Compliance

POPI Ready

Read our Promotion of Access to Information Act (PAIA) manual for more information on how you can manage your personal information with us.

What’s on this page

Sections

Payfast Access to Information Manual

We respect your right of access to information. This document will help you exercise that right as required by section 51 of the Promotion to Access of Information Act 2 of 2000 (PAIA).

Introduction

We are Payfast (Pty) Ltd, we conduct business as a payment service provider (PSP), and this is our ‘Access to Information Manual’. Its purpose is to help you access our information and any other information that we have. PAIA requires us to make it available to you so that you:

  • know what types of information we have; and
  • can request access to it.

Our details

Our details are as follows:

  • Company name:  Payfast (Pty) Ltd
  • Registration number:  2007/011558/07
  • Physical address:   240 Main Road Great Westerford Building Second Floor, Rondebosch, Cape Town, 7700
  • Phone number:   021 300 4455
  • Information officer:   Kevin Cooke
  • Information officer email:   [email protected]
  • Contact email:   [email protected]
  • Website:   https://payfast.io/

Further guidance

If you would like further guidance on how you can get access to information under PAIA, you may contact the Information Regulator to find out more information about PAIA. The Information Regulator is required to compile a guide in each official language of South Africa on how to exercise any right under PAIA. The current guide compiled by the South African Human Rights Commission is available here. In terms of the Section 110 of the Protection of Personal Information Act 4 of 2013 the functions of the Human Rights Commission have transferred to the Information Regulator. Their contact details are as follows:

Records we hold

We hold the following subjects and categories of records:

  • Company records;
  • Business records;
  • Financial records;
  • Insurance records;
  • Income Tax;
  • Personnel records;
  • Policies and directives;
  • Agreements or contracts;
  • Regulatory documents;
  • Published information;
  • Customer information; and
  • Reference materials.

Please note that records that are ‘not automatically available,’ must be requested using the process outlined in the ‘How to request access’ section of this manual.

Company records

Company records are all our records related to the incorporation and administration of our company. Some of them are available from the Companies and Intellectual Property Commission (CIPC).

Memorandum of incorporation

Automatically available from CIPC


Directors’ names

Automatically available from CIPC


Documents of incorporation

Automatically available from CIPC


Minutes of board of directors meetings

Not automatically available


Written resolutions

Not automatically available


Records relating to appointment of directors, auditor, secretary, public officer, or other officers

Not automatically available


Share register and other statutory registers

Not automatically available


Other statutory records

Not automatically available

Business records

Business records include any documents that have economic value to the business.


Operational records

Not automatically available


Databases

Not automatically available


Internal correspondence

Not automatically available


Product records

Not automatically available


Systems, solutions and information technology

Not automatically available


Intellectual property pertaining to solutions and products developed

Not automatically available


Intellectual property pertaining to solutions and products developed

Not automatically available


Financial records

Business records include any documents that have economic value to the business.


Financial statements

Not automatically available (NDA required)


Tax returns

Not automatically available


Other documents relating to taxation of the company

Not automatically available


Accounting records

Not automatically available


Banking records

Not automatically available


Banking details

Automatically available on request


Bank statements

Not automatically available


Electronic banking records

Not automatically available


Asset register

Not automatically available


Invoices

Not automatically available


Financial agreements

Not automatically available


Insurance records

Insurance records are all our records related to our insurable assets.


Insurance policies held by the company

Not automatically available


Income tax records

Income tax records are all our records related to our income tax obligations.


PAYE Records

Not automatically available


Corporate tax records

Not automatically available


Documents issued to employees for income tax purposes

Not automatically available


Records of payments made to SARS on behalf of employees

Not automatically available


Skills Development Levies

Not automatically available


UIF

Not automatically available


Personnel records

Personnel records are all our records about anyone who works for us, provides services to us, or provides services on our behalf and who receives or is entitled to receive remuneration, including our employees, contractors, and other personnel.


List of employees

Not automatically available


Employee personal information

Not automatically available


Employee employment contracts

Not automatically available


Employment applications and appointment letters

Not automatically available


Employment policies and procedures

Not automatically available


Employment Equity Plan

Not automatically available


Health and safety records

Not automatically available


Salaries or wages of employees

Not automatically available


Leave records

Not automatically available


Internal evaluations and performance records

Not automatically available


Disciplinary records

Not automatically available


Training records

Not automatically available


Personal records provided by personnel

Not automatically available


Policies and directives

Policies and directives include both internal and external documents.


Internal relating to employees and the company

Not automatically available


External relating to clients and other third parties

Not automatically available


Information technology systems and documents

Not automatically available


Agreements or contracts

Agreements or contracts include the documents themselves and all related documents.


Standard Agreements

Not automatically available


Contracts concluded with customers/Merchants

Not automatically available


NDAs

Not automatically available


Third party contracts (such as JV agreements, VAR Agreements, etc.)

Not automatically available


Office management contracts

Not automatically available


Rental agreements

Not automatically available


Supplier or service contracts

Not automatically available


Regulatory documents

Regulatory documents include any documents required to comply with any laws.


Permits

Not automatically available


Licences

Not automatically available


Authorities

Not automatically available


Published information

Published information includes any document that we prepare and produce.


Brochures

Automatically available on request


External newsletters and circulars

Automatically available on request


Information available on the website

Automatically available on request


Internal newsletters and circulars

Automatically available on request


Customer information

Customer information includes any information about anyone that we provide goods or services to, including our customers, leads, or prospects.


Customer details

Automatically available on request


Contact details of individuals within customers

Automatically available on request


Communications with customers

Automatically available on request


Sales records

Automatically available on request


Transactional information

Automatically available on request


Marketing records

Automatically available on request


Reference materials

Reference materials include any sources of information that we contribute to.


Newsletters and journals articles

Not automatically available


Information we hold to comply with the law

We hold records for the purposes of PAIA in terms of the following main laws, among others:

  • Basic Conditions of Employment Act 75 of 1997;
  • Broad Based Black Economic Empowerment Act 53 of 2003;
  • Companies Act 61 of 1973;
  • Companies Act 71 of 2008;
  • Compensation for Occupational Injuries and Disease Act 130 of 1993;
  • Competition Act 89 of 1998;
  • Consumer Protection Act 68 of 2008;
  • Copyright Act 98 of 1978;
  • Currencies and Exchanges Act 9 of 1933;
  • Electronic Communications Act 36 of 2005;
  • Electronic Communications and Transactions Act 25 of 2002;
  • Employment Equity Act 55 of 1998;
  • Financial Intelligence Centre Act 38 of 2001;
  • Financial Sector Regulation Act 9 of 2017;
  • Income Tax Act 58 of 1962;
  • Intellectual Property Laws Amendment Act, No 38 of 1997;
  • Intellectual Property Laws Amendment Act, No 28 of 2013;
  • Labour Relations Act 66 of 1995;
  • National Credit Act 34 of 2005;
  • Occupational Health and Safety Act 85 of 1993;
  • Prescription Act 18 of 1943;
  • Prevention & Combating of Corrupt Activities Act 12 of 2004;
  • Prevention of Constitutional Democracy Against Terrorist & Related Activities Act 33 of 2004;
  • Prevention of Organised Crime Act 121 of 1998;
  • Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000;
  • Protected Disclosures Act 26 of 2000;
  • Promotion of Access to Information Act, No 2 of 2000;
  • Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004;
  • Protection of Personal Information Act 4 of 2013;
  • Regulation of Interception of Communications and Provision of Communication related Information Act 70 of 2002;
  • Skills Development Act 97 of 1998;
  • Skills Development Levies Act 9 of 1999;
  • Tax Administration Act 28 of 2011;
  • Trade Marks Act 194 of 1993;
  • Unemployment Contributions Act 4 of 2002;
  • Unemployment Insurance Act 63 of 2001;
  • Unemployment Insurance Contributions Act 4 of 2002; and
  • Value Added Tax Act 89 of 1991.

How to request access

We have authorised and designated our information officer to deal with all matters relating to PAIA in order to comply with our obligations in terms of PAIA. To request access to a record, please complete Form C which is available from:

  • the Information Regulator website.

Please submit the completed form to our information officer together with the relevant request fee at our information officer’s email address or our physical address, of our details provided above. Please ensure that the completed form:

  • has enough information for the information officer to identify you, the requested records, and which form of access you require;
  • specifies your email address, postal address, or fax number;
  • describes the right that you seek to exercise or protect;
  • explains why you need the requested record to exercise or protect that right;
  • provides any other way you would like to be informed of our decision other than in writing; and
  • provides proof of the capacity in which you are making the request if you are making it on behalf of someone else (we will decide whether this proof is satisfactory).

If you do not use the standard form we may:

  • reject the request due to lack of procedural compliance;
  • refuse it if you do not provide sufficient information; or
  • delay it.

Grounds for refusal

We may have to refuse you access to certain records in terms of PAIA to protect:

  • someone else’s privacy;
  • another company’s commercial information;
  • someone else’s confidential information;
  • the safety of individuals and property;
  • records privileged from production in legal proceedings; or
  • research information.

We will notify you in writing whether your request has been approved or denied within 30 calendar days after we have received a completed request for access form. If we cannot find any requested record or it does not exist, then we will notify you by way of affidavit that it is not possible to give access to that particular record.

How we will give you access

We will evaluate and consider all requests to us in terms of PAIA. If we approve your request for access to our records, then we will decide how to provide access to you – unless you have asked for access in a specific form. Publication of this manual does not give rise to any rights to access information records, except in terms of PAIA.

How much it will cost you

You must pay us a request fee as required by law when submitting a request for access to information. The prescribed fees are as set out in the Fee Schedule. You must pay us the fees before we will hand over any information. You may have to pay a further access fee if we grant the request for any time that has exceeded the prescribed hours to search and prepare the record for disclosure.

How we process and protect personal information

We process the personal information of various categories of people for various purposes as set out in this clause.

Categories of people

We process the personal information of the following categories of people:

  • customers or clients, including Merchants who accept one or more of our payment methods;
  • employees; and
  • contractors, vendors, or suppliers.

Purposes

We process the personal information to:

  • supply our services including providing payments processing services to our merchants and consumers;
  • better understand our data subjects’ needs when doing so;
  • manage employees in general;
  • manage customers in general;
  • manage customer credit in general; and
  • process customer requests or complaints.

Categories of personal information

We process many different categories of personal information, including:

  • contact details, such as phone numbers, physical and postal addresses, and email addresses;
  • personal details, such as names and ages;
  • banking details, account numbers;
  • background information;
  • contract information; and
  • credit information.

Third-party disclosures

We give the following people personal information that we process in the ordinary course of business to fulfill our obligations to our customers or clients:

  • contractors, vendors, or suppliers including the Banks;
  • operators, other responsible parties, or co-responsible parties; and
  • third party vendors/contractors (such as software developers) to help us maintain our services.

Cross-border transfers

We process personal information outside of South Africa. We will only transfer data to other countries who have similar privacy laws to South Africa’s, or recipients who can guarantee the protection of personal information to the same standard we must protect it.

Security

We secure data by maintaining reasonable measures to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We also take reasonable steps, in line with industry best practices, to keep personal information accurate, current, complete, confidential and reliable for its intended use. Our security measures are in line with industry best practices and include compliance as a Level 1 payments processor issued by the Payments Card Industry security standards council.

Remedies

If your request for access is denied, you may:

  • apply to a court with appropriate jurisdiction; or
  • lodge a complaint with the Information Regulator, for the necessary relief.

Availability of this manual

This manual is available in English and will be available on our website, and at our company offices. The manual is also electronically available on our website.

Updates to this manual

This manual will be updated whenever we make material changes to the current information.