Date: 24 March 2025

Introduction

At PayToday, we are committed to protecting your privacy and safe online experience. In provision of this service and for prevent fraud prevention, we collect and process personal data. This Privacy Policy outlines the information we collect, how it is used, and the measures we take to safeguard your personal data.

This privacy notice sets out how your personal information will be used by PayToday and applies to any information, including personal and special personal information, you give to PayToday or which PayToday may collect from third parties. The privacy notice applies to all users of our website and mobile application software, which are used to access and buy our products and services. It is important that you read this privacy notice carefully before submitting any personal information to PayToday. By submitting your personal information to PayToday, you consent to the processing of your personal information as set out in this privacy notice.

The provisions of this privacy notice are subject to mandatory, unalterable provisions of applicable laws.

Please do not submit any personal information to PayToday if you do not agree to any of the provisions of this privacy notice. If you do not consent to the provisions of this privacy notice, or parts of the privacy notice, PayToday may not be able to provide its products and services to you.

1. What is Personal Information?

Personal information is data that can be used to identify you, information you share with us, information we gather during onboarding and our relationship with you as our client, and information about your marketing preferences. This information includes:

• your gender as may be required for statistical purposes or by law;
• your marital status, nationality or social origin;
• your age, physical or mental health and well-being, medical conditions, disability, religion, conscience, belief, culture and language;
• your education;
• your financial information (like your income and expenses, loan repayments, investments, assets or your financial needs);
• any identifying number or symbol (like account, identity or passport numbers);
• your email address, physical address or mobile telephone number (as this may be needed for us to communicate with you);
• your location and online identifiers [this can be Internet Protocol (IP) addresses or geolocations];
• your employment history (this is specifically relevant when you apply for credit);
• your biometric information (eg fingerprints and facial or voice recognition); and
• your contact’s information (e.g. their phone number or numbers in your contact list)
• your personal opinions or views.

2. Information We Collect

When you use PayToday, we collect the following types of information:

• Personal Information: When you register for an account or use the payment services, we may collect your personal information. This may include, but is not limited to: your name, email address, phone number, billing information, your contact’s phone numbers and any other personal information you provide or give us access to.
• Transaction Information: We collect details of your transactions, such as payment amount, recipient information, and payment method.
• Device and Usage Information: We may collect information about your device, including IP address, operating system, browser type, and device identifiers, as well as how you interact with the app.
• Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your use of the app and to provide a better user experience. This may include remembering your login details or preferences.

3. Why We Collect and Process Your Information

For us to offer you products, services and any value-added service through our online platforms, we need to collect, use, share and store personal information about you so we can:

• identify you;
• verify your identity;
• create a user account for you;
• provide and make available suitable products and services to meet your needs;
• market relevant products and services to you;
• conduct market research and client satisfaction surveys;
• record and monitor any communications between you and us and use these recordings to verify your instructions to us to analyse, assess and improve our services to clients, and for training and quality purposes;
• to confirm whether one of your contacts is or is not also a user of PayToday to enable our being able to perform services with them
• communicate with you by post, phone, SMS, email and other electronic media; and
• enter into a contract with you.

It is your right to refuse to provide personal information, but this refusal can limit our ability to provide the required products and services to you. We will collect only information from you that is necessary and relevant to the service or product we have to provide.

We will collect and use your personal information only if we are lawfully permitted to do so. We may send you direct marketing, but you can unsubscribe by opting out via your preferred communication channel or instructing PayToday directly.

4. How We Collect Your Personal Information

5. Where We Process Your Personal Information

Your information is processed on either the mobile application downloaded by yourself or the PayToday server that communicates directly with the PayToday application.

• Only where necessary, your Personal Information will be uploaded to the PayToday server .
• Your acceptance of this Privacy Policy permits PayToday to transfer these data in this manner, enabling PayToday to efficiently and accurately deliver its services to you.

6. How We Use Your Information

We use the information we collect for the following purposes:

• To process payments and transactions
• To communicate with you about your account, transactions, or changes to our services.
• To personalize your experience and provide you with tailored services.
• To comply with legal obligations and prevent fraud.
• To improve and optimize the performance of our app and services.

7. How We Share Your Information

We may share your information with third parties in the following circumstances:

• Service Providers: We may share your data with third-party service providers who help us operate our business, such as payment processors, fraud detection services, or value added service providers.
• Legal Requirements: We may disclose your information if required by law or to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

8. Data Security

We take the security of your personal data seriously.

• All sensitive information, including biometric data, phone number, photos, and transaction details, are encrypted both in transit and at rest.
• We use industry-standard security measures to protect your data from unauthorized access, loss, or misuse.
• Your infSome information like contacts are transmitted from

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

1. Access and review your personal information.
2. Correct or update any inaccurate information.
3. Request the deletion of your personal data.
4. Object to or restrict the processing of your data.

To exercise these rights, please contact us at paytodaysupport@nedbank.com.na

10. Data Retention

We will keep your information only for as long as we need it for a lawful business purpose or as required by law (including Consumer Protection Act, tax legislation, National Credit Act, legal or accounting etc) and any other statutory obligations (including anti-money-laundering and counter-terrorism requirements). We may keep your personal information for longer than required if you have agreed to this or we are lawfully allowed to do so.

If we need to keep your personal information for longer than required and, more specifically, for historical, statistical or research purposes, we will do so with the appropriate safeguards in place to prevent the records from being used for any other purpose.

Your information may be kept for varying periods from the end of our relationship, depending on regulatory requirements. We will take all reasonable steps to destroy or de-identify the personal information that we hold when it is no longer required.

11. Third-Party Links

PayToday may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

12. Permissions Requested by the App

To provide you with a seamless and secure payment experience, our App may request the following permissions on your device:

1. Camera Access: The App may request access to your device’s camera to allow you to scan QR codes for payments and scanning your bank card.
2. Biometric Authentication: The App may request permission to use biometric features (such as fingerprint scanning or facial recognition) to enable secure authentication for login and authorizing payments. This ensures that only you can access your account and complete transactions.
3. Contacts Access: If you wish to send payments, the App may request permission to access your contacts. This allows us to facilitate payments to people in your contact list.
4. Photos Access: The App may request access to your photos to allow you to upload images for profile setup. These photos will only be used for specific purposes related to the App’s functionality.
5. Notifications: The App may request permission to send you push notifications. These notifications may include transaction updates, payment reminders, security alerts, promotional offers, and other important information regarding your account.

13. How We Use the Data Collected from Permissions

1. Camera Access: We use your camera for scanning QR codes to facilitate payments and scanning your bank cards to enable us to send your card details to the payment processor for authentication. These images are processed securely and are not shared with third parties unless required by law.
2. Biometric Authentication: We use biometric data exclusively for secure authentication purposes. This helps you log into the App or authorize payments with ease and ensures that only you can access your account. Biometric data is stored locally on your device and is never shared with our servers.
3. Contacts Access: Contacts are used to enable you to send payments to people in your contact list. The phone numbers of contacts that you seek to send payments to are uploaded to our server to determine if they are also PayToday users and thus eligible to receive payments. These phone numbers are never stored after performing this search. This feature helps you quickly select recipients for payments. We may share your phone number and contacts, with third parties in fulfilment of your request whilst using PayToday.
4. Notifications: We use notifications to keep you informed about your account activity, transactions, security updates, promotional offers, and other important updates. You can manage or disable notifications at any time in your device settings.
5. Classifieds: As a user on the PayToday, you can upload images of items you would like to advertise. Please note, the uploaded classifieds are subject to approval, before displaying to everyone in the PayToday application. A strict approval policy would be followed, to prevent advertising of prohibited substances or services within the Namibian laws.
6. Credit/ Debit Card: When registering, you are prompted to enter your credit or debit card to complete registration on PayToday as a user. Your card information is sent to a payment provider to tokenize and give PayToday a token to store. This token allows you to make payments for services and products on PayToday for future reuse. It is not possible to reconstruct previously entered credit or debit card details.

Utilizing these services, your action inadvertently confirms to sending your personal data to third party service providers.

14. Sharing of Data Collected from Permissions

We do not share your personal data, or the data collected through app permissions with third parties, except in the following situations:

1. With your consent, such as when you send payments to contacts.
2. For the purposes of processing transactions (e.g., payment processors, financial institutions).
3. With service providers who assist in app functionality (e.g. cloud storage providers, Value added service providers).
4. As required by law or to comply with legal obligations, such as responding to government requests or preventing fraud.

15. How We Protect Your Information

We are committed to ensuring that your personal information is secure. To prevent unauthorised access or disclosure, we have put reasonable physical, electronic and managerial procedures in place to safeguard and secure the information we collect.

All online transacting sessions are encrypted and personal information is stored according to internationally accepted information security practices.

16. Your Choices on Permission

You have full control over the permissions granted to the App. You can disable or revoke specific permissions at any time by adjusting your device’s settings. However, please note that some features of the App may not function properly if certain permissions are revoked. For example, disabling camera access will prevent you from scanning QR codes for payments or contacts for sending funds to friends.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Effective Date.” We encourage you to review this policy periodically to stay informed about how we are protecting your information.

18. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: PayTodaysupport@nedbank.com.na
Phone: +264 81 457 8396
Address: Nedbank Namibia Campus, Freedom Plaza, Erf 8764, c/o Fidel Castro & Rev Michael Scott Street, Windhoek, Namibia