Scan to Pay Privacy Policy ("Policy")
1. RECITALS
1.1 ​ https://www.scantopay.io/ (our website) is provided by Ukheshe Technologies (Pty) Ltd (‘we’, ‘our’ or ‘us’). We are the controller of personal data obtained via our website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
1.2 We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
1.3 We collect, use and are responsible for certain personal data about you. When we do so we are subject to certain data privacy legislation, more specifically, The Protection of Personal Information Act 4 of 2013 (“POPIA”).
1.4 Given the nature of our website/App, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website/App please let us know so that we can delete that data.
​
2. DEFINITIONS
2.1 Unless a contrary intention clearly appears, the following terms shall have the following meanings assigned to them and cognate expressions shall have corresponding meanings, namely –
​
2.1.1 “App” means the Scan to Pay mobile application which You utilize to access the Services which will be rendered and/or utilised on Your instruction;
2.1.2 “Payment Information” means your Card number and expiration date, billing information and other information for your card(s), along with your preferred shipping address;
2.1.3 “Personal Information” has the meaning ascribed to it in the Protection of Personal Information Act 4 of 2013 and any applicable law in South Africa and/or in any other jurisdiction where the Services and/or Products are provided and/or used;
2.1.4 “PIN” means personal identification number;
2.1.5 “POPIA” means the Protection of Personal Information Act 4 of 2013, as amended, varied, re-enacted, novated or substituted from time to time;
2.1.6 “Processing” has the same meaning as “processing” as defined in POPIA, which for instance will include (subject to the provisions of POPIA, which may be amended from time to time): collecting, storing, collating, using, modifying, sending, distributing, deleting and destroying Personal Information;
2.1.7 “Scan to Pay” means the mobile payment platform developed by Ukheshe known as "Scan to Pay" and all technical interfaces, application programming interfaces, websites, dashboards and Intellectual Property Rights in and to Scan to Pay;
2.1.8 “Services” or “Products” means the provision of any payment related services or products rendered through any channel, App, WhatsApp or any other medium through which the Service is rendered and as described more fully in the clause with heading “Services” of this Agreement;
2.1.9 “We” or “Us” or “Our” or “Ukheshe” or “Service Provider” shall mean Ukheshe Technologies (Proprietary) Limited, Registration Number: 2017/471522/07, 1st Floor, Golfers Corner, Design Quarter, Fourways, Johannesburg 2191;
2.1.10 “Website” means https://www.scantopay.io/ ;
2.1.11 “You or User” means the person who registers, creates a profile either via the Ukheshe interface or App and/or any person who utilises any of the services offered by Ukheshe. ”Your” and “User” shall have corresponding meanings.
​
2.2 Any reference in this agreement to the singular also includes the plural or the reference to male also includes the female.
​
3. WHAT THIS POLICY APPLIES TO
3.1 This privacy policy relates to your use of our Website and App only.
3.2 Throughout our Website and/or App we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. Those third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third-party websites, please consult their privacy policies as appropriate.
​
4. PERSONAL DATA WE COLLECT ABOUT YOU
4.1 The personal data we collect about you depends on the particular activities carried out through our Website/App. We will collect and use the following personal data about you:
​
4.1.1 your name and surname;
4.1.2 gender;
4.1.3 mobile number;
4.1.4 email address;
4.1.5 card information;
4.1.6 date of birth;
4.1.7 address;
4.1.8 location
4.1.9 billing information, transaction and payment card or other payment method information;
4.1.10 bank account and payment details;
4.1.11 details of any information, feedback or other matters you give to us by phone, email, post or via social media;
4.1.12 device information;
4.1.13 your activities on, and use of, our Website/App;
4.1.14 information about the services we provide to you;
4.1.15 your purchase history;
4.1.16 information about how you use our Website/App and technology systems;
4.1.17 your responses to surveys, competitions and promotions.
​
4.2 You must provide this personal data to use our Website and/or App and the services on it unless we tell you that you have a choice.
4.3 Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will have any effect on your use of our Website/App or any services on it.
4.4. We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
​
5. HOW YOUR PERSONAL DATA IS COLLECTED
5.1 We collect personal data from you:
​
5.1.1 directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, utilise our services via our Website/App and complete customer surveys or participate in competitions via our Website/App, and
5.1.2 indirectly, such as your browsing activity while on our Website/App; we will collect information indirectly using the technologies explain in the section on ‘Cookies’ below.
​
6. HOW AND WHY WE USE YOUR PERSONAL DATA
6.1 Under data protection law, we can only use your personal data if we have a proper reason, eg:
​
6.1.1 where you have given consent;
6.1.2 to comply with our legal and regulatory obligations;
6.1.3. for the performance of a contract with you or to take steps at your request before entering into a contract; or
6.1.4 for our legitimate interests or those of a third party.
​
6.2 A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).
6.3 The table below explains what we use your personal data for and why.
7. HOW AND WHY WE USE YOUR PERSONAL DATA
7.1 We do not collect personal data which is classified as special personal information, as an example, we do not collect:
​
7.1.1 racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;
7.1.2 biometric data (when used to uniquely identify an individual);
7.1.3 data concerning health, sex life or sexual orientation.
​
8. HOW AND WHY WE USE YOUR PERSONAL DATA - SHARING
8.1 See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.
​
9. MARKETING
9.1 We will use your personal data to send you updates (by push messages via the App, email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services.
9.2 We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
9.3. You have the right to opt out of receiving marketing communications at any time by:
​
9.3.1 contacting us at support@scantopay.io;or
9.3.2. using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
​
9.4 We may ask you to confirm or update your marketing preferences if you ask us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
9.5 We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside the Ukheshe Group of Entities for marketing purposes.
9.6 For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
​
10. WHO WE SHARE YOUR PERSONAL DATA WITH
10.1 We routinely share your personal data with
​
10.1.1 third parties we use to help deliver our products and/or services to you, eg payment service providers, Banks, Card Schemes, Mobile Networks;
10.1.2 other third parties we use to help us run our business, eg marketing agencies or website hosts and website analytics providers;
​
10.2 We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
10.3 We or the third parties mentioned above occasionally also share personal data with:
​
10.3.1 our and their external auditors, eg in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
10.3.2 our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
10.3.3 law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
10.3.4 other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
​
11. WHO WE SHARE YOUR PERSONAL INFORMATION WITH - FURTHER INFORMATION
11.1 If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
​
12. HOW LONG YOUR PERSONAL DATA BE KEPT
12.1 We will not keep your personal data for longer than we need it for the purpose for which it is used.
12.2 Different retention periods apply for different types of personal data.
12.3 If you stop using your account we will delete or anonymise your account data after five years.
12.4 Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
​
13. TRANSFERRING YOUR PERSONAL DATA OUT OF SOUTH AFRICA
13.1 It is sometimes necessary for us to transfer your personal data to countries outside of South Africa. In those cases we will comply with applicable data protection laws designed to ensure the privacy of your personal data.
13.2 We will transfer your personal data to:
13.2.1 our service providers located outside of South Africa in Ireland, and Frankfurt, Germany.
​
14. COOKIES
14.1 A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website/App. We use cookies on our website. These cookies, eg help us recognise you and your device and store some information about your preferences or past actions.
​
15. YOUR RIGHTS
15.1 You generally have the following rights, which you can usually exercise free of charge:
15.2 For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below).
15.3 If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:
​
15.3.1​ provide enough information to identify yourself (eg your full name, cell number and physical address) and any additional identity information we may reasonably request from you, and
15.3.2 let us know which right(s) you want to exercise and the information to which your request relates.
​
16. KEEPING YOUR DATA SECURE
16.1 We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.
16.2. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
​
17. HOW TO COMPLAIN
17.1 Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
17.2 ​ You may also lodge a complaint with the Information Regulator. The contact details of the Information Regulator are available on its website at https://justice.gov.za/inforeg/.
​
18. CHANGES TO THIS PRIVACY POLICY
18.1 We may change this privacy policy from time to time—when we make significant changes we will take steps to inform you, for example by including a prominent link to a description of those changes on our website for a reasonable period or by other means, such as email.
​
19. HOW TO CONTACT US
19.1 You can contact us and/or our Data Protection Officer by email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
19.2 Our contact details are shown below:
20. LIMITATION OF LIABILITY
20.1 To the fullest extent permissible by law, under no circumstances whatsoever, including as a result of Our negligent acts or omissions or those of Our servants or agents or other persons for whom in law may We be liable –
20.1.1. for any direct, indirect, special, or consequential loss or damages (for instance, loss that is too far removed from or not foreseen by the parties as being connected to this Agreement) howsoever caused (whether arising under contract, delict or otherwise and whether the loss or damage was actually foreseen or reasonably foreseeable), sustained by You, servants or agents, including any loss of profits, loss of revenue, loss of operation time, corruption or loss of information and/or loss of contracts;
20.1.2. for loss of Your data regardless of how such loss is occasioned. You acknowledge that back-up of such data is Your responsibility and can be undertaken easily so as to recover any data which is lost. Accordingly, You indemnify and hold Us harmless against any losses, damage and damages incurred by You arising directly or indirectly out of or in connection with the loss of any of Your data.
​
20.2 We shall not be liable to You for any damage or loss that You may suffer as a result of the following:
​
20.2.1. any person gaining unauthorised access to any information or data;
20.2.2 incorrect information being given to any person; and
20.2.3 us processing any information incorrectly.
​
20.3 To the fullest extent permissible by law (including consumer laws, where applicable) Our (in whose favour this constitutes a benefit for a third party) maximum aggregate liability for any direct loss, damage or damages of any kind whatsoever or howsoever caused(whether arising under contract, delict or otherwise and whether the loss was actually foreseen or reasonably foreseeable), sustained by You, shall not exceed R10,000-00.
​
21. GOVERNING LAW, JURISDICTION AND LANGUAGE
21.1 This Agreement shall be governed by and interpreted in accordance with the laws of the Republic of South Africa and all disputes, actions and other matters relating thereto will be determined in accordance with such law.
2.1.2 The parties hereby irrevocably submit to the jurisdiction of the High Court of South Africa (South Gauteng High Court, Johannesburg) (or any successor to that court) in respect of all and any matters arising out of or in connection with this Agreement.
2.1.3 This Agreement has been concluded in the English language. In the case of any conflict between the English and any other translation version, the English version shall prevail.
​
22. ADDRESS FOR NOTICES AND LEGAL PROCEEDINGS
22.1 We choose the registered address at First Floor Golfers Corner, Design Quarter, William Nicol, Gauteng and legal@ukheshe.com as the addresses where any legal document or notice must be served or delivered to us.
22.2 We will send any legal documents or notices to you at the address we have for you on our records.
22.3 We may send any other written communication to your street, postal or e-mail address, or through the App message system. We will regard a communication sent by e-mail as having been received by you one day after it was sent.
22.4 Any legal document of notice to be served in legal proceedings must be written on paper. The relevant provisions of the Electronic Communications and Transactions Act 35 of 2002 do not apply to these legal documents or notices.
​
23. CIRCUMSTANCES BEYOND OUR CONTROL
23.1 We shall be under no liability to You in respect of anything which, in the absence of this provision might constitute a breach of this Agreement, arising by reason of circumstances beyond Our reasonable control, even if We should have foreseen the possibility of the occurrence or existence of those circumstances.
23.2 For the purposes hereof, this includes acts or omissions of any government, government agency, provincial or local or similar authority, civil strife, riots, pandemics, sabotage, insurrection, acts of war or public enemy, illegal strikes, combination of workmen, interruption of transport, lockouts, interruption of essential services from public utilities (including electricity, water and sewerage), prohibition of exports, inability on Our part due to such circumstances to obtain goods or services from its suppliers (including telecommunications suppliers and Selected Merchants), rationing of supplies, flood, storm, fire or any other circumstances (without limitation) beyond the reasonable control of the party claiming “Force Majeure” (which means unforeseeable circumstances that prevents someone from fulfilling a contract) and comprehended in the term Force Majeure.
​
24. WHOLE AGREEMENT, AMENDMENTS AND UPDATES
24.1 This Agreement constitutes the whole agreement between the parties relating to its subject matter, supersedes all prior or oral or written communications and representations with respect to the Services and the Software, and, prevails over any conflicting or additional terms in any document or other communication between the parties leading up to and during the term of this Agreement.
24.2 We may amend this Agreement from time to time without prior notice to You. Except where We specifically stated that We will provide You with prior notice in this Agreement.
24.3. You should regularly view this Policy to ensure that You are satisfied with any changes. If You are not satisfied with the revisions made, You should stop using the Website/App service immediately.
24.4 To the extent permissible by law, We shall not be bound by any express or implied term, representation, warranty, promise or the like not recorded herein, whether it induced the contract and/or whether it was negligent or not.
​
25. SEVERABILITY
25.1 Any provision in this Agreement which is or may become illegal, invalid or unenforceable shall be ineffective to the extent thereof and shall be treated as not written and severed from the balance of this Agreement, without invalidating the remaining provisions.
​
26. INTERPRETATION
26.1 In this Agreement:
​
26.1.1 clause headings are for convenience and reference only and shall not be used in interpreting, modifying or amplifying its terms or clauses;
26.1.2 unless a contrary intention clearly appears, words importing any one gender include the other two, the singular include the plural and vice versa, and, natural persons include created entities (corporate or unincorporated) and the state and vice versa;
26.1.3. any reference to an enactment is to that enactment as at the date of acceptance of this Agreement and as amended or re-enacted from time to time;
26.1.4. if a provision in a definition confers rights or imposes obligations on a party, effect shall be given to it as if it was a substantive provision in the body of the Agreement, notwithstanding that it is only in a definition;
26.1.5 any reference to “days” shall mean business / working days and shall be calculated by including the first day excluding the last day – unless the last day falls on a Saturday, Sunday or public holiday, in which case the last day shall be the next day which is not a Saturday, Sunday or public holiday;
26.1.6 its termination shall not affect those terms as expressly provide that they will operate after termination or which of necessity must continue to have effect after termination, notwithstanding that the clauses themselves do not expressly provide for this;
26.1.7 the rule of construction that a contract shall be interpreted against the party responsible for the drafting or preparation of the contract, shall not apply, and You agree not to use or rely upon that rule in any proceedings in relation to this Agreement;
26.1.8 any reference to a party to it shall, if such party is liquidated or sequestrated, be applicable also to and binding on that party’s liquidator or trustee;
26.1.9 the words “include”, “including” and “in particular” shall be construed as being by way of example or emphasis only and shall not be construed nor take effect as limiting the generality of any preceding words;
26.1.10. The words “other” and “otherwise” shall not be construed as being of the same kind or nature as any preceding words where a wider construction is possible.
​
27. CONTACT
27.1. Should You have any questions or concerns regarding this Agreement, the Interface, or the Services, please consider the information provided at www.ukheshe.com, alternatively contact us at support@scantopay.io .
​
Policy Version: 27.02.2023​