Protecting your privacy rights and safeguarding personal information when processed is important to Peach Payments. Peach Payments has adapted its systems and procedures to comply with the provisions of The Protection of Personal Information Act (also known as POPI Act) with regards to protection of personal information processed on your behalf when processing payment transactions. Our approach is to implement compliance in such a way that it delivers business value and allows for improvement in efficiencies and effectiveness to meet the compliance requirements.
Where processing of Personal Information is involved, Personal Information shall have the meaning defined in the POPI Act and shall specifically refer to personal information passed on to Peach Payments when processing payment transactions on behalf of the Merchant.
ROLE OF PEACH PAYMENTS IN PROCESSING PERSONAL INFORMATION
When processing transactions with merchants as part of our Master Service Agreement, Peach Payments will function as the Operator and the merchant as the responsible party except that we will be a data controller in relation to personal data in which we determine the purposes and manner the personal data is processed (for example in complying with any laws or regulations imposed upon us by payment regulators or acquirers).
Consequently, Peach Payments as the Operator undertakes to treat personal data as confidential information and shall only process personal information with the knowledge and authorization of the Merchant for the following purposes:
i. Providing Peach Payment Services pursuant to the Master Service Agreement; and
iii. Complying with other documented instructions provided by the Merchant.
You are solely responsible for disclosing to Customers that Peach Payments processes Transactions (including payment Transactions) for you and may receive Personal Data from you.
You affirm that you are will continue to be compliant with all applicable Laws governing the privacy, protection and use of Data that you provide to us or access through your use of the Services.
You also affirm that you have obtained all necessary rights and consents under applicable Laws to disclose to or allow Peach Payments to collect, use, retain, and disclose — any Personal Data that you provide to us or authorise us to collect. We will not be liable for any claim brought by a data subject arising from any action or omission by us, to the extent that such action or omission resulted from your instructions.
DATA PROTECTION AND PRIVACY
We have implemented security and privacy concepts into the day to day operations of our organization to keep personal information secure and protect it against unauthorized or unlawful processing, accidental loss and unauthorized access.
i. Security measures
Peach Payments protect personal information by using secure (PCI Level 1 Compliant) networks and servers to store and encrypt personal information.
Peach Payments shall ensure that its personnel when using an automated data processing system may access only data that are within their competence.
Peach Payments shall take commercially reasonable steps to prevent any unauthorized person from accessing the facilities used for data processing and to prevent any unauthorized amendment or deletion of the recorded data.
ii. If we become aware of an unauthorized acquisition, disclosure or loss of Customer Personal Data on our systems, we will notify you consistent with our obligations under applicable Law. We will also notify you and provide you sufficient information regarding the unauthorized acquisition, disclosure or loss to help you mitigate any negative impact on the Customer.
iii. Peach Payments undertakes to regularly verify that the safeguards are effectively implemented and ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
Peach Payments may update or modify such security measures but will not materially decrease the overall security of the services.