Privacy policy

1. Who we are

This policy applies to Mepho Pay Day Loans, a registered credit provider in South Africa (National Credit Regulator registration number: NCRCP20247). In POPIA, we may act as the responsible party for certain personal information we process in the course of our business and when you use our marketing website and related channels described below.

2. What this policy covers

This website is primarily a brochure-style presence to explain our brand and point you to our online application and customer portal, which are operated on separate systems. This policy explains how we treat personal information in that context. If you use our credit application or customer portal, additional terms, notices, and privacy statements may apply there—please read them carefully when you use those services.

3. The information officer

POPIA requires that we designate an information officer (and, where needed, deputy information officers) responsible for compliance. Requests about this policy or about exercising your rights may be sent to mepho@mephopaydayloans.com. Mark your email subject line clearly, for example "POPIA request" or "Privacy enquiry".

4. Categories of personal information

Depending on how you interact with us, we may process categories such as:

• Contact and identity details (for example your name, email address, or telephone number if you provide them);
• Technical and usage data relating to visits to this website (for example IP address, browser type, and general log information), where this is generated through hosting, analytics, or security tools we use;
• Records you send us when you email us or upload documents through linked services, where those records contain personal information.

We aim to collect only what is reasonably necessary for the purposes set out in this policy.

5. How we collect information

We may collect personal information when:

• you contact us by email or other channels we publish;
• you browse or interact with this website (as permitted by our cookie notice);
• you follow links to our application or portal and complete steps there;
• the law requires or permits us to collect it.

6. Purpose and lawful basis for processing

We process personal information only for lawful purposes aligned with POPIA, including:

• responding to enquiries and communicating with you if you have contacted us;
• operating, securing, and improving this website;
• complying with legal and regulatory obligations, including credit-industry and anti-money-laundering requirements where applicable to our services;
• establishing, defending, or exercising legal claims where this is permitted by law.

Where we rely on consent, contract, legal obligation, legitimate interests, or another ground recognised in POPIA, we document our position and will explain it where we are required to do so when dealing with a data-subject request.

7. Disclosure of personal information

We may share personal information with:

• service providers who assist us with hosting, IT security, or communications, under written terms that protect your information;
• our professional advisers where this is necessary and lawful;
• regulators, law enforcement, or courts when the law requires or permits disclosure.

We do not sell your personal information.

Where we appoint an operator (a person or organisation that processes personal information on our instructions), we bind that operator to written terms that require appropriate security and use only for authorised purposes. We remain responsible for the operator's compliance with POPIA in respect of processing that we task to the operator, as the law prescribes.

8. Cross-border flow of information

Where personal information is transferred to recipients in other countries (for example cloud hosting outside South Africa), we take steps that POPIA requires, such as ensuring an adequate level of protection or obtaining your consent where applicable, and we work with suppliers who can demonstrate appropriate safeguards.

9. Security

We implement reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, or disclosure. No online system is completely secure; you should also protect your devices and passwords when using the internet.

10. Retention

We keep personal information only for as long as needed for the purposes above, unless a longer period is required by law or to resolve disputes. When we no longer need it, we will delete, destroy, or de-identify it in line with our records and retention policies.

11. Your rights under POPIA

Subject to conditions in POPIA, you may have the right to:

• request access to personal information we hold about you;
• request correction or updating of inaccurate information;
• object to processing in prescribed circumstances;
• lodge a complaint with the Information Regulator.

To exercise rights, contact us using the details below. We may need to verify your identity before responding.

12. The Information Regulator (South Africa)

If you believe we have not handled your personal information in line with POPIA, you may contact the Information Regulator of South Africa. Their website explains how to lodge a complaint.

13. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide a more prominent notice on this website.

14. Minors

This marketing website is not aimed at persons under the age of 18. If you are a parent or guardian and believe that a minor has provided us with personal information without appropriate supervision, please contact us so that we can take steps to address the matter in line with POPIA.

15. Accuracy and your duty to assist

You should ensure that any personal information you give us is correct and, where relevant, kept up to date. Where you become aware of an error—for example after an address or contact detail changes—please let us know through the channels we publish so that we can correct or supplement our records where appropriate.

16. Automated decision-making, scoring, and related processing

Credit-related systems may use automated tools, models, or rules in line with the National Credit Act, 2005 and industry guidelines. Where those processes take place in our application or account environments (outside this brochure site), separate notices and pre-agreement statements may apply. If you have concerns about a decision that significantly affects you, you may have rights under credit and consumer legislation—ask us in writing and consider the National Credit Regulator's guidance.

17. Direct marketing and electronic communications

We will only send direct marketing by electronic communication where POPIA and related regulations allow, for example where we have obtained the appropriate consent or another lawful basis applies. Every marketing message will include a clear way to opt out or manage preferences where the law requires it. If you tell us to stop, we will process your request without undue delay, subject to record-keeping we are permitted to keep (for example a suppression list).

18. Juristic persons and representatives

Where we process personal information relating to directors, members, partners, or authorised signatories acting on behalf of a company, close corporation, trust, or similar entity, we treat that information in line with this policy and POPIA, including where the person is the contact point for that organisation.

19. Access and data-subject requests

You may request access to personal information we hold about you, subject to POPIA's limitations (for example trade secrets, confidential commercial information, and third-party information that we cannot disclose without consent). We may ask you to verify your identity before we respond and may apply a reasonable fee where POPIA allows. We aim to respond within a reasonable period; if we cannot meet your request in full, we will explain why and tell you about further steps you may take, including approaching the Information Regulator.

20. Security compromises

If we become aware of a suspected or confirmed compromise of personal information under our control, we will investigate, mitigate, and—where required by POPIA and any applicable guidance—notify affected individuals and/or the Information Regulator without unreasonable delay, describing the nature of the incident and steps we are taking.

21. Monitoring and recording

Telephone calls, online chat sessions, emails, or other communications may be recorded where the law permits and where this is reasonably necessary for training, security, evidence, or regulatory compliance. Where recording requires consent, we will obtain it in a clear manner before the interaction proceeds.

22. Promotion of Access to Information Act (PAIA)

In addition to POPIA, the Promotion of Access to Information Act, 2000 (PAIA) may give you the right to request access to certain records held by private bodies, subject to listed grounds of refusal. A PAIA manual (or the relevant parts of our information compliance framework) may be available on request—please contact the information officer at mepho@mephopaydayloans.com and describe the records you wish to access under PAIA or POPIA so that we can route your request correctly.

23. Relationship to other documents

This policy should be read together with our Cookies Policy, the terms governing any credit application or account you have with us, and any product-specific privacy notices we provide in those channels. If there is a conflict that affects you as a consumer, mandatory provisions of South African law will prevail.