POPIA COMPLIANCE
Protection of Personal Information Act (POPIA) Compliance
Mashele Finance PTY Ltd (FSP 55445 & NCRCP19670) is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (Act 4 of 2013), as amended. This page outlines how we collect, use, store, and protect your personal information in compliance with POPIA.
What is POPIA?
The Protection of Personal Information Act (POPIA) is South African legislation that regulates how personal information is processed by public and private bodies. As a responsible organization, Mashele Finance is committed to:
- Processing your personal information lawfully and in a reasonable manner that does not infringe on your privacy
- Collecting only information that is necessary for our business purposes
- Ensuring the information we hold is accurate, complete, and up to date
- Protecting your information from unauthorized access, loss, or damage
- Being transparent about how we use your information
- Respecting your rights as a data subject
Information We Collect
We collect and process the following categories of personal information:
Personal and Contact Information
- Full names and surname
- Date of birth
- South African ID number or passport number
- Residential and postal addresses
- Contact details (telephone numbers and email addresses)
- Employment information and income details
Financial Information
- Banking details
- Credit history and credit scores
- Transaction records
- Loan and payment history
- Financial statements and supporting documents
Special Personal Information
In limited circumstances, we may process special personal information with your explicit consent, including health information for insurance related products.
How We Use Your Information
We process your personal information for the following purposes:
- Processing loan applications and providing financial services
- Conducting credit assessments and risk analysis
- Managing and administering your account
- Communicating with you about your products and services
- Complying with legal and regulatory obligations, including FICA requirements
- Preventing and detecting fraud, money laundering, and other financial crimes
- Improving our products, services, and customer experience
- Sending you marketing communications (with your consent)
Legal Basis for Processing
We process your personal information based on one or more of the following lawful grounds:
- Consent: You have given us explicit permission to process your information
- Contractual Necessity: Processing is necessary to fulfill our contractual obligations to you
- Legal Obligation: We are required by law to process your information (such as FICA compliance)
- Legitimate Interest: Processing is necessary for our legitimate business interests, provided it does not override your privacy rights
Information Sharing and Disclosure
We may share your personal information with the following third parties:
- Credit Bureaus: For credit checks and reporting purposes
- Regulatory Authorities: Including the Financial Intelligence Centre, FSCA, and NCR when legally required
- Service Providers: Third parties who provide services on our behalf, such as IT support, payment processing, and document verification
- Legal and Professional Advisors: Attorneys, auditors, and consultants when necessary
- Debt Collection Agencies: In cases of default or non payment
All third parties are contractually obligated to protect your information and use it only for the specified purposes. We do not sell your personal information to third parties.
Data Security Measures
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of sensitive data in transit and at rest
- Secure databases with restricted access controls
- Regular security assessments and vulnerability testing
- Employee training on data protection and confidentiality
- Secure physical facilities and document storage
- Incident response procedures for data breaches
While we take all reasonable steps to protect your information, no system is completely secure. We cannot guarantee absolute security but will notify you of any security breaches as required by law.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:
- Duration of our business relationship with you
- Minimum of five (5) years after termination as required by FICA
- Any additional period required by law or for legal proceedings
- As needed to protect our legitimate business interests
After the retention period expires, we will securely delete or destroy your personal information in accordance with our data retention policy.
Your Rights as a Data Subject
Under POPIA, you have the following rights regarding your personal information:
- Right to Access: You may request confirmation of whether we hold your personal information and access to that information
- Right to Correction: You may request correction of inaccurate, incomplete, or outdated information
- Right to Deletion: You may request deletion of your information in certain circumstances
- Right to Object: You may object to the processing of your information for direct marketing purposes
- Right to Restrict Processing: You may request restriction of processing in certain circumstances
- Right to Data Portability: You may request a copy of your information in a structured, commonly used format
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact our Information Officer using the contact details provided below. We will respond to your request within a reasonable time, not exceeding one month.
Automated Decision Making
We may use automated systems to assess your creditworthiness and process loan applications. These decisions are based on:
- Credit bureau information and credit scores
- Income and employment verification
- Historical payment behavior
- Other relevant financial indicators
You have the right to request human intervention and to challenge any automated decision that significantly affects you.
Direct Marketing
We may send you marketing communications about our products and services if:
- You have given us consent to do so
- You are an existing client and the marketing relates to similar products or services
You have the right to opt out of receiving marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly. This will not affect any service related communications you receive.
Cross Border Information Transfers
Your personal information is primarily processed and stored within South Africa. If we need to transfer your information to countries outside South Africa, we will:
- Ensure the recipient country has adequate data protection laws
- Enter into data transfer agreements with appropriate safeguards
- Obtain your consent where required
Childrens Privacy
Our services are not directed at children under the age of 18. We do not knowingly collect personal information from minors without proper parental or guardian consent. If you are a parent or guardian and believe we have collected information about a minor, please contact us immediately.
Updates to This Notice
We may update this POPIA compliance notice from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of any material changes by:
- Posting the updated notice on our website
- Sending you an email notification (if we have your email address)
- Other appropriate communication methods
We recommend that you review this page periodically to stay informed of any changes. The current version of this document was last updated on the 28 of November 2025.
Information Officer Contact Details
If you have any questions about how we process your personal information, wish to exercise your rights, or want to lodge a complaint, please contact our Information Officer:
Mashele Finance PTY Ltd
Information Officer
FSP 55445 & NCRCP19670
Email: support@mashelefinance.com
Phone: +27 69 251 5859
Website: https://www.mashelefinance.com
Complaints and Regulatory Authority
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Regulator:
Information Regulator (South Africa)
33 Hoofd Street, Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Phone: +27 10 023 5207
Website: https://inforegulator.org.za
Disclaimer: This information is provided for general guidance purposes only and does not constitute legal advice. For specific questions regarding your data protection rights or obligations, please consult with a qualified legal professional or contact the Information Regulator directly.