Privacy Policy

October 4, 2024

As accessed on 16 January 2023 and displayed here

PRIVACY POLICY


At Stitch, user privacy, security and transparency are of utmost importance

This document, Terms of Service and End User Privacy Policy (collectively known as the “Terms”), is meant to help you (the “end user”) understand how we at Stitch collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in the Terms. Please take some time to read the Terms carefully.

Please note that these terms apply to Stitch Money (Pty) Ltd (2018/409288/07).

 

1. Who is Stitch?

Stitch Money (Pty) Ltd (“Stitch”), is a company incorporated in South Africa under registration number 2018/409288/07. Stitch provides technology that allows consumers to connect their bank account to applications/websites for purposes of facilitating payments and accessing a variety of products, across verticals such as budgeting, lending, insurance, etc. These products are built by companies and developers (collectively known as “Developers”) that integrate with us by making use of our developer tools and services to do so.


Stitch is also an authorised Third Party Payment Provider and provides services in its capacity as such. The products and services that we offer are provided in partnership with merchants and registered financial institutions.

Stitch has various brands and products under it, such as Wig Wag. 

2. About the Terms

This document sets out the Terms of Service and End User Privacy Policy (collectively known as the
“Terms”) and is aimed at providing you (the “End User”) with information on the nature of personal
information(as defined in the Protection of Personal Information Act 4 of 2013 (“POPIA)) we collect, the purpose for collection, how we process your personal information in the course of providing our services and the measures that we undertake to ensure that your personal information is secured, and its confidentiality safeguarded. 

Personal Information, process/processing and any other terms used in the context of POPIA will bear the meanings ascribed to the terms therein. 

The application of these Terms is limited to the information that Stitch directly collects, processes, stores and shares with third parties with your consent. . Should you have any questions related to Stitch’s data practices please contact us via email at privacy@stitch.money

3. Information We Collect

Stitch is committed to processing Personal Information in compliance with POPIA. In light of this, your personal information will be processed in a manner that is reasonable, non-excessive, adequate and relevant to the purpose for which it is processed.

Who is responsible for processing your personal data?

Stitch is the “responsible party" (i.e. the organisation responsible) for all Personal Information shared by Developers directly with Stitch. Conversely, Stitch is the operator (i.e. Stitch processes Personal Information on behalf of another entity, such as  Developers and Bank Providers) where an End User makes a payment using a Stitch product and the Developes collects and processes that Personal Information, which is then shared with Stitch.

WHAT IS PERSONAL INFORMATION

Personal information means information, in any format, relating to an identified or identifiable, living natural person or existing juristic person. You are identifiable if you can be identified, directly or indirectly, by reference to an identifier (e.g. ID number, account number, etc.) or accumulated information that together has a reasonable likelihood of resulting in the identification of you as the data subject by a person in possession of such information.

Personal information excludes:

  • information that has been made anonymous so that it does not identify a specific person
  • permanently de-identified information that does not relate or cannot be traced back to you specifically
  • non-personal statistical information collected and compiled by us

The following information will be collected and processed:

Information that you voluntarily share:

When you connect your bank accounts with an application or otherwise connect your bank accounts through Stitch, where applicable, we process credentials required by the provider of your bank account, such as your account username, bank account number, password, pin, etc.

We may in future collect your phone number, email address, security questions and answers, and Multi Factor Authentication (MFA) such as One Time Pins (OTPs) to help verify your identity before connecting your bank accounts.

Stitch collects your physical address when you input the delivery details for your purchase with our WigWag product.

When providing this information via the Stitch website or an alternative engagement channel (including apps) through which we offer services and products, you give the Developers and Stitch the authority to act on your behalf and consent to either party accessing and transmitting your End User Information from the relevant bank or other entity that provides your bank accounts (collectively known as “Bank Providers”). Please note that the obligation to collect personal information directly from you, will not apply in instances where the relevant information was deliberately made public by you or where you consented to the collection of the information from another source.

Information we collect from your bank accounts:

The information we receive from the Bank Providers varies depending on the specific Stitch services that Developers use to enable their applications, as well as the information made available by those Bank Providers. In general, we collect the following personal and commercial information, from your Bank Provider:

  • Account information, including bank name, account name, account type, account holder, branch number.
  • Information about an account balance, including current and available balance.
  • Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis.
  • Identifiers and information about the account holder(s), including name, email address, phone number, date of birth, gender, and address information.
  • Information about account transactions, including amount, date, type, price, and a description of the transaction.
  • Card holder data(CHD) : name, surname, card number, cvv, expiry date

The data collected from your bank accounts includes information from all your accounts (e.g. checking, savings, and credit card) accessible through a single set of account credentials. All personal information collected and processed in this scenario, is done so with your consent. Neither Stitch, nor the Developer is able to access personal information that you have not explicitly shared and consented to.

Information we collect from your bank devices:

We do not currently, but may in future receive information about the devices used to connect to the Stitch website or any other engagement channels (including apps) through which we offer services and products . We may receive identifiers and network activity information about the relevant device, including IP address, hardware model, operating system, which features within our services you access, and other technical information about the device. This would be done to enhance security around your bank accounts and prevent fraudulent access.

4. Use of Personal Information

In general we process, store and retain personal Information for purposes of (i) giving effect to a
commercial relationship between you and Stitch or a third party; or (ii) facilitating payment transaction(s) on your behalf and for any other compatible purpose.

See below list of additional reasons for which End User Information is used:

  • To operate, provide, and maintain our services;
  • To improve, enhance, modify, add to, and further develop our services;
  • To protect us, you, Developers, our partners, others from fraud, malicious activity, and other privacy and security-related compromises;
  • To develop new services;
  • To provide customer support to you or to Developers, including to help respond to your queries related to our service or Developers’ applications;
  • To investigate any misuse of our service or Developers’ applications, including criminal activity, or other unauthorised access to our services; and
  • For any other purposes that you are notified about and that you consent to.
  • Monitor, Protect against and prevent fraud, and other legal or information security risks.
  • Comply with legal obligations, including under applicable anti- money laundering legislation.
  • To improve or personalize existing products and services to you, like Wig Wag.

Note: We retain your security credentials (such as your username, password, pin, etc) with your
permission, in connection with the use of our services. We do not, however, share such security
information with third parties.

5. Sharing of Personal Information

We share your End User Information for a number of purposes, including:

  • With the Developer of the application you are using and as directed by that Developer (such as with another third party with your consent);
  • Between and among Stitch group companies and, subsidiaries and other companies under common control or ownership for purposes of offering the services, customer support, monitoring and prevention of potentially illegal acts and violations of our policies, and to help us take decisions regarding our products and services;
  • As we believe reasonably appropriate to protect you, the Developers, our partners and others as well as our rights, privacy, safety, or property;
  • If we believe in good faith that disclosure is legally required in order for us to comply with any applicable laws, regulation, or legal process (such as a court order); or
  • With the merchant that your are purchasing goods from so that they can deliver said goods in the case of our WigWag product.
  • For any other notified purpose with your consent.

We do not sell personal information that we collect/process to third parties for marketing or any other
purpose.

6. How we Secure Personal Information

We use appropriate, reasonable technical and organisational measures to curtail unlawful access to or processing of Personal Information, prevent loss of, damage to or unauthorised destruction of Personal Information and to secure the integrity and confidentiality of all Personal Information in our possession and/or under our control. Only authorized Stitch personnel and third-party service providers are provided access to personal data, and these individuals and service providers are required to treat this information as confidential.

7. Consent to Process your Personal Information

By giving your consent, you give us permission to process your Personal Information specifically for the purposes set out in this Privacy Policy. You further consent to Stitch sharing your personal information with any of its partners and service providers for purposes of facilitating transactions.

8. Our Retention Practices

We retain End User Information for no longer than necessary to fulfil the purposes for which it was
originally collected and processed, as described in these Terms, unless a longer retention period is
required or permitted under applicable law.

As permitted under applicable law, even after you stop using an application or terminate your account with one or more Developer(s), we may retain your information (for example, if you still have an account with another Developer) provided that the relevant Developer has the requisite consent. In all instances, your information will only be processed in accordance with the POPIA and these Terms.

9. Transfer of Information outside of South Africa

We do not currently, but may in future transfer your Personal Information outside the geographic borders of South Africa. In the event that we do transfer your Personal Information outside of the geographic borders of South Africa, the transfers will be undertaken lawfully, subject to appropriate safeguards and in line with the provisions of POPIA.

10. Your Rights

In line with POPIA and subject to Stitch successfully verifying your identity, you have the right to amongst other things:

  • You may request access to your personal information to receive a copy of the personal information that we hold on you.
  • You may choose to correct or update the personal information you have submitted to us, by clicking the relevant menu in any of the pages on our website or contacting us by phone or email.
  • You may withdraw your consent where we are relying on consent as a lawful justification to process.
  • You may also object to our processing where we are relying on another lawful justification for processing. Please note that if you do so, we might not be able to provide services to you.
  • the right to request that we delete or destroy your information. However, we will retain information that is lawful and within the legally permissible retention period

Please note that deletion of some Personal Information may impact the services/products that we offer to you. Stitch will not take any responsibility and rejects all liability, for any harm, or loss that you may incur as a consequence of your deletion of Personal Information required for us to offer the relevant services to you.

Please contact us via email at privacy@stitch.money should you wish to have access to, amend, update or delete any of your Personal Information in our possession or under our control.

11. Complaints and how to contact Stitch

Stitch have appointed a board approved Information Officer to ensure the enforcement and compliance with applicable data protection laws .

If you have any questions or complaints about our privacy practices , you can
contact our Information Officer at privacy@stitch.money.

12. Contacting the Information Regulator

In the event that you have any complaints about this Privacy Policy or our compliance with this Privacy Policy you can lodge a complaint with the Information Regulator

The contact details of the Information Regulator are as follows:

Visit their website

Home - Information Regulator (inforegulator.org.za)

Postal address

P.O Box 3153, Braamfontein, Johannesburg, 2017

Physical address

The Information Regulator (South Africa)

JD House 27 Stiemens Street Braamfontein Johannesburg 2001

Phone number

010 023 5200

Email

POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint

13. Change of ownership

If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.

14. Cookie Policy (Specifically for the Wig Wag Product)

Cookies are small text files placed by a website and stored by your browser on your device.

We  use cookies and similar technologies on our website to help collect information and operate the website and app.wigwag.me. We use cookies to remember users and make your user experience easier; customise our Services, content and advertising; help you ensure that your account security is not compromised, mitigate risk and prevent fraud; and to promote trust and safety on our website. Our cookies hold a unique random reference to you so that once you visit the website, we can recognise who you are and provide certain content to you.

You may at any given time change your cookie consent preferences.If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this may impact your experience when using our website.

We have installed a Microsoft Clarity cookie and Microsoft Advertising on our WigWag site, to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. By default, any sensitive content such as passwords, usernames, etc. are masked before sending to Clarity. For more information about how Microsoft collects and uses your data, please visit the Microsoft Privacy Statement.

15. Changes to this privacy notice

We rightfully review our practices regularly to ensure that your personal information is appropriately safeguarded and used in a responsible way to provide you with the most value. This may require that we change our data privacy policies or this notice from time to time. We will notify you of any changes by displaying a notice on the website  .The notice will indicate the changes that have been made and when they become effective

Download Document