Search
Sign up now
Sign up now

Privacy notice

POLICY ON DATA CONFIDENTIALITY, AVAILABILITY AND INTEGRITY

(last updated 9 March 2026)

1.

INTRODUCTION

At Hello Paisa your privacy is important to us, accordingly this document sets out how we process your Personal Data and provides you with key information in this regard.

This document should be read together with our PAIA Manual, which is available on our website.

Any reference to “Personal Data” in this document shall include both ‘personal information’ and ‘special personal information’ as defined in an applicable data protection law.

2.

DEFINITIONS

The following terms shall bear the meanings as provided for hereunder:

“Company” – means the private body identified in paragraph 3 below;

“Data Subject” – shall bear the meaning as defined in POPIA;

“Deputy Information Officer” – means the individual(s), as designated to the position from time to time;

“Information Officer” – means the head of the Company, as designated to the position of Information Officer from time to time;

“Minister” – means the Minister of Justice and Correctional Services;

“PAIA” – means the Promotion of Access to Information Act, No. 2 of 2000 (as amended);

“POPIA” or “the Act” – means the Protection of Personal Information Act, No. 4 of 2013 (as amended); and

“Regulator” – means the Information Regulator;

Any terms not expressly defined herein shall bear the meaning ascribed to it in POPIA or where relevant PAIA.

3.

GENERAL INFORMATION AND KEY CONTACT DETAILS

PRIVATE BODY DETAILS

Company NameHello Paisa (Proprietary) Limited
Registration Number2012/123966/07
Street and Postal AddressBuilding E, West End Office Park, 250 Hall Street, Die Hoewes, Centurion, Gauteng, 0157.
Telephone Number(012) 643 0281
Email[email protected]
FaxN/A
Websitewww.hellopaisa.co.za

All Communications to be marked for the attention of the “Information Officer” and “Deputy Information Officer”.

All objections to processing of Personal Data (FORM 1), requests for correction or deletion of Personal Data (FORM 2), requests, queries or complaints must be in writing and addressed to the Information Officer and Deputy Information Officer, as provided for above. These forms are also available on the Information Regulator’s website at www.inforegulator.org.za/popia/

4.

PURPOSE

This document explains how the Company will obtain, use and disclose your Personal Data, in accordance with the requirements of the Protection of Personal Information Act of 2013, as amended from time to time, and any other applicable data protection or privacy laws.

We are committed to respecting and maintaining the privacy and security of your Personal Data submitted to the Company via our various channels for the rendering of any services and for the provision of any products.

We will treat all Personal Data as private and confidential and undertake to deal with your Personal Data in a responsible and lawful manner.

We will take all reasonable measures to prevent unauthorised access, dissemination or loss of your Personal Data.

We will only request Personal Data required for purposes of rendering or providing the requested services or products to you and to comply with any regulatory requirements.

This document does not apply to the information practices of third-party companies whom we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Hello Financial Services does not manage or employ. To the extent that a designated service provider or third party is required to process Personal Data in their own right and not necessarily only for and in relation to Hello Financial Services, they will each be responsible for complying with their legal obligations relating to such processing activities. Each of these designated service providers and third-party sites may have its own privacy policies and terms and conditions and we encourage you to read them before using them.

5.

PERSONAL DATA THAT WE COLLECT AND PROCESS

We will only collect Personal Data required to provide the relevant products and services to you or as required by applicable law and our duties thereunder, which include, without limitation, the following:

Data SubjectPersonal Information
Customers and/or End ConsumersFull Name & Surname; Identification Number/Passport Number; Identity/Passport/Asylum document; Date of Birth; Gender; Phone number; Email address; Any such information required for FICA purposes; FATCA information; Nationality; Country of Birth; Physical Address; Proof of Physical Address; Postal Address; Bank Account Details; Proof of Bank Account; Unique Customer ID; Selfie/Photograph; Sanction Screening reports (if applicable); Customer Profile; Source of Funds; Proof of Source of Funds; Employment Status; Employment Type; Occupational Industry; Salary/income amount (if applicable); Employer Name; If self-employed/business owner: business name/category/industry; Marketing preferences; Marital Status; MSISDN; Device ID; Transaction history; Transaction limits (if applicable); Data regarding use of products and services; Communication records (including email, SMS, telephone etc.); Signature (including electronic signatures); Telephone records/recordings.
Employees / PersonnelFull Name & Surname; Identity Number/Passport Number/Asylum Number; Contact details (Email and mobile number); Physical and postal address; Date of birth; Age; Race; Biometric Information; Employment history/References; Background checks (criminal checks, credit checks and polygraph); Curriculum Vitae’s; Education history/Qualifications; Banking details; Income tax reference number; Remuneration and benefit information (including medical aid, pension/provident fund information); Disciplinary procedures; Employee disability information; Employee contracts; Employee performance records; Payroll records (including Payslips and IRP5); Physical access records; CCTV records; Health and safety records; Time and attendance; Vehicle Registration Number; Next of kin Information; Death Certificate (if applicable).
New Job ApplicantsFull Name & Surname; ID/Passport/Asylum; Date of Birth; Physical Address; Email address; Telephone number; Race; Gender; Details of Qualification; Educational background; Curriculum Vitae’s; Experiences and employment history; Information about an applicant’s current level of remuneration, including benefit entitlements; Whether or not they have a disability for which the Company needs to make reasonable adjustments during the recruitment process; Eligibility to work in South Africa; References; Background checks (MIE verification); Fraud and Criminal checks; Any other information that the applicant may submit as part of their CV or job application.
Physical Premises VisitorsFull Name and Surname; Cell phone number; CCTV footage; Reason for visiting; Signature (including electronic signatures); Vehicle License Disc; Drivers License.
Website Visitors / Mobile App VisitorsName & Surname; Email address/contact details (if provided by data subject); Internet Protocol address; Marketing Preferences; Website history; Cookies.
Service Providers / Suppliers / Corporate Partnerships / Third-PartiesRegistered Name/Full Name; Trading Name (if different to registered name); Company Registration Number/CC Registration Number/Trust Registration Number; If Sole Proprietor or Partnership, ID/Passport of relevant persons; Incorporation/founding documents; Tax Number; VAT Number; Phone Number; Email address; Key Contact Person(s) details; Director details; Shareholder details (where applicable); Beneficial Ownership Information; Registered Address/Physical Address; Banking details; Proof of Banking details; Applicable business or regulatory licenses; Contracts; Intellectual Property including but not limited to Trademarks, Copyright and/or Patents; Marketing material; Website details; Policies and procedures; Customer/End-Customer information (if applicable); Details of products and/or services provided; Performance related information; Any dispute resolution or litigation related information; Signature (including electronic signatures).

Furthermore, you will be required to provide the Company with the Personal Data of your designated:

  • Recipient for purposes of facilitating and providing the international money remittance services to you; and
  • Beneficiary for purposes of facilitating and providing our insurance products to you.

6.

HOW WE COLLECT YOUR PERSONAL DATA

We will primarily collect your Personal Data from you directly in person or via non-face to face channels such as our websites, mobile applications, USSD, Email, text messages, telephonically or otherwise.

We may also collect your Personal Data from third parties to the extent necessary or permitted by applicable legislation.

7.

CONSENT AND JUSTIFICATION TO PROCESS

By making use of our services, products and service channels, you explicitly agree that we may process your Personal Data in accordance with the applicable data protection laws, this notice and any service or product-specific terms and conditions.

You acknowledge and agree that your Personal Data may be verified and/or processed for purposes of banking, financial services, insurance and risk management purposes by Hello Financial Services against any other reasonable and legitimate sources or databases to ensure the accuracy and completeness of any Personal Data provided on an ongoing basis.

Subject to applicable law, we will use your Personal Data where:

  • We have obtained your prior consent to process; or
  • Without your consent where there is a legal justification for such processing, which includes:
    • Where the processing of your Personal Data is necessary to carry out actions for the conclusion or performance of a contract to which you are a party;
    • Where the processing of your Personal Data is necessary to comply with an obligation imposed by law on the Company including but not limited to obligations imposed under the Financial Intelligence Centre Act, 38 of 2001 (FICA), the Protection of Constitutional Democracy Against Terrorist and Related Activities Act, 33 of 2004 (POCDATARA), the Prevention of Organised Crime Act, 121 of 1998 (POCA), the Financial Advisory and Intermediary Services Act, 37 of 2002 (FAIS), the Regulation of Interception of Communications and Provisions of Communication-related Information Act 70 of 2002 (RICA), the Electronic Communications and Transactions Act, 2002 (ECTA), the Electronic Communications Act, 2005 (ECA), the Consumer Protection Act, 2008 (CPA), the Promotion of Access to Information Act, 2000 (PAIA), and the Cybercrimes Act, 2020;
    • Where the processing of your Personal Data is necessary to protect a legitimate interest of yours; or
    • Where the processing of your Personal Data is necessary to pursue the legitimate interests of Hello Financial Services or of a third party to whom the information is lawfully supplied.

Where we rely on your consent as the legal basis for processing Personal Data, you may withdraw your consent or may object our processing of your Personal Data at any time. However, this will not affect the lawfulness of any processing carried out prior to the withdrawal of consent or any processing justified by any other legal ground provided under the applicable data protection law.

If the consent is withdrawn or if there is otherwise a justified objection against the use or the processing of such Personal Data, we will no longer process the Personal Data.

8.

PROCESSING OF YOUR PERSONAL DATA

We only use your Personal Data for the specific purpose(s) it was originally collected for or as further authorised or permitted to process and which constitutes a lawful basis.

We mainly process your Personal Data for the following non-exhaustive purposes:

  • to provide our products and services to you;
  • to comply with legal and regulatory obligations imposed on Hello Financial Services in terms of national, foreign or international laws;
  • monitoring the use of our electronic systems. We will, from time to time, engage third-party service providers (who will process your Personal Data on our behalf) to facilitate this;
  • preventing, discovering, and investigating non-compliance with any standard or certification issued in respect of providing payment facilitation and acceptance services, including, any internal policies or procedures which may be updated or implemented from time to time;
  • investigating fraud, or other related matters;
  • in connection with the execution of payment processing / facilitation / acceptance functions;
  • for employment-related purposes such as recruitment, administering payroll, and carrying out background checks;
  • in connection with internal audit purposes (i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
  • in connection with external audit purposes. For this purpose, Hello Financial Services engages external service providers and, in so doing, shares Personal Data of yours with third parties;
  • to respond to any correspondence that you may send to Hello Financial Services, including via email or by telephone;
  • to facilitate and process an application by a data subject to become a customer;
  • to contact you for marketing purposes subject to the provisions below;
  • for such other purposes to which you may consent from time to time; and
  • for such other purposes as authorised in terms of applicable law.

9.

DISCLOSURE OR SHARING OF PERSONAL DATA

We may share your Personal Data with our affiliates forming part of our larger group, to the extent necessary to provide our products and services to you.

We will only disclose your Personal Data to third parties outside of our group to the extent that it is strictly necessary to facilitate the provision of our products and services to you.

In any instance where we share / disclose / process your Personal Data with a third party either forming part of our group or outside thereof, we hereby warrant that any such third party will be subject to a binding and valid agreement which ensures such a third party provides the requisite and/or same care and protection for such Personal Data as afforded by Hello Financial Services and the applicable data protection law.

We are also legally obligated to disclose your Personal Data to certain governmental and regulatory bodies in terms of national, foreign and international legislation.

Below is a non-exhaustive list of governmental and regulatory bodies to whom we are required to disclose your Personal Data:

  • Financial Intelligence Centre;
  • Information Regulator;
  • South African Reserve Bank;
  • Foreign/international counterparts of the above, where applicable.

10.

SPECIAL PERSONAL DATA

The applicable data protection laws generally prohibit the processing of ‘special personal data or special category data’, also called ‘sensitive data’ unless you have given your consent or if there is another lawful basis for us to collect and process that information.

Special personal data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life or sexual orientation. There are also restrictions on the processing of criminal convictions and offences.

11.

PERSONAL DATA OF MINORS

We do not knowingly collect or process Personal Data from children under the age of 18 (“minor(s)”), if we do however collect, whether knowingly or not, it is due to us having the necessary consent of either the parent, guardian and/or any such person authorized to give consent for the collecting and/or processing of the minor’s personal information.

Minors may not use our website or platforms and are not eligible to use our products and services and should not attempt to supply us with any information. If a minor does use our website or platforms, such minor does so voluntarily and without our knowledge and cannot be held responsible for the unauthorized use of our website or platforms.

It remains the responsibility of the parent, guardian and/or any such person authorized to consent to the collection and/or processing of the minor’s personal data to ensure it does have the consent to authorize the collecting and/or processing of the personal data.

12.

PERSONAL DATA AND DIRECT MARKETING

With your consent and/or where permitted by law, we may use your Personal Data to contact you for marketing, advertising and promotional and/or any other lawful purposes. This may include contacting you by way of email, telephone, text message or other means.

Should you not wish to receive direct marketing communication from us, you can immediately update your preferences by getting in touch with our team via email on [email protected]

We will ensure that a reasonable opportunity is given to you to object to the use of your Personal Data for our marketing purposes when collecting the Personal Data and to “unsubscribe” or “opt out” of receiving marketing material on each occasion of us providing a marketing communication.

We will not use your Personal Data to send you marketing materials if you have requested not to receive them and if you have requested that we stop processing your Personal Data for marketing purposes.

13.

TRANSFERRING PERSONAL DATA OUTSIDE THE BORDERS OF SOUTH AFRICA

Due to the international nature of our business and services, we may transfer your Personal Data:

  • Across borders to our foreign affiliates; and
  • to third-party’s involved in facilitating or providing our products and services in foreign countries.

We will only transfer your Personal Data to a third-party outside of the Republic of South Africa, if:

  • We have your consent for such transborder transfer;
  • The third-party is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection that effectively upholds principles for reasonable processing of Personal Data that are substantially similar to the conditions for lawful processing of Personal Data relating to a data subject (you) who is a natural person and, where applicable, a juristic person. Furthermore, such law, binding corporate rules or binding agreement must include provisions that are substantially similar to section 72 of POPIA relating to the further transfer of Personal Data from the recipient third-party to another third party in a foreign country;
  • The transfer is necessary for the performance of the contract between the Company and yourself, or for the implementation of pre-contractual measures taken in response to your request;
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Company and a third party; or
  • The transfer is for your benefit, and:
    • It is not reasonably practicable to obtain your consent; and
    • If it were reasonably practicable to obtain such consent from you, you would likely have given such consent.

14.

KEEPING PERSONAL INFORMATION ACCURATE

We will take reasonable steps to ensure that all Personal Data is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Data is collected or further processed.

We may not always expressly request you to verify and update your Personal Data unless this process is specifically necessary.

However, it does remain your responsibility to notify us from time to time in writing of any updates required in respect of your Personal Data.

15.

INFORMATION SECURITY

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.

When we contract with third parties, appropriate security, privacy and confidentiality obligations are imposed on them to ensure that Personal Data is kept secure.

We regularly test the effectiveness of the security of our systems and response to any threats that may be detected.

Unfortunately, the transmission of information via the internet (including by email) is not completely secure. We will do our best to protect your Personal Data once in our possession, however, we cannot guarantee the security of your data transmitted to our site or other platforms; and any transmission is at your own risk. Once we have received your Personal Data, we will use strict procedures and security features to protect your Personal Data.

16.

YOUR RIGHTS AS A DATA SUBJECT

You have the following rights:

  • the right to be informed about our collection of your Personal Data;
  • the right to access your Personal Data that we have on record;
  • the right to have your Personal Data corrected or updated where deemed incorrect or incomplete;
  • the right to request that we delete or destroy your Personal Data;
  • the right to object to our further processing of your Personal Data;
  • the right to data portability, meaning that you may request that we transfer your Personal Data to another organization, if permitted by law;
  • the right to question automated decisions, meaning you may query a decision that we make about our products and/or services if the decision was made without any human intervention steps;
  • any other rights that may be provided under applicable data protection laws.

Should you wish to exercise any of the above rights, we may request proof of your identity in order for us to verify your identity.

The above rights have limitations, if a limitation applies, we will advise you of the limitation that applies. For example, you may require that we delete all your Personal Data, however, we may be required by applicable law to retain it for a certain period of time and will therefore advise you of such limitation and why we cannot fully/partially comply with your request.

All requests must be in writing and addressed to the Information Officer/Deputy Information Officer, as provided for in paragraph 3 above.

We will endeavor to respond to your request within 30 days from date of receipt of your request. Should we require an extension of time (not exceeding 30 days) we will advise you of such extension and the reason therefore before expiration of the initial 30-day period.

17.

ACCESS REQUEST IN TERMS OF PAIA AND POPIA

The applicable data protection law read with the relevant provisions of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) confers certain access rights on data subjects. For more details on how to submit an access request, see our PAIA Manual which is accessible on our website.

18.

COOKIES

Please request our cookie policy for more information.

19.

HOW LONG WE WILL KEEP YOUR PERSONAL DATA

We will not retain your Personal Data any longer than is necessary to fulfil the reason(s) for which it was collected. That being said, we are legally obligated in terms of applicable legislation to retain certain data or Personal Data for a specified period of time after an account/profile has been closed. If we do not need to keep your Personal Data, we will destroy, delete or de-identify it.

20.

CHANGES TO THIS NOTICE

This privacy notice was last updated on the date indicated above.

We reserve the right to amend or update this privacy notice to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law without prior notice to you. We encourage you to read this privacy notice carefully and to regularly check this page to review any changes we might make to the terms of this privacy notice.

Your continued use of the website or other platforms after any changes or revisions to this privacy notice shall indicate your agreement with the terms of such revised privacy notice.

21.

INFORMATION REGULATOR

You have the right to complain to the Information Regulator. The contact details for the Information Regulator are as follows:

Physical AddressWoodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, Gauteng, 2191.
Toll Free Number0800 017 160
Landline010 023 5200
E-mail[email protected]
POPIA Complaints[email protected]
Websitehttps://www.inforegulator.org.za