1) Who we are

 

Fintec Group (Pty) Ltd (“Fintec”, “we”, “our”, “us”) provides compliance, accounting, tax, payroll, and advisory services to South African SMEs, including assistance with SARS, CIPC, and POPIA compliance.

We are committed to protecting your personal information and processing it lawfully, fairly, and transparently.

This Privacy Policy explains how we collect, use, disclose, secure, and retain personal information in line with the Protection of Personal Information Act, 4 of 2013 (POPIA) and, where relevant, other applicable laws.

 

2) Scope

 

This policy applies to:

• Visitors to our website [fintecgroup.co.za] and any microsites or forms we host (e.g., Microsoft Forms).
• Prospective and existing clients, suppliers, and partners.
• Individuals whose information we process as part of our services (e.g., directors, employees, beneficiaries, or representatives of our clients).

 

3) Personal information we collect

 

We may collect and process the following categories:

• Identity & contact data
• Full name, ID/passport number, company registration details, addresses, email, phone, demographic info.
• Financial & tax data
• Bank details, payroll info, tax numbers, tax returns, VAT status, financial statements, invoices, SARS and CIPC correspondence.
• Compliance & regulatory data
• KYC/AML information, beneficial ownership, CIPC annual returns, compliance assessments, POPIA/PAIA documentation.
• Employment & HR data (where relevant)
• Employment contracts, remuneration, attendance, leave records for payroll services.
• Technical & usage data
• IP address, device/browser type, pages visited, referring URLs, cookies and tracking (see Cookies section).
• Communications & submissions
• Emails, call notes, chat/WhatsApp messages, form submissions, uploaded files (e.g., via Microsoft Forms/SharePoint).
• Special personal information
• We generally do not collect special personal info (e.g., health, biometrics). If required for a lawful purpose (e.g., workplace injury for payroll/statutory reporting), we will process it strictly in accordance with POPIA.

 

4) How we collect personal information

 

Directly from you: via engagement letters, onboarding forms, emails, calls, meetings, document uploads, and website forms.

From third parties: SARS, CIPC, banks, service providers, or publicly available sources (e.g., CIPC registers) where lawful and necessary.

Automatically: via cookies and analytics on our website.

 

5) Why we process your information (purposes)

 

We process personal information to:

Provide compliance, accounting, payroll, tax, and advisory services.

Prepare and submit filings (e.g., SARS returns, VAT201s, EMP201s, EMP501s, tax directives; CIPC annual returns).

Conduct KYC/AML checks and verify identity or authorisations.

Manage client relationships, proposals, engagement letters, billing, and collections.

Operate and improve our website, forms, portals, and digital workflows (Microsoft 365, SharePoint, Power Automate).

Communicate with you, respond to enquiries, and send service-related updates.

Perform internal audits, quality assurance, risk management, and legal/regulatory compliance.

Establish, exercise, or defend legal claims.

With consent, share newsletters or marketing about our services (you can opt out at any time).

 

6) Lawful bases for processing (POPIA)

 

Depending on the context, we rely on:

Consent (e.g., marketing communications).

Contractual necessity (to deliver services you have engaged us to perform).

Legal obligation (e.g., tax laws, Companies Act, FICA/AML obligations, recordkeeping).

Legitimate interests (e.g., improving services, preventing fraud, securing systems), balanced against your rights.

 

7) Cookies, analytics & tracking

 

We use cookies and similar technologies to:

Operate and secure the site.

Remember preferences and improve your experience.

Understand usage via analytics (e.g., page performance, traffic sources).

You can manage cookie preferences in your browser settings. Disabling some cookies may affect site functionality. If we use third‑party analytics tools, they may process technical data subject to their own privacy terms.

 

8) Sharing and disclosure

 

We may share personal information with:

Regulators and authorities: SARS, CIPC, Department of Labour, UIF, Compensation Fund, and other statutory bodies when required.

Service providers & operators: secure IT hosts (e.g., Microsoft 365), tax and accounting software vendors, couriers, and professional advisors bound by confidentiality and POPIA‑compliant processing agreements.

Banks & payment platforms: for payroll and payments where you instruct us.

Professional bodies: where required for accreditation or compliance.

Legal and dispute resolution: attorneys, insurers, or courts in connection with claims or compliance.

We do not sell personal data. We only disclose what is necessary for the stated purposes and with appropriate safeguards.

 

9) Cross‑border transfers

 

Your data may be stored or processed in data centres outside South Africa (e.g., Microsoft 365 regional cloud infrastructure). Where cross‑border transfers occur, we ensure they comply with POPIA—either by transferring to jurisdictions with adequate protection or by putting appropriate contractual safeguards in place.

 

10) Security

 

We implement organisational and technical measures appropriate to the sensitivity of the information, including:

Role‑based access controls and least‑privilege permissions.

Secure identity/authentication (e.g., Multi‑Factor Authentication where available).

Encrypted storage and transmission where feasible.

Audit trails and logging on our Microsoft 365 environment.

Staff confidentiality obligations and training.

Vendor due diligence and operator agreements.

No system is 100% secure. If we become aware of a data breach affecting you, we will notify you and the Information Regulator where required.

 

11) Data retention

 

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, tax, and regulatory obligations (e.g., statutory record retention). Where ongoing services are provided, records may be retained for operational continuity and compliance. When no longer required, we securely delete or anonymise records.

 

12) Your rights (POPIA)

 

Subject to applicable law, you have the right to:

Access your personal information we hold.

Request correction or deletion (where lawful).

Object to or restrict processing in certain circumstances.

Withdraw consent (where consent is the lawful basis).

Submit a complaint to the Information Regulator.

We may need to verify your identity and understand the scope of your request before acting. Some requests may be limited by legal retention or regulatory requirements.

 

13) How to exercise your rights / make requests

 

Email: rventer@fintecgroup.co.za

Phone: +27 64 584 3869

Subject line: “POPIA Request – [Your Name]”
Please describe your request clearly (e.g., access, correction, deletion, objection). We aim to respond within a reasonable period in accordance with POPIA.

 

14) Marketing communications

 

We may send updates about compliance deadlines, services, or content relevant to SMEs. You can opt out at any time by following the unsubscribe link or contacting us.

 

15) Children’s information

 

Our services are intended for adults and businesses. We do not knowingly collect personal information from children.

 

16) Links and third‑party services

 

Our website may contain links to third‑party sites or tools. Those parties have their own privacy practices; please review their policies.

 

17) Updates to this Policy

 

We may update this Privacy Policy from time to time. The latest version will always be available on our website with an updated effective date.

 

18) Information Regulator (South Africa)

 

If you believe your privacy rights have been infringed, you may lodge a complaint with the Information Regulator:
Website: https://inforegulator.org.za
Email (PAIA/POPIA complaints): complaints.IR@justice.gov.za

 

19) Responsible party & operator details

 

Responsible Party: Fintec Group (Pty) Ltd
Operators: Selected service providers who process information on our behalf (e.g., Microsoft 365, cloud hosting, accounting/tax software). We require operators to implement appropriate security and comply with POPIA.

 

20) Contact

 

Questions or concerns about this policy?
Email: rventer@fintecgroup.co.za
Phone: +27 64 584 3869