Mepho Pay Day Loans

Protection of Personal Information (POPIA)

Last updated: 10 May 2026 · South Africa

1. What POPIA is

The Protection of Personal Information Act, 2013 (POPIA) governs how organisations in South Africa must process personal information—that is, information about an identifiable living person or where applicable a juristic person. Mepho Pay Day Loans is committed to handling personal information responsibly and in line with POPIA and our registration as a credit provider ( NCRCP20247).

2. Responsible party and information officer

Depending on the activity, we may act as the responsible party under POPIA—that is, the party that determines the purpose and means of processing personal information. We have designated an information officer (and may appoint deputies) to support POPIA compliance. For privacy-related requests, contact mepho@mephopaydayloans.com.

3. Conditions for lawful processing

POPIA sets out conditions that must be met when we process personal information. In summary, we aim to:

  • Accountability: take reasonable measures to comply with POPIA and be able to demonstrate that compliance;
  • Processing limitation: only process information for specific, explicit, and lawful purposes and avoid unnecessary further processing;
  • Purpose specification: be clear about why we collect information;
  • Further processing limitation: align any new use with the original purpose or a compatible purpose allowed by law;
  • Information quality: keep information reasonably accurate and up to date where appropriate;
  • Openness: tell data subjects what we process and why, as required;
  • Security safeguards: protect information against loss, damage, or unauthorised access;
  • Data subject participation: enable you to request access and correction where POPIA allows.

4. Special personal information

Certain categories (for example information relating to health, biometric data, or political beliefs) are treated as special personal information under POPIA and may only be processed when the Act permits. Where our credit processes require such information in line with the National Credit Act and related rules, we process it only when justified and in the manner the law allows.

5. Direct marketing

If we intend to use your personal information for direct marketing by electronic communication, we will comply with POPIA and the regulations that apply (including consent and opt-out requirements). You may unsubscribe or object where the law gives you that right.

6. Cross-border transfers

If personal information is transferred to a recipient in another country, we comply with POPIA's rules on cross-border flows—for example transferring only where the recipient is subject to an adequate law, binding corporate rules, an agreement that meets prescribed requirements, or with your consent where applicable.

7. Your rights and complaints

You have rights under POPIA, which may include (subject to the Act's terms):

  • asking what personal information we hold about you in certain circumstances;
  • requesting correction of inaccurate information;
  • objecting to processing in specified situations, or lodging a complaint with us or with the Information Regulator.

To exercise rights, email mepho@mephopaydayloans.com. If you are not satisfied with our response, you may approach the Information Regulator of South Africa in line with their processes.

8. Research, archiving, and statistics

Personal information may be used for historical, statistical, or research purposes if adequate safeguards are in place—for example where information is de-identified and cannot reasonably be re-linked to a data subject, or where POPIA otherwise permits such processing.

9. Codes of conduct and guidance

We may adopt industry codes or guidance issued by regulators, including the Information Regulator, the National Credit Regulator, or recognised associations, where those instruments apply to our processing activities and help demonstrate accountability.

10. Duties when processing on behalf of others

If we process personal information as an operator for another responsible party, we act on documented instructions, implement appropriate security, do not use the information for our own purposes without agreement, and assist that party with compliance where POPIA requires.

11. Regulatory oversight

The Information Regulator may exercise powers under POPIA, including assessment notices, investigations, and enforcement. We cooperate with lawful regulatory requests.

12. Changes to this summary

We may revise this POPIA page when our practices or the law change. The "Last updated" date at the top will change accordingly.

13. More detail

For day-to-day details of categories of information, retention, cookies, and contact points, also read our Privacy Policy and Cookies Policy.

Continue to apply

To make the application process smooth, please tell us if you are a new or returning client (returning means you have applied with us before).