Ozow, registered as Ozow (Pty) Ltd (Company Reg. Number: 2013/214663/07) ("Ozow") provides an instant Electronic Funds Transfer ("EFT") payment system (the "Payment System") to consumers and businesses to perform simple, fast and secure transactions. The Payment System enables easy payment integration with existing merchant solutions, while providing the flexibility of performing secure digital payments in the continuously evolving mobile environment.
Ozow is registered as a Systems Operator and a Third-Party Payment Provider with the Payment Association of South Africa.
While the official website operated by Ozow is https://ozow.com/ (the "Website"), the Payment System is integrated on the various sites operated by our merchants (the "Merchant Websites").
We will update this policy with any updates to our security protocol and processing methods. We will indicate on our site the most recent date on which this policy has been updated, and we also encourage you to check this page regularly.
We care about your privacy. As a responsible payment solutions service, secure processing of your personal information is of utmost importance to us. As such, we ensure that we process your personal information in keeping with laws and regulations that are aimed at protecting the integrity of your personal information.
In terms of our traditional method of payment, we collect the following information:
In terms of our tokenised method of payment, we collect the following information:
We provide more information below on how the personal information collected by us via the tokenised method of payment is processed and stored securely.
|Reason we process your information||Legal basis for processing your information|
|To provide you with the full scope of our Payment System and appropriately automate your payment||Fulfil contractual obligations and pursue legitimate interests|
|For internal troubleshooting, data analysis, testing, research, and statistical purposes.||Pursue legitimate interests|
|To ensure that content is presented in the most effective manner for you and for your device.||Fulfill contractual obligations.|
|To carry out risk analysis, fraud prevention and risk management.||Comply with laws and pursue legitimate interests.|
|To improve our Payment System and for general business development purposes||Pursue legitimate interests.|
|To comply with applicable laws, such as anti-money laundering and regulatory requirements.||Comply with laws.|
We process your data as needed to fulfil our contractual fulfilment towards you and as required by statutory retention periods or necessary to pursue our legitimate interests.
We undertake to collect and process your personal information in a reasonable manner, and in such a way that the processing is adequate, relevant and not excessive.
You may provide personal information to us when you use our traditional method of payment and our tokenised method of payment, as set out in item 3 above.
When you call /email us, we may monitor or record your calls / correspondence and details of the phone number(s) you use to make the calls / send the email. This information is used to better address your customer service needs.
Credit bureaus and similar providers:
Your personal information may be shared with credit bureaus, providers of identity lookups and fraud prevention agencies to comply with our regulatory obligations and to protect you and other customers from fraud.
Your information may be shared with companies within the Ozow group.
Ozow may disclose necessary information to authorities, such as regulatory bodies, if we are required by law or you agreed to it (for instance, for anti-money laundry or counter-terrorism).
Ozow may transfer any personal information we hold about you to any entity involved in a re-organisation of Ozow (where such re-organisation may be by way of a merger, sale, dissolution, disposal of all or part of our assets or similar event).
Merchants of the Ozow group:
As part of our tokenised method of payment, your personal information will only be shared with Ozow merchants to the extent necessary to process your payment by way of tokenisation in a secure manner.
We strive to process your data within South Africa. The data may however in certain situations be transferred to, and processed in, a destination outside of South Africa by an Ozow group company, partner, supplier or subcontractor where the data privacy laws, regulations and standards, may not be equivalent to the laws in your country of residence.
We might transfer your personal information to places outside of South Africa and store it there, where our suppliers might process it. If that happens, we require our suppliers to apply the same security standards as when we process your information in South Africa.
Ozow will ensure all reasonable contractual, legal, technical, and organisational measures are taken to adequately secure your personal information.
The time periods for which we keep your personal information may vary according to the use or purpose attached to the information. Unless there is a specific legal requirement requiring us to keep your information, however, we will not keep it for longer than necessary for the purpose for which the information was collected or for which it is to be processed.
We are committed to implementing leading data security safeguards.
We have specialised security teams who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction, and ensure that your personal information is only utilised and stored by us solely in an authorised manner.
Ozow has taken due cognisance of the Payment Card Industry Data security standard (PCI DSS), this being a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Given that Ozow does not effect credit card payments, PCI DSS certification is not strictly required. However, Ozow has taken an extremely cautious approach to security by being PCI DSS Level 1 compliant, ensuring that it maintains the same security features as industry players that actually effect credit card payments.
Ozow has an EV SSLCertificate issued by Thawte under which traffic is encrypted between users and servers so as protect against interception of your sensitive data.
In addition, the internet banking second factor authentication still applies to you when making a payment using the Payment System, further preventing any fraudulent interception when payment is being made
As regards the tokenised method of payment, Ozow ensures secure storage of user login credentials by storing encrypted fragments of the login details in multiple locations, one of which is stored by an external party (either the merchant or yourself) which is required to initiate the payment. Without all of the fragments, it would be impossible to reconstruct the login details. Ozow also requires you to create an Ozow PIN which, if entered incorrectly 3 times, will cause Ozow to delete all encrypted data it has regarding your login details. Ozow’s tokenised payment method has been audited by reputable cyber security firms in South Africa. It also should be noted that Ozow has ensured that merchants that have access to our tokenised method of payment have confirmed that they implement security standards in the storage of your personal information in accordance with applicable legislation and leading data security safeguards.
Your legal rights pertaining to your personal information will always be respected by us.
In the event that you would like – (i) access to your personal information; (ii) to correct or amend your personal information; (iii) to request the deletion of your personal information; (iv) to object to the processing of your personal information; or (v) to have your personal information deleted, you may contact us using one of the following methods:
Written request: 30 Melrose Boulevard, Mezzanine Level, Off MO213, Melrose Arch, Melrose North, Johannesburg, Gauteng, South Africa, 2196.
Telephone request: 011 054 4744
Upon the provision by you of adequate documentation that we deem sufficient to support your identity, we will inform you of the changes that we are legally capable of making to your personal information, as permitted by applicable legal and ethical reporting standards imposed on us.
Our Payment System is not intended for use by anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with personal information, please contact us. If we become aware that we have collected personal information from Children without verification of parental consent, we take steps to remove that information from our Platforms or Products.
Our Website as well as Merchant Websites may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply that we endorse these websites, nor can we confirm the adequacy of the privacy policies of the third parties that operate such websites.
Ensure that you have gained the necessary comfort regarding the legality of such websites, together with their privacy policies prior to your use of such websites.