AGREEMENT REGULATING ACCESS, PROCESSING & STORAGE PERSONAL INFORMATION
IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT (“POPIA”)

In this agreement, the following words bear the meanings associated with them below:
“Personal Information” means information relating to an identifiable, living, natural person, including:
1) Financial information related to a person, including information provided by the Customer, or information
obtained from a Credit Bureaux or from CIPC (the Companies and Intellectual Property Commission);
2) Any identifying number, symbol, email address, physical address, telephone number, location information,
online identifier or other particular assignment to the person; and/or
3) The name of the person if it appears with other personal information relating to the person or if the disclosure
of the name itself would reveal information about that person.
“Data Subject” means each director of the Customer and each shareholder of the Company that is a natural
person.
WHEREAS:
In the course of the Company’s customer verification and credit vetting processes, the Company will collect and
process Personal Information related to Data Subjects.
The Company is committed to ensuring that any processing of Personal Information related to Data Subjects is
limited to the express purposes of opening and management of an account for the Customer and that such
processing is compliant with POPIA.

IT IS HEREBY AGREED THAT:

The Customer consents to the Company:
a. performing a credit search on the Customer’s record, as well as the record of Data Subjects, with
one or more of the registered Credit Bureaux when assessing the Customer’s Application for Credit
(and at any other time in the Company’s discretion);
b. recording the existence of the Customer’s account with any Credit Bureau; and/or
c. recording and transmitting details of how the Customer has performed and how the account is
conducted by the Customer in meeting its obligations on the account, including to a Credit Bureaux
and the Company’s credit insurers.

The Customer acknowledges and agrees that any information regarding its credit worthiness, defaults in
payment to the Company, and details of it account with the Company is conducted may be disclosed to
any other creditor of the Customer or any registered Credit Bureaux, after 21 (twenty-one) days’ notice
having been given to the Customer.

The Customer consents to the collection, processing and storage of Personal Information by the Company
related to Data Subjects, for the purposes of both the opening and ongoing management of a customer
account.

The Customer warrants and represents that:
a. it has concluded a contract with each Data Subject; and that in terms of such contract, the Customer
has obtained the consent from such person to the processing of Personal Information by suppliers
in the credit vetting process; and
b. the processing of Personal Information by the Company is necessary for the legitimate interests of
the Company in the Company’s credit vetting process.

The Customer warrants that all Personal Information supplied to the Company is accurate, up to date, is
not misleading and that it is complete in all respects.

The Customer undertakes to immediately advise the Company of any changes to the relevant Personal
Information of a Data Subject, but not limited to, a change of ownership or control in the Customer.

The Company undertakes:
a. to act in accordance with POPIA in relation to the collection, processing and storing of Personal
Information related to the Customer. The processing of Personal Information by the Company will be
limited to the purposes set out herein and will not be excessive;
b. not to disclose the Customer’s Personal Information unless it is legally or contractually required or
for its legitimate business purposes; and
c. to use reasonable efforts in order to ensure that Personal Information related to Data Subjects in its
possession or processed on its behalf is:
i. kept confidential;
ii. stored in a secure manner; and
iii. processed in terms of the provisions of POPIA, and, for the purposes for which the Company
has been authorized;
d. to take reasonable steps to identify risks associated with the processing of the Customer’s
information and establish safeguards against any such identified risks; and
e. to take reasonable steps to ensure that the Customer is notified in the event of a breach of the
confidentiality of the Customers Personal Information.

The Customer has a right to lodge a complaint with the information Regulator if the Customer if it is of the
view that its rights in terms of POPIA have been breached. The contact details of the information Regulator
are:
• Telephone Number: 012 406 4818.
• Address: 33 Hoofd Street Forum II, 3rd Floor Braampark, Johannesburg, 2001.
• E-mail Address: complaints.IR@justice.gov.za / inforg@justice.gov.za.