and security of our stakeholder’s personal information. This notice applies to all our clients, re-sellers, partners, suppliers and those who visit our website or use or engage us to use our applications or other services (together, our “Services”). This notice sets out how we collect, use and disclose personal information.

We are a group of companies registered at 17 New Church Street, Cape Town and this notice covers the activities of the following Shop2Shop Companies:

  • S2S Holdings (Pty) Ltd
  • Shop2Shop (Pty) Ltd
  • Shop2Shop Money Transfer (Pty) Ltd
  • Shop2Shop Finance (Pty) Ltd
  • OrderCloud (Pty) Ltd
  • Shop2Shop Retail Finance (Pty) Ltd

(individually “the Responsible Parties”)

We will only process personal information in accordance with data protection legislation, including the Protection of Personal Information Act (No. 4 of 2013) (“POPIA“), anti-money laundering legislation including FICA and the card association rules and any other applicable data protection legislation and/or regulation applicable to the Services (collectively, the “Data Protection Laws“).

What personal information do we collect?

The information (also referred to as “personal information”) that we process depends on your use of the Services, and may include, amongst other things:

  • identifying information – such as your name, date of birth, a selfie or identity/passport/permit number. We may also collect video footage of you when you are on our business premises;
  • contact information – such as your phone number or email address;
  • location or address information – such as your physical or postal address or GPS location;
  • demographic information – such as your gender;
  • IP address and cookie information;
  • Device information;
  • Network provider;
  • Transactional information such as payment details and payment history;
  • financial information – such as your bank account details and transactional information.
  • employment information – such as your employment status.

We may also collect special personal information from time to time, including:

  • sensitive demographic information – such as your race or ethnicity;
  • biometric information – such as your fingerprints (to gain access to our business premises),
  • criminal information – such as information about your commission or alleged commission of any offence or about any related legal proceedings.

Processing of special personal information is restricted to what is strictly necessary to achieve a lawful purpose and where we have a legal justification for processing.

Sources of the information that we collect

  1. You: You may provide personal information to us either directly or indirectly, by registering a profile on our application, completing an application form or an agreement for any of our Services, requesting information in relation to our Services (whether in writing, through our website/mobile application, or by any other means) or when using our Services.
  2. Third party sources including credit bureaus, identity verification and criminal check agencies and service providers including who provide identity verification services, criminal checks, AML checks, fraud prevention and detection services and who help us meet our regulatory obligations in terms of anti-money laundering laws
  3. Your devices for example the Tap2Pay device, computers, mobile phones or tablets when you use our Services.

 

Why Do We Process Personal Information?

We may process personal information to meet our regulatory obligations, establish a business relationship with you, deliver the Services and to ensure the best experience when you engage us or use our Services. Specifically we may process personal information to:

  • verify your identity and assess your application (where required) to get access to our Services;
  • provide you with any Services including information about the Services;
  • determine whether you meet the criteria for the use of our Services including to conduct an affordability assessment in the event that you apply for credit with us;
  • vet you as a re-seller, customer, supplier, service provider, or contractor and contracting with you;
  • facilitate the business relationship we have with you including making payments to you (where applicable) or receiving payment from you;
  • carry out your instructions and attend to your requests;
  • manage an account you have with us;
  • prevent fraud, money laundering and/or other criminal activities;
  • for operational, auditing, legal and record keeping purposes.
  • evaluate and improve our Service offering;
  • collect any outstanding debt that may be payable by you to us;
  • ensure secure use of our Services;
  • do analysis, market research and perform behavioural analytics;
  • personalize the App for you;
  • any other purpose that is permitted, as set out below.

We may, from time to time, use your contact details to send you product news and updates and to market and promote our or our third parties’ future products and services which we think may interest you and/or to provide you with useful information about our or third parties’ Services. You may, at any time, opt-out of receiving such communications from us.

In addition to the above, we may also process personal information:

  • to the extent that we are required by law or to perform our legal obligations. It is our policy to co-operate with relevant authorities or financial institutions, in relation to law enforcement or potential money-laundering or suspected fraud enquiries. You authorise us to disclose any information about you to such authorities or institutions as we, in our sole discretion, believe necessary or appropriate in connection with the investigation of any illegal or purported legal activity;
  • in connection with any legal proceedings;
  • in order to establish, exercise or defend our legal rights;
  • to protect the rights, property and personal safety of another user and/or any member of the public our yourself;
  • where we (or a third party) have a legitimate interest to process the information;
  • where you have consented to the processing.

Who Do We Share It With?:

We may share personal information under confidentiality with our  re-sellers, affiliates, related entities and service providers (including, but not limited to, our auditors, accountants, lawyers, identity verification service providers including credit bureaus, storage service providers, criminal checks service providers, AML checks service providers, data analytics providers, market researchers, financial institutions, other third party service providers in order to render services to you that you have subscribed for and/or  and payment networks in connection with processing transactions) in order to render the Services, and/or service providers to perform behavioural analytics and ensure personalization of  the App for users or otherwise for our internal administration purposes. We may also share it with government institutions, law enforcement, regulators, the card associations or financial institutions like banks to meet our legal obligations, for example investigations into suspicious activities/transactions. It may also be shared with third parties during merger and acquisition activities.

We will not sell your personal information to marketers or unaffiliated third parties without your prior written consent. However, we may share with third parties anonymised and de-identified information that is submitted to us, provided that it will no longer contain personally identifiable information and cannot be linked to you. In the event of fraudulent or suspicious activity we may also need to share your information with financial institutions, credit bureaus or the card associations.

Your Obligations:

Where we request information from you, you agree to provide us with honest, accurate and up-to-date information and to maintain and update such information when necessary. It is your responsibility to contact us (via our information officer) if any of your personal information is incorrect, incomplete, misleading, or if you require its amendment or deletion. You hereby indemnify and hold us harmless from any loss, damages or injury that you may incur as a result of incorrect or incomplete personal information provided to us.

Cross Border Processing:

We access and use your personal information in South Africa. We may process personal information outside South Africa (for example data hosting in the cloud), but only in countries with adequate data protection laws or where we have an agreement with the recipient that contains appropriate data protection measures.

Retention:

We will only retain your personal information for as long as we are required by law or to achieve the purposes for which it was collected and processed. We may de-identify the data and retain it for extended purposes for statistical and research purposes.

Third Party Links:

Our website and mobile application may have links to or from other websites. We recommend that you always read the privacy and security statements on these websites; we are not responsible for the security, privacy practices or content of third-party websites.

Data Protection Measures:

We have implemented technological and organisational measures aimed at protecting the confidentiality and integrity of your personal information. We have identified the reasonably foreseeable internal and external risks to your personal information and have established, and will maintain, appropriate safeguards against these risks. We regularly verify that these safeguards are being effectively implemented and we will continually update these safeguards in response to new risks or deficiencies identified.

We furthermore only give access to your information to those employees who require it to provide Services to you.

Breaches:

We will notify you, and the appropriate regulator/s, where we have grounds to believe that your personal information has been accessed or acquired by any unauthorised person. The notification may be in the format of an in-app notification, website notification, text message or email.

Cookies:

We may track and store some information (commonly known as a “cookie“) when you visit our website and/or mobile application. The cookies we use may include mandatory cookies, preference cookies, statistical cookies, marketing cookies and/or optional cookies. Cookies enable us to recognise you during subsequent visits and make it easier for us to give you a better experience on our website and/or mobile application. Apart from establishing basic connectivity and communications, we may also use this data in aggregate form to develop customised services which are tailored to your individual interests and needs. You may change your device settings to decline cookies. However, this may cause certain features of our website or mobile application to be inaccessible.

Data Subject Rights:

As a data subject, you have certain rights in respect of your personal information, spec:

  • The right to access the personal information that we hold about you, PAIA Manual.
  • The right to rectify/correct/update inaccurate personal information and to update incomplete personal information.
  • The right to request that we destroy or erase your personal information in certain circumstances.
  • If we are relying on consent to process your personal information, to withdraw the consent.

You will not generally have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you would like to exercise any of your rights in respect of your personal information or have any queries or complaints on how we have handled your personal information, please contact us via our Information Officer, so we can investigate the matter and assist you.

Notice Amendments:

We may amend this Notice from time to time for any reason and we will publish the latest version on our website. It is your responsibility to check our website regularly and review this Notice periodically to stay informed of our practices.

Queries and Complaints

If you have questions about our privacy notice or wish to contact us, please contact our Information Officer at [email protected] or Suite 203, Private bag X18, Newlands, Western Cape,

The Information Regulator can also be contacted by email: [email protected] or [email protected] or post P.O. Box 31533, Braamfontein, Johannesburg, 2017.