Pesapal respects your privacy and to this end has developed this policy to explain how we may collect, retain, process, share and transfer your personal data when you visit our or use our sites and services. This Policy applies to your personal data when you visit our sites or use our services that display or provide links to this Policy and does not apply to Sites and services that we do not own nor control, including the sites and services of other Pesapal users.
This Policy is designed to help you obtain information regarding how we process your personal data, and aims to address all possible processing scenarios to aid you in making privacy choices while using our Site and services. Where service offerings may vary by region, we may further inform you of product- or service-specific data collection through supplementary policies or notices provided before collection.
This Policy describes:
- What Personal Data We Collect
- Why We Retain Personal Data
- How We Process Personal Data
- How We Disclose Personal Data
- How to Access & Control Your Personal Data
- How We Protect Your Personal Data
- How We Process Children's Personal Data
- International Transfers of Your Personal Data
- Updates to This Policy
- How to Contact Us
The Terms and Definitions used throughout this Policy may be reviewed in the Definitions Section.
1. What Personal Data Do We Collect?
Personal data means any data that, either on its own or jointly with other data, that can be used to identify a natural person. You directly provide us with such data when you use our websites, or interact with us. The information we collect may include the following:
Registration Information – When you register to use our Services by creating an Account, we will collect Personal Data as necessary to fulfill the Services you request. Depending on the Services you choose, we may require you to provide us with your name, email address or phone number to establish an Account. We may require you to provide us with additional Personal Data as you use our Services.
Transaction and experience information – When you use our Services or access our Sites, for example, to make purchases from merchants, or to process payments, we collect information about the transaction, as well as other information associated with the transaction such as amount paid for products or services, merchant information, including information about the payment method used to complete the transaction, Device Information and Technical Usage Data.
Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.
2. Why Do we Retain Personal Data?
We retain your personal information, in the first instance, for as long as required by a relevant law (e.g. to ensure compliance with tax requirements); or if a relevant law no longer requires us to maintain Personal Information (or that period has elapsed), the Personal Information may then still be retained if required by any relevant contractual agreement or arrangement; and for Personal Information to which a relevant law or contractual agreement or arrangement does not apply, we will retain the Personal Information for as long as is required to manage our engagement and/or relationship with you plus a reasonable period afterwards.
3. How Do we Process Personal Data?
We may use your personal data for the following purposes:
Provision of our Services, including to:
- initiate a payment, or pay a bill;
- authenticate your access to an Account;
- communicate with you about your Account, the Sites, the Services, or Pesapal; sending you information about our services that may interest you or help us serve you better. If you do not want to receive these types of information, you can opt out at any time.
- perform Account application evaluations and compare information for accuracy and verification purposes.
- keep your Account and financial information up to date.
To manage our operational needs, such as monitoring, analyzing, and improving the Services and the Sites’ performance and functionality. For example, we analyze User behavior and perform research about the way you use our Services.
To manage risk and protect the Sites, the Services and you from fraud by verifying your identity. Pesapal’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data and Geolocation Information from our Sites and website that other Pesapal Services to help detect and prevent fraud and abuse of the Services.
To market to you Pesapal products and Services and the products and services of unaffiliated businesses. We may also process your Personal Data to uniquely tailor the marketing content and certain Services or Site experiences to better match your interests on Pesapal and other third-party websites.
To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide you with location- based Services, such as advertising, search results, and other personalized content.
To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations.
To respond to your requests, for example to contact you about a question you submitted to our customer support team and better respond to your requests and support needs .
You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies.
5. How We Disclose Personal Data
Information about our customers is an important part of our business and we address sharing of your data as such. We may disclose Personal Information that we collect from you for the purpose(s) that it was collected. We may disclose the Personal Information for other purposes where we have received your consent to do so or are required to do so by law.
Examples of where we may disclose your information include, but are not limited to:
- With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity or assist in processing transactions
- With other financial institutions: We may share Personal Data with other financial institutions that we have partnered with to offer a product. These financial institutions may only use this information to offer Pesapal-related products, unless you have given consent for other uses. We may also share Personal Data to process transactions, and keep your financial information up to date.
- With the other parties to transactions when you use the Services, such as merchants: We may share information about you and your account with the other parties involved in processing your transactions. This includes merchants, when you use our Services to pay for goods or services. The information includes:
- Personal Data and Account information necessary to facilitate the transaction;
- information to help other participant(s) resolve disputes and detect and prevent fraud; and
- aggregated data and performance analytics to help merchants better understand Users and to help merchants enhance Users’ experiences.
- With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Pesapal’s business purposes or as permitted or required by law, including:
- if we need to do so to comply with a law, legal process or regulations;
- To comply with applicable laws or respond to valid legal procedures, we may disclose your personal data to regulators, law enforcement or other government agencies; or when we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss; or to report suspected illegal activity or to investigate violations of a user agreement;
- to protect the vital interests of a person;
- to protect our property, Services and legal rights;
- to facilitate a purchase or sale of all or part of Pesapal’s business;
- to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services
- to companies that we plan to merge with or be acquired by; and
- to support our audit, compliance, and corporate governance functions.
We do not share your Personal Data with third parties for their marketing purposes without your consent.
We will take reasonable steps to ensure that the Personal Information we use or disclose is accurate, up to date, complete and relevant to the purpose of the use or disclosure.
6. How to Access & Control Your Personal Data
Subject to limitation set out in the Malawi Data Protection and Privacy Law, you have certain rights in relation to your personal data. You have the right to request access to your data, rectification and data portability.
It is your responsibility to ensure that all personal data submitted to Pesapal is correct. Pesapal is dedicated to maintaining the accuracy and completeness of personal data and keeping the data up to date.
To the extent required by the Malawi Data Protection and Privacy Law, you may
- have the right to access certain personal data we maintain about you
- request that we update or correct inaccuracies in that data
- object or restrict to our use of your personal data, and
- ask us to delete your personal data from our platforms.
To exercise these rights, you may contact Pesapal Directly through the contacts provided in this policy.
7. How We Protect Your Personal Data
The security of your personal data is important to us and is our highest priority. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. The security measures include:
- Implementing security measures in accordance with internationally recognized standards such as ISO 27001 and PCI DSS i.e., information access management, firewalls, security monitoring, data encryption etc. where our security controls are independently verified by an external auditor.
- We use cryptographic technologies for transaction security and integrity such as encryption, transmission of transaction information using Secure Socket Layer (SSL) technology and ensuring that post transaction no sensitive card information is stored on our systems
- We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal information
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
8. How We Process Children's Personal Data
Our sites and services and products are primarily intended for adults and do not collect information regarding persons under the age of 18 in compliance with the Malawi Data Protection and Privacy Law.
9. International Transfers of Your Personal Data
With operations across Africa, and organization-wide adoption of cloud services, your personal data collected by Pesapal may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Pesapal have a presence. These jurisdictions may have different data protection laws. In such circumstances, Pesapal will take measures to ensure that data is processed as required by this Policy and the applicable national laws and regulations.
10. Updates to This Policy
11. How to Contact Us
If you have any questions or suggestions, privacy complaints or issues, and want to contact Pesapal Data Protection Officer (DPO), please contact [email protected]
- Personal Data: means personal information that can be associated with an identified or identifiable person such as Name, Mobile Phone or Telephone Number, email address, Payment Card Numbers, Official identification information e.g., Identification Number.
- Process: means any operation or set of operation which is performed on personal data whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
- Account: means a Pesapal Individual or Business Account
- Device Information: means data that can be automatically collected from any device used to access our Sites or Services. Such information may include, but is not limited to, your device type; device ID; your device’s network connections; your device’s name; your device’s IP address; information about your device’s web browser and the internet connection being used to access the Site or Services
- Services: means any products, services, content, features, technologies, or functions, and all related websites, applications and service offered to you by Pesapal
- Pesapal: means Pesapal Malawi Limited