Privacy Policy South Africa
Last Updated: 2025, September 03
At Zazu, we take your privacy seriously and are committed to safeguarding the personal data you provide us. This Privacy Policy explains what data we collect, how we use it, and the rights you have concerning your information.
Preamble
Zazu SA (pty) Ltd., in collaboration with its licensed partner (a local bank in South Africa) places high importance on the protection of personal information (“Personal Information”) of its Clients, Users, and all data subjects. This Policy explains clearly and transparently how such Personal Information is collected, processed, secured, and used.
This Policy forms an integral part of the General Terms of Use. Terms defined therein have the same meaning here.
Personal Information Collected & Purposes
2.1 Categories
Identification data: first name, surname, company name, registration number, national ID/passport, KYC/KYB documents.
Contact data: email address, phone number, business/postal address.
Transactional data: transfer history, payments, invoices, balances, account details.
Connection and browsing data: IP address, browser type, device information, logs, cookies (functional, analytical).
Optional data: account preferences, business data (via financial tools), feedback.
2.2 Purposes of Processing
Personal Information is used for:
Performance of the contract and provision of services (account opening and management, payments, cards, invoicing).
Compliance with legal obligations under South African law (POPIA, Financial Intelligence Centre Act (FIC Act), FSCA and SARB directives, tax law).
Internal security and fraud prevention.
Incident management, support, and complaints.
Product improvement (analysis, feedback, statistics).
Marketing, only with explicit consent (newsletters, offers, events).
Legal Bases
Processing of Personal Information is based on:
Performance of the contract with the Client.
Compliance with legal and regulatory obligations (e.g. FIC Act, FSCA and SARB requirements, tax obligations).
Client consent (particularly for marketing activities).
Zazu’s legitimate interests (security, fraud prevention, service quality).
Retention Periods
Contractual and transactional data: up to 5 years after termination of the client relationship, or longer where legally required (e.g. FIC Act record-keeping).
Analytical cookies: maximum 14 months depending on purpose.
Marketing/prospecting data: 2 years after the last contact or until withdrawal of consent.
Archived data required by law: retained as prescribed by legislation (e.g. SARS, FSCA).
Security & Confidentiality
Zazu applies robust technical and organisational measures, including:
SSL/TLS encryption of communications, secure cloud hosting, firewalls, multi-factor authentication, regular penetration testing.
Strict access controls — only authorised employees bound by confidentiality may access Personal Information.
Secure transfers to third-party service providers, subject to compliance with POPIA.
Sharing of Personal Information
Zazu may share Personal Information with:
Internal departments (support, finance, development, compliance).
Technical service providers (hosting, analytics, messaging, fraud detection) under contracts ensuring POPIA compliance.
Legal or regulatory authorities (Financial Intelligence Centre, FSCA, SARB, SARS) when required.
Potential acquirers (in case of merger or sale), in line with POPIA.
If Personal Information is transferred outside South Africa, such transfers will occur only with adequate safeguards in compliance with POPIA.
Your Rights & How to Exercise Them
Under POPIA, you have the right to:
Access your Personal Information.
Request correction, deletion, or destruction of Personal Information.
Object to processing under certain circumstances.
Withdraw consent (where processing is based on consent).
To exercise your rights, please contact us at:
Email: data-request@get-zazu.com
Postal address: Zazu SA (Pty) Ltd – DPO, 11 Francolin Street, Franschhoek, Western Cape, 7690, South Africa.
We aim to respond within 30 days, or up to 60 days where requests are complex.
Cookies & Similar Technologies
Zazu uses cookies for analytical purposes to improve the user experience and optimise the platform. Duration is limited to 14 months. Users may disable or block cookies in their browser settings.
Supervision & Policy Updates
This Policy is published online and may be updated to reflect regulatory or technical developments. Users should consult it regularly. Updates will be visible on our site/app.
Internal Governance
Zazu has appointed a Data Protection Officer (DPO) for South Africa to oversee POPIA compliance. Any suspected breach of Personal Information may be reported to the Information Regulator (justice.gov.za)
Contact & Complaints
For questions or complaints regarding this Policy:
Email: data-request@get-zazu.com
Post: DPO – Zazu SA (Pty) Ltd, 11 Francolin Street, Franschhoek, Western Cape, 7690.
If unresolved, you may escalate the complaint to the Information Regulator of South Africa.