Introduction
Cymless (Pty) Ltd ("Cymless", "we", "us", or "our") is committed to protecting your privacy and ensuring that your personal information is collected and processed in accordance with applicable laws, including the Protection of Personal Information Act, 4 of 2013 (POPIA).
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our money transfer platform, website, and related services ("Services").
Who This Policy Applies To
This policy applies to:
- Users of the Cymless platform (senders and recipients)
- Website visitors
- Business partners and merchants
- Prospective customers
- Any individual whose personal information is processed by Cymless
Definitions
- Personal Information — Information relating to an identifiable, living natural person or juristic person (as defined in POPIA)
- Processing — Any operation performed on personal information (collection, storage, use, dissemination, etc.)
- Data Subject — The individual to whom the personal information relates
Information We Collect
We may collect the following categories of personal information:
4.1 Identity & Contact Information
- Full name, ID number, passport details
- Date of birth
- Contact details (email, phone number, address)
4.2 Financial Information
- Bank account details
- Payment card information
- Transaction history
- Beneficiary details
4.3 Regulatory & Compliance Information
- KYC (Know Your Customer) documentation
- Proof of address
- Source of funds information
- Screening results (sanctions, PEP, adverse media)
4.4 Technical Information
- IP address
- Device information
- Browser type
- Location data (where applicable)
4.5 Usage Information
- Platform activity
- Transaction patterns
- Communication preferences
How We Collect Information
We collect personal information:
- Directly from you when you register or transact
- When you use our platform or website
- From third parties (e.g., banks, verification providers, credit bureaus)
- From regulatory bodies or publicly available sources
Purpose of Processing
We process personal information for the following purposes:
6.1 Service Delivery
- To facilitate money transfers
- To manage user accounts
- To process payments and transactions
6.2 Legal & Regulatory Compliance
- To comply with the Financial Intelligence Centre Act (FICA)
- Customer due diligence (CDD/KYC)
- Fraud prevention and detection
- Reporting to regulatory authorities (e.g., suspicious transactions)
6.3 Business Operations
- Customer support
- Platform improvement and analytics
- Risk management and monitoring
6.4 Marketing (Where Permitted)
- Sending updates, promotions, and service-related communications
- You may opt out at any time
Lawful Basis for Processing
We process personal information in terms of POPIA on the following grounds:
- Your consent
- Performance of a contract
- Compliance with legal obligations
- Legitimate business interests
- Protection of legitimate interests of the data subject
Disclosure of Personal Information
We may share your personal information with:
8.1 Service Providers
- Payment processors
- Banks and financial institutions
- Identity verification providers
- IT and cloud service providers
8.2 Regulatory Authorities
- Financial Intelligence Centre (FIC)
- Law enforcement agencies
- Courts and regulators
8.3 Business Partners
- Correspondent banking partners
- Remittance networks
8.4 Other Parties
- Where required by law
- Where you have consented
Cross-Border Transfers
Due to the nature of money transfer services, your personal information may be transferred outside South Africa. We ensure that:
- The recipient country has adequate data protection laws; or
- Appropriate safeguards are in place; or
- You have consented to such transfer
Information Security
We implement appropriate technical and organisational measures to protect personal information, including:
- Encryption of sensitive data
- Secure servers and access controls
- Regular security assessments
- Staff confidentiality obligations
Data Retention
We retain personal information:
- For as long as necessary to fulfil the purposes outlined in this policy
- As required by applicable laws (e.g., FICA recordkeeping requirements)
- For legitimate business purposes (e.g., dispute resolution)
Your Rights (Data Subject Rights)
In terms of POPIA, you have the right to:
- Access your personal information
- Request correction or deletion
- Object to processing
- Withdraw consent
- Lodge a complaint with the Information Regulator
Cookies & Tracking Technologies
Our website may use cookies to:
- Improve user experience
- Analyse traffic
- Personalise content
You may control cookies through your browser settings.
Children's Information
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children without appropriate consent.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review the privacy policies of any external sites you visit.
Changes to This Policy
We may update this Privacy Policy from time to time. Updated versions will be published on our website with a revised effective date. Continued use of our Services after any changes constitutes your acceptance of the updated policy.
Contact Details
For all privacy-related queries or to exercise your data subject rights, please contact our Information Officer:
Complaints
If you believe that your personal information has been processed unlawfully, you may lodge a complaint with the Information Regulator:
The Information Regulator (South Africa)
- Website: www.inforegulator.org.za
- PAIA Complaints: PAIAComplaints@inforegulator.org.za
- POPIA Complaints: POPIAComplaints@inforegulator.org.za