Privacy Policy

1. INTRODUCTION

SANDTONER (PTY) LTD ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data in compliance with the Protection of Personal Information Act (POPIA) of South Africa and other applicable laws.

By using our services, you consent to the practices described in this policy.

2. Scope of Application

This Privacy Policy applies to all personal information collected, processed, or stored by SANDTONER (PTY) LTD (Registration No. 2025/121656/07) through:

1. Our website: www.sandtoner.com;
2. Mobile applications: Sandtoner;
3. Merchant platform services: Sandtoner;
4. Customer support interactions (e.g., emails, phone calls);
5. Offline activities (e.g., in-person meetings, events).

2.1 Who is covered

1. Merchants using our payment and fintech services;
2. Customers transacting through the Sandtoner platform;
3. Website visitors and third-party partners.

2.2 Geographic Scope

3. Types of Personal Information We Collect

SANDTONER (PTY) LTD collects personal information to provide and enhance our services, comply with legal obligations, and protect user interests. Below is a detailed breakdown of the categories of data we collect, their specific purposes, and legal bases under POPIA.

3.1 Identity & Contact Information

Purpose:

1. To create and manage user accounts;
2. To verify identities for fraud prevention;
3. To fulfill contractual obligations (e.g., payment settlements);
4. To send service notifications or legal updates.

Legal Basis:

1. Contractual necessity (POPIA Section 11(1)(b));
2. Legal obligations (e.g., anti-money laundering laws).

3.2 Financial & Transactional Information

Data Types:

1. Bank account details (account number, branch code);
2. Credit/debit card details (card number, expiry date, CVV, encrypted storage);
3. Transaction records (amount, timestamp, recipient, IP address);
4. Invoices, payment status, refund or dispute records;
5. Credit scores or risk assessment data (if applicable).

Purpose:

1. To process payments and settlements;
2. For fraud prevention and risk management;
3. To generate financial reports (e.g., tax filings);
4. To resolve transaction disputes.

Legal Basis:

Contractual necessity (POPIA Section 11(1)(b));

3.3 Technical Data

Purpose:

1. To optimize platform performance and compatibility;
2. To analyze user behavior for service improvements;
3. To prevent DDoS attacks or account breaches.

Legal Basis:

1. Legitimate interests (service optimization and security);
2. User consent (for non-essential cookies).
3. Legitimate interests (e.g., fraud prevention).

3.4 Commercial & Preference Data

Data Types:

1. Purchase history, order IDs, product preferences;
2. Marketing interaction records (e.g., email open rates, ad clicks);
3. Customer service records (call recordings, chat logs, complaints);
4. Survey feedback or user ratings.

Purpose:

1. To provide personalized recommendations (e.g., merchant promotions);
2. To improve customer service quality;
3. For market trend analysis and business decisions.

Legal Basis:

1. User consent (POPIA Section 11(1)(a));
2. Legitimate interests (service optimization).
3. Call recordings will be notified in advance and require consent.

3.5 Special Category Data

Collected only when necessary.

Data Types:

• Race or ethnicity (for localized financial services);
• Religious beliefs (e.g., compliance for Halal-certified merchants);
• Health information (e.g., risk assessments for insurance products).

Purpose:

1. To fulfill specific legal obligations (e.g., BEE policy compliance);
2. To provide customized financial products (requires explicit consent).

Legal Basis:

1. Explicit user consent (POPIA Section 27);
2. Legal authorization (e.g., public health emergencies).

3.6 Data from Third Parties

Data Types:

1. Credit scores from agencies (e.g., TransUnion);
2. Public business records (e.g., CIPC registrations);
3. Social media profiles (e.g., LinkedIn company verifications).

Purpose:

1. To supplement merchant due diligence;
2. For AML (Anti-Money Laundering) and KYC (Know Your Customer) checks.

Legal Basis:

1. Legitimate interests (risk control);
2. Legal obligations (e.g., Financial Intelligence Centre requirements).

3.7 User-Generated Content

Data Types:

1. Product descriptions, images, or videos uploaded by merchants;
2. Customer reviews, comments, or forum posts.

Purpose:

1. To display merchant products or services;
2. To maintain compliance of platform content.

Legal Basis:

1. Contractual necessity (fulfillment of service terms).

3.8 Data Minimization Principle

We collect only the minimum necessary data to achieve specific purposes. Examples include:

• ID numbers are not mandatory unless for high-value transactions;
• Non-essential cookies are disabled by default and require user consent.

3.9 User Control & Transparency

• Real-Time Access: Users can view collected data via account settings.
• Dynamic Updates: Business users can update licenses in the backend.
• Withdraw Consent: Adjust cookie preferences or marketing subscriptions in the Privacy Center.

4. Legal Basis for Processing

Under the Protection of Personal Information Act (POPIA) of South Africa, SANDTONER (PTY) LTD processes personal information only when a valid legal basis exists. Below are the lawful grounds we rely on, along with specific examples and user rights.

4.1 Consent (Section 11(1)(a))

Definition

Processing is based on your explicit, voluntary, and informed consent.

Applicable Scenarios

• Sending marketing communications (e.g., promotional emails).
• Collecting sensitive data (e.g., biometric information).
• Using non-essential cookies or tracking technologies.

Examples

• A merchant opts in to receive newsletters about new platform features.
• A customer agrees to facial recognition for enhanced account security.

Your Rights

• Withdraw Consent
• Click "Unsubscribe" in emails or adjust preferences in the Privacy Center.
• Revoke Sensitive Data Use
• Contact info@sandtoner.com with a written request.

4.2 Contractual Necessity (Section 11(1)(b))

Definition

Processing is necessary to fulfill obligations under a contract with you.

Applicable Scenarios

• Account registration and identity verification.
• Payment processing and settlement.
• Providing customer support as per service terms.

Examples

• Collecting bank account details to process a merchant's payout.
• Verifying a user's ID to activate a payment gateway.

Your Rights

• Objection
• You may terminate the contract, but this may affect service availability.

4.3 Legal Obligations (Section 11(1)(c))

Definition

Processing is required to comply with South African laws or regulatory requirements.

Applicable Scenarios

• Tax reporting to SARS (South African Revenue Service).
• Anti-Money Laundering (AML) checks under FICA.
• Responding to court orders or government requests.

Examples

• Retaining transaction records for 7 years as per tax laws.
• Reporting suspicious transactions to the Financial Intelligence Centre (FIC).

Your Rights

• Access & Correction
• Request to review or update legally mandated data.

4.4 Legitimate Interests (Section 11(1)(f))

Definition

Processing is necessary for our legitimate business interests, provided they do not override your rights.

Applicable Scenarios

• Fraud prevention and cybersecurity measures.
• Service improvement through data analytics.
• Direct marketing to existing customers (soft opt-in).

Examples

• Analyzing transaction patterns to detect fraudulent activity.
• Using aggregated usage data to optimize platform performance.

Your Rights

• Object: Submit an objection request via feedback@sandtoner.com.
• Opt-Out of Marketing: Click "Unsubscribe" in marketing emails.

4.5 Public Interest or Historical Research (Section 11(1)(d)-(e))

Definition

Processing is necessary for public interest tasks or archival/research purposes.

Applicable Scenarios

• Public health data sharing during epidemics.
• Academic research on financial inclusion (anonymized data only).

Examples

• Providing anonymized transaction trends to the National Treasury for policy-making.

Your Rights

• Restrict Processing: Contact feedback@sandtoner.com if you believe public interest claims are unjustified.

4.6 Special Categories of Data (Section 27)

Definition

Processing of sensitive data (e.g., race, religion, health) requires explicit consent or legal authorization.

Applicable Scenarios

• Collecting race data for B-BBEE compliance.
• Health information for insurance underwriting.

Examples

• A user explicitly consents to provide religious affiliation for Halal payment services.

Your Rights

• Withdraw Consent: Immediate effect upon request.
• Complain: Lodge a complaint with the SA Information Regulator.

4.7 How We Balance Legitimate Interests

We conduct a Legitimate Interests Assessment (LIA) to ensure our interests do not infringe your rights. Factors considered include:

• Necessity: Fraud detection cannot be achieved without analyzing transaction IP addresses.
• Proportionality: Using anonymized data for analytics instead of raw personal information.
• Impact on Users: Minimal privacy impact when using aggregated statistics for service improvement.

4.8 Exercising Your Rights

Submit requests to our Data Protection Officer:

• Email: feedback@sandtoner.com
• Postal Address: Rivonia Boulevard and 9th Avenue Johannesburg Sandton Gauteng 2128
• Response Time: Within 15 business days (extendable to 30 days for complex cases).

5. How We Share Information

SANDTONER (PTY) LTD shares personal information only for legitimate purposes and in compliance with POPIA. Below is a detailed breakdown of the categories of recipients, purposes, data types, legal bases, and safeguards.

5.1 Third-Party Service Providers

Purpose:

To support core business operations, including payment processing, cloud storage, customer support, and analytics.

Data Types Shared:

1. Payment Processors (e.g., PayGate, Peach Payments):
   • Transaction details (amount, timestamp, merchant ID);
   • Card tokenization data (encrypted).
2. Cloud Service Providers (e.g., AWS, Microsoft Azure):
   • User account information;
   • Technical logs and backups.
3. Customer Support Platforms (e.g., Zendesk):
   • Communication records (emails, chat logs);
   • Case resolution notes.

Legal Basis:

1. Contractual necessity (POPIA Section 11(1)(b));
2. Legitimate interests (service efficiency).

Safeguards:

1. Data Processing Agreements (DPAs) requiring POPIA compliance;
2. Encryption during transmission and storage;
3. Annual audits of third-party security practices.

5.2 Financial Institutions & Regulators

Purpose:

To comply with legal obligations and prevent financial crimes.

Data Types Shared:

1. Banks & Payment Networks (e.g., Visa, Mastercard):
   • Settlement records;
2. Fraud alerts.
3. Regulatory Bodies (e.g., FIC, SARS):
   • KYC documents (ID copies, business licenses);
   • Transaction reports for AML/CTF compliance.

Legal Basis:

1. Legal obligations (POPIA Section 11(1)(c));
2. Public interest (fraud prevention).

Safeguards:

1. Data minimization (only necessary fields shared);
2. Secure portals for regulatory submissions;
3. Anonymization where possible (e.g., aggregated tax reports).

5.3 Affiliated Companies

Purpose:

To enable group-wide services (e.g., cross-border payments, shared loyalty programs).

Data Types Shared:

1. Shared Customer Profiles:
   • Name, contact details, transaction history;
   • Risk assessment scores (for fraud prevention).

Legal Basis:

1. Legitimate interests (POPIA Section 11(1)(f));
2. User consent (for marketing across affiliates).

Safeguards:

1. Binding Corporate Rules (BCRs) for intra-group data transfers;

5.4 Business Transfers

Purpose:

To facilitate mergers, acquisitions, or asset sales.

Data Types Shared:

1. Due Diligence Packages:
   • Merchant portfolios;
   • Financial performance metrics.
2. Post-Transition Data:
   • Customer databases;
   • Contractual records.

Legal Basis:

1. Legitimate interests (corporate restructuring);
2. Legal obligations (disclosure to auditors).

Safeguards:

1. Confidentiality Agreements with acquiring parties;
2. Data Erasure clauses if the transfer fails.

5.5 Marketing & Advertising Partners

Purpose:

To deliver targeted ads or measure campaign effectiveness.

Data Types Shared:

1. Advertising Networks (e.g., Google Ads):
   • Cookie IDs, device identifiers;
   • Aggregated demographic segments (no direct identifiers).
2. Analytics Providers (e.g., Mixpanel):
   • Anonymized usage patterns;
   • Conversion rates.

Legal Basis:

1. User consent (POPIA Section 11(1)(a));
2. Legitimate interests (marketing ROI analysis).

Safeguards:

1. Pseudonymization (e.g., hashed email addresses);
2. Opt-Out Mechanisms:
   • AdChoices for interest-based ads;
   • Cookie preference centers.
3. User Controls Over Data Sharing
4. Granular Consent: Enable/disable sharing for specific purposes (e.g., marketing) in the Privacy Center.
5. Access Reports: Request a list of third parties with whom your data has been shared via feedback@sandtoner.com.
6. Object to Sharing: Submit objections for non-essential sharing (response within 15 days).
7. Cross-Border Data Transfers
8. If data is transferred outside South Africa, we ensure:
   • Adequacy Decisions: Recipient countries have POPIA-recognized data protection laws (e.g., EU GDPR).

6. Your Rights Under POPIA

The Protection of Personal Information Act (POPIA) grants you specific rights over your personal data. Below is a clear, simplified explanation of these rights, how to exercise them, and our commitments.

6.1 Right to Access (Section 23)

What It Means:

You can request a copy of the personal data we hold about you, including how it is used and shared.

How to Exercise:

• Email feedback@sandtoner.com with your full name and proof of identity (e.g., ID copy).

Response Time:

• Within 15 business days (free for first request; fees may apply for subsequent requests).

6.2 Right to Correction (Section 24)

What It Means:

• Request correction of inaccurate, incomplete, or outdated data (e.g., wrong phone number).

How to Exercise:

• Update directly in your account settings or contact customer support.

Our Commitment:

• Correct within 7 business days and notify third parties if applicable.

6.3 Right to Deletion (Section 25)

What It Means:

• Request deletion of data that is no longer necessary or unlawfully processed.

Exceptions:

• Data required by law (e.g., tax records) or for ongoing disputes.

How to Exercise:

• Submit a written request to feedback@sandtoner.com with reasons.

6.4 Right to Object (Section 11(3))

What It Means:

• Object to processing based on legitimate interests (e.g., direct marketing).

How to Exercise:

• Click "Unsubscribe" in emails or disable marketing preferences in your account.

Our Commitment:

• Stop processing within 5 business days unless overriding legal grounds exist.

6.5 Right to Data Portability (Section 22)

What It Means:

• Request your data in a structured, machine-readable format to transfer to another service.

Applicable Data:

• Only data processed by automated means with your consent or under contract.

How to Exercise:

• Email feedback@sandtoner.com specifying the desired format (e.g., CSV, JSON).

6.6 Right to Complain (Section 74)

What It Means:

Lodge a complaint with the South African Information Regulator if unsatisfied with our response.

Steps:

• Contact us first to resolve the issue internally.
• If unresolved, submit a complaint via:
  • Website: https://www.sandtoner.com/feedback/
  • Tel: +27 829076662

6.7 Summary of Your Rights

6.8 How We Protect Your Rights

• Dedicated Team: A Data Protection Officer (DPO) oversees all requests.
• No Discrimination: Exercising rights will not affect service quality.
• Transparency: Track request status via your account dashboard.

7. Data Security Measures

SANDTONER (PTY) LTD implements a multi-layered security framework to protect your personal information against unauthorized access, disclosure, alteration, or destruction. Below are our technical, administrative, and physical safeguards:

7.1 Technical Measures

7.2 Administrative Measures

7.3 Physical Measures

7.4 Additional Safeguards

Third-Party Audits:

• Annual ISO 27001 and POPIA compliance audits by independent auditors.

Data Breach Response:

• Step 1: Isolate affected systems and conduct forensic analysis.
• Step 2: Notify regulators and affected users within 72 hours.
• Step 3: Provide free credit monitoring services if sensitive data is exposed.

User Controls:

• Enable two-factor authentication (2FA) for account logins.
• Review active sessions and connected devices in account settings.

Contact for Security Concerns

Report security vulnerabilities or suspicious activities to:

• Email: security@sandtoner.com
• Phone: +27 829076662

8. Data Retention & Deletion

SANDTONER (PTY) LTD retains personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Below is our detailed data retention schedule, deletion processes, and exceptions.

8.1 Data Retention Schedule

8.2 Deletion Process

• Identification:
  • Locate data across all systems (databases, backups, third-party platforms).
• Verification:
  • Confirm user identity and legal authority for deletion requests.
• Execution:
  • Electronic Data: Overwrite or cryptographically erase to prevent recovery.
  • Physical Records: Cross-cut shredding or incineration.
• Confirmation:
  • Notify the user and update audit logs.

8.3 User Rights & Requests

• How to Request Deletion:
  • Submit a request via https://www.sandtoner.com/privacy or email feedback@sandtoner.com.
• Response Timeline:
  • Standard Requests: Processed within 15 business days.
  • Complex Cases (e.g., data across multiple systems): Up to 30 business days.

8.4 Exceptions to Deletion

We may retain data longer in specific circumstances, including:

• Legal Obligations:
  • Tax audits, AML investigations, or court orders.
• Public Interest:
  • Health or safety emergencies (e.g., pandemic contact tracing).
• Technical Constraints:
  • Backup systems with immutable storage (data will be deleted upon backup rotation).

8.5 Our Commitments

• Transparency: Provide a detailed retention schedule upon request.
• Security: Use certified data erasure tools (e.g., Blancco).
• Proactive Review: Bi-annual audits to ensure compliance with retention policies.

9. Cookies & Tracking Technologies

SANDTONER (PTY) LTD uses cookies and similar tracking technologies to enhance user experience, analyze service usage, and deliver targeted advertising. This section explains how these technologies work, their purposes, and your control options under POPIA.

9.1 Types of Cookies & Tracking Tools

9.2 How We Use Tracking Technologies

• Heatmaps & Session Recordings:
  • Tools like Hotjar visualize user interactions to identify usability issues.
• Cross-Device Tracking:
  • Link user activity across devices (e.g., mobile app and website) using encrypted identifiers.
• Retargeting Pixels:
  • Display ads to users who visited specific pages (e.g., abandoned cart reminders).

9.3 Your Control Options

9.4 Third-Party Data Sharing

We share cookie data with the following third parties under strict safeguards:

9.5 Our Commitments

• Transparency: Provide a real-time cookie consent banner on first visit.
• No Sneaky Tracking: We do not use fingerprinting or supercookies.
• Regular Audits: Review tracking tools quarterly for POPIA compliance.

10. Children's Privacy

SANDTONER (PTY) LTD is committed to protecting the privacy of minors. Our services are not directed to individuals under the age of 18 (“Children"), and we do not knowingly collect personal information from Children without verified parental or guardian consent.

10.1 Our Stance on Children's Data

• Service Restrictions:
  • Our platform is designed for merchants and adult users. We do not offer products or features targeting Children.
• Age Verification:
  • During account registration, users must confirm they are at least 18 years old.

10.2 If We Accidentally Collect Children's Data

If we discover that personal information of a Child has been collected without valid consent, we will:

10.3 Parental Rights

• Parents or guardians of Children may:
  • Request Access:
    • Obtain a copy of the Child's data we hold.
  • Request Deletion:
    • Demand erasure of the Child's data.
  • Withdraw Consent:
    • Revoke any previously granted consent.

How to Exercise Rights:

• Submit a request to feedback@sandtoner.com with:
  • Proof of parental/guardianship status (e.g., birth certificate, court order).
  • Child's identifying information (e.g., name, registered email).

10.4 Educational Resources

We support digital literacy for Children and recommend the following resources:

• South African Resources:
  • Childline South Africa: Online safety guides for parents.
  • Film and Publication Board: Tools to report inappropriate content.

10.5 Our Commitments

• No Marketing to Children: We do not use Children's data for advertising.
• Data Minimization: If parental consent is obtained, we collect only essential data.
• Regular Training: Staff receive annual training on handling minors' data.

11. Updates & Notification

We will notify users of material changes via email or platform announcements 30 days in advance.

Historical versions of this policy are archived at www.sandtoner.com/privacy-archive (Please update this link to your actual archive page) for review.

12. Contact Information

Designated Information Officer (POPIA Compliance)

• Name: Feedback
• Email: feedback@sandtoner.com
• Address: Rivonia Boulevard and 9th Avenue Johannesburg Sandton Gauteng 2128
• Phone: +27 829076662

Complaints: If dissatisfied with our response, you may lodge a complaint with the South African Information Regulator.