This Privacy Policy explains how K2024653418 (SOUTH AFRICA) (Pty) Ltd t/a PayDay (“PayDay”, “we”, “us”, “our”) collects, uses, discloses and protects personal information when you use the PayDay mobile application and related services, including Earned Wage Access (EWA), and when we interact with participating employers, service providers and other stakeholders. It is drafted for South African law, including the Protection of Personal Information Act, 4 of 2013 (POPIA) and the Promotion of Access to Information Act, 2 of 2000 (PAIA).

1. WHO WE ARE AND HOW TO CONTACT US

Controller: K2024653418 (SOUTH AFRICA) (Pty) Ltd t/a PayDay. Physical address: Inanda Greens Business Park, Ground Floor, 54 Wierda Road West, Wierda Valley, Sandton. Primary email: notices@payday.fund | Information requests: notices@payday.fund
 

Information Regulator (South Africa): JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 | PO Box 31533, Braamfontein, 2017 | Tel: +27 10 023 5200 | Email: enquiries@inforegulator.org.za | Website: https://inforegulator.org.za/

2. WHAT THIS POLICY COVERS

This Policy applies to our processing of personal information relating to users (employees of participating employers), employer representatives, suppliers, and other persons interacting with PayDay. It covers our mobile application, in-app education modules, payments and disbursements (including PayShap transactions), referral partner usage, customer support, analytics and security activities.

3. TYPES OF PERSONAL INFORMATION WE PROCESS

We process identification and contact details; employment details and payroll data authorised by your employer (for example earnings-to-date, payroll number, bank account for disbursement, authorised deductions); transaction information relating to EWA withdrawals and repayments; device and usage information (including app telemetry, identifiers, and security logs); support correspondence and complaint records; and limited partner/referral redemption data where you engage with referral offers in-app.

4. WHERE WE COLLECT YOUR INFORMATION FROM

We collect information directly from you through the app and support channels; from your participating employer under an onboarding integration and your Payroll Deduction Authorisation; from payment and banking partners (including PayShap participants) for disbursement and settlement; from referral partners and participating merchants in respect of offers you redeem and any in-app purchases you make (for example transaction date and time, amount, discount applied, and merchant or spend category, but not your full card details); and from service providers operating our technology stack.

We also generate information from your use of the app such as technical logs, usage metrics, interaction with education modules, and security signals.

5. PURPOSES FOR WHICH WE USE YOUR INFORMATION

We use personal information to verify identity and eligibility, calculate and provide EWA availability, process withdrawals and disbursements, reconcile payroll recoveries, provide customer support, deliver education modules, prevent fraud and misuse, maintain security and integrity of Our System, comply with law (including FICA/AML where relevant), conduct service analytics using aggregated or de-identified data where practicable, manage relationships with employers and service providers, and send required service and security notices. In addition, we use information about your referral redemptions and in-app purchases to understand spending patterns at a category level, to personalise and improve the referral marketplace and educational content, to measure offer effectiveness, and to detect potentially risky usage or abuse of promotions. We do not receive or process your full bank statements. Any profiling for personalisation relates to in-app offers and education only.

6. LEGAL JUSTIFICATION GROUNDS UNDER POPIA

We rely on one or more of the following justification grounds as contemplated in POPIA: your consent where required (for example certain optional features or marketing); processing necessary to conclude or perform in terms of the agreement with you; processing required by law; processing for a legitimate purpose of the responsible party or a third party that does not unfairly infringe your privacy; and where the information has been made public by you or is otherwise public as contemplated by POPIA.

7. SPECIAL PERSONAL INFORMATION AND CHILDREN

We do not intentionally collect Special Personal Information or information about children for EWA. If Special Personal Information is processed, it will be limited to circumstances permitted by POPIA (for example where required by law or with your explicit consent). The service is intended for adults in employment with participating employers.

8. MARKETING AND COMMUNICATIONS

We may send you service messages, security alerts and transactional notifications which are required for the app to function and cannot be opted out of. We may send optional promotional messages about new features or referral offers where allowed by law; you can manage these

preferences in the app. If you unsubscribe from optional marketing, we will still send necessary service communications.

9. COOKIES, SDKs AND SIMILAR TECHNOLOGIES

The app and our websites may use cookies, SDKs and similar technologies for functionality, security and analytics. You can manage certain settings in your device or browser. Disabling some technologies may affect app performance. 

10. DISCLOSURES AND SHARING

We may share personal information with: (a) participating employers for payroll recoveries and eligibility; (b) banking and payment partners, including PayShap participants, to process disbursements and settlements; (c) service providers acting as operators under contract to host, support and secure Our System; (d) regulators and law enforcement where required by law or to protect legitimate interests; and (e) referral partners only when you choose to engage with their offers, limited to what is necessary for redemption and support. We require operators to implement appropriate security and to process information only on our instructions. 

11. TRANS-BORDER FLOWS

We may transfer personal information outside South Africa for hosting, support or processing by service providers. In such cases we will ensure an adequate level of protection as required by POPIA, using appropriate safeguards such as contracts incorporating recognised data protection commitments or by obtaining your consent where appropriate. 

12. SECURITY

We implement reasonable and appropriate technical and organizational measures to protect personal information, including encryption in transit and at rest where applicable, multi-factor authentication, access controls, monitoring, and incident response. No system is entirely secure; however, we continually assess and improve our safeguards. You are responsible for protecting access to your device and credentials. 

13. RETENTION

We retain personal information only for as long as necessary to fulfil the purposes set out in this Policy and to meet legal, accounting, reporting and audit requirements. Retention periods vary by record type and may be extended where required for the establishment, exercise or defence of legal claims. 

14. YOUR RIGHTS

You have rights under POPIA, including to request access to personal information we hold about you; to request correction, destruction or deletion where legally permissible; to object to certain processing; and to lodge a complaint with the Information Regulator. Requests should be submitted to the Information Officer using the procedures in our PAIA Manual. 

15. ACCESS REQUESTS UNDER PAIA

Access requests should be made on the prescribed form and delivered to the Information Officer. Our PAIA Manual explains the process and applicable fees. Where a request relates to health or other sensitive records, we may apply the safeguards contemplated in PAIA. 

16. CHILDREN’S INFORMATION

Our services are not directed at children. If we become aware that we have collected personal information of a child in contravention of POPIA, we will take steps to delete such information unless a justification ground applies. 

17. CHANGES TO THIS POLICY

We may update this Policy from time to time. The latest version will be available in the app. Where changes materially affect your rights, we will notify you through the app or by email. If you continue to use the app after the effective date of changes, you will be deemed to have read and understood the updated Policy. 

18. CONTACT AND COMPLAINTS

If you have questions about this Policy or our processing of personal information, please contact our Information Officer at notices@payday.fund. You may also lodge a complaint with the Information Regulator using the contact details above. 

19. DELETE YOUR PERSONAL INFORMATION

If you wish to delete the information collected from our system, please log in to the application. In the Account section, you will find a "Delete Account" option. You can use this option to request the deletion of your account and all associated information.