PRIVACY POLICY

Introduction

Mashele Finance PTY Ltd (FSP 55445 & NCRCP19670) ("we," "us," "our," or "Mashele Finance") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you interact with us through our website, mobile applications, in person at our offices, or through our consultants and affiliates.

This Privacy Policy applies to all individuals who:

• Visit our website at https://www.mashelefinance.com
• Use our online services or mobile applications
• Apply for or use our financial products and services
• Communicate with us via email, phone, or other channels
• Interact with our consultants, agents, or affiliates in person or remotely
• Visit our physical offices or attend our events

By using our services or providing us with your personal information, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Relationship with Other Policies

This Privacy Policy works in conjunction with our Terms of Service, which govern your use of our website and services. Together, these documents form the complete agreement between you and Mashele Finance regarding your privacy and the use of our services.

We also comply with:

• The Protection of Personal Information Act (POPIA) - see our POPIA Compliance page for detailed information
• The Financial Intelligence Centre Act (FICA) - see our FICA Compliance page for detailed information
• All applicable South African financial services legislation and regulations

Information We Collect

We collect various types of information depending on how you interact with us:

Information You Provide Directly

• Personal Identification: Full name, surname, date of birth, ID number, passport number, gender, nationality
• Contact Information: Physical address, postal address, email address, telephone numbers, mobile numbers
• Employment Details: Employer name, occupation, work address, income information, employment status
• Financial Information: Bank account details, credit history, transaction records, existing debt obligations, assets and liabilities
• Identification Documents: Copies of ID documents, passports, drivers licenses, proof of residence, payslips, bank statements
• Next of Kin Information: Emergency contact details, beneficiary information
• Communication Records: Information from emails, phone calls, SMS messages, live chat conversations, feedback forms

Information Collected Automatically

• Website Usage Data: IP address, browser type and version, operating system, pages visited, time spent on pages, referring websites, clickstream data
• Device Information: Device type, unique device identifiers, mobile network information, geographic location (with your permission)
• Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy section below)
• Application Data: Information about how you use our mobile applications, including features accessed and actions taken

Information from Third Parties

• Credit Bureaus: Credit reports, credit scores, payment history, debt obligations, public records
• Identity Verification Services: Identity authentication and fraud prevention data
• Employers: Employment and income verification (with your consent)
• References: Information provided by your references or emergency contacts
• Affiliates and Partners: Information shared by our authorized consultants, agents, and business partners

Information Collected Through Consultants and Affiliates

When you interact with our authorized consultants, agents, or affiliates (whether in person, by phone, or online), they may collect the same types of information listed above on our behalf. All consultants and affiliates are contractually obligated to handle your information in accordance with this Privacy Policy and applicable laws.

How We Use Your Information

We use your personal information for the following purposes:

Service Delivery

• Processing and evaluating loan applications
• Providing and managing your financial products and services
• Conducting credit assessments and affordability checks
• Verifying your identity and conducting fraud prevention checks
• Processing payments and managing your account
• Providing customer support and responding to inquiries

Legal and Regulatory Compliance

• Complying with FICA requirements for client identification and verification
• Meeting our obligations under POPIA and other data protection laws
• Fulfilling regulatory reporting requirements to FSCA, NCR, and other authorities
• Preventing money laundering, terrorist financing, and financial crimes
• Responding to legal processes, court orders, and law enforcement requests

Business Operations

• Managing and improving our products, services, and operations
• Conducting risk management and internal audits
• Training our staff, consultants, and affiliates
• Analyzing usage patterns and customer preferences
• Developing new products and services

Communication and Marketing

• Sending service related notifications and updates
• Providing information about your account and transactions
• Sending promotional materials and marketing communications (with your consent)
• Conducting customer satisfaction surveys
• Informing you about changes to our services or policies

Website and Application Management

• Operating and maintaining our website and mobile applications
• Improving user experience and website functionality
• Monitoring and analyzing website traffic and usage
• Detecting and preventing security threats and technical issues
• Troubleshooting problems and providing technical support

How We Share Your Information

We may share your personal information with the following parties:

Service Providers and Business Partners

• Credit bureaus for credit checks and reporting
• Payment processors and banking institutions
• IT service providers, including hosting and cloud storage providers
• Identity verification and fraud prevention services
• Document management and archiving services
• Marketing and communication service providers
• Professional advisors (lawyers, accountants, auditors, consultants)

Authorized Representatives

• Our authorized consultants, agents, and affiliates who assist with service delivery
• Third party intermediaries acting on your behalf (with your consent)

Regulatory and Legal Entities

• Financial Intelligence Centre (FIC) for suspicious transaction reporting
• Financial Sector Conduct Authority (FSCA)
• National Credit Regulator (NCR)
• Other regulatory bodies as required by law
• Law enforcement agencies and courts when legally required

Debt Collection and Legal Proceedings

• Debt collection agencies in cases of non payment or default
• Legal representatives in connection with legal proceedings
• Tracing agents for locating clients

Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the relevant third parties. We will notify you of any such change and ensure the new entity continues to protect your information in accordance with this Privacy Policy.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. All third parties with whom we share your information are contractually obligated to maintain its confidentiality and use it only for the specified purposes.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website usage.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly, including security and authentication
• Performance Cookies: Collect information about how you use our website to help us improve it
• Functionality Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand user behavior and measure website traffic
• Marketing Cookies: Track your activity across websites to deliver relevant advertisements (with your consent)

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or accept cookies, delete existing cookies, or set preferences for certain websites. However, disabling certain cookies may limit your ability to use some features of our website.

For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.

Data Security

We implement comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

• Technical Safeguards: Encryption, firewalls, secure servers, SSL/TLS protocols, intrusion detection systems
• Physical Security: Secure facilities with access controls, locked filing cabinets, visitor management systems
• Organizational Measures: Confidentiality agreements, employee training, background checks, access controls based on need to know principle
• Regular Assessments: Security audits, vulnerability testing, penetration testing, compliance reviews
• Incident Response: Data breach detection and response procedures, notification protocols

Despite our best efforts, no security system is completely impenetrable. We cannot guarantee absolute security but will take all reasonable steps to protect your information and will notify you of any security breaches as required by law.

Data Retention

We retain your personal information for as long as necessary to:

• Provide you with our products and services
• Comply with legal and regulatory obligations (minimum 5 years under FICA)
• Resolve disputes and enforce our agreements
• Protect our legitimate business interests

After the retention period expires, we will securely delete or anonymize your information. Some information may be retained in backup systems for a limited additional period before permanent deletion.

Your Privacy Rights

You have the following rights regarding your personal information:

• Right to Access: Request confirmation of what personal information we hold about you and obtain a copy
• Right to Correction: Request correction of inaccurate, incomplete, or outdated information
• Right to Deletion: Request deletion of your information in certain circumstances
• Right to Object: Object to processing of your information for direct marketing or other purposes
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Data Portability: Receive your information in a structured, commonly used format
• Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
• Right to Lodge a Complaint: File a complaint with the Information Regulator if you believe your rights have been violated

To exercise any of these rights, please contact our Information Officer using the details provided below. We will respond within a reasonable time, not exceeding one month.

Marketing Communications

We may send you marketing communications about our products, services, special offers, and updates if:

• You have given us consent to do so
• You are an existing client and the marketing relates to similar products or services

You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in our emails
• Replying STOP to SMS messages
• Contacting us directly using the information below
• Updating your preferences in your account settings

Opting out of marketing will not affect service related communications, such as transaction confirmations, account statements, or important updates about your products.

Third Party Websites and Services

Our website may contain links to third party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third party sites. We are not responsible for the privacy practices or content of third parties.

We encourage you to review the privacy policies of any third party sites you visit. Providing your information to third party sites is at your own risk.

Childrens Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors without proper parental or guardian consent.

If you are a parent or guardian and believe we have collected information about a minor without proper consent, please contact us immediately, and we will take steps to remove that information from our systems.

International Data Transfers

Your personal information is primarily processed and stored within South Africa. In limited circumstances, we may transfer your information to service providers or partners located in other countries.

When we transfer information internationally, we ensure appropriate safeguards are in place, including data transfer agreements, verification that the recipient country has adequate data protection laws, or obtaining your explicit consent where required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will notify you by:

• Posting the updated policy on our website with a new Last Updated date
• Sending you an email notification (if we have your email address)
• Displaying a prominent notice on our website
• Other appropriate communication methods

Your continued use of our services after we publish or notify you about changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

This Privacy Policy was last updated on the 28 of November 2025.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our Information Officer:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator: