Welcome to Zenpay ("we", "us", or "our"). These Terms and Conditions ("Terms") govern your access to and use of our website (the "Platform"). By accessing or using our Platform, you agree to be bound by these Terms. If you do not agree to these Terms, please do not use our Platform.

1. Eligibility

1.1 You must be at least 18 years old and have the legal capacity to enter into these Terms and Conditions to use our Platform.

1.2 By using our Platform, you represent and warrant that you meet all eligibility requirements.

2. Account Registration

2.1 To access certain features of our Platform, you must create an account. You agree to provide accurate, current, and complete information during the registration process and to update such information to keep it accurate, current, and complete.

2.2 You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account.

3. Use of the Platform

3.1 You agree to use the Platform only for lawful purposes and in accordance with these Terms and Conditions. You are responsible for complying with all applicable laws and regulations.

3.2 You agree not to:

Use the Platform in any manner that could disable, overburden, damage, or impair the Platform or interfere with any other party's use of the Platform.

Use any robot, spider, or other automatic device, process, or means to access the Platform for any purpose, including monitoring or copying any of the material on the Platform.

Introduce any viruses, trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful.

Attempt to gain unauthorized access to, interfere with, damage, or disrupt any parts of the Platform, the server on which the Platform is stored, or any server, computer, or database connected to the Platform.

4. Transactions

4.1 The Platform allows you to perform transactions for different products and services. You are solely responsible for your decisions and any risks associated with these transactions.

4.2 You are responsible for the accuracy of recipient details before completing the transaction. Any errors cannot be rectified or reversed.

4.3 We do not provide investment advice or recommendations. Any information provided on the Platform is for informational purposes only.

4.4 We are not responsible for any losses that may be incurred as a result of you performing transactions on the Platform.

4.5 Click here   to view our allowable transactions.

5. Fees

5.1 We may charge fees for certain services provided on the Platform. Our fee schedule is available on our website and may be updated from time to time.

5.2 You agree to pay all applicable fees and charges associated with your use of the Platform in accordance with our fee schedule.

5.3 Click here   to view our allowable transaction fees.

6. Intellectual Property

6.1 The Platform and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by us, our licensors, or other providers of such material and are protected by intellectual property laws.

6.2 You are granted a limited, non-exclusive, non-transferable, and revocable license to access and use the Platform for your personal, non-commercial use.

7. Limitation of Liability

7.1 No Warranty: The Platform is provided on an "as is" and "as available" basis. We do not warrant that the Platform will be uninterrupted, timely, secure, or error-free, or that any defects will be corrected. We make no warranties, express or implied, regarding the use or the results of the use of the Platform in terms of correctness, accuracy, reliability, or otherwise.

7.2 Assumption of Risk: You understand and agree that you are using the Platform at your own risk.

7.3 Liability Cap: To the fullest extent permitted by applicable law, in no event shall we, our affiliates, our licensors, service providers, employees, agents, officers, or directors be liable for any direct, indirect, incidental, special, punitive, or consequential damages of any kind (including, but not limited to, damages for loss of profits, loss of data, business interruption, or other intangible losses) arising out of or in connection with your use of, or inability to use, the Platform, any content on the Platform, or any services provided through the Platform, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, and whether or not we have been informed of the possibility of such damage.

7.4 Aggregate Liability: In no event shall our aggregate liability to you for all claims arising out of or related to these Terms or your use of the Platform exceed the greater of (i) the total amount you have paid to us for services in the six (6) months immediately preceding the events giving rise to such claim or (ii) R1808,67.

7.5 Third-Party Services: The Platform may contain links to third-party websites or services that are not owned or controlled by us. We do not have any control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such websites or services.

8. Indemnification

8.1 Your Agreement to Indemnify: You agree to indemnify, defend, and hold harmless the Platform, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns (collectively, the "Indemnified Parties") from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to: Your use of the Platform, including any data or content transmitted or received by you. Your violation of these Terms, including but not limited to any breaches of your representations and warranties set forth herein. Your violation of any third-party right, including without limitation any right of privacy, publicity rights, or intellectual property rights. Your violation of any law, rule, or regulation of any jurisdiction. Any claim or damages that arise as a result of any of your User Content or any content that is submitted via your account. Any other party’s access and use of the Platform with your unique username, password, or other appropriate security code.

8.2 Indemnification Procedure: We will provide you with prompt written notice of any such claim, suit, or proceeding and will cooperate with you, at your expense, in defending any such claim, suit, or proceeding. You will not settle any claim, suit, or proceeding in any manner that admits fault, liability, or wrongdoing on the part of any Indemnified Party or imposes any obligation on any Indemnified Party without our prior written consent. We reserve the right, at our own expense, to assume the exclusive defence and control of any matter otherwise subject to indemnification by you.

Updating or validating your information in terms of the FIC Amendment Act, 1 of 2017

What FICA requires

When you opened your account, you would have complied with FICA requirements such as providing a copy of your identity document, your source of funds (income) and your address details amongst other information. Due to amendments to the Act, we need you to update and/or validate your information to make sure both Zenpay and you meet the requirements of the FIC Amendment Act.

What is Financial Intelligence Centre (“FIC”) Amendment Act?

The FIC Amendment Act is an amendment to the 2001 FICA law. It is a South African law that aims to combat financial crime as well as protect the financial stability and integrity of the South African financial system.

What is ongoing due diligence?

Ongoing due diligence is the process of continuously validating and updating the information of a client for as long as they continue to be a client of zenpay. It helps us understand our client better and is one of the requirements under the FIC Amendment Act.

What information is required for ongoing due diligence?

Personal details may change, for example you may get married, change your job, or move home. We therefore need to ask clients to confirm or update their details to make sure that we have the correct information.

The information required to perform due diligence includes but is not limited to the following:

-Contact details

-Employment details

-Source of funds

-Occupation

-Nationality

What happens if I do not update my information?

If you do not update or validate your information, we are obligated by law to restrict/ block your account.

What happens if my account has been restricted or blocked?

If your account has been blocked, you will not be able to access your funds, access your account via the website or app until you have provided us with the required information.

How long will it take for me to access my funds and services after I have updated my information?

Once you have updated your details, the restriction will be lifted within 48 hours. It is recommended that you do not wait until your accounts are restricted to act.

Why do we need your updated information?

Not only does this enable us to provide the best service and products, but it gives our clients comfort that as a bank we are following the rule of law and are not putting them, or our employees or shareholders, at risk.

How can I validate and update the details myself?

You can do this in the following ways:

1. Call us on 0800 873 287

2. email support@zenpay.co.za

In terms of the Financial Advisory and Intermediary Services Act, 2002, AZPOR (PTY) LTD (“FSP”) is required to maintain and operate effective organizational and administrative arrangements with a view to taking all reasonable steps to identify, monitor and manage Conflict of Interest (“COI”). Section 3A(2)(a) of the FAIS General Code of Conduct (“GCOC) stipulates that every financial services provider, other than a representative, must adopt, maintain and implement a conflict-of-interest management policy that complies with the provisions of the Act

Purpose

The purpose of this policy is to comply with these obligations and provide for mechanisms in place to identify, mitigate and manage the conflicts of interest to which AZPOR is a party. In addition, to ensure alignment between the values of the organization and the conduct of its people by safeguarding clients’ interests and ensuring the fair treatment of clients. AZPOR is committed to ensuring that all business is conducted in accordance with good business practice. To this end, AZPOR conducts business in an ethical and equitable manner and in a way that safeguards the interests of all stakeholders to minimize and manage all real and potential conflicts of interests. Like any financial services provider, AZPOR is potentially exposed to conflicts of interest in relation to various activities. However, the protection of our clients’ interests is our primary concern and so our policy sets out how:

-we will identify circumstances which may give rise to actual or potential conflicts of interest entailing a material risk of damage to our clients’ interests.

-we have established appropriate structures and systems to manage those conflicts; and

-we will maintain systems in an effort to prevent damage to our clients’ interests through identified conflict of interest.

To achieve the objectives set out above, this policy sets out the rules, principles and standards of AZPOR's COI management procedures, by documenting them in a clear and understandable format.

Scope of Application

This policy is applicable AZPOR, all providers of AZPOR, key individuals, representatives, associates, and administrative personnel. AZPOR is committed to ensuring compliance with this policy and the processes will be monitored on an ongoing basis. Any non-compliance with the policy will be viewed in a severe light. Non-compliance will be subject to disciplinary procedures in terms of FAIS and employment conditions and can ultimately result in debarment or dismissal as applicable. Avoidance, limitation or circumvention of this policy via an associate will be deemed non-compliance.

Consequences of Non-Complience

1.1 The FAIS Act provides for penalties in the event that a person is found guilty of contravening the Act, or of non-compliance with the provisions of the Act. The penalty for non-compliance of specific provisions of the Act, is an amount of up to R1 million or a period of imprisonment for up to 10 years.

1.2 The Registrar of FAIS is empowered to refer instances of non-compliance to an Enforcement Committee of the FSCA that may impose administrative penalties on offenders.

1.3 The FAIS Act also gives the Registrar the powers to revoke the license of an FSP.

FSPs that fail to declare and disclose conflict of interest could subject the business to administrative penalties and legal action if it is found the FSP acted fraudulently. AZPOR is a Proprietary Limited Company, Registration Number 2013/158012/07 with Kevin Pillay as the Key Individual. The product providers that AZPOR uses: Nedbank FSP has documented policies and procedures in place.

Understanding Conflict of Interest

When is it a conflict of interest?

A COI means any situation in which AZPOR or one of our representatives has an actual or potential interest that may, in rendering a financial service to our clients -

-influence the objective performance of obligations to that client; or

-prevents us from rendering an unbiased and fair financial service, or

-prevents us from acting in the interests of that client.

An “actual or potential interest” includes but is no limited to:

-A financial interest, which includes any cash, cash equivalent, voucher, gift, service, advantage, benefit, discount, domestic or foreign travel, hospitality, accommodation, sponsorship, valuable consideration, other incentive or valuable consideration which exceeds R1000 per calendar year.

-An ownership interest which means any equity or proprietary interest and any dividend, profit share or similar benefit derived from that equity or ownership interest.

-Any relationship with a third party, meaning any relationship with a product supplier, other FSP’s, an associate of a product supplier or an associate of AZPOR. A third party also includes any other person who, in terms of an agreement or arrangement, provides a financial interest to AZPOR or its representatives.

-An immaterial financial Interest, which is any financial interest with a determinable monetary value, the aggregate of which does not exceed R 1 000 in any calendar year from the same third-party in that calendar year received by –

-a provider who is a sole proprietor; or

-a representative for that representative's direct benefit;

-a provider, who for its benefit or that of some or all of its representatives, aggregates the immaterial financial interest paid to its representatives;

What type of interest may we give and receive?

AZPOR and our representatives may only offer to and receive specific financial interests from a third party , which includes the following:

1. Commission as authorised under the Long-term Insurance Act (52 of 1998), the Short-term Insurance Act (53 of 1998) and the Medical Schemes Act (131 of 1998).

2. Fees as authorised under the Long-term Insurance Act (52 of 1998), the Short-term Insurance Act (53 of 1998) and the Medical Schemes Act (131 of 1998).

3. “Other fees” specifically agreed to by the client and which can be stopped by the client at their discretion but only if agreed in writing with the client, including details of the amount, frequency, payment method and recipient of those fees, as well as the details of services to be provided in exchange for the fees.

4. Fees or remuneration for services that were rendered to a third party.

5. An immaterial financial interest.

6. Any other financial interest not mentioned above for which a consideration, fair value or remuneration that is reasonably commensurate is paid by that provider or representative, at the time of receiving that financial interest.

On what basis may we give and receive financial interests?

The financial interest referred to in points 2, 3, and 4 above may only be offered or received by AZPOR or its representatives, if:

• The financial interests are proportionate (reasonably commensurate) to the service being rendered, considering the nature of the service, the resources, skills and competencies that are reasonably required to perform it.

• The payment of those financial interests does not result in AZPOR or representative being remunerated more than once for performing the same service.

• Any actual or potential conflicts between the interests of clients and the interests of the person receiving those financial interests are effectively mitigated; and

• The payment of those financial interests does not impede the delivery of fair outcomes to clients.

Financial interests for representatives of AZPOR

AZPOR may not offer any financial interest;

• For giving preference to a specific product of a product supplier, where a representative may recommend more than one product of that product supplier to a client.

• For giving preference to a specific product supplier, where a representative may recommend more than one product supplier to a client

• That is determined with reference to the quantity of business, without also giving due regard to the delivery of fair outcomes for clients.

In relation to delivery of fair outcomes for clients, AZPOR must demonstrate that a determination of a representative’s entitlement to a financial interest, considers measurable indicators, relating to the:

• Achievement of minimum service level standards in respect of clients

• Delivery of fair outcomes for clients; and

• Quality of the representative’s compliance with the FAIS Act.

The measurable indicators are agreed in writing between AZPOR and its representative and sufficient weight (significance) are attached to these indicators to materially mitigate the risk of the representative(s) giving preference to the quantity of business secured for AZPOR over the fair treatment of clients. AZPOR does not offer a sign-on bonus to any person, other than a new entrant , as an incentive to become a provider authorised or appointed to give advice. The way in which AZPOR remunerates its representatives and complies with these requirements, is set out in section 6 of this policy.

Processes and Internal Controls to Manage Conflict of Interest

Identification of conflict of interest

To adequately manage COI, AZPOR must identify all relevant conflicts timeously. In determining whether there is or may be a COI to which the policy applies, AZPOR considers whether there is a material risk of unfair treatment or bias for the client, taking into account whether AZPOR or its representative, associate or employee:

• is likely to make a financial gain, or avoid a financial loss, at the expense of the client;

• has an interest in the outcome of a service provided to the client or of a transaction carried out on behalf of the client, which is distinct from the client's interest in that outcome;

• has a financial or other incentive to favour the interest of another client, group of clients or any other third party over the interests of the client;

• receives or will receive from a person other than the client, an inducement in relation to a service provided to the client in the form of monies, goods or services, other than the legislated commission or reasonable fee for that service.

Our policy defines possible conflict of interest or examples of conflict of interest as, inter alia, -

• between the AZPOR and the Client.

• between our clients if we are acting for different clients and the different interests’ conflict materially. None currently exist- examples working with divorced couples. FSP maintains a strict code of ethics.

• where associates, product suppliers, distribution channels or any other third party is involved in the rendering of a financial service to a client.

• storing confidential information on clients which, if we would disclose or use, would affect the advice or services provided to clients.

All employees, including internal compliance officers and management, are responsible for identifying specific instances of conflict and are required to notify the Key Individual of any conflicts they become aware of. The Key Individuals will assess the implications of the conflict and how the conflict should be managed, acting impartially to avoid a material risk of harming clients’ interests.

Measures for avoidance and mitigation of conflict of interest

To ensure that AZPOR can identify, avoid and mitigate COI situations, AZPOR creates awareness and knowledge of applicable stipulations, through training and educational material. Where a COI situation cannot be avoided, these instances are recorded on AZPOR’s conflict of interest register. AZPOR ensures the understanding and adoption of AZPOR’s conflict of interest policy and management measures by all employees, representatives, and associates through training on the COI policy. The Key Individual will assess each conflict, including whether the conflict is actual or perceived, what the value of the conflict or exposure is and the potential reputational risk. Compliance and management then agree on the controls that need to be put in place to manage the conflict. Once a conflict of interest has been identified it needs to be appropriately and adequately managed and disclosed, in line with the below steps.

Measures for mandatory disclosure of conflict of interest

Where there is no other way of managing a conflict, or where the measures in place do not sufficiently protect clients’ interests, the conflict must be disclosed to allow clients to make an informed decision on whether to continue using our service in the situation concerned. In all cases, where appropriate and where determinable, the monetary value of non-cash inducements will be disclosed to clients. The Key Individual will ensure transparency and manage conflict of interests. The client must be informed on the Conflict-of-Interest Policy and where they may access the policy.

Ongoing monitoring of conflict of interest management

The key individual or staff member in charge of supervision and monitoring of this policy will regularly monitor and assess all related matters. AZPOR will conduct ad hoc checks on business transactions to ensure the policy has been complied with. The Compliance Officer will include monitoring of the Conflict-of-Interest policy as part of his/her general monitoring duties and will report thereon in the annual compliance report. This policy shall be reviewed annually and updated if applicable. The compliance function is outsourced to an external Compliance company with no shareholding in this FSP. The Compliance practice functions objectively and sufficiently independently of AZPOR and monitors the process, procedures and policies that AZPOR has adopted to avoids conflicts of interest.

Training and staff

Comprehensive training on the Conflict of Interest is provided to all employees and representatives as part of specific and/or general training on the FAIS Act and GCOC. Training will be incorporated as part of all new appointees’ induction. Ongoing and refresher training on AZPOR’s Conflict of Interest management processes and policy is provided on an annual basis.

Registers

Regarding existing third-party relationships, being the product suppliers listed in our Contact Stage Disclosure letter, (we confirm that there are no circumstances which could lead to a potential conflict of interest). Should any conflicts arise with regard to any of these, prior to entering into any business transaction with you, we undertake to disclose these in the registers below. All gifts, financial interest, immaterial financial interest and any other COI situations as outlined in this policy, must be recorded in AZPOR’s COI register, attached as Annexure A.

Remuneration policy

This section of the Policy specifies the type of and the basis on which a representative of AZPOR will qualify for a financial interest that AZPOR offers and motivates how that financial interest complies with the requirements of this policy. Our remuneration structure is made up of the 2 components of total remuneration:

- Commission and Asset based fees, mostly structured for representatives in the business that gives advice and intermediary services

- Total Guaranteed Package incorporated basic pay, vehicle allowance, provident fund, medical aid, leave and various other allowances where applicable.

- No referral income is earned.

- No preference is given to any provider/providers.

AZPOR caries out regular inspections on all commissions, remuneration, fees and financial interests proposed or received in order to avoid non-compliance. This includes but is not limited to:

• Analysis of Management Information to identify trends and outliers

TCF client feedback program results assessments/review

Compliant trend analysis

This Privacy Policy is effective as of “1 February 2025” ("Effective Date")

Please read this Privacy Policy before browsing this website or using our Services. Your continued use of this website indicates that you have both read and agree to the terms of this Privacy Policy. Unfortunately, you cannot use this website if you do not accept this Privacy Policy.

Introduction

1.1. This Privacy Policy is to be read as specifically incorporated into the Terms of Service, in terms of which Zenpay provides services to you (“Services”) as amended from time to time.

1.2. This Privacy Policy applies to your use of Zenpay. For the purposes of this Privacy Policy, references to a “Website” will be a reference to this URL / website and will also include any and all associated mobile applications as offered or downloadable from the requisite application stores, together with any Application Programming Interface/s.

1.3. This Privacy Policy is to be read in conjunction with any data processing agreement or operator agreement entered into between you and Zenpay. In the event of any conflict between this Privacy Policy and a binding data processing agreement, the data processing agreement will be preferred to the extent of such inconsistency.

1.4. This Privacy Policy does not apply to the information practices of third-party companies that Zenpay may engage with in relation to its business operations (including, without limitation, their websites, platforms and/or applications) and which Zenpay does not own or control; or individuals that Zenpay does not manage or employ. These third-party sites may have their own privacy policies and terms and conditions, and Zenpay encourages you to read them before making use of their services.

1.5. It is important that you understand how Zenpay uses your information. You should read this Privacy Policy in full, but below are the key highlights relating to this Privacy Policy:

1.5.1. Our goal is to streamline and simplify your banking experience. If you don’t want the information you share with us to be collected, processed or disclosed as described in this Privacy Policy, or if you are under the prescribed legal age of majority or do not have the capacity to be bound by this Privacy Policy, you should immediately stop accessing the services.

1.5.2. We collect and process your personal information in accordance with clause 2 below.

1.5.3. We may share your personal information with trusted third parties and service providers, in order to offer the services to you, as well as meet legal requirements.

1.5.4. We offer ways for you to request access to, deletion or correction of information we hold about you.

1.5.5. We offer support to you via our customer support desk, should you require any information or have any questions.

Privacy Policy

2.1. For the purposes of this section, personal information will be understood under the definition provided in the applicable data protection laws. Zenpay also subscribes to the principles applicable to electronically collecting personal information outlined in applicable data protection laws. The applicable data protection laws generally do not apply in situations where personal information has been De-Identified. The following list of definitions (though not exhaustive) will apply to this Privacy Policy. Capitalised terms not defined herein will bear the meaning contained in Zenpay’s Terms of Service:

2.1.1. “Account Holder” means the individual or entity holding a Zenpay Account on the Website;

2.1.2.“Biometric Information” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including fingerprinting, retinal scanning and/or voice recognition;

2.1.3. “Consent/ed” means any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal information;

2.1.4. “Data Breach” means any incident in terms of which reasonable grounds exist to believe that your Personal information has been accessed or acquired by an unauthorised person;

2.1.5. “De-Identify/ied” means to delete any information that identifies you, or which can be used by a reasonably foreseeable method to identify, or when linked to other information, that identifies you;

2.1.6. “Direct Marketing” means when you are approached, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to you;

2.1.7. “Process/Processed/Processing” means the act of processing information which includes any activity or any set of operations, whether or not by automatic means, concerning personal information and includes:

2.1.7.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, or use; and/or

2.1.7.2. dissemination by means of transmission, distribution or making available in any other form; and/or

2.1.7.3. merging, linking, as well as any restriction, degradation, erasure, or destruction of information;

2.1.8 “Record/s” means any recorded information, regardless of medium, including information produced, recorded or stored by means of computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored.

2.1.9. “Zenpay Account” means the Zenpay Account with the corresponding profile, opened on the website by an Account Holder utilising the Services as offered by Zenpay; and

2.1.10. “User” means an individual or entity which accesses or receives information from the website, and includes an Account Holder.

2.2. In adopting this Privacy Policy, we wish to balance our legitimate business interests and your reasonable expectation of privacy. Accordingly, we will take all reasonable steps to prevent unauthorised access to or disclosure of your personal information.

2.3. We may collect the following types of Personal information from you:

2.3.1. Administrative and financial information such as bank account information, credit and/or debit card information, source of funds / wealth, transaction history, tax identification and related documents;

2.3.2. Automatically collected information such as information obtained from cookies (see clause 5 Cookies below), information about the device, browser, operating system, IP address and other device identifiers and characteristics, activity information (how you use our Services), troubleshooting and diagnostic information;

2.3.3. Biometric information such as the liveness test you perform with a selfie/video you provide when creating your Zenpay account, video/audio recording, or other evidence of yourself with your identification documentation;

2.3.4. Correspondence-related information such as email addresses, phone numbers and information provided to us that is implicitly or explicitly of a private or confidential nature, when engaging with our customer support team;

2.3.5. Device, data and location information such as cookies and other tracking technologies, log data, web browser information, IP address information, device identifiers and fingerprint data, and/or authentication data;

2.3.6. Identification information such as your full name, date of birth, nationality, cellphone number, email address, country of residence (and/or proof of residence), employment status and/or national identification number for the purpose of assigning a unique identifier to you;

2.3.7. Information obtained from third parties, public databases or affiliates such as transaction and product use information, information obtained from public databases, including sanctions or screening lists, blockchain data, information from marketing, advertising or information analytics providers;

2.3.8. Institutional information if you are a juristic person, such as proof of legal formation, registration with regulatory bodies, and personal information for all material beneficial owners of the institution;

2.3.9. Legally obtained information from third parties to supplement information provided by you, by any third-party service provider appointed to help us provide our Services;

2.3.10. National identity information such as a copy of your government-issued national identity document, drivers’ license or passport (including any relevant visa information);

2.3.11. Preference information such as information about the digital assets you choose to trade and any preferences you select on our website; and/or

2.3.12. Transaction information such as transaction data on the transactions you make or intend to make using our services, information on the recipient of any of your transaction(s), and amount(s), payment methods, date or timestamps information.

2.5. Our stance on collecting information from minors or those who lack capacity. Zenpay will not intentionally or knowingly collect personal information directly from individuals under the age of 18 (eighteen) years, without the required consent of their legal guardian. We do not accept any users, or representatives of users, under the age of majority or who otherwise do not have the relevant capacity (“Incapacitated”) to be bound by this Privacy Policy, unless you are a user who is a minor or is otherwise incapable of being bound by this Privacy Policy, and you warrant that you have obtained the consent of your legal guardian / or you are the legal guardian providing such consent to this Privacy Policy. If you are incapacitated, please do not provide any personal information through our website or services.

2.6. Your Consent. We take our users’ privacy seriously. We will attempt to limit the types of personal information we process to only that to which you consent (for example, in the context of online registration, newsletters, message boards, surveys, polls, professional announcements, SMS, MMS, and other mobile services), but, to the extent necessary, your agreement to this Privacy Policy constitutes your consent as contemplated in applicable data protection laws. Where necessary, we will seek to obtain your specific consent in future instances should we deem the same required by law and where your support herein might not be lawfully sufficient. We will only share your personal information if:

2.6.1. you agreed that we may share your personal information; and/or

2.6.2. the law requires it; and/or

2.6.3. our or your legitimate interests require us to share the personal information; and/or

2.6.4. we have a public duty to share personal information; and/or

2.6.5. it is necessary to perform or conclude in terms of an agreement between you and us.

2.7. By accepting this Privacy Policy, you consent further that we may process your personal information for one or more of the following purposes:

2.7.1. to comply with KYC and AML requirements by verifying your identity accordingly;

2.7.2. to create a user profile and manage and maintain your account with us;

2.7.3. to provide access to certain functionalities and features of our services, depending on your verification level;

2.7.4. to respond to your enquiries and to resolve disputes/complaints;

2.7.5. to enforce our terms and policies and comply with applicable laws;

2.7.6. to detect and prevent fraudulent, malicious, deceptive or unauthorised use of our products and services, and report those responsible for such activities to the relevant regulatory authority/ies;

2.7.7. to ensure internal quality control and assess the performance and functionality of our services, and continue to provide you with accurate information, products and Services;

2.7.8. to measure interest and engagement in our services and use this information to improve our products and services, and to develop new products and services;

2.7.9. where indicated (for example in application forms or account opening forms), and it is obligatory to provide your personal information to us, to enable us to process your application for our products or services. Should you decline to provide such personal information, we may not be able to process your application/request or provide you with our products or Services;

2.7.10. to notify you about benefits and changes to the features of our products and services or our website, and provide you with personalised web content, marketing and interest-based advertising;

2.7.11. to obtain insight into market trends and practices, to improve our services to you; and/or

2.7.12. for security, legal and administrative purposes.

2.8. The personal information Processed in 2.7 above, will be compiled and retained in aggregate form but will not be used in any way that may compromise your identity.

2.9. You expressly consent to the collection, use and storage of personal information obtained about you in relation to the processing of any biometric information, criminal history information and any other type of special personal information about you in connection with any of the purposes listed above. You may choose to withdraw your consent in this instance, and if you choose to do so, you are to notify Zenpay of such withdrawal in writing. Upon receipt of such withdrawal, Zenpay may no longer make the Zenpay products and services available to you.

2.10. Other reasons we may have to process your information. In order to effectively render our services to you, we may share your personal information, where necessary, with KYC partners, payment gateways, bulk email marketing service providers, regulators and/or other regulatory authorities as required by law, as well as other service providers required to render our services to you. We may also share your personal information with:

2.10.1. financial, advertising and other third-party service providers who may assist us to provide our products and services;

2.10.2. any entity that forms part of the Zenpay group of companies, including where relevant the Zenpay operating entity in the country or region in which you live;

2.10.3. any person who works for us or for one of our group companies;

2.10.4. subject to applicable laws, any applicable regulatory or supervisory authority and/or law enforcement agency, upon receipt of a court order/subpoena or any other analogous official document requesting your personal information, and/or to assist with an investigation or prosecution of suspected or actual illegal activity.

2.11. We may use your personal information to provide you with support. In order to address and attempt to resolve your queries we may require that you share certain personal information such as your basic customer information, transaction information, location information and other communications information.

2.12. We may also process your personal information to promote the security and integrity of our services and website. Your information may be used by us to investigate suspicious activity, detect fraudulent behaviour, verify accounts and related activity and maintain the integrity of our services.

2.13. Your personal information may also be used for our research and innovation. At times, we may carry out surveys of your experience using our services and website, in order to enhance your user experience.

2.14. By accepting this Privacy Policy, and then submitting your personal information, you expressly consent to the transfer, storing or processing of your personal information by any third-party service provider as listed in 2.10 to 2.14. above.

2.15. Specific Consent to the processing of personal information by certain third-party service providers.

2.15.1. Certain companies have been appointed / will be appointed by Zenpay to provide services to Zenpay. These include:

2.15.1.1. Certain automated authentication messaging services including one-time pins (OTP), verification codes and other related messages (“Automated Messages”).

2.15.2. By signing up as Account Holder with Zenpay, you agree that:

2.15.2.1. You consent to the processing of your personal information with third-party service providers.

2.15.2.2. You consent to Zenpay sharing your cellphone number with third-party service providers for the purposes of sending verification messages to you.

2.16. Storage of payment/transaction information. All payment/transaction information will be conducted by electronic funds transfer (EFT), alternatively, specific credit and debit cards permitted by Zenpay from time to time. Zenpay shall retain a user’s designated bank account details for utilization regarding the user’s withdrawals as and when required. We do not store your full credit and debit card data. This data is securely transferred and stored off-site by an authorised payment vendor in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to Zenpay or Zenpay’s employees or any agent acting for or on behalf of Zenpay.

2.17. We will not collect, use or disclose sensitive/special personal information (such as information about racial or ethnic origins or political or religious beliefs, where relevant) except with your specific Consent or in the circumstances permitted by law.

3. CROSS-BORDER TRANSFERS

3.1. In order for Zenpay to properly perform its services, it may be required for Zenpay to transfer personal information to a third party which is situated outside of the jurisdiction in which you reside, and the laws of those countries may differ from the laws applicable in your own country. By accepting this Privacy Policy, and then submitting your personal information, you expressly consent to the transfer, storing or processing of such personal information outside of your jurisdiction.

3.2. Zenpay undertakes to use reasonable endeavours to:

3.2.1. ensure the third party’s compliance with this Privacy Policy insofar as the processing of personal information is concerned;

3.2.2. prevent such third party from further transferring the personal information to another unauthorised third party;

3.2.3. ensure that the third party has implemented reasonable and appropriate technical and organisational security measures to safeguard the personal information in such jurisdiction; and

3.2.4. ensure that the third party maintains compliance with the relevant applicable data privacy laws.

4. LOG FILES

As with all websites, when you visit our website, even if you do not create a Zenpay account, we may collect information, such as your IP address, the name of your ISP (Internet Service Provider), your browser, the website from which you visit us, the pages on our website that you visit and in what sequence, the date and length of your visit, and other information concerning your computer's operating system, language settings, and broad demographic information. This information is aggregated and anonymous data and does not identify you specifically. However, you acknowledge that this data may be able to identify you if it is aggregated with other personal information that you supply to us. In this regard, however, and as recorded, only with a user’s consent and subject strictly to the terms of this Privacy Po

5. COOKIES

5.1. Zenpay and our website analytics partners use cookies. A cookie is a small piece of information stored on your computer or smartphone by the web browser. When you return to the website, or visit other websites that use the same cookies, the website or other websites recognises these cookies and your browsing device. The types of cookies used on the website are described below:

5.1.1. "Session cookies": These are used to maintain a so-called 'session state' and only lasts for the duration of your use of the Website. A session cookie expires when you close your browser or if you have not visited the server for a certain period. Session cookies are required for the website to function optimally but are not used in any way to identify you personally.

5.1.2. "Permanent cookies": These cookies permanently store a unique code on your computer or smart device hard drive in order to identify you as an individual user. No personal information is stored in permanent cookies. You can view permanent cookies by looking in the cookie’s directory of your browser installation. These permanent cookies are not required for the website to work, but may enhance your browsing experience.

5.1.3.“Advertising/Targeting Cookies”: Zenpay may display advertising on its website or other relevant third-party sites. These advertising/targeted cookies help Zenpay to measure the efficacy of advertisements and tailor advertisements to you both on the website and on other websites. No personal information can be identified through these cookies.

5.1.4.“Strictly Necessary Cookies”: These cookies are, as the name suggests, strictly necessary for the website to function and unfortunately cannot be switched off.

5.1.5.“Functionality Cookies”: These cookies remember your username or your preferences and allow Zenpay to tailor its services to you by remembering choices you make on the website.

5.1.6.“Analytics/Performance Cookies”: These cookies allow Zenpay to monitor and improve the performance of the website. They enable monitoring of customer behaviour on the website (such as least and most visited website pages). The information collected via these cookies is anonymous and aggregated.

5.2. Cookies set by the website operator are called "first-party cookies". Cookies set by parties other than the website operator are called "third-party cookies". We may use authorised third-party providers to help us with various aspects of our business, such as website operations, services, applications, advertising, support tools and to serve you relevant content.

5.3. The authorised third-party providers we use may place cookies on your device (third-party cookies) or make use of similar tracking technologies such as web beacons. No personally identifiable information is stored in third-party cookies. The information reported to us is aggregated and anonymous. We use this information to understand, for example, the effectiveness of our advertising and marketing. Web beacons are small graphic images (also known as “pixel tags” or “clear GIFs”) which may be used to collect and store information about visits to our website (such as which pages you viewed and how long you spent on the website) and communication efficiency (such as the email delivery and open rates). Where necessary, the information gathered by web beacons may be tied to your Personal information strictly

5.4. We may also use cookies from our authorised third-party providers who may use information about your visits to other websites to target advertisements for products and services available from Zenpay. We do not control the types of information collected and stored by these third-party cookies. You should check the third-party's website for more information on how they use cookies.

5.5. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. If you accept cookies or fail to deny the use of cookies, you agree that we may use your personal information collected using cookies (subject to the provisions of this Privacy Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of the website.

6. LINKS FROM THE WEBSITE

6.1. The website, and the services available through the Website, may contain links to other third-party websites ("Third Party Websites"). If you select a link to any third-party website, you may be subject to such third-party website's terms and conditions and/or other policies, which are not under the control, nor responsibility, of Zenpay.

6.2. Hyperlinks to Third Party Websites are provided "as is", and Zenpay does not necessarily agree with, edit or sponsor the content on third-party websites.

6.3. Zenpay does not monitor or review the content of any third-party website. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and we should not be regarded as the publisher of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content, of third-party websites, either.

6.4. Users should evaluate the security and trustworthiness of any third-party website before disclosing any personal information to them. Zenpay does not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

7. YOUR RIGHTS

Subject to data protection laws applicable to you, you may have the following rights concerning the processing of your personal information. If any of the rights listed below are not provided under applicable data protection laws in your jurisdiction, Zenpay has the absolute discretion in providing you with such rights. In order to protect your privacy and security, Zenpay may take steps to verify your identity prior to complying with any of your requests to exercise your rights listed below. If we are unable to verify your identity, we may decline your request or request additional verification information. You can make privacy rights requests relating to your personal information by contacting our support team.

7.1. Right to access

7.1.1. The right to request from Zenpay confirmation as to whether or not we hold personal information about you, and request the Record itself.

7.1.2. The right to ask Zenpay to provide you with a description of the personal information held by us or by a third party for a prescribed fee that will not be excessive.

7.2. Right to withdraw Consent / Object to Processing

7.2.1. To the extent that the processing of your personal information is based on your consent, the right to withdraw your consent at any time, provided that such withdrawal does not affect processing necessary for the conclusion or performance of our Service. The lawfulness of Zenpay’s processing before you withdraw your consent will not be affected by such consent withdrawal.

7.2.2. The right to restrict or object to us processing or transferring your personal information based on our legitimate interests or the public interests. We may continue to process your personal information where permitted or required by applicable law.

7.3. Right to reasonable data protection measures

The right to require Zenpay to implement reasonable data security measures to protect personal information.

7.4. Right to challenge the accuracy of the personal information

The right to request Zenpay to correct/rectify personal information about you under our control if the personal information is inaccurate, out of date, incomplete or misleading.

7.5. Right to object to direct marketing

7.5.1. The right to object to the processing of personal information for direct marketing purposes.

7.5.2. Where you have opted-in to receive marketing communications and news, we may share information about our products, services, news and promotions with you. If you have opted-in to receive marketing communications, you may always opt-out at a later stage by clicking on the ‘Unsubscribe’ option included in every marketing communication sent to you. Please note that unsubscribing from marketing content will not stop you from receiving important communications in relation to the security or operation of your Zenpay account or any Zenpay product.

7.6. Right to be forgotten and request data erasure

7.6.1. The right to request that Zenpay deletes the personal information about you in our possession or under our control which is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.

7.6.2. The right to request Zenpay to destroy or delete a record of personal information about you which Zenpay is no longer authorised to retain. For the avoidance of doubt, there may be obligations under applicable data protection laws which require Zenpay to retain certain information for certain periods of time.

7.7. Right to lodge a complaint

Depending on your jurisdiction, the right, if we breach any of the terms of this Privacy Policy, to lodge a complaint with the requisite data protection authority in your territory.

7.8. Right to non-discrimination

The right to not be discriminated against by Zenpay for you exercising any of the rights above.

8. APPLICATION OF THE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT 25 OF 2002 ("ECT ACT")

8.1. Data Messages (as defined in the ECT Act) will be deemed to have been received by Zenpay if and when Zenpay responds to the Data Messages.

8.2. Data Messages sent by Zenpay to a User will be deemed to have been received by such User in terms of the provisions specified in section 23(b) of the ECT Act.

8.3. You acknowledge that electronic signatures, encryption and/or authentication are not required for valid electronic communications between yourself and Zenpay.

8.4. You warrant that Data Messages sent to Zenpay from any electronic device, used by you, from time to time or owned by you, were sent and or authorised by you, personally.

8.5. Address for service of legal documents:

4th Floor

56 Richefond Circle

Umhlanga Ridge

Durban

South Africa

4319

ZENPAY - located at https://zenpay.co.za

Email address: support@zenpay.co.za

The website is operated and owned by APZOR (Pty) Ltd, registration number 2019/577802/07

9. RETENTION OF RECORDS

9.1. Zenpay may keep records of the personal information it has collected, correspondence, or comments in an electronic or hardcopy format. We retain your information as needed to provide our services, and protect our or other’s interests or comply with legal obligations. While retention requirements vary by country, we maintain internal retention policies on the basis of how information needs to be used. Our retention policies include considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our services, whether we are required to retain the information to comply with our legal obligations, including AML/KYC compliance or other financial regulatory obligations, or information preservation requirements. Our third-party service providers ma

9.2. In terms of applicable data protection laws, Zenpay may not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or De-Identify the information as soon as reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances:

9.2.1. Where the retention of the record is required or authorised by law;

9.2.2. Where Zenpay requires the record to fulfil its lawful functions or activities;

9.2.3. Retention of the record is required by a contract between the Parties;

9.2.4. You have consented to such longer retention; or

9.2.5. The record is retained for historical, research or statistical purposes provided that safeguards are put in place to prevent use for any other purpose.

9.3. Your biometric Information may be held by our third-party service providers for a period from the time when you cease to be a customer of Zenpay.

10. SECURITY AND DATA BREACHES

Your privacy is very important to us and we are committed to protecting your personal information from unauthorised access or use. We will use reasonable organisational, physical, technical and administrative measures that comply with applicable data protection laws to protect personal information within Zenpay. Zenpay will address any data breach in accordance with applicable data protection laws.

11. REVISIONS TO THIS PRIVACY POLICY

11.1. We may amend this Privacy Policy from time to time. You should visit the website regularly to check when this Privacy Policy was last updated and to review the current Privacy Policy. We will do our best to notify you of any substantive amendments to the Privacy Policy and any such notice will be posted on our application or our website, or sent by email to the address associated with your Zenpay account. Accessing and/or use of the website after the Effective Date will signify that you have read, understood, accepted, and agreed to be bound, and is bound, by this Privacy Policy in your individual capacity and/or for and on behalf of any entity for whom you utilise the website (if permitted).

11.2. We may provide additional "just-in-time" information or disclosures about how we collect or use your information in the context of specific Services. These in-product notices may supplement or clarify our privacy practices or may provide you with additional choices about how we use or process your information.

11.3. In the event that this Privacy Policy is translated into a language other than English, you acknowledge and agree that such translation is provided for your convenience only and that in the event of any inconsistency or conflict between the English version of this Privacy Policy and any translation, the English version shall prevail.

If you remain unhappy with the resolution of your matter, you are at liberty to lodge a complaint with the National Financial Ombud Scheme (also called the "NFO").

The NFO is an umbrella Financial Services Ombud scheme formed by the amalgamation of 4 separate previously existing South African Ombud Schemes: the offices of the Banking Ombud (OBS); the Credit Ombud (CO); the office of the Long-term Insurance Ombud (OLTI); and the Short-Term Insurance Ombudsman (OSTI). The NFO commenced operations on 1 March 2024. The NFO is an external complaint resolution ombud scheme established in terms of Chapter 14 of the Financial Sector Regulation Act 9 of 2017, and is tasked with resolving complaints between financial services providers and complainants in a fair, effective, impartial and timely manner - without charge to complainants.

The NFO adjudicates complaints in terms of its rules which can be found on the website of the NFO: https://nfosa.co.za/

NFO Contact Details

Tel: 0860 800 900

Email: info@nfosa.co.za

Address:

NFO Johannesburg

110 Oxford Road, Houghton Estate, Johannesburg, Gauteng, 2198

NFO Cape Town

Claremont Central Building, 6th floor, 6 Vineyard Road, Claremont, Western Province, 7700

LIST OF ACRONYMS AND ABBREVIATIONS

1.1 “CEO” Chief Executive Officer

1.2 “DIO” Deputy Information Officer;

1.3 “IO“ Information Officer;

1.4 “Minister” Minister of Justice and Correctional Services;

1.5 “PAIA” Promotion of Access to Information Act No. 2 of 2000 (as

Amended);

1.6 “POPIA” Protection of Personal Information Act No.4 of 2013;

1.7 “Regulator” Information Regulator; and

1.8 “Republic” Republic of South Africa

PURPOSE OF PAIA MANUAL

This PAIA Manual is useful for the public to-

2.1 check the categories of records held by a body which are available without a person having to submit a formal PAIA request;

2.2 have a sufficient understanding of how to make a request for access to a record of the body, by providing a description of the subjects on which the body holds records and the categories of records held on each subject;

2.3 know the description of the records of the body which are available in accordance with any other legislation;

2.4 access all the relevant contact details of the Information Officer and Deputy Information Officer who will assist the public with the records they intend to access;

2.5 know the description of the guide on how to use PAIA, as updated by the Regulator and how to obtain access to it;

2.6 know if the body will process personal information, the purpose of processing of personal information and the description of the categories of data subjects and of the information or categories of information relating thereto;

2.7 know the description of the categories of data subjects and of the information or categories of information relating thereto;

2.8 know the recipients or categories of recipients to whom the personal information may be supplied;

2.9 know if the body has planned to transfer or process personal information outside the Republic of South Africa and the recipients or categories of recipients to whom the personal information may be supplied; and

2.10 know whether the body has appropriate security measures to ensure the confidentiality, integrity and availability of the personal information which is to be processed.

3. KEY CONTACT DETAILS FOR ACCESS TO INFORMATION OF APZOR

3.1. Chief Information Officer

Name: Ryan Passmore

Tel: 0315661387

Email: ryan@apzor.com

3.2. Deputy Information Officer (NB: if more than one Deputy Information Officer is designated, please provide the details of every Deputy Information Officer of the body designated in terms of section 17 (1) of PAIA.

Name: Kevin Pillay

Tel: 0315661387

Email: kevin@apzor.com

3.3 Access to information general contacts

Email: support@zenpay.co.za

3.4 National or Head Office

Postal Address: PO Box 25055, Gateway, 4321

Physical Address: 4th Floor, 56 Richefond Circle, Umhlanga

Telephone: 0315661387

Email: support@apzor.com

Website: www.apzor.com

GUIDE ON HOW TO USE PAIA AND HOW TO OBTAIN ACCESS TO THE GUIDE

4.1. The Regulator has, in terms of section 10(1) of PAIA, as amended, updated and made available the revised Guide on how to use PAIA (“Guide”), in an easily comprehensible form and manner, as may reasonably be required by a person who wishes to exercise any right contemplated in PAIA and POPIA.

4.2. The Guide is available in each of the official languages and in braille.

4.3. The aforesaid Guide contains the description of-

4.3.1. the objects of PAIA and POPIA;

4.3.2. the postal and street address, phone and fax number and, if available, electronic mail address of-

4.3.2.1. the Information Officer of every public body, and

4.3.2.2. every Deputy Information Officer of every public and private body designated in terms of section 17(1) of PAIA and section 56 of POPIA ;

4.3.3. the manner and form of a request for-

4.3.3.1. access to a record of a public body contemplated in section 11 ; and

4.3.3.2. access to a record of a private body contemplated in section 50 ;

4.3.4. the assistance available from the IO of a public body in terms of PAIA and POPIA;

4.3.5. the assistance available from the Regulator in terms of PAIA and POPIA;

4.3.6. all remedies in law available regarding an act or failure to act in respect of a right or duty conferred or imposed by PAIA and POPIA, including the manner of lodging-

4.3.6.1. an internal appeal;

4.3.6.2. a complaint to the Regulator; and

4.3.6.3. an application with a court against a decision by the information officer of a public body, a decision on internal appeal or a decision by the Regulator or a decision of the head of a private body;

4.3.7. the provisions of sections 14 and 51 requiring a public body and private body, respectively, to compile a manual, and how to obtain access to a manual;

4.3.8. the provisions of sections 15 and 52 providing for the voluntary disclosure of categories of records by a public body and private body, respectively;

4.3.9. the notices issued in terms of sections 22 and 54 regarding fees to be paid in relation to requests for access; and

4.3.10. the regulations made in terms of section 92 .

4.4. Members of the public can inspect or make copies of the Guide from the offices of the public and private bodies, including the office of the Regulator, during normal working hours.

4.5. The Guide can also be obtained-

4.5.1. upon request to the Information Officer;

4.5.2. from the website of the Regulator (https://www.justice.gov.za/inforeg/).

4.6 A copy of the Guide is also available in the following two official languages, for public inspection during normal office hours-

4.6.1 English

PROCESSING OF PERSONAL INFORMATION

8.1 Purpose of Processing Personal Information

We process personal information to do the following:

8.1.1 Recruit new employees and, if the candidate is successful, to fulfil the employee–employer relationship including in respect of tax obligations, employment equity reporting and skills development requirements.

8.1.2 Enable employees to acquire recognised qualifications (e.g. FAIS qualifications).

8.1.3 Facilitate travel for business purposes.

8.1.4 Enable suppliers to provide goods or services to us and receive payment for these good or services and collect information for BBBEE reporting and accreditation purposes.

8.1.5 Fulfil statutory obligations in terms of the Companies Act, 71 of 2008 (directors’ information).

8.1.6 Comply with anti-money-laundering regulations.

8.1.7 Market our products and services (if we have consent).

8.1.8 Assess applications and onboard new clients or service providers or suppliers.

8.1.9 Use risk models to produce risk ratings or client risk profiles.

8.1.10 Validate client details, information or documents (e.g. signature card) to provide a service and as well as for know-your-customer (KYC) and fraud prevention purposes.

8.1.11 Do due-diligence assessments (e.g. in terms of FICA).

8.1.12 Produce invoices, reconciliations, statements and remittances.

8.1.13 Archive or destroy personal information in accordance with clients’ requests or regulatory requirements.

8.1.14 Do statutory reporting (e.g. for FICA and the Prevention and Combating of corrupt Activities Act, 12 of 2004).

8.1.15 Engage in general correspondence.

8.4 Planned transborder flows of personal information

8.4.1 Sub-Saharan Africa: Receive shareholders’ information from African countries and confirm payments in terms of dividends and proceeds. The information is not moved offshore, and payments are made from a South African scheme to a participant in another country.

8.4.2 Procurement: Cloud-based solution, with the necessary contracts in place.

8.4.3 Employee services.

8.5 General description of Information Security Measures to be implemented by the responsible party to ensure the confidentiality, integrity and availability of the information

8.5.1 We subscribe to and are a member of the Information Security Forum (ISF) Standard of Good Practice and we align all our security principles to this standard through:

8.5.1.1 employee awareness and change management;

8.5.1.2 regular system patching; and

8.5.1.3 secure system development lifecycle management.

AVAILABILITY OF THE MANUAL

9.1 A copy of the Manual is available-

9.1.1 on www.apzor.com

9.1.2 head office of APZOR for public inspection during normal business hours;

9.1.3 to any person upon request and upon the payment of a reasonable prescribed fee; and

9.1.4 to the Information Regulator upon request.

9.2 A fee for a copy of the Manual, as contemplated in annexure B of the Regulations, shall be payable per each A4-size photocopy made.

10. UPDATING OF THE MANUAL

The Key Individual, mandated by the CEO of Zenpay, will on a regular basis update this manual.

Issued by

Kevin Pillay

Key Individual

This website makes use of third-party cookies for advertising platforms or networks in order to:

• Deliver adverts and track ad performance

• Enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” or “targeted” advertising)

We may from time to time collect certain information that doesn’t identify you, but that is about your use of, and behaviour on, our website and the app. For example:

• The areas of the website or app you used

• The time

• The day

• The URL of the pages you requested

• Your browser software

• Your IP address

• Technical information about your device or hardware

• Previous websites from which you linked to our website