This is the Promotion of Access to Information Manual of Peach Payment Services Proprietary Limited. 

COMPANY DETAILS 

Company Name

Peach Payment Services Proprietary Limited

Registration No.

2012/076633/07

Street Address:

Brickfield Canvas, 35 Brickfield Road, Woodstock, 7925, Cape Town

Postal Address

Brickfield Canvas, 35 Brickfield Road, Woodstock, 7925, Cape Town

Telephone:

021 200 5877

E-mail:

[email protected] 


 

PAIA GUIDE

The right of access to information is protected in South Africa's Constitution. The Promotion of Access to Information Act, 2000 ("PAIA") gives effect to this right. The aim of PAIA is to foster a culture of transparency and accountability in public and private bodies and enables the South African people to exercise and protect all their rights and to realise South Africa’s goals of an open and participatory democracy.

The Information Regulator of South Africa has put together a guide ("Guide") on PAIA, which has been designed as a user-friendly and accessible tool for any person who wishes to exercise any right in terms of PAIA, or in terms of the Protection of Personal Information Act, 2013 ("POPI"). 

A copy of the Guide is available on the Regulator's website (https://www.inforegulator.org.za).

WHAT RECORDS ARE AVAILABLE WITHOUT A FORMAL PAIA REQUEST?

Please have a look around at our website, https://peachpayments.com – various information is available, such as:

 Product Information, and standardised pricing

Icon

Description automatically generatedTechnical documentation 

Icon

Description automatically generatedCompany information, job vacancies

Icon

Description automatically generatedThis PAIA Manual, and a copy of our privacy policy. 

WHAT RECORDS ARE AVAILABLE IN TERMS OF OTHER LEGISLATION?

Records are kept in accordance with all legislation applicable to Peach Payments.  The specific records which are available are set out in that legislation. These records may in certain instances be protected or confidential, only accessible by the persons specified in the relevant legislation, or subject to certain processes or procedures. A non-exhaustive list of such records appears below. 

Icon

Description automatically generatedOperations

National Payment System Act, 1998: Records obtained while operating and administering settlement system

Companies Act, 2008: Notice of Incorporation, Memorandum of Incorporation, rules, register of auditors, notices and minutes of shareholders meetings, copies of annual financial statements, accounting records, records of directors, communications to shareholders, minutes and resolutions of directors meeting, securities register

Electronic Communication and Transactions Act, 2002: certain personal data and the purpose for which such data was collected, and third parties to whom the information has been disclosed

Icon

Description automatically generatedEmployment Records

Labour Relations Act, 1995: Details of employee disciplinary transgressions, and actions taken 

Occupational Health and Safety Act, 1993: Register of earnings and other prescribed particulars

Basic Conditions of Employment Act, 1997: Particulars of employees, including name, occupation, time worked, remuneration paid

Employment Equity Act, 1998: Employment Equity Plan and Reports

Compensation for Occupational Injuries & Disease Act, 1993: Register of earnings and other prescribed particulars

Unemployment Insurance Act, 2001: Personal records of employees such as names, ID numbers, monthly remuneration and address

Icon

Description automatically generatedFinancial Records

Income Tax Act, 1962: Records showing employee remuneration, tax deductions, income tax numbers 

Tax Administration Act, 2011: Records, books of account, returns and documents required by tax laws

Value-Added Tax Act, 1991: Records of goods and services supplied to and from Peach Payments, rate of tax on these supplied, invoices, credit noted, debit notes, bank statements, deposit slips

 

HOW TO REQUEST ACCESS TO A RECORD?

Peach Payments is a private body. In terms of PAIA, requests for information must be submitted using "Form 2", which is available on the Information Regulator website (https://www.inforegulator.org.za). All PAIA requests must be directed to our Information Officer (whose details appear at the top of this Manual). 

Please note that, generally, fees need to be paid both for making a request, and to cover the cost of providing access to the records. The fee structure is available on the Information Regulator website (https://www.inforegulator.org.za).

When submitting a PAIA request:

Icon

Description automatically generatedyou must state which right (other than a right of access to information) you are protecting or exercising by asking for the information;

Icon

Description automatically generatedif you are requesting access to any of your personal information which may be held by us, you must produce adequate proof of your identity; and

Icon

Description automatically generatedprovide sufficient detail to allow us to identify the records you seek.

SUBJECTS AND CATEGORIES OF RECORDS

We hold records on the following subjects and categories:

Subjects

Categories

Company Records

Incorporation documents, directors register, share register, register of auditors, written resolutions, minutes of board meetings

Business Records

Operational records and manuals, databases, internal correspondence, product records and documentation relating to systems, solutions, information technology, and intellectual property

Financial Records

Financial statements, management accounts, tax returns, banking records and statements, banking records, asset register, invoices, financial agreements

Insurance Records

Insurance policies

Income Tax Records

PAYE, company tax, documents issued to employees for PAYE purposes, records of payments made to SARS on behalf of employees, skills development levies, UIF contributions

Personnel Records

Employee lists, personal information, employment contracts, applications, policies and procedures, employment equity plan, health and safety records, salaries, leave records, internal evaluations, disciplinary records

Agreements

Merchant agreements, Payment Partner and Acquirer Agreements, NDAs, Contracts for Goods or Services, Rental Agreements

Merchant (Customer) Information

Merchant details, representative details, communications, billing information, transaction details, merchant customer information, website URL, FICA and onboarding information, risk assessment reports, marketing records, public customer information, performance records, marketing strategies, client database

 

PERSONAL INFORMATION

Please refer to our Privacy Policy for a comprehensive outline of how we process personal information, as contemplated in POPI. However, please note the following in respect of personal information processed by us:

Purpose. We process personal information to pursue our business objectives and strategies, including as may be required to:

Icon

Description automatically generated provide our payment processing services;

Icon

Description automatically generatedfacilitate our business relationships with payment method providers;

Icon

Description automatically generatedcontact our customers and partners;

Icon

Description automatically generatedmanage employees;

Icon

Description automatically generatedcomply with our financial, regulatory and other legal obligations; 

Icon

Description automatically generatedpursue our legitimate business interests including the performance of risk assessments, data analysis, testing, and product development.

Categories of Data Subjects and Information. We process personal information of:

Icon

Description automatically generatedour employees (personal details, salary details, leave records, disciplinary information, performance reviews, employment contracts); 

Icon

Description automatically generatedmerchants (merchant details, contracts, representative details and contact information, bank details, invoices, transaction records and volumes, certain customer details submitted as part of transaction, analytics, correspondence, support tickets, website information, technical integration data); 

Icon

Description automatically generatedpayment partners (contracts, invoices, technical integration data, partner information, contact details, billing information, pricing, product information), or providing aggregated reports;

Icon

Description automatically generatedtechnical or referral partners, and service providers (contact details, billing information, invoices, technical integration data, product information). 

Recipients of Personal Information 

Personal information may be shared with:

Icon

Description automatically generated our employees on a need-to-know basis or other members of the Peach Payments corporate family for internal administrative purposes;

Icon

Description automatically generatedservice providers that provide services on our behalf such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service and auditing services;

Icon

Description automatically generatedthird party business partners when this is necessary to provide our payment processing services;

Icon

Description automatically generatedas may be required by law, or the rules of any card scheme.

Transborder Flows

Our operations are supported by a network of computers, cloud-based servers and other infrastructure and information technology worldwide. Data processed by us is primarily hosted by AWS in Ireland. 

Information Security Measures

We have put in place a range of technical and organisational measures designed to protect personal data within our organisation against unauthorised access, destruction, loss, alteration or misuse. The types of security measures implemented by us to ensure that personal information is respected and protected included:

Icon

Description automatically generatedPCI-DSS controls to protect cardholder data;

Icon

Description automatically generatednetwork security;

Icon

Description automatically generateduser access management;

Icon

Description automatically generatedmalicious software detection; and

Icon

Description automatically generateddata encryption. 

Issued by

 Andreas Demleitner

Managing Director


Date of Last Update: 9 September 2022