This is the Promotion of Access to Information Manual of Peach Payment Services Proprietary Limited.
Peach Payment Services Proprietary Limited
Brickfield Canvas, 35 Brickfield Road, Woodstock, 7925, Cape Town
Brickfield Canvas, 35 Brickfield Road, Woodstock, 7925, Cape Town
The right of access to information is protected in South Africa's Constitution. The Promotion of Access to Information Act, 2000 ("PAIA") gives effect to this right. The aim of PAIA is to foster a culture of transparency and accountability in public and private bodies and enables the South African people to exercise and protect all their rights and to realise South Africa’s goals of an open and participatory democracy.
The Information Regulator of South Africa has put together a guide ("Guide") on PAIA, which has been designed as a user-friendly and accessible tool for any person who wishes to exercise any right in terms of PAIA, or in terms of the Protection of Personal Information Act, 2013 ("POPI").
A copy of the Guide is available on the Regulator's website (https://www.inforegulator.org.za).
WHAT RECORDS ARE AVAILABLE WITHOUT A FORMAL PAIA REQUEST?
Please have a look around at our website, https://peachpayments.com – various information is available, such as:
Product Information, and standardised pricing
Company information, job vacancies
WHAT RECORDS ARE AVAILABLE IN TERMS OF OTHER LEGISLATION?
Records are kept in accordance with all legislation applicable to Peach Payments. The specific records which are available are set out in that legislation. These records may in certain instances be protected or confidential, only accessible by the persons specified in the relevant legislation, or subject to certain processes or procedures. A non-exhaustive list of such records appears below.
National Payment System Act, 1998: Records obtained while operating and administering settlement system
Companies Act, 2008: Notice of Incorporation, Memorandum of Incorporation, rules, register of auditors, notices and minutes of shareholders meetings, copies of annual financial statements, accounting records, records of directors, communications to shareholders, minutes and resolutions of directors meeting, securities register
Electronic Communication and Transactions Act, 2002: certain personal data and the purpose for which such data was collected, and third parties to whom the information has been disclosed
Labour Relations Act, 1995: Details of employee disciplinary transgressions, and actions taken
Occupational Health and Safety Act, 1993: Register of earnings and other prescribed particulars
Basic Conditions of Employment Act, 1997: Particulars of employees, including name, occupation, time worked, remuneration paid
Employment Equity Act, 1998: Employment Equity Plan and Reports
Compensation for Occupational Injuries & Disease Act, 1993: Register of earnings and other prescribed particulars
Unemployment Insurance Act, 2001: Personal records of employees such as names, ID numbers, monthly remuneration and address
Income Tax Act, 1962: Records showing employee remuneration, tax deductions, income tax numbers
Tax Administration Act, 2011: Records, books of account, returns and documents required by tax laws
Value-Added Tax Act, 1991: Records of goods and services supplied to and from Peach Payments, rate of tax on these supplied, invoices, credit noted, debit notes, bank statements, deposit slips
HOW TO REQUEST ACCESS TO A RECORD?
Peach Payments is a private body. In terms of PAIA, requests for information must be submitted using "Form 2", which is available on the Information Regulator website (https://www.inforegulator.org.za). All PAIA requests must be directed to our Information Officer (whose details appear at the top of this Manual).
Please note that, generally, fees need to be paid both for making a request, and to cover the cost of providing access to the records. The fee structure is available on the Information Regulator website (https://www.inforegulator.org.za).
When submitting a PAIA request:
you must state which right (other than a right of access to information) you are protecting or exercising by asking for the information;
if you are requesting access to any of your personal information which may be held by us, you must produce adequate proof of your identity; and
provide sufficient detail to allow us to identify the records you seek.
SUBJECTS AND CATEGORIES OF RECORDS
We hold records on the following subjects and categories:
Incorporation documents, directors register, share register, register of auditors, written resolutions, minutes of board meetings
Operational records and manuals, databases, internal correspondence, product records and documentation relating to systems, solutions, information technology, and intellectual property
Financial statements, management accounts, tax returns, banking records and statements, banking records, asset register, invoices, financial agreements
Income Tax Records
PAYE, company tax, documents issued to employees for PAYE purposes, records of payments made to SARS on behalf of employees, skills development levies, UIF contributions
Employee lists, personal information, employment contracts, applications, policies and procedures, employment equity plan, health and safety records, salaries, leave records, internal evaluations, disciplinary records
Merchant agreements, Payment Partner and Acquirer Agreements, NDAs, Contracts for Goods or Services, Rental Agreements
Merchant (Customer) Information
Merchant details, representative details, communications, billing information, transaction details, merchant customer information, website URL, FICA and onboarding information, risk assessment reports, marketing records, public customer information, performance records, marketing strategies, client database
Purpose. We process personal information to pursue our business objectives and strategies, including as may be required to:
provide our payment processing services;
facilitate our business relationships with payment method providers;
contact our customers and partners;
comply with our financial, regulatory and other legal obligations;
pursue our legitimate business interests including the performance of risk assessments, data analysis, testing, and product development.
Categories of Data Subjects and Information. We process personal information of:
our employees (personal details, salary details, leave records, disciplinary information, performance reviews, employment contracts);
merchants (merchant details, contracts, representative details and contact information, bank details, invoices, transaction records and volumes, certain customer details submitted as part of transaction, analytics, correspondence, support tickets, website information, technical integration data);
payment partners (contracts, invoices, technical integration data, partner information, contact details, billing information, pricing, product information), or providing aggregated reports;
technical or referral partners, and service providers (contact details, billing information, invoices, technical integration data, product information).
Recipients of Personal Information
Personal information may be shared with:
our employees on a need-to-know basis or other members of the Peach Payments corporate family for internal administrative purposes;
service providers that provide services on our behalf such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service and auditing services;
third party business partners when this is necessary to provide our payment processing services;
as may be required by law, or the rules of any card scheme.
Our operations are supported by a network of computers, cloud-based servers and other infrastructure and information technology worldwide. Data processed by us is primarily hosted by AWS in Ireland.
Information Security Measures
We have put in place a range of technical and organisational measures designed to protect personal data within our organisation against unauthorised access, destruction, loss, alteration or misuse. The types of security measures implemented by us to ensure that personal information is respected and protected included:
PCI-DSS controls to protect cardholder data;
user access management;
malicious software detection; and
Date of Last Update: 9 September 2022