MPOWA Finance Privacy and Personal
Information Protection Policy
| Version No. | Description | Author | Date |
|---|---|---|---|
| 1. | Draft of policy | Diyuti Mohanlal | March 2026 |
1. Introduction
1.1 This Privacy Policy explains how Mpowa Finance (Pty) Ltd (“Mpowa”, “we”, “us”, “our”) collects, processes, uses, discloses and protects personal information while providing financial services, including short-term and medium-term lending.
1.2 This Policy applies to all individuals interacting with Mpowa (Pty) Ltd in South Africa, including customers, prospective customers, employees, service providers, and other stakeholders.
1.3 We are committed to processing personal information lawfully, reasonably, and transparently, in accordance with applicable South African data protection legislation, including:
- Protection of Personal Information Act (“POPIA”); and
- Promotion of Access to Information Act (“PAIA”).
2. Personal Information We Collect
We collect and process personal information necessary to provide our financial services, including:
| Category | Types of Information | Purpose of Processing | Lawful Basis |
|---|---|---|---|
| Identity Information | Full name, date of birth, identification numbers | Identity verification (KYC), fraud prevention, customer onboarding | Contractual necessity; Legal obligation; Legitimate interest |
| Contact Information | Residential and postal address; Email address and telephone numbers | Customer communication, account management, regulatory notifications | Contractual necessity; Legitimate interest |
| Financial Information | Income, expenses, assets and liabilities; Banking details and transactional data | Affordability assessments, credit risk analysis, loan servicing | Contractual necessity; Legal obligation; Legitimate interest |
| Credit Information | Credit history and repayment behaviour; Credit scores and reports | Creditworthiness assessments, responsible lending, risk management | Contractual necessity; Legal obligation (credit laws); Legitimate interest |
| Employment Information | Employer details, job title and income | Income verification, affordability assessment | Contractual necessity; Legitimate interest |
| Technical Information | IP address, device information; Website usage data and cookies | Platform security, fraud detection, analytics, service optimisation | Legitimate interest; Consent (for cookies where required) |
| Sensitive Information | Special personal information (only where applicable) | Compliance with legal obligations or specific service requirements | Explicit consent; Legal obligation |
3. How We Collect Information
3.1 We collect personal information:
- Directly from you (applications, forms, communications)
- From third parties (credit bureaus, financial institutions, identity verification providers)
- Automatically through our digital platforms
4. Purpose Of Processing
4.1 We process personal information strictly for legitimate business purposes, including:
- Assessing creditworthiness and affordability
- Verifying identity and preventing fraud
- Providing and managing loan products
- Conducting collections and debt recovery
- Meeting legal and regulatory obligations
- Improving our services and customer experience
5. Disclosure Of Personal Information
5.1 We may disclose personal information to:
- Credit reporting bodies and credit providers
- Service providers (IT, cloud, analytics, payment processors)
- Debt collection agencies
- Regulators, courts, and law enforcement
All disclosures are limited to what is necessary and subject to appropriate safeguards.
6. Cross-Border Data Transfers
6.1 Personal information may be transferred outside the Republic of South Africa where necessary for operational purposes.
6.2 Such transfers will only occur where:
- The recipient is subject to laws, binding agreements, or corporate rules providing an adequate level of protection; or
- Appropriate safeguards are implemented in accordance with POPIA.
7. Data Retention
7.1 We retain personal information only for as long as necessary to:
- Fulfil the purposes outlined in this Policy
- Comply with legal, regulatory, and operational requirements
Retention periods vary depending on the nature of the information and applicable legal obligations.
8. Data Security
8.1 We implement appropriate technical and organisational measures to protect personal information, including:
- Encryption and secure systems
- Access controls and authentication
- Monitoring and incident response processes
9. Data Breach Management
9.1 We maintain procedures to detect, investigate and respond to data breaches. Where required by law, we will notify affected individuals and relevant regulators.
10. Direct Marketing
10.1 We may use personal information to provide information about our products and services.
10.2 You may opt out of marketing communications at any time by:
- Using unsubscribe mechanisms
- Contacting us directly
10.3 We will only engage in marketing practices where permitted by law.
11. Automated Decision-Making
11.1 We may use automated systems, including credit scoring models, to assess loan applications.
11.2 You may request further information about such decisions and, where applicable, request manual review.
12. Your Rights
12.1 You may have the right to:
- Access your personal information
- Request correction of inaccurate data
- Object to or restrict certain processing
- Withdraw consent (where processing is based on consent)
- Lodge complaints with relevant regulators
12.2 Specific rights are detailed in the applicable jurisdictional schedules.
13. Access To Information (PAIA)
13.1 Requests for access to records must be made in accordance with PAIA.
13.2 We maintain a PAIA Manual, which is available upon request.
14. Complaints
14.1 If you have concerns about how your personal information is handled, you may contact us.
14.2 If unresolved, complaints may be escalated to the Information Regulator of South Africa.
15. Governance And Updates
- Policy Owner: Head of Legal & Compliance
- Approval: Board
- Review Cycle: Annual
We may update this Policy from time to time. The latest version will be made available through our official channels.
16. Regulatory Contact Details
For all queries, requests, or complaints regarding the processing of personal or credit information, you may contact our designated officers as follows:
Information Officer
Diyuti Mohanlal
[email protected]
0861 228 228
410 Jan Smuts Avenue, Craighall Park, Randburg, Unit 6 Burnside Island Office Park, Johannesburg, Gauteng