PRIVACY & DATA PROTECTION POLICY

The privacy policy forms part of the the MAXMONEY user policy: 

PART – B: PRIVACY

8. SCOPE

8.1. This Part applies to the Personal Information of yourself as well as the Personal Information collected, used, stored and protected in the course of Mycomax’s business, including its websites and on the MAXMONEY platform. 

8.2. This Part will also outline the choices available to you regarding our use of your Personal Information or the Personal Information collected through the utilisation of MAXMONEY and how to access, update and request deletion of such information. 

8.3. The use of Personal Information shall be limited to the purpose of providing the Services for which you have engaged Mycomax. 

8.4. This Part is aimed at meeting International Privacy and Data Protection Standards, including the statutory requirements applicable within South Africa. This policy will be continually developed and maintained in order to ensure consistent compliance with the aforementioned requirements. 

9. PERSONAL INFORMATION

9.1. Personal Information is information or data which identifies or relates to specific individuals. In respect of this Part of the User Policy, this information will also relate to your customers (consumers) and includes, amongst others, the following information: – 

9.1.1. Name;

9.1.2. Age;

9.1.3. Gender;

9.1.4. Ethnicity;

9.1.5. Identity Number;

9.1.6. Assets & Liabilities;

9.1.7. Income;

9.1.8. Payment Records.

10. YOUR CONSENT & AGREEMENT

10.1. By submission of your details and/or utilisation of MAXMONEY, you expressly consent to the use and disclosure of your Personal Information, in the manners which will be outlined in this Part of the User Policy. 

10.2. If you, or your customer, object to any of the potential uses of your Personal Information, as outlined in this Part, please do not continue the use of MAXMONEY.

11. SECURITY & CONFIDENTIALITY

11.1. MAXMONEY requires, by its very nature and as is required by law, the collection of certain Personal Information and the provision and/or disclosure of such Personal Information to specified third parties. 

11.2. We understand the value of Personal Information and have therefore taken all reasonable measures to ensure that the Personal Information collected through the use of MAXMONEY is protected from loss, misuse or unauthorised alteration. 

11.3. Our security systems meet – and in some instances exceed – industry standards and we are committed to ensuring the security systems are regulatory updated and maintained to ensure that Personal Information is adequately protected, at all times. 

11.4. To this end, Mycomax has entered into an agreement with Google LLC for the use and maintenance of its cloud-based solution upon which MAXMONEY is built and maintained. All data collected and processed through utilisation of MAXMONEY are securely stored in foreign data centres, and the territorial location of these servers are decided upon at the sole instance of Google LLP, which may move or utilise another secure server at its sole instance and without prior notice. 

11.5. Further, Mycomax has entered into a Data Processing Amendment Agreement with Google LLC which facilitates compliance with the Protection of Personal Information Act (“POPIA”) and allows Mycomax to define how data is stored, processed and protected. We are confident in, and satisfied with, the additional capabilities provided by Google LLC and the following compliance certificates have been issued to Google LLC for their cloud-based services and the additional security protocols in compliance with the provisions of , inter alia, POPIA: – 

11.5.1. ISO/IEC 27018 – Privacy and security controls for public-cloud service providers that process personally identifiable information (PII);

11.5.2. ISO/IEC 27001 – Provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks;

11.5.3. ISO/IEC 27017:2015 – Provides guidelines for information security controls applicable to the provision and use of cloud services;

11.5.4. ISO/IEC 27701 – The first global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard was developed to help organisations comply with international privacy frameworks and laws. 

11.6. We are confident in the measures taken to ensure the safety and security of the Personal Information collected, processed and retained through the use of MAXMONEY and undertake that continued maintenance and development will be undertaken to ensure that these measures remain compliant and are developed to address new risks which may arise. 

11.7. Internally, Mycomax has taken the following security measures to ensure the privacy and security of Personal Information: – 

11.7.1. Only authorised personnel have access to the data collected, processed and retained through the use of MAXMONEY and such personnel are trained and informed of their obligations and responsibilities in respect of safeguarding and protecting the data to which they have access;

11.7.2. No unauthorised personnel have access to the data collected, processed and retained through the use of MAXMONEY and any such unauthorised person is aware of the consequences and actions which may be taken against them for accessing, or attempting to access, such data;

11.7.3. Internal policies and protocols provide for continuous engagement with service providers of Mycomax, to ensure that MAXMONEY is continuously afforded the latest security and privacy updates, whether internally or procured from a service provider, and that all agreements with such service providers are maintained and renewed. 

12. DATA CONTROLLER & DATA SUBJECTS

12.1 Mycomax does not, under the Service Level Agreement entered into for the provision of MAXMONEY, collect, process or retain data, of its own accord or without your consent and direction. The role of Mycomax in the relationship between it and you is to make MAXMONEY available and to continuously maintain and develop MAXMONEY for your use and benefit in the conduction of your business. Therefore, without your use of MAXMONEY, no data can be collected. Yet, it is the role of Mycomax to retain the data collected by you at all relevant times. 

12.2. For the reasons set out above, you are the “Data Controller”. You are the one who collects Personal Information from data subjects and directs Mycomax to retain, protect and utilise such information in the manner required to give effect to the Service Level Agreement. 

12.3. The consumers who enter into credit agreements with you and provide you with their Personal Information for the purposes of Loan Application and Agreements are the “Data Subjects”.

12.4. Data Subjects who seek to access, correct, amend or delete data relating to their Personal Information, should address such a request to the Data Controller (you). The Data Controller must then execute the request, if it is lawful and fair to do so and within a reasonable amount of time.  

12.5. If you, as the Credit Provider, seek to amend any Personal Information of yourself or of your business which is held by Mycomax and not accessible through MAXMONEY, a request should be directed to Mycomax utilising the contact details contained in this Policy. 

13. OUR USE OF INFORMATION AND DATA COLLECTED

13.1. Mycomax may, as a result of the Service Level Agreement, transfer and disclose the Personal Information collected through the utilisation of MAXMONEY, for the purposes of: – 

13.1.1. Providing MAXMONEY to you, and complying with instructions received from you;

13.1.2. Verifying your identity, or the identities of other Data Subjects, with whom you conduct business;

13.1.3. Taking credit decisions;

13.1.4. Compliance with Laws, Public Duties, Court Orders and Authorised Investigations;

13.1.5. For the purposes of security and crime prevention;

13.1.6. For Mycomax’s internal use, with the aim of improving the Services, and for the purposes of market analysis in order to improve Mycomax’s offerings or that of its associated companies;

13.1.7. The conduction of market research; and

13.1.8. Providing you with information via email, telephone, or other means in respect of Mycomax’s products and/or services, from time to time.

13.2. Despite the use of the data and/or Personal Information utilised as described above, the Personal Information will still be utilised in a manner which is compliant with the privacy and data laws of South Africa and is afforded the same level of security as data and Personal Information, not being utilised. 

13.3. Mycomax may share or use your data with third parties involved in the process of providing the Services to you. These third parties have been carefully vetted and selected before a trusted relationship is established. All third party service providers are contractually and statutorily bound to maintain the confidentiality and security of the data and Personal Information provided to them, and are restricted to only utilising such data or Personal Information for the specific purpose to which it relates. 

14. OTHER DATA COLLECTED

14.1. In addition to the Personal Information which is collected, processed and retained through the use of MAXMONEY, Mycomax is required to collect additional data relating to you, as the credit provider or representative of the credit provider, in order to provide you with the MAXMONEY functionalities. This information includes, but is not limited to: – 

14.1.1. All Personal Information which you (and the company) submitted to Mycomax when entering into the Service Level Agreement, or during negotiations for entering into a Service Level Agreement;

14.1.2. The requisite financial information, as submitted to Mycomax, by you;

14.1.3.  All other information submitted to Mycomax, by you, as part of the onboarding process of MAXMONEY;

14.1.4. Information relating to your computer, your IP address, your operating system and browser type. This information is strictly used to ensure that you are able to utilise MAXMONEY. 

14.1.5. Statistical Data and browsing patterns, which do not identify any individual’s Personal Information including general internet usage through the use of a cookie file which is stored in your computer’s hard drive. Cookies enable Mycomax to improve its offerings to you, estimate audience sizes and usage patterns, store information relating to your preferences and to recognize you when you return to our website. Please note that your browser settings can be set to refuse cookies, but that this will detract from certain advantages gained when Mycomax is able to access the aforementioned data. 

14.2. The data and Personal Information noted above are also retained and protected in accordance with the protocols and measures outlined in paragraphs 11 and 13 of this Policy. 

14.3. Please note that third parties advertise on our websites and that there are links to such third parties’ websites. However, we do not have access to, or control over their websites and therefore cannot take responsibility for the information or data collected from their websites. 

15. PERSONAL IDENTIFICATION NUMBER

15.1. When utilising MAXMONEY, you are provided with an access number, username, password and personal identification number (PIN). It is your responsibility to maintain the confidentiality of these particulars and we cannot be held liable for breaches which occur as a result of sharing and/or disclosing these particulars. 

16. TRANSFERRING OF DATA TO FOREIGN TERRITORIES

16.1. Mycomax contracts or receives services from foreign-based entities, from time to time. As a result thereof, data or Personal Information collected through the use of MAXMONEY, or from you, may be transferred outside South Africa. 

16.2. When data or Personal Information is transferred outside South Africa, we will ensure that the data and information is held securely to standards at least as good as those required within South Africa, and that such data and information is only utilised for the purposes set out in this Policy. 

16.3. The Personal Information stored by Mycomax may be retained anywhere in the world, including, but not limited to, Europe, Cloud, our servers and the servers of our affiliates and service providers around the world. 

17. DATA RETENTION PERIODS

17.1. Mycomax will retain the Personal Information and data collected by it for as long as your account is active, or as needed in order to provide services to you and in accordance with any legislative requirements, as may be prescribed from time to time. 

17.2. Personal Information and data will be retained, regardless of the existence of a relationship between you and Mycomax, for as long as necessary to comply with its legal obligations, to resolve disputes, for the enforcement of its rights, or as may be directed by a competent authority. 

18. DATA BREACH

18.1. In the event that a data breach occurs, or there are reasonable grounds to believe that a data breach has occurred and that the Personal Information of you or of a data subject has been accessed, acquired, compromised or leaked, Mycomax will:-  

18.1.1. As soon as practicable, take the appropriate steps to limit the breach and restore the integrity and security of the system;

18.1.2. As soon as reasonable, report to the affected Data Controller(s) the relevant facts and extent of the breach or compromission;

18.1.3. If applicable, report on the identity of the person(s), group(s) or organisation(s) suspect of, or known to have, caused the breach or compromission and/or accessed the Personal Information, unless Mycomax has received an order or direction from a competent authority not to do so;

18.1.4. Notify you immediately, if it is necessary for you to stop the utilisation of MAXMONEY and the extent to which you are required to stop using MAXMONEY, in order to restore the integrity of it and avoid furthering the scope of the breach or compromission. 

19. RIGHT TO ACCESS & AMEND

19.1. You have the right to access the Personal Information that is retained, relating to you utilising MAXMONEY. To obtain a copy of your Personal Information, as held by Mycomax, please direct an email to the Information Officer, using the contact details listed in Part – C of this Policy. Should there be any amendments required to the data or Personal Information, a request may be directed to the Information Officer, in the same manner. 

19.2. Similarly, the Data Subjects whose Personal Information is collected through the utilisation of MAXMONEY, have the same right contemplated in the preceding paragraph, as it relates to their Personal Information. However, as the Data Controller, their request must be submitted to you, whereafter you will direct an instruction to Mycomax’s Information Officer, using the contact details listed in Part – C of this Policy. Should there be any amendments required to the data or Personal Information, a request may be made in the same manner. 

19.3. Although Mycomax takes care to ensure that all data output is true and correct, the validity of data and of reports generated using MAXMONEY, are both reliant on the accuracy of the information which you input. Therefore, Mycomax cannot be held responsible for inaccuracies of data captured by you. 

20. ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT

20.1. Mycomax subscribes to the principles outlined in Section 51 of the Electronic Communications and Transactions Act, 2002 (“ECTA”), which governs your right to having your Personal Information kept private. 

20.2. In accordance with Section 51 of ECTA, we will only collect, collate, process and store (“use”) your Personal Information, with your permission, as set out in this Policy, unless we are legally obligated to do otherwise. The information and data which we use in terms of this Policy shall only be used for the lawful purpose in terms of which it is required. 

20.3. This Policy discloses the specific purpose for which Personal Information of you and of your Data Subjects, as collected through the use of MAXMONEY, is requested, used and stored. 

20.4. No Personal Information will be utilised for any reason other than the reasons outlined in this Policy, without your express consent to do so, unless Mycomax is ordered or directed to do so, by a competent authority.

20.5. Personal Information retained by Mycomax will be disclosed, without your consent if: – 

20.5.1. We are required by law to do so;

20.5.2. Disclosure is in public interest; and

20.5.3. Such disclosure will be deemed to have carried your express or implied consent.

20.6. You are herewith notified that you are entitled to, and understand that you may, option out of any mailing list maintained by Mycomax for commercial and marketing communications. 

21. MARKETING

21.1. By acceptance of this Policy but subject to applicable legislation or laws, you consent to be contacted for marketing purposes and agree to be included in marketing efforts by Mycomax. This includes telemarketing, mass distribution of mail, email and sms messages, and you extend a standing invitation to representatives of Mycomax to visit your premises for marketing and service purposes. You may option out of any such marketing campaigns or efforts by giving any written notice to Mycomax. 

21.2. In respect of emails sent by Mycomax, you may unsubscribe from such mailing lists by using the “unsubscribe” link at the bottom of such emails. This will not affect your transaction and administration related emails in respect of MAXMONEY. 

21.3. If you wish not to receive marketing calls, please advise the representative calling you and you will be added to our “Do Not Call” list. 

21.4. Mycomax maintains a “Do Not Call” and “Do Not Mail” list, as legislatively prescribed. 

22. PRIVACY EXCLUSIONS

22.1. As detailed in this Policy, Mycomax has taken great care in ensuring the Personal Information and data about you and of your customers are protected and confidential. However, Mycomax will not accept any liability of Personal Information is breached or compromised if: – 

22.1.1. the breach or compromission occurred in relation to data stored directly on your hard drive;

22.1.2. the breach or compromission occurred as a result of your failure to keep your username, passwords and PINs private and confidential or distributed the aforementioned information willingly and/or allowed such information to be distributed;

22.1.3. You committed, or allowed to commit without intervention, the use your usernames, passwords and PINs for the purposes of breaching or compromising data;

22.1.4. You engaged in any form of illegal activity, the consequences of which gave rise, directly or indirectly, to a breach or compromission of data;

22.1.5. The data was never in possession of Mycomax;