This Data Privacy & Processing Policy explains how Eunifin (Pty) Ltd t/a Republik (”Republik”) collects, processes, stores, uses, and protects personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and applicable South African laws and regulatory requirements. This policy applies to all users of Republik’s products and services, including wallet services, lending products, digital platforms, and any related services.
Personal information refers to any information that identifies you or specifically relates to you. Personal information that we may process includes, but is not limited to:
• Your name and surname;
• Company name and registration number (where applicable);
• Financial history, including income, expenses, obligations, assets, liabilities, lending and repaymentbehaviour;
• Demographic information such as marital status, national origin, age, language, education, and employmentor gig-work activity;
• Identifying numbers such as identity numbers, passport numbers, account numbers, or wallet identifiers;
• Contact details including email address, physical address, and telephone number;
• Banking, wallet usage, transaction behaviour, spending patterns, and money management behaviour.
A juristic person (such as a company, trust, or association) may also have personal information protected in law. Republik may process personal information relating to directors, officers, employees, shareholders, members, representatives, guarantors, sureties, spouses of sureties, and other related persons (“Related Persons”).
If you provide personal information about a Related Person, you warrant that such person is aware of and has consented to the sharing of their personal information with us. References to “you” in this policy include Related Persons where applicable.
• Assess and process applications to use our services;
• Facilitate account and wallet creation and user authentication;
• Verify identity and perform KYC, AML, and PEP screening where required;
• Manage and maintain user accounts and wallets;
• Communicate with you and carry out your instructions;
• Respond to enquiries, complaints, and support requests;
• Enforce agreements where contractual obligations are breached;
• Comply with record-keeping, regulatory, and legal obligations;
• Conduct operational, behavioural, and risk assessments;
• Perform research, analytics, and service improvement initiatives;
• Conduct marketing and customer engagement activities (subject to consent);
• Comply with applicable legal and regulatory requirements;
• Any other lawful purposes related to the provision of our services. If you do not provide personal information required for legal or regulatory compliance, we may be unable to provide certain services to you.
• Our legitimate business interests;
• To enable you to access and use our website, mobile application, wallets, and services;
• To enter into and perform contractual relationships with you;
• To comply with legal, regulatory, and supervisory obligations. This policy is governed by the laws of the Republic of South Africa, and you agree to submit to the jurisdiction of South African courts.Â
• You directly;
• Public sources such as company registers, public databases, or online platforms;
• Technology-based interactions, including use of our website, app, and digital services;
• Third parties we engage with to conduct our business, including partners, service providers, credit bureaux,regulators, government departments, and gig-platform partners (where applicable).
• The law requires us to retain it;
• A contractual relationship requires retention;
• You have consented to retention;• It is required to fulfil the purposes outlined in this policy;
• It is required for lawful business, statistical, or research purposes.
We may retain personal information after termination of our relationship where permitted or required by law, even if deletion is requested.Â
We may use your personal information to market our products or services to you. You may opt out of marketing communications at any time by contacting us or using available opt-out mechanisms.
We may use automated decision-making processes, including credit assessments, affordability checks, and application approvals or declines. You have the right to query automated decisions and request explanations, where reasonably possible
We take reasonable technical and organisational measures to safeguard personal information against loss, misuse, unauthorised access, or disclosure. These include access controls, secure systems, and confidentiality obligations imposed on employees and service providers. While we strive to protect information transmitted via digital platforms, no transmission over the internet is entirely secure, and we cannot guarantee absolute security.
We may use personal information to:
• Provide and improve our services;
• Manage user accounts and wallets;
• Respond to queries and support requests;
• Notify users of service changes;
• Conduct analytics and operational monitoring;
• Comply with legal and regulatory requirements.
We may share personal information with third-party service providers strictly for lawful business purposes. We do not disclose personal information without consent unless required by law, court order, public interest, or to protect our rights.
• SAVA, as a regulated Financial Services Provider and fintech partner involved in the provision of certainservices;
• Access Bank, as a regulated Financial Services Provider and banking partner supporting wallet and relatedfinancial services;
• Licensed third-party service providers, including technology providers, cloud hosting providers, KYC/AMLservice providers, credit assessment partners, and customer support service providers;
• Payment networks, settlement systems, and fraud prevention entities;
• Regulatory and supervisory authorities, including the FSCA, SARB, FIC, and the Information Regulator.
Republik does not sell personal information. Personal information is only shared to the extent necessary and in line with lawful purposes, confidentiality obligations, and appropriate safeguards to ensure the protection of such information.Â
Where personal information is shared with third parties, Republik takes reasonable steps to ensure that such parties are contractually bound to process personal information in a manner that is consistent with this policy and applicable data protection laws.Â
• Access your personal information;
• Request correction or updating of inaccurate information;
• Object to processing on reasonable grounds;
• Withdraw consent where processing is based on consent;
• Request deletion of personal information where permitted by law;
• Lodge a complaint with the Information Regulator.
Information Regulator (South Africa)Â JD House,
27 Stiemens Street Braamfontein, Johannesburg,
2001Â Tel: +27 (0)10 023 5200Â Email: enquiries@inforegulator.org.za
This policy is reviewed regularly. Any changes will be published on our website or communicated through appropriate channels. We reserve the right to amend this policy from time to time.Â