Introduction

This Privacy Notice sets out the basis on which any Personal Information collects, uses, shares and otherwise processes. Please read the following carefully to understand DPO Group’s views and practices regarding Personal Information and how DPO Group will treat it. By accessing and using DPO Group Services, including DPO Group’s interactions with you via our websites (including but not limited to www. dpogroup.com), mobile sites and applications (“Sites”), you agree to the transfer, storing and processing of Personal Information as set out in this Privacy Notice.

Definitions

“Card” When DPO Group uses the word ‘card’ in this notice, it applies to all payment methods and types and not simply those involving a physical card; and use of the term ‘cardholder’ applies to any shopper or individual whose payment transactions may be processed.

“DPO Group” means Network International Holdings Plc., 3G Direct Pay Holdings Limited, any of its subsidiaries or affiliates.

“DPO Group Services” means the products and services which are being offered by DPO Group.

“Personal Information or Personal Data” for purposes of this Policy means to any information relating to an identified or identifiable individual.

You are important

At DPO Group our most important asset is you and your trust. In this Privacy Policy we will cover what and how we collect, use, disclose, transfer, and store your information.

We want to assure you that DPO Group is committed to maintaining the confidentiality, integrity and security of any Personal Information about our users. This Privacy Policy will explain to you what and how we collect, use, disclose, transfer, and store your non-personal and Personal Information shared through our Sites or in connection with our Services.

It is not mandatory for you to provide the Personal Information that we have requested, but, if you choose not to do so, unfortunately, we will not be able to provide you with our Services or respond to any queries you may have.

Principles of Data Processing

DPO Group shall apply the following principles when processing your Personal Information:

1. Lawfulness, fairness and transparency: All Personal Information will processed fairly, transparently and in compliance with applicable laws.

2. Purpose: Any Personal Information collected will be used for a stated purpose.

3. Data Minimization: DPO Group will collect only the Personal Information that is adequate and relevant to the purposes for which it is collected.

4. Accuracy: DPO Group will keep the Personal Information accurate and, where necessary, kept up to date information.

5. Storage Limitation: Personal Information will be stored with DPO Group for a defined period as per its policy or applicable law.

6. Integrity and Confidentiality: DPO Group will implement appropriate technical, organizational and physical security measures to protect Personal Information.

7. Accountability: DPO Group will maintain applicable records, logs when dealing with Personal Information.

What kind of Personal Information do we collect?

DPO Group collects Personal Information relating to cardholders, merchants or other customers, suppliers and other business partners in order to carry out its business activities. DPO Group may collect Personal Information from various sources, including:

• Information you voluntarily provide, either directly or via our customers;
• Information automatically collected when you use our Sites and Services, including in our role as a payment processor;
• Information collected by cookies and other tracking technologies when you use our Sites;

This Personal Information may include:

Contact information, Demographic information, Identification information, Payment transaction information, Financial and credit card information, Technical information, Social media posts, Applications (including job applications)

Non-Personal Information.

We also collect information in a form that does not, on its own, permit direct association with any specific individual such as occupation, language, zip/area code, location, time zone, etc. We may collect, use, transfer, and disclose non-personal information for any purpose. This information is aggregated and used to help us provide more useful information to our customers and to understand which portions of Services are of most interest. This aggregated data is considered non personal information for the purposes of this Privacy Notice.

How do we use your Personal Information?

DPO Group uses Personal Information internally in relation to:

1. Conduct its Operations, Risk Management, Transaction Processing, Marketing, development of existing and new Products and for Legal, compliance, regulatory or law enforcement purposes.

2. Online Session Information and Use is Collected to Improve Your Experience

We may also collect technical and navigational related Personal Information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This Personal Information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our design and functionality of the DPO Group Sites and the Services.

We Use Cookies and other technologies to improve your Experience

We may use cookies and similar technologies to help us better understand user behavior, tell us which parts of DPO Group Sites people have visited, and facilitate and measure the effectiveness of offer and Services and improve them.

We treat the information received from cookies and other technologies as non-personal information.

You will have the option to disable cookies. If you choose to do so, unfortunately, certain features of the DPO Group website and the Services will not be available once cookies are disabled.

Some web browsers may send out ‘do not track’ signals. There is no industry standard currently in place as to what websites and other online services should do upon receipt of such signals. Should such a standard be developed, DPO Group will re-visit its notice, but currently takes no action upon receipt of such signals.

DPO Group may offer certain features that are only available through the use of tracking technologies. Temporary cookies are used to enable you to navigate our site and use its features. These are deleted when you close your browser. IP addresses are used in conjunction with cookies for the purpose of “remembering” computers or other devices used to access our Sites.

Analytical or performance cookies collect anonymous information about how visitors use our websites. They allow us to analyse information such as the count of visitors to our websites, what search terms our visitors are using, what pages are viewed, and the last page visited. This information is based on the visitor’s IP address, and we cannot view individual activity tied to a single person.

To the extent that Internet Protocol (IP) addresses (or similar identifiers) are clearly defined to be Personal Information under any local law and where such local law is applicable to DPO Group Services, DPO Group will manage such identifiers as Personal Information.

DPO Group Sites may also contain links to and from third party websites, including those of partner DPO Groups, advertisers and affiliates. Please note that these websites may have their own privacy notices and cookies policies, and DPO Group does not accept any responsibility or liability for these third party websites. The inclusion of links to third party websites in no way constitutes an endorsement by us of such websites’ content, actions, or policies.

 

How We Use Anonymized Data: Peer Comparisons, Research & Development

DPO Group may make anonymous or aggregate Personal Information and disclose such data only in a non-personally identifiable manner to:

(i) advertising, measurement or analytics partners approved by DPO Group that conduct research into consumer spending;

(ii) deliver products and services to other clients; and

(iii) Users of the Service for purposes of comparison of their financial situation relative to the broader community.

With whom does DPO Group share Personal Information and for what purposes?

Before we share Personal Information, we ensure there are adequate safeguards in place to protect the processing of that data. DPO Group does not disclose information that could identify you personally to anyone, except as described in this notice, including, but not limited to:

• Any DPO Group group company;
• Any group company (such as advisers, share plan, payroll and other third party administrators, agents or contractors working on behalf of DPO Group);
• Financial institution clients;
• Service providers and other third parties under contract who help with our business operations (including, but not limited to, fraud investigations, site analytics and operations);
• Regulatory, legal and judicial authorities;
• Social media sites integrated into web services that we offer;
• Governmental or quasi-governmental organizations; and
• Potential purchasers of DPO Group.

DPO Group may disclose Personal Information to third parties for the following purposes:

• Legal or regulatory purposes
• Business purposes
• Suppliers who assist DPO Group with the provision of its Services

Information on cross-border data transfers

DPO Group, has its headquarters in Dublin, Ireland. DPO Group, a subsidiary of Network International Holdings Plc., has it registered office in Dubai, UAE. DPO Group has offices and operations in other countries including Kenya, Botswana, South Africa, Nigeria, Namibia, Ghana, Zambia, Malawi, Rwanda, Uganda, and UAE. The data DPO Group collects from you may be transferred, stored and processed in a country different from where the data was collected.

By using our DPO Group Sites and Services, you are permitting DPO Group (or its authorized service providers) to process, store and transfer Personal Information to a country which is different from where the data was collected. The transfer of information will often be in furtherance of a contract to which you or your bank/merchant are a party. In other cases, the transfer of information will be consistent with the legitimate interests of conducting DPO Group Services.

Individual’s Privacy Rights (data subject rights)

Certain laws and regulations give individual data subject rights in relation to their Personal Information (for example, the right to access that data, to rectify inaccurate data, or to erase Personal Information). In certain circumstances, data subjects may have such rights in respect of the Personal Information processed by DPO Group. In such circumstances, where a request to exercise such a right is received by DPO Group, it must be forwarded to  [email protected] so that it can be handled in accordance with applicable laws and statutory timeframes.

How do we keep your Personal Information safe and secure?

We are bound by our Group Policies

Our employees are committed to maintain the highest data protection standards by complying with this Privacy Notice and our other policies including our Code of Conduct and Group Data Protection Policy. The Board Audit and Technology Committee has the overall responsibility to review the adequacy and effectiveness of the Group Data Protection Policy, ensure compliance with the same, and review and approve changes to the said Policy wherever considered appropriate.

All our employees receive trainings on these important requirements at least annually.

We Are Committed To Keeping Your Personal Information Secure

The security of your Personal Information is important to us. As discussed below, we utilize physical, electronic and procedural security measures to protect against loss, misuse, and alteration of Personal Information under our control. We adhere to industry standard practices and security measures and our practices are independently validated annually enabling us to comply with ISO 27001 (where applicable) and PCI-DSS standards to safeguard and secure the information we collect.

No method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, we cannot guarantee its absolute security. Any transmission is at your own risk.

We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online in-app session and to protect DPO Group accounts and systems from unauthorized access. Our servers are in a secure facility. Access requires multiple levels of authentication. Security personnel monitor the system 7 days a week, 24 hours a day.

We Enforce Physical Access Controls to Our Facilities

No employee may put any Personal Information or account Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). In addition, DPO Group frequently tests the Service for any failure points that would allow hacking.

However, it is important to understand that these precautions apply only to our Service and systems. We exercise no control over how your Personal Information is stored, maintained or displayed by third parties or on third-party sites.

Our Service Ensures Secure Communications with Encryption

From the time you submit your login ID and password so that communications between your device and DPO Group are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.

You are responsible for keeping your login ID, password, mobile device, and email account safe and confidential.

You also agree that you control and limit access to the email account and mobile device. If your email address or your mobile device changes, you are responsible for informing us of that change.

We are not responsible if someone else accesses your account through Registration Information they have obtained from you or through a violation by you of this Privacy Notice or the Terms of Use.

Restrictions and Monitoring of Our Partners and third parties

Any partners we work with have been selected in accordance with our security and risk management policies and practices and are bound by contractual obligations which includes compliance with DPO Group policies and requirements relating to confidentiality, privacy and security. They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

We may also use third party vendors or service providers to help us provide the Service to you, such as sending e-mail messages on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality of the Personal Information we provide to them.

How long does DPO Group store and retain Personal Information?

DPO Group will store Personal Information only for the greater of as long as necessary to achieve the purposes for which it was collected and applicable law. Retention periods for transaction and other data categories may vary, depending on our obligations. For example, legal and regulatory compliance with anti-money laundering (AML) and KYC requirements, operational demands, business requirements or dates we assigned based on contracts will also need to be taken into account, and may require retention for a period of up to 7 years after the data was collected or after the merchant or other customer relationship has ended.

What happens in case of a data breach?

In case DPO Group is faced with a breach of Personal Information, DPO Group shall inform the relevant authorities and the data subjects/data controller where required by applicable law and shall take necessary steps to mitigate the impact of such breach.

Changes and updates to the privacy notice

DPO Group may, from time to time, make changes to this Privacy Notice. If any material changes are made as to how DPO Group treat Personal Information, you will be notified through this notice on DPO Group’s Sites.

The date the Privacy Notice was last modified is at the bottom of the page. You are responsible for ensuring you periodically visit our Sites to check for any changes. By continuing to use DPO Group Services or the Sites, you agree to the changes in this Privacy Notice.

This notice is global in scope, but is not intended to override any legal rights in any territory where such rights prevail. In such event, the rights and obligations set out in this Privacy Policy will apply, subject only to amendment under any applicable local law having precedence.

Questions

We have appointed a Group Data Protection Officer (DPO). If you have questions, comments, concerns or feedback regarding this Privacy Notice or any other privacy concern, contact DPO at [email protected]

Last modified: 2 February 2023