Payfast Access to Information Manual

We respect your right of access to information. This document will help you exercise that right as required by section 51 of the Promotion to Access of Information Act 2 of 2000 (PAIA).

Introduction

We are Payfast (Pty) Ltd, we conduct business as a payment service provider (PSP), and this is our ‘Access to Information Manual’. Its purpose is to help you access our information and any other information that we have. PAIA requires us to make it available to you so that you:

• know what types of information we have; and
• can request access to it.

Our details

Our details are as follows:

• Company name:  Payfast (Pty) Ltd
• Registration number:  1999/017441/07
• Physical address:   240 Main Road Great Westerford Building Second Floor, Rondebosch, Cape Town, 7700
• Phone number:   021 300 4455
• Information officer:   Kevin Cooke
• Information officer email:   [email protected]
• Contact email:   [email protected]
• Website:   https://payfast.io/

Further guidance

If you would like further guidance on how you can get access to information under PAIA, you may contact the Information Regulator to find out more information about PAIA. The Information Regulator is required to compile a guide in each official language of South Africa on how to exercise any right under PAIA. The current guide compiled by the South African Human Rights Commission is available here. In terms of the Section 110 of the Protection of Personal Information Act 4 of 2013 the functions of the Human Rights Commission have transferred to the Information Regulator. Their contact details are as follows:

• Postal address:  P.O Box 3153, Braamfontein, Johannesburg, 2017
• Physical address:   JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
• Phone number:   010 023 5200
• Website:   https://www.justice.gov.za/inforeg/index.html and https://www.sahrc.org.za/index.php/understanding-paia
• General e-mail:   [email protected]
• Complaints email:   [email protected]

Records we hold

We hold the following subjects and categories of records:

• Company records;
• Business records;
• Financial records;
• Insurance records;
• Income Tax;
• Personnel records;
• Policies and directives;
• Agreements or contracts;
• Regulatory documents;
• Published information;
• Customer information; and
• Reference materials.

Please note that records that are ‘not automatically available,’ must be requested using the process outlined in the ‘How to request access’ section of this manual.

Company records

Company records are all our records related to the incorporation and administration of our company. Some of them are available from the Companies and Intellectual Property Commission (CIPC).

Information we hold to comply with the law

We hold records for the purposes of PAIA in terms of the following main laws, among others:

• Basic Conditions of Employment Act 75 of 1997;
• Broad Based Black Economic Empowerment Act 53 of 2003;
• Companies Act 61 of 1973;
• Companies Act 71 of 2008;
• Compensation for Occupational Injuries and Disease Act 130 of 1993;
• Competition Act 89 of 1998;
• Consumer Protection Act 68 of 2008;
• Copyright Act 98 of 1978;
• Currencies and Exchanges Act 9 of 1933;
• Electronic Communications Act 36 of 2005;
• Electronic Communications and Transactions Act 25 of 2002;
• Employment Equity Act 55 of 1998;
• Financial Intelligence Centre Act 38 of 2001;
• Financial Sector Regulation Act 9 of 2017;
• Income Tax Act 58 of 1962;
• Intellectual Property Laws Amendment Act, No 38 of 1997;
• Intellectual Property Laws Amendment Act, No 28 of 2013;
• Labour Relations Act 66 of 1995;
• National Credit Act 34 of 2005;
• Occupational Health and Safety Act 85 of 1993;
• Prescription Act 18 of 1943;
• Prevention & Combating of Corrupt Activities Act 12 of 2004;
• Prevention of Constitutional Democracy Against Terrorist & Related Activities Act 33 of 2004;
• Prevention of Organised Crime Act 121 of 1998;
• Promotion of Equality and Prevention of Unfair Discrimination Act 4 of 2000;
• Protected Disclosures Act 26 of 2000;
• Promotion of Access to Information Act, No 2 of 2000;
• Protection of Constitutional Democracy against Terrorist and Related Activities Act 33 of 2004;
• Protection of Personal Information Act 4 of 2013;
• Regulation of Interception of Communications and Provision of Communication related Information Act 70 of 2002;
• Skills Development Act 97 of 1998;
• Skills Development Levies Act 9 of 1999;
• Tax Administration Act 28 of 2011;
• Trade Marks Act 194 of 1993;
• Unemployment Contributions Act 4 of 2002;
• Unemployment Insurance Act 63 of 2001;
• Unemployment Insurance Contributions Act 4 of 2002; and
• Value Added Tax Act 89 of 1991.

How to request access

We have authorised and designated our information officer to deal with all matters relating to PAIA in order to comply with our obligations in terms of PAIA. To request access to a record, please complete Form C which is available from:

• the Information Regulator website.

Please submit the completed form to our information officer together with the relevant request fee at our information officer’s email address or our physical address, of our details provided above. Please ensure that the completed form:

• has enough information for the information officer to identify you, the requested records, and which form of access you require;
• specifies your email address, postal address, or fax number;
• describes the right that you seek to exercise or protect;
• explains why you need the requested record to exercise or protect that right;
• provides any other way you would like to be informed of our decision other than in writing; and
• provides proof of the capacity in which you are making the request if you are making it on behalf of someone else (we will decide whether this proof is satisfactory).

If you do not use the standard form we may:

• reject the request due to lack of procedural compliance;
• refuse it if you do not provide sufficient information; or
• delay it.

Grounds for refusal

We may have to refuse you access to certain records in terms of PAIA to protect:

• someone else’s privacy;
• another company’s commercial information;
• someone else’s confidential information;
• the safety of individuals and property;
• records privileged from production in legal proceedings; or
• research information.

We will notify you in writing whether your request has been approved or denied within 30 calendar days after we have received a completed request for access form. If we cannot find any requested record or it does not exist, then we will notify you by way of affidavit that it is not possible to give access to that particular record.

How we will give you access

We will evaluate and consider all requests to us in terms of PAIA. If we approve your request for access to our records, then we will decide how to provide access to you – unless you have asked for access in a specific form. Publication of this manual does not give rise to any rights to access information records, except in terms of PAIA.

How much it will cost you

You must pay us a request fee as required by law when submitting a request for access to information. The prescribed fees are as set out in the Fee Schedule. You must pay us the fees before we will hand over any information. You may have to pay a further access fee if we grant the request for any time that has exceeded the prescribed hours to search and prepare the record for disclosure.

How we process and protect personal information

We process the personal information of various categories of people for various purposes as set out in this clause.

Categories of people

We process the personal information of the following categories of people:

• customers or clients, including Merchants who accept one or more of our payment methods;
• employees; and
• contractors, vendors, or suppliers.

Purposes

We process the personal information to:

• supply our services including providing payments processing services to our merchants and consumers;
• better understand our data subjects’ needs when doing so;
• manage employees in general;
• manage customers in general;
• manage customer credit in general; and
• process customer requests or complaints.

Categories of personal information

We process many different categories of personal information, including:

• contact details, such as phone numbers, physical and postal addresses, and email addresses;
• personal details, such as names and ages;
• banking details, account numbers;
• background information;
• contract information; and
• credit information.

Third-party disclosures

We give the following people personal information that we process in the ordinary course of business to fulfill our obligations to our customers or clients:

• contractors, vendors, or suppliers including the Banks;
• operators, other responsible parties, or co-responsible parties; and
• third party vendors/contractors (such as software developers) to help us maintain our services.

Cross-border transfers

We process personal information outside of South Africa. We will only transfer data to other countries who have similar privacy laws to South Africa’s, or recipients who can guarantee the protection of personal information to the same standard we must protect it.

Security

We secure data by maintaining reasonable measures to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We also take reasonable steps, in line with industry best practices, to keep personal information accurate, current, complete, confidential and reliable for its intended use. Our security measures are in line with industry best practices and include compliance as a Level 1 payments processor issued by the Payments Card Industry security standards council.

Remedies

If your request for access is denied, you may:

• apply to a court with appropriate jurisdiction; or
• lodge a complaint with the Information Regulator, for the necessary relief.

Availability of this manual

This manual is available in English and will be available on our website, and at our company offices. The manual is also electronically available on our website.

Updates to this manual

This manual will be updated whenever we make material changes to the current information.