We respect your privacy and the confidentiality of your personal information. This Privacy Policy explains what personal information we collect, how we use, share, store and protect it, and the rights you have over your information under the Protection of Personal Information Act, 2013 (“POPIA”).
Fido Credit SA (Pty) Ltd (“Fido Credit SA”, “we”, “us” or “our”) is a private company duly incorporated in the Republic of South Africa (company registration number 2022/616019/07). Fido Credit SA is a registered credit provider with the National Credit Regulator under registration number NCRCP16693, and provides short-term lending products and related services through its mobile application (“Fido App”) and website at https://za.fido.money (“Website”). This Privacy Policy applies to all personal information collected through the Fido App, the Website and any related Fido Credit SA service (together, the “Services”).
For purposes of POPIA, Fido Credit SA is the “Responsible Party” in respect of the personal information processed under this Policy.
Definitions
“Personal Information” has the meaning given in section 1 of POPIA and includes any information relating to an identifiable, living natural person and, where applicable, an identifiable, existing juristic person.
“Processing” means any operation or activity concerning personal information, including its collection, storage, use, dissemination and destruction.
“Data Subject” / “User” / “you” means the natural person to whom personal information relates.
“Special Personal Information” means information relating to the categories listed in section 26 of POPIA (e.g., race, health, biometrics, criminal behaviour).
By creating an account, downloading or using the Fido App, accessing the Website, or applying for or using any of the Services, you consent to the processing of your personal information as described in this Policy. Where you give us special personal information (for example, biometric data captured during identity verification), your consent is given expressly through the relevant Fido App screens.
In addition to your consent, we may process your personal information on the following lawful bases under POPIA: (i) to conclude or perform a contract with you (e.g., a credit agreement); (ii) to comply with a legal obligation (e.g., the Financial Intelligence Centre Act, the National Credit Act and tax legislation); (iii) to protect a legitimate interest of yours; or (iv) to pursue our or a third party’s legitimate interests, including assessing creditworthiness and preventing fraud.
We collect personal information that is reasonable and necessary to provide and operate the Services. This includes:
(a) Information you provide to us directly, including: your full names, South African identity number, date of birth, gender, contact details (mobile number, email address, residential and postal addresses), employment and income information, banking details, KYC documentation (including your South African ID and a selfie/biometric image captured during identity verification), and any information you provide when communicating with us or applying for, using or repaying our products.
(b) Information collected automatically through the Fido App and the Website, including: device information (device model, operating system, language settings, unique device identifiers, network and mobile-network-operator information), log and usage data, IP address, location data (including GPS coordinates and network-based location), and mobile data accessible from your device, to the extent that you grant the relevant device permissions.
(c) Information collected from third-party sources, including: registered South African credit bureaus (including TransUnion and other bureaus registered with the National Credit Regulator), public databases, identity verification and fraud-prevention service providers, the Department of Home Affairs identification database (via authorised verification services), and (with your consent) social network accounts and other third-party data providers.
(d) Bank account and transaction information, obtained via truID, a licensed open-finance service provider engaged by Fido Credit SA. When you authorise us to access your bank statements, truID securely retrieves transactional data from your nominated bank account on your behalf and shares it with Fido Credit SA. We use this data exclusively for affordability assessment, credit decisioning and fraud prevention, and we do not store your online banking credentials. truID processes your information in accordance with its own privacy terms, available at https://www.truid.co.za.
We rely on the third parties referred to above being legally and contractually bound to lawfully disclose personal information to us.
The Fido App will ask you to grant certain device permissions before it can use information stored on or accessible from your device. You may grant or refuse these permissions through your device settings, and you may withdraw a permission at any time, although doing so may limit the functionality of the Services. The principal permissions are:
We do not intentionally collect Special Personal Information except where it is necessary and lawful to do so — for example, biometric data (your photograph and selfie) processed for identity verification — and only with your express consent or where authorised under section 27 of POPIA.
Our Services are not directed at, and we do not knowingly process personal information of, persons under the age of 18 years. If we become aware that we have inadvertently collected personal information of a child contrary to POPIA, we will delete it.
We process your personal information for the following purposes:
In order to decide whether to extend credit to you and on what terms, we use automated decisioning systems that score your application against credit and affordability criteria. You have the right under section 71 of POPIA to: (i) be informed that an automated decision has been taken; (ii) request the underlying logic or reasoning behind it; and (iii) request that the decision be reviewed by a person. To exercise this right, contact our Information Officer using the details at the end of this Policy.
We may share your personal information, on a need-to-know basis, with the following categories of recipient:
We require our Operators (third parties processing personal information on our behalf) to enter into written agreements obliging them to maintain the confidentiality and security of the personal information they process for us, consistent with POPIA.
We store and process personal information within the Republic of South Africa. We will not transfer your personal information outside South Africa other than in accordance with section 72 of POPIA — that is, where: (i) the recipient is subject to a law, binding corporate rules or a binding agreement that provides an adequate level of protection; (ii) you have consented to the transfer; (iii) the transfer is necessary for the performance of a contract with you or for implementing pre-contractual measures taken in response to your request; (iv) the transfer is necessary for the conclusion or performance of a contract concluded in your interest with a third party; or (v) the transfer is for your benefit and it is not reasonably practicable to obtain your consent.
We will only send you direct marketing communications by electronic means (email, SMS, push notification or automated call) where you have consented to receive them, or where you are an existing customer and we are marketing similar Fido Credit SA products to those you have previously taken from us, in accordance with section 69 of POPIA. You may opt out of direct marketing at any time and at no cost by following the unsubscribe instructions in the communication, updating your preferences in the Fido App, or contacting our Information Officer.
We take appropriate, reasonable technical and organisational measures to protect the personal information we hold against loss, damage, unauthorised access, disclosure, alteration and destruction, as required by section 19 of POPIA. These measures include access controls, encryption of personal information in transit and (where appropriate) at rest, network security, monitoring and logging, staff training and confidentiality undertakings. Personal information transmitted between the Fido App and our servers is protected by industry-standard transport-layer encryption.
If we have reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, we will notify you and the Information Regulator as required by section 22 of POPIA.
Subject to POPIA, you have the right to:
To exercise these rights, please contact our Information Officer using the details below. We may verify your identity before responding to a request and may charge a prescribed fee for access requests, in accordance with the Promotion of Access to Information Act, 2000 (PAIA). Forms used to exercise these rights (POPIA Form 1, Form 2 and Form 4) are available on the Information Regulator’s website.
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory and contractual obligations. In particular:
Where we have no legitimate ongoing purpose or legal need to retain your personal information, we will securely delete or de-identify it.
The Website uses cookies and similar technologies. Please refer to our Cookie Policy for details about the cookies used and how to manage them.
We may amend this Policy from time to time. The current version will at all times be available on the Website and in the Fido App. We will notify you of any material change before it takes effect, and your continued use of the Services after the effective date constitutes acceptance of the amended Policy.
If you believe we have processed your personal information in a manner inconsistent with POPIA or this Policy, please raise the matter with our Information Officer first so that we have the opportunity to resolve it. If you are not satisfied, you may lodge a complaint with the Information Regulator at:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: POPIAComplaints@inforegulator.org.za
Website: https://inforegulator.org.za
For all data-protection queries, requests to exercise your rights, or complaints under this Policy, please contact us:
Fido Credit SA (Pty) Ltd
Attention: Information Officer
45 Durham Street
Fairmount
Johannesburg
2192
Email: compliance-za@fidocredit.com
Note: In terms of section 56 of POPIA, the head of a private body is automatically the Information Officer. Fido Credit SA is in the process of formally appointing and registering an Information Officer with the Information Regulator. In the interim, queries may be directed to the contact details above and will be handled by the head of the private body or their delegate.
