PRIVACY POLICY
At Happy Pay (Pty) Ltd (reg: 2021/925940/07)
(“Happy Pay”) we adhere to the highest standards of protecting your personal
data when we process it by virtue of your use of our website https://www.happypay.co.za/ (“the Platform”), by utilising our
services, or by providing us with your personal data in any other way. As such,
we have created this privacy policy for you to read and to understand how we
safeguard your personal data and respect your privacy (“Privacy Policy”).
Please ensure that you read all the
provisions below, and our policies and guidelines which may apply from time to
time, to understand all of your, and our, rights and
duties.
1. Important Information and Who We Are
Purpose of this Privacy
Policy
This Privacy Policy aims to
give you information on how we collect and process your personal data through
any form of your engagement with us. This Privacy Policy complies with, and facilitates the obligations required from the Protection
of Personal data Act, No. 4 of 2013 (“POPIA”), as amended and any
other applicable data protection laws.
It is important that you read
this Privacy Policy together with any other privacy policy or fair processing
notice we may provide on specific occasions when we are collecting or
processing personal data about you, so that you are fully aware of how and why
we are using your personal data. This Privacy Policy supplements the other
notices and is not intended to override them.
We do not process the data of minors nor special
categories of personal data. Do not provide us with any such personal data, as
it will constitute an immediate and automatic material breach of this Privacy
Policy.
Responsible Party and Operator
Happy Pay is the “Responsible
Party” and is responsible for your personal data when we decide the
processing operations of your personal data. In some instances, we operate as a
“Operator” of personal data on behalf of a merchant who uses our
services to sell products or services to their clients. In that case, that merchant’s
privacy policy will apply to your use of their services.
We have appointed an
information officer at Happy Pay who is responsible for overseeing questions in
relation to this Privacy Policy. If you have any questions about this Privacy
Policy, including any requests to exercise your legal rights, please contact
our information officer using the details set out below.
Our Contact Details
·
Legal
entity: Happy
Pay (Pty) Ltd
·
Email
address: hello@happypay.co.za
·
Postal
address: 18 Collingwood Road, Observatory
Western
Cape, 7925
You have the right to make a
complaint at any time to the Information
Regulator’s Office.
We would, however, appreciate the chance
to deal with your concerns before you approach any such supervisory authority,
so please contact us in the first instance.
Changes to this Privacy
Policy
This Privacy Policy was last
updated on 22 August 2025 and previous versions are
archived and can be provided on request.
It is important that the personal
data we hold about you is accurate and current. Please keep us informed if your
personal data changes during your relationship with us.
This Privacy Policy is
subject to change without notice and is updated or amended from time to time
and will be effective once we upload the amended version to the Platform. Your
continued access or use of our services constitutes your acceptance of this
Privacy Policy, as amended. It is your responsibility to read this document
periodically to ensure you are aware of any changes.
Third-Party Links on Platform
The Platform may include
links to third-party websites, plug-ins, and extensions. Clicking on those
links or enabling those connections may allow third parties to collect or share
information about you. We do not control these third-party websites and are not
responsible for their privacy statements or terms. When you leave our Platform,
or engage with such third parties, we encourage you to read the distinct
privacy policy of every third-party you engage with. Happy Pay does not accept
any responsibility or liability for your use of such third-party websites,
plug-ins and extensions, nor for the privacy policies and practices of the
owners or operators of them.
2. What We Collect About You
Personal data, or personally
identifiable information, means any information about an individual, both
natural and juristic entities (people and companies), from which that entity
can be identified. It does not include information where the identity has been
removed (anonymous data).
We may collect, use, store,
and transfer (“process”) different kinds of personal data about you
which we have grouped together as follows:
Identity Data including information about you or your
company such as full name, identity and passport number, company name, address
and/or company registration details, date of birth and age.
Biometric Data including copies of identity and passport
documentation.
Contact Data including email address, residential
and/or address, proof of address documentation, and contact numbers.
Financial Data including bank account details and tax
registration details.
Transaction Data including details about payments to and
from you, contracts, contractual terms, contract fees, signups, invoices and
other details of services you have obtained from us or provide to us.
Technical Data including internet protocol address/es,
login data, browser type and version, time zone setting and location, cookies,
browser plug-in types and versions, operating system and platform and other
technology on the devices you use to access the Platform.
Usage Data including information about how you use
our company, Platform, services and surveys.
Customer Support Data including account or transaction
references, communication records (including emails, chat transcripts, and call
recordings), details of your support requests, and any other information you
voluntarily provide to facilitate the resolution of your enquiry.
Marketing and
Communications Data
including messages sent to us, your preferences in receiving notices and
marketing from us and our third parties and your communication preferences as
well as details of which communications were sent to you and how they were
sent.
We may also collect, use, and
share Aggregated Data such as statistical or demographic data for any
purpose. Aggregated Data may be derived from your personal data but is not
considered personal data in law as this data does not directly or
indirectly reveal your identity. However, if we combine Aggregated Data with
your personal data so that it can directly or indirectly identify you, we treat
the combined data as personal data which will be used in accordance with this
Privacy Policy.
Where we need to collect personal
data by law, or under the terms of a contract we have with you and you fail to
provide that data when requested, we may not be able to perform the contract we
have or are trying to enter into with you (for example, to provide you with our
services). In this case, we may have to suspend your use of our services but we will notify you if this is the case at the
time.
3. How Is Your Personal data
Collected?
We use different methods to
collect personal data from and about you, including through:
Direct interactions: You may give us your personal data by
using our services, or by corresponding with us through the Platform, by email
or otherwise. This includes personal data you provide when you:
· use our services;
· use our Platform;
· contract with us;
· provide any services to us as a service
provider or independent contractor;
· request information to be sent to you;
· give us some feedback.
Automated technologies or
interactions: As you
interact with our Platform, we may automatically collect Technical Data and
Usage Data about your device. We may collect this personal data by using
cookies, server logs and other similar technologies.
Third parties: We may receive personal data about you
from various third parties such as:
·
credit
bureaux;
·
analytics
providers;
·
marketing
platforms;
·
search
information providers.
4. How We Use Your Personal data
We will only process your personal
data under one or more legal bases for processing personal information. Most
commonly, we will process your personal data under the following lawful bases:
·
where
we have your express consent to do so;
·
where
we need to consult with you or perform on the Services contract we are
about to enter into or have entered
into with you;
·
where
it is necessary for our legitimate business interests (or those of a
third party) and your interests and fundamental rights do not override those
interests; and/or
·
where
we need to comply with a legal or regulatory obligation.
5. Purposes For Which We Will Use Your Personal
data
We have set out below the
purpose for which we will process your personal data, which includes:
·
assessing and
verifying the identity and creditworthiness of shoppers and merchants prior to
providing transactional or related services;
·
facilitating the
application, approval, and management of buy now, pay later transactions;
·
processing
payments, managing billing, and administering accounts in connection with its services;
·
communicating
with shoppers and merchants regarding account status, payment schedules, and
transaction updates;
·
detecting,
preventing, and investigating fraud, money laundering, or other unlawful activities;
·
complying with
legal, regulatory, and reporting obligations;
·
to
disclose and obtain information from credit bureaus;
·
to
comply with valid requests for information, including subject access requests
and requests in terms of the Promotion of Access to Information Act 2 of 2000;
·
managing
customer support queries and resolving disputes related to transactions;
·
conducting data
analytics to improve service offerings, risk assessment, and customer experience;
·
sending
service-related notices, updates, and, where permitted, marketing communications;
·
to
contract with service providers;
·
to
provide it to our service providers who need personal data to provide their
services to you (whether it is done through Happy Pay or directly between you
and the service provider);
·
to
process and service your payment for any services rendered by Happy Pay or our service
providers;
·
to
manage payments, fees, and charges;
·
to
conduct market and behavioural research including scoring and analysis to
determine if you qualify for products and services;
·
to
develop, test and improve products and services for you;
·
for
historical, statistical and research purposes;
·
to
manage our relationship with you which may include notifying you about changes
to our Privacy Policy, or services or the delivery of communications and the
effectiveness thereof;
·
to
administer and protect our company, Platform and services (including
troubleshooting, data analysis, testing, system maintenance, support, reporting
and hosting of data);
·
for
internal purposes such as training and monitoring; and
·
to communicate with you for any queries, provide you with direct
marketing, make suggestions about services that may be of interest.
Change of Purpose
We will only use your personal
data for the purposes for which we collected it, unless we reasonably consider
that we need to use it for another reason and that reason is compatible with
the original purpose.
If we need to use your personal
data for an unrelated purpose, we will notify you and we will explain the legal
basis which allows us to do so.
Please note that we may
process your personal data without your knowledge or consent, in compliance
with the above rules and where required or permitted by law.
Marketing
We strive to provide you with
choices regarding how we use your personal data, particularly around marketing
and advertising. To manifest your rights attached to any marketing sent to you,
please use the built-in prompts provided on those communications, or contact
us.
You will receive marketing
communications from us if you have requested our services, requested
information from us, or provided us with your details in any other circumstance
and, in each case, have not opted-out of receiving
that marketing.
You can ask us to stop
sending you marketing messages at any time by using the built-in prompts or
contacting us and requesting us to cease or change your marketing preferences.
Where you opt-out of receiving marketing messages, this opt-out will not apply
to other personal data of yours which we process for another lawful basis.
Third-Party Marketing
Whilst we may use your personal
data within our company, we will get your express opt-in consent before we
share your personal data publicly with any entity outside of Happy Pay for
marketing.
6. Disclosures Of Your Personal data
We may have to share your personal
data with the parties set out below for the purposes set out above.
·
Internal
Third Parties including other entities or parties in the Happy Pay group and
their respective directors, consultants and employees;
·
External
Third Parties including:
o authorised third-party service providers
under contract with Happy Pay who need your personal data to provide their
services to you pursuant to your use of our services;
o credit bureaux to report any missed payment
or other similar reporting;
o service providers and contractors providing
their services to us and processing your personal data on instruction from us;
o national governments and/or their
respective authorities pursuant to our adherence with legislative requirements; such as tax; and
o professional advisers including lawyers,
bankers, auditors and insurers who provide consultancy, banking, legal,
insurance and accounting services as required.
·
Third
parties to whom we may choose to sell, transfer, or merge parts of our company
or our assets. Alternatively, we may seek to acquire other organisations or
merge with them. If a change happens to our company, we may continue to use
your personal data in the same way as set out in this Privacy Policy.
We require all third parties
to respect the security of your personal data and to treat it in accordance
with the law. We do not allow our third-party service providers to use your personal
data for their own purposes and only permit them to process your personal data
in accordance with our instructions and standards.
7. Cookies
The Platform may make use of
“cookies” to automatically collect information and data through the standard
operation of the internet servers. “Cookies” are small text files a platform
can use (and which we may use) to recognise repeat users, facilitate the user’s
on-going access to and use of a platform and allow a platform to track usage
behaviour and compile aggregate data that will allow the platform operator to
improve the functionality of the platform and its content, and to display more
focused advertising to a user by way of third party tools.
The type of information
collected by cookies is not used to personally identify you. If you do not want
information collected using cookies, there is a simple procedure in most
browsers that allows you to deny or accept the cookie feature. Please note that
cookies may be necessary to provide you with certain features available on our Platform
and thus if you disable the cookies on your browser
you may not be able to use those features, and your access to our Platform will
therefore be limited. If you do not disable “cookies”, you are deemed to
consent to our use of any personal data collected using those cookies, subject
to the provisions of this Privacy Policy and our other policies or terms.
8. International Transfers
We may share and process your
personal data outside of South Africa to engage with third party service
providers who provide software to us, web development services or any other
services necessary for our business.
If we may transfer your personal
data, we will ensure a similar degree of protection is afforded to it by
ensuring at least one of the following safeguards is implemented:
·
We
will only transfer your personal data to countries that have appropriate data
protection legislation in place; and/or
·
Where
we use service providers, we will use specific contracts/clauses which ensure personal
data is processed and secured lawfully.
9. Data Security
We have put in place
appropriate security measures to prevent your personal data from being
accidentally lost, used, or accessed in an unauthorised way, altered, or
disclosed by implementing reasonable technical and organisational measures in
accordance with best industry practice. We also limit access to your personal
data to those employees, agents, contractors and other third parties who have a
legitimate need to know. They will only process your personal data on our
instruction and are subject to a duty of confidentiality.
We have put in place
procedures to deal with any suspected personal data breach and will notify you
and the Information Regulator of a breach where we are legally required to do
so.
10. Data Retention
We will only retain your personal
data for as long as necessary to fulfil the purpose we collected it for
including any legal, accounting, or reporting requirements.
We may also anonymise your personal
data (so that it can no longer be associated with you) for research or
statistical purposes in which case we may use this information indefinitely
without further notice to you.
11. Your Legal Rights
You have rights in relation
to your personal data where we are the relevant “Responsible Party” over such personal
data. Please contact us to find out more about, or manifest, these rights:
·
request
access to your personal data;
·
request
correction of your personal data;
·
request
erasure of your personal data;
·
object
to the processing of your personal data;
·
request
a restriction of processing your personal data;
·
request
transfer of your personal data; and/or
·
right
to withdraw consent.
You will not have to pay a
fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded,
repetitive, or excessive. Alternatively, we may refuse to comply with your
request in these circumstances.
We may need to request
specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights).
This is a security measure to ensure that personal data is not disclosed to any
person who has no right to receive it. We may also contact you to ask you for
further information in relation to your request to speed up our response.
We try to respond to all
legitimate requests within one month. Occasionally it may take us longer than a
month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and
keep you updated.
Users with citizenships from
jurisdictions other than South Africa, please note that we comply with South
African data protection laws when processing your personal data. Should foreign
law be applicable to your use of our services and/or the Platform in any way,
including how we may process your personal data, please contact us and we will
gladly engage with you on your rights.