View our Terms of Service

 PRIVACY AND DISCLOSURE POLICY

Purpose

Aphro Legacy Company Limited (“AfroPay” or “we” or “us” or “our”) respect the privacy of our users (“user” or “you”). We will be the controller of the information you provide to us. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our mobile application (the “Application” or “App”). Please read this Privacy Policy carefully. Please note that we reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes via Application notifications and/or email. You are encouraged to periodically review this Privacy Policy to stay informed of updates. This Privacy Policy does not apply to the third party online/mobile store from which you install the Application which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.

 

1. Collection of Your Information

We may collect information about you in a variety of ways. The information we may collect depends on the services you use. This information may include:

 

1.1.      Personal Data

            Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to participate in various activities related to the Application, such as creating an Account, setting up a profile, contacting the help centre, sending feedback, signing up to receive notifications and responding to surveys. If you choose to share data about yourself via your profile or other interactive areas of the Application, please be advised that all data you disclose in these areas is public and your data will be accessible to anyone who accesses the Application.

 

We also collect information related to your National Identification card and may require a self-portrait to verify your identity as per the requirements of KYC, Anti-Money Laundering and Counter-Terrorism Financing policy. That information, along with other personally identifying information about you will be shared internally, and may also be shared externally with our compliance, banking, aggregation, and product-offering partners that undertake review of your information:

a)     Against relevant government maintained sanctions lists and lists of politically exposed persons

b)    For purposes of facial recognition against government provided identification documents

c)     For accuracy against national databases

d)    For confirming your identity against other relevant databases such as those maintained by companies providing credit reports

e)    For purposes of monitoring transactions for fraudulent and other illegal activities.

 

1.2.      Derivative Data

            The information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, as well as other interactions with the Application and other users via server log files.

 

1.3.      Financial Data

            Financial information, such as data related to your mobile money account, your AfroPay account and alternative payment method that we may collect when you deposit, cash in, cash out, request payment or request information about our services from the Application. Please note that we store only very limited, if any, financial information that we collect in line with regulatory requirements for safeguarding such information. Otherwise, all financial information is stored by our payment processor.

 

1.4.      Mobile Device Access

            We may request access or permission to use certain features from your mobile device including your device’s camera, SMS messages, storage and potentially, location and other features. If you wish to change our access or permissions, you may do so in your device’s settings. It should be noted that like other Applications, we will have access to your device fingerprint, which identifies the specific device used for the Application.

 

1.5.      Mobile Device Data

            Information such as your mobile device ID number, model and manufacturer, version of your operation system, phone number, country, location, and any other data you choose to provide.

 

1.6.      Push Notifications

We may request to send you push notifications regarding your account or the Application. If you wish to opt out from receiving these types of communications, you may turn them off in settings.

 

1.7.      Third Party Data

Information from third parties will be accessible to us if you grant said permission to us.

 

2. Use of Your Information

 

2.1.      Legal Basis for Using Your Personal Information

Under data protection law, we can only use your personal information if we have a proper reason for doing so. Our reasons for using your information is as follows:

·      Processing your information is necessary for us to be able to provide our products and services to you in accordance with our Terms of Use;

·      Processing your information is necessary for us to comply with our legal obligations;

·      Processing your information is necessary for the purposes of pursuing legitimate business interests;

·      You have provided consent to the processing of your data.

 

2.2.      How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient and customized experience. Specifically, we may use information collected about you via the Application to:

·      Authenticate your information for purposes of performing anti-fraud, anti-terrorism and other safety and security reviews

·      Create and manage your account

·      Compile anonymous statistical data and analysis for use internally or with third parties

·      Deliver targeted advertising, coupons, discounts, newsletters and other information regarding promotions and the Application to you

·      Email you regarding your Account

·      Enable user to user communications

·      Fulfil and manage transactions related to the Applications

·      Generate a personal profile about you to make future visits to the Application more personalised.

·      Increase the efficiency and operation of the Application

·      Monitor and analyse usage and trends to improve your experience with the Application

·      Notify you of updates to the Application

·      Offer new products, services and/or recommendations to you

·      Perform other business activities as needed

·      Prevent fraudulent transactions, monitor against theft and protect against criminal activity

·      Process payments and refunds

·      Request feedback and contact you about your use of the Application

·      Resolve disputes and troubleshoot problems

·      Respond to product and customer service requests

 

2.3.      Automated Decision Making

We use an automated decision making system to determine whether a user has provided appropriate authentication to engage with the Application, including verification of personal information.

 

This includes:

a)     Matching personal information against national databases, publicly available information, sanctions lists, lists of politically exposed persons and other databases that provide information on potentially illegal activity

b)    Comparison by facial recognition on your selfie image against the image provided with your identification document or other database containing your image

c)     Tracking your person information in the context of automated monitoring of transactions undertaken by you to look for potentially fraudulent or illegal activity.

 

In the event that we receive an automated report that there is a discrepancy, insufficiency or inaccuracy in the information provided by you, or we receive a response from service provider that your information appears on a list that prohibits our engaging with you or suggests the potential for fraudulent or illegal activity or if our automated transaction monitoring uncovers the potential for your transactions to be fraudulent or illegal, our compliance and customer service teams will engage to review the background information that generated the automated response and determine if the information provided about you is incorrect and we can proceed to either on-board you as a user or continue to allow your use of the Application. If there is still a need for additional information, we may contact you via SMS or email, to seek additional information or clarification. If we are unable to continue with you as a user on our platform, we may provide you with the basis of that decision. This is not guaranteed.

 

You have the right not to be subject to a decision based solely on automated processing, which has legal consequences for you or similar significant effects. While we are confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to technology.

 

If you want to know more about these rights or have any questions about our automated decision making processes, please contact us using the details on our website and Application.

 

3. Disclosure of Your Information

We may share information we have collected about you in certain situations. At no time will our database of users ever be sold to any entity for the purpose of marketing or mailing lists. Your information may be disclosed as follows:

 

3.1.      By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, o to protect the rights, property and safety of others, we may share your information as permitted or required by any applicable law, rule or regulation. This includes exchanging information with other entities for financial regulation, fraud protection, prevention of terrorism, anti-corruption, money laundering and credit risk reduction.

 

The personal information we have collected from you may be shared with crime prevention agencies and other third parties where we have a good reason to suspect fraud, money laundering, counter terrorist financing or any other illegal activity for the purpose of detecting, preventing or reporting crime or for actual or suspected breach of any applicable law or regulation. These third parties may include business partners and companies that provide services to us, law enforcement bodies, regulatory and supervisory authorities, providers of fraud prevention and detection services. If fraud is detected, you could be refused access to some or all services.

 

3.2.      Third Party Service Providers

We may share your information with third parties that perform services for us or on our behalf including: payment processing, data analysis, email delivery, hosting services, fraud prevention services, customer service, marketing assistance, technology services and technology tools that allow us to monitor, test and improve our services, sites and mobile Application.

 

3.3.      Marketing Communications

Where it is necessary for our legitimate business interests, we may use your personal data to promote our products or services to you. Where you have provided your consent, we may also share your information with third parties for marketing purposes, as permitted by law. You may withdraw your consent to receive marketing messages at any time by setting your preferences in the Application settings, or by following the opt-out link contained in our marketing emails.

 

3.4.      Interactions with Other Users

If you interact with other users of the Application, those users may see your name, profile photo and descriptions of your activity, including sending invitations to other users, chatting with other users, etc.

 

3.5.      Third Party Advertisers

We may use third-party advertising companies to serve ads when you visit the Application. These companies may use information about your visits to the Application and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

 

3.6.      Business Partners

With your consent, we may share your information with our business partners to offer you certain products, services or promotions.

 

3.7.      Other Third Parties

We may share your information with advertisers and investors for the purpose of conducting general business analysis.

 

3.8.      Sale or Bankruptcy

If we reorganise or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and the transferee may decline to honour commitments we made in this policy.

 

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

 

4. Security of Your Information

We use administrative, technical and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorised parties. Therefore, we cannot guarantee complete security if you provide personal information.

 

4.1. Policy for Children

We do not knowingly solicit information from, or market to, children under the age of 18. If you become aware of any data we have collected from children under age 18, please contact our data protection team at dpo@afropay.com.

5. Your Options Regarding Your Information

If you no longer wish to receive correspondence, emails or other communications from us, you may opt-out by:

·      Noting your preferences at the time you register your account with us;

·      Logging into your account settings and updating your preferences;

·      Contacting us via the details on our website.

 

If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

 

6. Your Rights

Under data protection law, you have a number of rights when it comes to your personal data:

 

6.1.      The Right to Be Informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.

 

6.2.      The Right of Access

You have the right to obtain a copy of your information that we hold, and certain other information (similar to that provided in this policy).

 

6.3.      The Right of Rectification

You are entitled to have your information corrected if it is inaccurate or incomplete.

 

6.4.      The Right to Erasure

This is also known as the right to be forgotten. In simple terms, this right enables you to request the deletion or removal of your information, where there is no compelling reason for us to keep using it. This is not a general right to erasure – there are exceptions. We are under the legal obligation to store information for a period of time. This obligation overrules the right to erasure.

 

6.5.      The Right to Restrict Processing

You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected.

 

6.6.      The Right to Data Portability

You have rights to obtain and reuse your personal data for your own purposes across different services.

 

6.7.      The Right to Lodge a Complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. The national data protection regulator in Uganda is the Personal Data Protection Office (PDPO).

 

6.8.      The Right to Withdraw Consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us, using your personal data for marketing purposes.

 

7. How Long Will We Keep Your Personal Information

We will keep your personal information while we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:

·      To respond to any questions, complaints or claims made by you or on your behalf;

·      To show that we treated you fairly;

·      To keep records required by law.

 

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request using the contact details on our website.

 

When it is no longer necessary to retain your personal information, we will delete or shred it as necessary.

 

Records regarding data retention must be maintained in accordance with the Aphro Legacy Company Limited’s Data Retention Policy, or as required by national regulations, whichever is longer.

 

Contact Us

Our users’ privacy is very important to us. We are committed to safeguarding the information entrusted to us and will continually update this policy to ensure that users’ rights with regards to personal information are respected. If you have questions or comments about this policy, please do not hesitate to contact us at support@afropay.com.