Privacy Policy

ONLY LOANS DATA PROTECTION AND PRIVACY POLICY

 

**DEFINITIONS**

 

In this Policy, the following capitalized terms shall have the meanings provided, unless the context indicates otherwise:

 

  1. **Active Processing**: Instances where Only Loans directly receives the Personal Information/Personal Data of Data Subjects, such as when Data Subjects submit inquiries regarding our Services or provide Personal Information/Personal Data in connection with commercial agreements with Only Loans.
  2. **Inactive Processing**: Instances where Only Loans has not been directly provided with the Personal Information/Personal Data of Data Subjects but collects information through Passive Processing Means. These means allow Only Loans to process Non-personally Identifiable Information, which may not be linked to Data Subjects.
  3. **Anonymisation**: The process of converting Personal Information/Personal Data so that it can no longer be attributed to Data Subjects without additional information, provided that such additional information is stored separately and protected by technical and organizational measures to prevent re-attribution.
  4. **Applicable Laws**: Any laws relevant to Personal Data and Personal Information, including statutes, regulations, policies, directives, and any binding court orders or industry codes.
  5. **Competent Person**: Someone legally authorized to consent on behalf of a child, such as a parent or legal guardian.
  6. **Controller**: Only Loans, when it processes Personal Data as defined by Article 4 of the GDPR.
  7. **Consent**: A voluntary, specific, and informed expression of will permitting the Processing of Personal Information.
  8. **Cookies**: Small text files that store Non-personally Identifiable Information/Data about Data Subjects, which can be temporary (session cookies) or permanent (persistent cookies). These cookies may be used by Only Loans’ Website(s) or Mobile Application(s) to enhance user experience.
  9. **Customer(s)**: Any individual(s) or entity(ies) who have entered into an agreement with Only Loans to procure Services provided by Only Loans.
  10. **Data Subject**: Only Loans’ Customer(s) or any Third Party whose Personal Information/Personal Data is processed by Only Loans.
  11. **Data Processing Infrastructure**: All systems, networks, servers, workstations, laptops, mobile devices, web applications, mobile applications, and cloud storages owned, controlled, or operated by Only Loans.
  12. **Embedded Scripts**: Programming code designed to collect information about a Data Subject’s interactions with Website(s) or Mobile Application(s). These scripts are temporarily downloaded to a Data Subject’s device and are active only while connected to the relevant Website(s) or Mobile Application(s), after which they are deleted or deactivated.
  13. **Electronic Means**: Methods of Processing Personal Information/Personal Data using electronic tools, such as Websites, Mobile Applications, emails, text, voice, sound, or image messages by Only Loans.
  14. **Non-Electronic Means**: Traditional methods of Processing Personal Information/Personal Data, such as hard copy documents and face-to-face interactions.
  15. **GDPR**: The General Data Protection Regulation, a European law governing the collection and processing of personal data within the European Union.
  16. **Only Loans**: A company registered under the Company Laws of South Africa.
  17. **Mobile Application(s)**: Any multi-device software application related to this Privacy Policy, through which Customers and Third Parties access Only Loans’ Services.
  18. **Mobile Device Identifier**: Device information collected when accessing our Website(s) or Mobile Application(s) through mobile devices. This may include the mobile phone number and location information from mobile service providers. If this information is linked with Personal Information/Personal Data, it is treated as such under this Policy.
  19. **Non-personally Identifiable Information/Data**: Information/data that cannot be linked to Data Subjects, such as an internet domain name, web browser type, operating system, visit date and time, specific pages visited, and the address of the referring website.
  20. **Operator**: An entity that processes Personal Information/Data on behalf of a Responsible Party.
  21. **Passive Processing Means**: Technologies used for Inactive Processing of Personal Information/Personal Data, including Cookies, Web Beacons, Embedded Scripts, and Mobile Device Identifiers.
  22. **Personal Data**: As defined in Article 4 of the GDPR, any information relating to an identified or identifiable natural person.
  23. **Personal Information**: As defined in section 1 of POPIA, encompassing types of Personal Information detailed in paragraph 4.6 below.
  24. **Policy**: This Data Protection and Privacy Policy.
  25. **POPIA**: The Protection of Personal Information Act, No 4 of 2013.
  26. **Processing**: Any operation or set of operations performed on Personal Information/Personal Data, whether automated or not, including collection, recording, organization, storage, modification, retrieval, dissemination, or destruction. The term “Process” has a corresponding meaning.
  27. **Regulator**: The Information Regulator established under POPIA.
  28. **Responsible Party**: In this Policy, Only Loans.
  29. **Services**: The financial brokerage services provided by Only Loans, as detailed on Only Loans’ Website.
  30. **Third-Party**: Any Customer(s), Data Subject(s), employees, business partners, independent contractors, agents, consultants, or users of Only Loans’ Services, Website, or any other digital application interface.
  31. **Unique Identifier**: Any identifier assigned to a Data Subject and used by the Responsible Party for its operations, uniquely identifying that data subject.
  32. **Website**: The website owned and operated by Only Loans.
  33. **Web Beacons**: Small graphic images, also known as “Internet tags” or “clear gifs,” used on Only Loans’ Website(s) and in email messages for various purposes, including visitor counting, navigation monitoring, and email tracking.

 

**INTRODUCTION**

 

  1. This Policy governs the Processing of Personal Information/Personal Data by Only Loans, outlining the requirements with which Only Loans commits to comply when processing such data in its operations and contractual obligations to Data Subjects and Third Parties.
  2. Only Loans prioritizes the privacy of every individual and organization it interacts with, ensuring Personal Information/Personal Data is handled with care and in compliance with POPIA and, where applicable, the GDPR.

 

When engaging with Only Loans, either physically or via digital/electronic interfaces like the Website, Data Subjects and Third Parties trust Only Loans to process their Personal Information/Personal Data responsibly, including the data of their dependents, beneficiaries, customers, members, or employees. This underscores the importance of Only Loans’ adherence to Applicable Laws concerning data Processing.

 

**PURPOSE AND APPLICATION**

 

  1. The Policy informs Data Subjects about what Personal Information/Personal Data Only Loans may process, the sources of such data, and how it is processed. It also establishes a compliance standard for Only Loans and its representatives regarding data Processing.
  2. As a Responsible Party, Operator, and Controller, Only Loans strives to comply with its obligations under POPIA and the GDPR when processing Personal Information/Personal Data from or about any Data Subject.

 

**COLLECTING & PROCESSING OF PERSONAL INFORMATION/PERSONAL DATA**

 

  1. Engagement with Only Loans, whether physically, electronically, or through its Services, facilities, or Website, involves the Processing of Data Subjects’ Personal Information/Personal Data.
  2. Only Loans may collect Personal Information/Personal Data from other sources and will inform Data Subjects through privacy notices. If a Data Subject shares their Personal Information/Personal Data with third parties, Only Loans is not responsible for any resulting loss.
  3. When a Data Subject provides Personal Information/Personal Data about another Third Party, Only Loans processes that information in line with this Policy and relevant privacy notices.
  4. Only Loans processes Personal Information/Personal Data primarily to facilitate Services delivery, manage business operations, maintain a legally compliant workplace, and safeguard the data it holds. Data Subjects providing such information may need to confirm their competence to consent.
  5. Only Loans is committed to processing Personal Information/Personal Data in a manner that respects privacy, retains accountability, and ensures Data Subject participation.
  6. Only Loans processes various types of Personal Information/Personal Data, including:

   – Full names

   – Identity numbers

   – Registration numbers

   – Financial and banking information

   – Income information

   – Credit history

   – Statutory information

   – Physical and postal addresses

   – Telephone numbers

   – Email addresses

   – Opinions and preferences

   – Employment information

   – Unique Identifiers

  1. Only Loans may also process Personal Information/Personal Data for purposes such as providing or managing requested information or Services, establishing needs and preferences, identifying Data Subjects, facilitating service delivery, securely storing data, maintaining records, recruitment, employment, general administration, legal and contractual compliance, health and safety, facility management, transactions with Third Parties, service quality improvement, transferring data to service providers, analysis and profiling, identifying additional services, research and development, and complying with Applicable Laws.
  2. Only Loans will notify Data Subjects of the purposes for data Processing in line with Section 18 of POPIA and, where applicable, Articles 13 and 14 of the GDPR.
  3. Only Loans collects and processes Personal Information/Personal Data in compliance with POPIA and the GDPR to protect Data Subjects’ privacy.
  4. Personal Information/Personal Data will not be processed for purposes other than those stated in this Policy or other privacy notices, unless legally permitted or required.
  5. Only Loans may use automated means for data Processing decisions without human intervention, as detailed in this Policy.

 

 

**Purpose and Application:**

 

The purpose of this policy is to inform data subjects about the personal information Only Loans may process, where it collects such data, and how it manages it. It also sets standards for compliance by Only Loans, its employees, and representatives regarding personal information processing.

 

Only Loans, acting as a responsible party and/or operator and/or controller, will strive to observe and comply with its obligations under POPIA and GDPR when processing personal information/data concerning any data subject.

 

**Collecting & Processing of Personal Information/Personal Data:**

 

When any data subject engages with Only Loans, whether physically or electronically, the company will process their personal information/data. Only Loans may sometimes collect a data subject’s personal information/data from other sources, in which case it will inform the data subject through privacy notices.

 

If a data subject provides Only Loans with the personal information of another third party, Only Loans will process that third party’s personal information/data in line with its policy and any related terms and conditions or privacy notices.

 

Only Loans will primarily process personal information/data to facilitate and enhance service delivery to its customers, manage and administer its business, ensure a legally compliant workplace, and safeguard the personal information/data it holds. Data subjects providing such information may need to confirm their competence and authority to give consent.

 

**Storage and Retention of Personal Information/Personal Data:**

 

Only Loans will retain processed personal information/data in electronic or hardcopy format with a third-party service provider appointed for this purpose. Personal information/data will be stored for as long as necessary to fulfill its legitimate purposes or as permitted or required by applicable law.

 

Failure to provide personal information/data required by Only Loans may result in the company declining to render services, with no liability to the data subject.

 

**Securing Personal Information/Personal Data:**

 

Only Loans will implement appropriate physical, organizational, contractual, and technological security measures to secure the integrity and confidentiality of personal information/data, in compliance with applicable laws. It will notify regulators and affected data subjects in case of a security breach.

 

However, Only Loans cannot guarantee the security or accuracy of information transmitted, and any transmission of personal information/data is at the data subject’s own risk.

 

**Provision of Personal Information/Personal Data to Third Parties:**

 

Only Loans may disclose personal information/data to third-party service providers as necessary to achieve the purposes for which it was collected and processed. Agreements will be made with these providers to ensure compliance with applicable laws.

 

**Transfer of Personal Information/Personal Data Outside of South Africa:**

 

Under certain circumstances, Only Loans may transfer personal information/data to jurisdictions outside of South Africa to achieve the intended purposes, subject to obtaining the data subject’s consent where required by law.

 

**Access to Personal Information/Personal Data:**

 

Data subjects have the right to access their personal information/data held by Only Loans, subject to limited exemptions provided under applicable law. Requests must be made in writing to the designated Information Officer.

 

**Keeping Personal Information/Personal Data Accurate:**

 

Only Loans will take reasonable steps to keep processed personal information/data updated where possible, providing data subjects with opportunities to update their information.

 

**Costs to Access Personal Information/Personal Data:**

 

Only Loans will charge a fee for providing copies of a data subject’s personal information/data.

 

**Complaints to the Information Regulator:**

 

Data subjects or third parties who believe Only Loans has processed their personal information/data contrary to policy may lodge a complaint with the Information Regulator under the provisions of POPIA if the matter cannot be resolved directly with Only Loans.

 

**Contacting Us:**

 

For any comments, questions, concerns, or complaints regarding personal information/data or this policy, they should be forwarded to Only Loans’ Information Officer at info@onlyloans.co.za.