POPIA & Constitutional Compliance Statement
The Protection of Personal Information Act 4 of 2013 (referred to as POPIA) establishes the rights of natural and juristic persons (Data Subjects) who/which are the owners of Personal Information, and the duties of organisations (Responsible Parties) that collect, process, use, retain and dispose of that Personal Information.
This policy defines responsibilities of **Wissel Remittance PTY LTD** (as a Responsible Party) that processes Personal Information from Data Subjects in South Africa in the course of normal business dealings. The policy regulates the acquisition, use, and retention of the Data Subject’s information including:
The policy excludes the rights of special categories of persons, where additional laws apply. The policy specifically excludes the collection or processing of information regarding children (POPIA defines a child as a natural person under 18). Even if consent is given by a competent person who has authority to consent on behalf of a child in terms of Section 11 of POPIA, the child’s information will not be processed. Children are excluded from all information storage, software platforms, marketing and other communications.
Processing of Special Personal Information (apart from the information referring to a child) is prohibited (Section 26 POPIA). Unless a general authorisation, alternatively a specific authorisation relating to the different types of Special Personal Information applies, the Company is prohibited from processing Special Personal Information.
Business information shared by Wissel Remittance PTY LTD and clients or business partners will, in addition to POPIA, be protected by contracts containing agreed confidentiality provisions.
2.1 In its dealings with a Data Subject, a Responsible Party has to comply with the Constitution of South Africa Act 108 of 1996.
2.2 Personal Information is protected by the right to privacy, which ranks together with such rights as the right to life, equality, and freedom of religion, belief and opinion. The Constitution of South Africa, which is our most important and overriding law, says in Chapter 2 The Bill of Rights, Section 14 that everyone has the right to privacy:
"Everyone has the right to privacy, which includes the right not to have—
(a) their person or home searched;
(b) their property searched;
(c) their possessions seized; or
(d) the privacy of their communications infringed."
3.1 POPIA applies to Responsible Parties and Operators processing Personal Information in South Africa, and to transmission of Personal Information outside of South Africa by those persons. The privacy legislation of another country may apply to cross-border transfers in addition to POPIA.
POPIA is the specific legislation that is in harmony with international standards, and embodies the principles of Section 14 of the Constitution. POPIA regulates the way in which Personal Information may be processed by government and private bodies by prescribing the minimum requirements for the lawful processing of Personal Information.
POPIA recognises that: "the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information" and the State must respect, protect, promote, and fulfil the rights in the Bill of Rights. POPIA has established the office of the Information Regulator to provide education, compliance, consultation and handling of complaints.
3.2 POPIA applies to a Responsible Party domiciled in South Africa and a responsible Party not domiciled in South Africa that makes use of automated or non-automated means in South Africa, unless the means are used only as a conduit to forward information through the Republic (Section 3(1)(b) POPIA).
4.1 POPIA definitions:
| Term | Meaning |
|---|---|
| Consent | any voluntary specific and informed expression of will in terms of which permission is given for the processing of Personal Information. |
| Data Subject | the person to whom Personal Information relates. |
| De-identify | in relation to Personal Information of a Data Subject means to delete any information that: (a) identifies the Data Subject; (b) can be used or manipulated by a reasonably foreseeable method to identify the Data Subject; or (c) can be linked by a reasonably foreseeable method to other information that identifies the Data Subject. |
| Information officer | in relation to a private body the head of that private body as defined in the Promotion of Access to Information Act. |
| Operator | a person who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party. |
| Person | a natural person or a juristic person. |
| Personal Information | information relating to a person and includes all information about that person, including their characteristics and identifying information and correspondence implicitly or explicitly of a private or confidential nature. Refer 4.2 below. |
| Processing | any operation or activity or any set of operations, whether or not by automatic means concerning Personal Information, including the collection, receipt, recording, storage, retrieval, use, dissemination, merging, erasure, or destruction of information. |
| Record | any recorded information in the possession or under control of the Responsible Party, whether or not it was created by the Responsible Party, and regardless of form or medium. |
| Responsible Party | a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information. |
4.2 POPIA protects natural and juristic persons. POPIA defines Personal Information as information relating to a living person or existing juristic person, including but not limited to:
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
(d) the biometric information of the person;
(e) the personal views, opinions, or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
POPIA: The Responsible Party must adhere to principles of accountability when processing Personal Information.
Wissel Remittance PTY LTD: We collect identified Personal Information for a defined purpose. We have appointed an Information Officer: Tyler Keindl, who can be contacted at email address: support@wisselremittance.com.
POPIA: Personal Information must be processed lawfully and fairly without infringing privacy. Information must be adequate, relevant, and not excessive. The Data Subject must consent to collection and processing.
Wissel Remittance PTY LTD: We will ask the Data Subject to consent to the collection and processing of Personal Information. We will collect Personal Information directly from the Data Subject unless the information has been made public, or where collection from another source does not prejudice their privacy.
POPIA: Personal Information must be collected for a specific, explicitly defined, and lawful purpose. Records should not be retained for longer than necessary for the purpose unless authorized by law, contract, or consent.
Wissel Remittance PTY LTD: We collect and process Personal Information from clients, senders, recipients, and business partners for facilitating international remittances and compliance procedures, specifically to:
(a) Process secure USD-to-ZAR cross-border money transfers, electronic account linking via Plaid, and last-mile retail bank payouts;
(b) Conduct Financial Intelligence Centre Act (FICA) KYC identity screenings and verification;
(c) Automatically generate and file mandatory South African Reserve Bank (SARB) Balance of Payments (BoP) compliance reporting declarations.
We will return or destroy Personal Information when it is no longer required, or when lawfully possible.
POPIA: Further processing must be compatible with the purpose for which Personal Information was initially collected.
Wissel Remittance PTY LTD: We will request the explicit consent of the Data Subject prior to any further processing compatible with original intent.
POPIA: The Responsible Party must ensure that Personal Information is complete, accurate, true, and updated.
Wissel Remittance PTY LTD: We will ask the Data Subject to provide truthful, complete and accurate information, and to update the information when necessary.
POPIA: The Responsible Party must ensure the Data Subject is aware of the collection details, source, purpose, and rights.
Wissel Remittance PTY LTD: We provide clear disclosures through this Policy. We may transfer Personal Information about a Data Subject out of South Africa to a third party in a foreign country (specifically to the United States) for processing by an operator (e.g. Plaid, AWS infrastructure) or for secure cloud storage and safekeeping purposes.
POPIA: The Responsible Party has to secure the integrity and confidentiality of Personal Information. It must take appropriate, reasonable, technical and organisational measures to prevent loss, damage, or unauthorised destruction/access. compromises must be reported to the Regulator and the Data Subject.
Wissel Remittance PTY LTD: We take institutional-grade measures for the safekeeping of Personal Information:
(a) AES-256 standard encryption applied to all data at rest and in transit;
(b) Biometric authentication requirements (Face ID or fingerprint scans) for transaction authorization on mobile devices;
(c) Secure Escrow accounts holding funds in transit until final electronic delivery;
(d) Access log audits on all database operations and compliance processing lines.
We will notify the Data Subject and the Regulator immediately if there are reasonable grounds to believe that Personal Information has been accessed or acquired by an unauthorised person.
POPIA: The Data Subject may request a record or description of their held Personal Information, correction, or deletion of inaccurate details.
Wissel Remittance PTY LTD: A Data Subject may contact our Information Officer (support@wisselremittance.com) for access, verification, or updates to their Personal Information.
Data Subjects possess the following key rights under POPIA:
(a) To be notified that their Personal Information is being collected, or that a security compromise has occurred;
(b) To request access to records of their held Personal Information and know which third parties have access;
(c) To request correction, destruction, or deletion of inaccurate or excessive records;
(d) To object on reasonable grounds to the processing of their Personal Information;
(e) To object to direct marketing communications;
(f) Not to be subject to a decision based solely on automated profiling without human intervention;
(g) To submit complaints to the Information Regulator. Regulator contact details:
(h) To institute civil proceedings regarding alleged interference with their privacy.
**POPIA:** Direct marketing is prohibited unless the Data Subject has given consent (and they may only be approached once), or if they are existing clients being approached in the context of related services.
**Wissel Remittance PTY LTD:** We will request your consent before sending marketing materials. Senders are given a clear, free opportunity to opt-out on the occasion of every communication.