Tyme Bank Limited (‘TymeBank’), trading as TymeBank, provides banking and financial services. This policy explains how your personal information is handled by TymeBank. “Tyme Group” means TymeBank and any other entity or entities that control TymeBank or that may be controlled by TymeBank.

We protect your information and always aim to be clear and open about what we do with your personal information. We undertake to process your information lawfully and in a manner that does not infringe your privacy. Your personal information will only be processed for reasons set out herein. We follow general principles in accordance with applicable privacy laws.

We understand that your privacy is important to you and we value your trust. That’s why we do everything we can to keep your information safe. This policy explains how we collect, use and safeguard the personal information you give us, and also includes:

• our policy on the handling of credit reports and other credit information.
• key information about credit reporting matters (see Section 8, below).

In this policy “process” means how we collect, use, store, make available, destroy, update, disclose, or otherwise deal with your personal information. As a general rule, we will only process your personal information if this is required when offering or delivering a product or service to you. We respect your privacy and will treat your personal information as confidential information.

Where we refer to “customer” in this policy, it also includes potential customers who have provided us with their personal information upon application for a product or service.
We may connect your personal information with other personal information obtained from third parties or public records and may use the combined personal information for any of the purposes stated in this policy.

In terms of applicable privacy laws, this policy will also apply to personal information processed on our behalf by third parties (such as authorised agents and contractors).
You should read this policy carefully as it may limit your rights.

NOTE: The processing of your personal information may be conducted outside the borders of South Africa. This policy will apply to the processing of personal information by us in any country. Your personal information will be processed according to the requirements and safeguards of applicable privacy law or privacy rules that bind us.

We update our privacy policy periodically. The most up-to-date version can be found on the TymeBank website at www.tymebank.co.za and applies to all customer interactions with us.

Where a change to this policy is material, we will notify customers and will allow a reasonable period for customers to raise any objections before the change is made. Please note that we may not be able to continue a relationship with a customer or provide customers with certain products or services if they do not agree to the changes.

Tyme Bank Limited
2nd floor
30 Jellicoe Avenue
Rosebank
Johannesburg
2196
Email: [email protected]
Tel: 087 286 8833

When you use a product or service of any of our alternative service providers/third-party solution providers or alliance partners, the responsible party will be the organisation with whom the customer engages to take up the solution, acting jointly with us. It will be clear to the customer from the customer agreement they enter into in respect of the product or service, who the responsible party is. This policy also applies in respect of personal information processed by such alternative service providers/third-party solution providers or alliance partners in respect of the product or service chosen by the customer and provided by us in conjunction with our alternative service provider/third-party solution providers or alliance partners.

Our online platform/s (for example our website or app) may contain links to and from the online platforms of our partner networks, advertisers, and/or affiliates. If you follow a link to any of these platforms, please note that they may have their own privacy policies. We do not accept responsibility or liability for these policies. Please check these policies before you submit any personal information to these platforms.

Personal information means any information that identifies you (information of a natural or a juristic person) or specifically relates to you.

We collect information about you when you use our products or services, or when you interact with us. We may also gather information about you from your devices, other people and organisations.

We collect your personal information:

• when you contact us – to apply for our products or services, give us feedback or make a complaint, for example;
• when you use our products or services – such as when you use your debit or credit card, pay a bill or transfer money;
• when you visit our website, kiosks, or use our mobile apps;
• when you engage with us on social media and through emails, letters, telephone calls and surveys;
• from public sources (such as newspapers, company registers, online search engines, public posts on social media);
• at the start of, and for the duration of your relationship with us. We may also process your personal information when your relationship with us has ended;
• from third parties that we interact with for the purpose of conducting our business (such as partners, reward partners, list providers, credit bureaux, regulators and government departments or service providers).

The information we collect and process may include the following personal information:

• Details about your identity – including, but not limited to, your name, surname, identity number, address, date of birth, gender, title and marital status.
• Race (for statistical purposes as required by law).
• Business’ name, postal-, physical- and email address, business type (e.g. company, close corporation, partnership, trust, sole proprietor etc.), business industry, nature of business, registration number, the date the business was started, the business’ bank and routing number and bank account number, bank statements and other financial information about your business, confirmation of your or anyone else’s authorization to act on behalf of a business or a customer.
• Information about the directors, shareholders or members where you represent a juristic person, or partners, trustees and beneficiaries where you represent a partnership or a trust, including their names and other personal information about them as already mentioned in this section.
• Contact details, such as your email address, telephone number, physical address, residential address, work address.
• Cookies and information about the devices you use to interact with us.
• Biometric information, (e.g. fingerprints, signature, voice- and facial recognition) to establish and / or verify your identity.
• Your tax number and tax residency status.
• Financial and transaction information.
• Your location information (e.g. geolocation or GPS location), IP address and any third-party sites you access when visiting our website, kiosks or using our mobile apps.
• Other personal information, such as details of your interactions with us.
• Nationality; age; language; education.
• Financial information (e.g. income, expenses, assets and liabilities, money management behaviour or goals and needs, based on amongst others, account transactions, including banking account information provided to us).
• Criminal history.
• Identifying number/s (e.g. account number, passport number, registration number, VAT number).
• Online and other unique identifiers (these are numbers assigned to you that uniquely identify you in relation to us or in relation to any third party that processes personal information about you).
• Social media profiles.
• Physical health, mental health, wellbeing, disability, religion, belief, conscience, and culture.
• Medical history (e.g. HIV/AIDS status).
• Personal views, preferences and opinions.
• Confidential correspondence; and
• Another’s views or opinions about you.

What Is Special Personal Information?

There is also a category of personal information called special personal information, which includes the following personal information about you (as referred to in the Protection of Personal Information Act, 4 of 2013 as amended):

• biometric information
• race or ethnic origin
• political beliefs/persuasion
• trade union membership
• religious or philosophical beliefs
• health or sex life, including physical or mental health, disability and medical history;
• criminal behaviour, to the extent that such information relates to the alleged commission of an offence or any proceedings in respect of any offence allegedly committed by you.

Where we do process Special Personal Information, we will always ensure compliance with the requirements that are specifically applicable thereto in terms of the Protection of Personal Information Act, 4 of 2013.

Information we collect from others:

If the law requires us to do so, we will ask for your consent before collecting personal information about you from third parties.

The third parties (which may include parties we engage with as independent responsible parties, joint responsible parties or operators) from whom we may collect information about you, include, but are not limited to:

• appointed third parties (such as its authorised agents, partners, contractors, alternative service providers, third-party solution providers and suppliers) for any of the purposes identified in this policy;
• Service providers;
• Agents;
• Advisers;
• Employers;
• Companies or bodies that you own shares in or have an interest in (members of the company, any connected companies, subsidiary companies, its associates, cessionaries, delegates, assignees, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this policy);
• Business partners, including joint venture partners, retailers, loyalty and rewards programmes;
• Other financial services providers, payment processing service providers, customer, card scheme providers and credit bureaux;
• Government departments, regulatory authorities, ombuds, tax authorities, courts of law or tribunals, law enforcement and fraud prevention agencies;
• Marketing list providers;
• Attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements;
• Payment processing services providers, customers, banks and other persons that assist with the processing of your payment instructions, such as card scheme providers (i.e. VISA);
• Law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime;
• Qualification information providers;
• Trustees, executors or curators appointed by a court of law;
• Courts of law or dispute resolution tribunals;
• Our retail partners;
• Social media platforms;
• Online search engine providers

For example, if you apply for credit, we may ask a credit reporting body for your credit report. We may also collect information about you that is publicly available (in public registers or on social media, for example) or provided by businesses that we deal with.

We are very careful about how we use your information. We primarily use it to deliver our products and services. We also use your information for other reasons – to ensure compliance with legislation, to better understand you and your needs, and to inform you about other products and services you might be interested in.

We may process your personal information for lawful purposes relating to our business if the following circumstances apply:

o it is necessary to conclude a contract or perform under a contract entered into with you;
o to provide a product or service to you;
o if the law requires or permits it;
o to protect or pursue your, our or a third party’s legitimate interest;
o if you have consented to us processing your personal information;
o if a person legally authorised by you, the law or a court, has consented to us processing your personal information;
o if the customer is a child and a competent person (such as a parent or guardian) has consented to us processing personal information on your behalf, unless an approved code of conduct exempts us from asking consent in these circumstances.

We may collect and process your personal information for the reasons outlined below:

Contract: We may process your personal information if it is necessary to conclude or perform under a contract entered into with you in respect of a product or service, for example:

• to assess and process applications for products or services;
• to conduct affordability assessments;
• to design, manage, price and provide our products and services;
• to open, manage and maintain your profiles and relationships with us;
• to enable us to provide relevant information to you;
• to communicate with you and carry out your instructions and requests;
• to respond to your enquiries and complaints;
• to enforce and collect on any agreement when you are in default or breach of the terms of the agreement, tracing you, and to institute legal proceedings against you. In such scenario we may aggregate the contact details provided to any of the companies in the Tyme Group to determine your most accurate contact details in order to enforce or collect on any agreement you have with us;
• to disclose and obtain personal information to or from credit bureaux regarding your credit history and to meet record-keeping obligations;
• to conduct market and behavioural research, including evaluation and analysis to determine if you qualify for products or services, or to determine your credit and fraud risk;
• to enable you to participate in and make use of value-added products or services;
• for customer satisfaction surveys, promotional and other competitions;
• for security and identity verification, and to check the accuracy of your personal information;
• for any other related purposes.

Law: We may process your personal information if the law requires or permits it, for example:

• to comply with legislative, regulatory, risk and compliance requirements (including directives, sanctions and rules);
• to comply with voluntary and compulsory codes of conduct and industry agreements;
• to fulfil reporting requirements and information requests, including submitting tax-related information to tax authorities;
• to process and settle transactions;
• to meet record-keeping obligations;
• to minimise risks, detect, prevent, investigate and report theft, fraud, money laundering, corruption and other illegal activities or crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when opening an account with us;
• to develop fraud models and fraud tools;

Legitimate interest:

• We may process your personal information in the daily management of our business and finances to protect our customers, employees, service providers and assets.
• We may process your personal information to provide you with the most appropriate products and services and to develop and improve our products and services and our business.
• We may process your personal information if it is required to protect or pursue the customer’s, our or a third party’s legitimate interest. This includes:

o to develop, implement, monitor and improve our business processes, policies and systems;
o to manage business continuity and emergencies;
o to protect and enforce our rights and remedies in the law;
o to develop, test and improve solutions for customers, this may include connecting your personal information with other personal information obtained from third parties or public records to better understand customer needs and develop solutions that meet your needs. We may also consider customer actions, behaviour, preferences, expectations, feedback and financial history;
o tailoring products and services which would include consideration of your use of third-party products and/or services;
o to provide information about the products and services we offer directly or through partners;
o to market our products and services including products and services of our alliance partners, to customers via various means including on our and other websites, mobile apps and social media;
o to respond to customer enquiries and communications including the recording of engagements and analysing the quality of our engagements with you;
o to respond to complaints including analytics of complaints to understand trends and prevent future complaints and provide compensation where appropriate;
o to process and settle transactions;
o to meet record-keeping obligations;
o to fulfil reporting requirements and information requests;
o to comply with voluntary and compulsory codes of conduct and industry agreements;
o to detect, prevent and report theft, fraud, money laundering, corruption and other crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when opening an account with us. This may also include the monitoring of our buildings including CCTV cameras and access control;
o to conduct market and behavioural research, including scoring and analysis to determine if you qualify for products and services, or to determine your fraud and credit risk;
o for statistical purposes, such as market segmentation or customer segments (that is placing customers in groups with similar customers based on their personal information);
o for customer satisfaction surveys, promotional and other competitions;
o to disclose and obtain personal information from credit bureaux regarding your credit history;
o for any other related purposes. At the time that we collect personal information from you, we will have a lawful reason or purpose to collect that personal information. We may use that same personal information for other purposes. We will only do this where the law allows us to, and where the purpose of further processing is compatible with the original purpose(s) when we collected your personal information.

• Consent: Generally, we do not rely on consent as a legal basis for processing your personal information, although you are entitled to object to the processing of your personal information where we are relying on a legitimate interest and where you feel it impacts on your fundamental rights and freedoms. We may need to request your specific consent for the processing of special personal information, subject to certain exceptions under applicable law.

When Will We Process Customers’ Special Personal Information?

We may process your special personal information in the following circumstances, among others:

• if the processing is needed to create, use or protect a right or obligation in law, including the processing of personal information relating to;

o Criminal behaviour, to the extent that such information relates to the alleged commission of an offence, or any proceedings in respect of any offence allegedly committed by you (e.g. used to prevent money laundering as required by law, or when entering into a business relationship with us);
o Biometric information (e.g. to establish or verify your identity when entering premises);

• if the processing is for statistical or research purposes, and all legal conditions are met;
• if the special personal information was made public by the customer;
• if racial information is processed and the processing is required and essential to identify you;
• if you have consented to the processing.

How do we use customers’ personal information for marketing?

We also collect and use your information to tell you about products or services we think you might be interested in, which might also include non-banking or non-financial products and services, including co-branded products and services with our business partners. To do this, we may contact you via:

• Email
• Phone
• SMS
• WhatsApp
• Social media
• Advertising through our apps, websites, USSD, or third-party websites
• In person

TymeBank also collects customer data to share it with our business partners for example, loyalty programme partners, product distributors and co-branded product partners for marketing purposes.

If you are not our customer, or in any other instances where the law requires, we will only market to you by electronic communications with your consent. In all cases, you can request us to stop sending marketing communications to you at any time.

If you don’t want to receive direct marketing messages or want to change your marketing preferences, please use the opt-out function on our website, app, email and/or SMS communication.

Using your data to give you better customer service

We’re always working to improve our products and services and give you the best customer experience possible.

New technologies allow us to combine information we have about you and our other customers –

for example, your transaction information with data from other sources, such as third-party websites or credit bureaux.

We analyse this data to learn more about you and our other customers, and to improve our products and services.

We sometimes use this combined data to help other businesses better understand their customers. When we do this, we do not pass on any of your personal information.

Automated Decision Making

This section of our Privacy Policy explains our use of your personal information when making use of Automated Decision Making (ADM) technologies, including profiling, in providing our products or services to you. ADM refers to decisions made solely based on the automated processing of personal information using software, algorithms, artificial intelligence or machine learning that do not involve human intervention.

Application of ADM: We may use the personal information that we have about you and that we may deem relevant to evaluate the suitability of our products or services for you in ADM. An example of where we may use ADM is in the approval or declining of an application for credit or funding when a customer applies for a personal loan or for business funding.

Lawful processing and your rights: Our use of ADM will always be carried out lawfully in terms of POPIA and the prevailing code of conduct that applies to members of the Banking Association of South Africa. When ADM leads to decisions affecting you, you have rights to:

• Request human intervention,
• Contest decisions made by ADM, and
• Express your point of view.

Fairness and integrity of ADM: To ensure the integrity and fairness of our ADM processes, we have adopted the following best practices:

• Regular checks and audits to confirm our systems and algorithms function fairly and accurately, avoiding unfair bias or discrimination.
• Applying strict data retention policies and use anonymisation or pseudonymisation techniques where appropriate.
• We continually review and refine these measures to align with best practices and legal standards.

For more detailed information on your rights and how we implement ADM and profiling in our operations, please contact us (please refer to section 13 below for details).

We may share your information with TymeBank employees subject to their employment conditions, other members of the Tyme Group or selected third parties, as mentioned below. This helps us to offer you a high-quality customer experience.

The sharing of information will be done strictly in terms of the Protection of Personal Information Act 4 of 2013, as amended (POPIA), in the following cases:

• You consented to us sharing your information;
• It is necessary for us to conclude or perform in terms of a contract we have with you;
• We have to comply with a legal obligation;
• It is necessary to protect or pursue your, our, or a third party’s legitimate interests.

We may share your information with third parties for the reasons detailed in Section 5 of this policy or where the law otherwise dictates or allows. TymeBank will only share your information with third parties after making sure that these third parties have adequate data privacy policies in place or are subject to an agreement or laws that appropriately protect your personal information. These persons have an obligation to keep customers’ personal information secure and confidential.

These third parties may include the following persons:

• Members of the Tyme Group, any connected companies, subsidiary companies, associates, cessionaries, delegates, assignees, affiliates or successors in title for any of the purposes identified in this policy.
• Service providers, contractors, and business partners – for example, loyalty programme partners, product distributors and co-branded product partners.
• Businesses that do work for us – including direct marketing, statement production, debt recovery and IT support providers.
• Brokers, agents, advisers and people who act on your behalf – such as your guardian, or a person with power of attorney.
• Guarantors and other security providers.
• Organisations involved in our funding arrangements – such as loan purchasers, investors, advisers, researchers, trustees and rating agencies.
• Other banks and financial institutions – for example, if we need to process a claim for a mistaken payment.
• Auditors.
• Attorneys, tracing agents and debt collection agencies and other persons that assist with the enforcement of agreements.
• Payment processing service providers, customer, card schemes, banks and other persons that enable or assist with the processing of transactions routing, reconciliation, authorisation and settlement requests and the enablement of transaction processing.
• Current or previous employers – to confirm your employment, for example.
• Regulatory authorities, industry ombuds, government departments, local and international tax authorities and other persons as required in terms of law;
• Credit bureaux;
• Government, law enforcement and fraud prevention agencies, tax authorities, ombuds, courts of law or tribunals or regulators.
• Credit reporting bodies and credit providers.
• Organisations that help identify illegal activities and prevent fraud.
• Other individuals (like cardholders) using the same account.
• Your spouse, dependants, partners, employer, joint applicant and other similar sources.
• People you have authorised to obtain your personal information, such as your bank.
• Fraud investigators.
• Qualification information providers.
• Trustees, executors or curators appointed by a court of law.
• Counter parties or potential counterparties and advisors for business transactions like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your personal information, as well as choices you may have.
• with your organization where you create an account or user role with an email address assigned to you as an employee, representative, contractor or member of an organization, that organization may find your account and take certain actions that may affect your account.
• Courts of law or tribunals that require the personal information to adjudicate referrals, actions or applications.
• The general public, where customers submit content to social media sites such as business’s Facebook page etc;
• Our joint venture partners with which we have concluded agreements;
• Internet and cloud service providers

Sending information abroad

Sometimes we may send your information abroad, including to:

• Service providers or third parties who store data or operate outside of South Africa.
• Complete a transaction, such as an international money transfer.
• Comply with laws and assist government or law enforcement agencies.

We will only transfer your personal information abroad to third parties, in one or more of the following circumstances:

• After we have made sure there are arrangements in place to adequately protect your personal information under the foreign country’s laws or in terms of an agreement with the third party.
• Where the transfer of your personal information is necessary for us to conclude, or perform, under a contract with you or a contract with a third party that is in your interest.
• Where you have consented to the transfer of your information; and/or
• Where it is not reasonably practical for us to obtain your consent, but the transfer is for your benefit.

We will ensure that the party processing your personal information in another country agrees to apply the same level of protection of applicable laws or privacy rules that bind TymeBank, or if the other country’s laws provide better protection, the other country’s laws would be agreed to and applied.

If you ask us for credit, we may need to check your credit reports. We typically obtain these from credit reporting bodies, agencies or bureaux. We also share your credit information with them (for example, to report your application for a credit agreement or your payment behaviour on a credit agreement) so that they can provide credit reports to others.

When you apply for credit from us or choose to be a guarantor, we may need to check your credit reports.

A credit report gives us information about your credit history. Credit reports are provided by credit bureaux, who collect and share credit information with credit providers like us, as well as other service businesses, such as phone companies.

Credit bureaux include personal information in their reports to assist other credit providers in assessing your credit worthiness.

We may also ask credit bureaux to give us your overall credit score, and we may use credit information from credit bureaux, as well as other information, to achieve our own score of your ability to manage credit.

What do we do with credit information?

We use information collected from credit bureaux to:

• Confirm and verify your identity.
• To obtain, verify or update your contact or address details.
• To obtain or verify your employment details.
• Assess your credit exposure.
• Assess your ability to manage credit.
• Manage our relationship with you.
• Collect overdue payments.
• Conduct market and behavioural research, including scoring and analysis to determine if you or a potential customer qualifies for products, services, or to determine your or a potential customer’s credit risk.

We keep your credit information safely with your other information.

Other rights you have

Direct Marketing – Credit providers like us can ask credit bureaux to use your credit information in order to pre-screen you for direct marketing purposes. If you do not want us to do this, you can inform us of this, or you can inform the credit bureaux not to share your information for this purpose.

Preventing identity fraud – If you think you have been or could be a victim of fraud (someone else may be using your name to apply for credit, for example), you can lodge a complaint with the South African Fraud Prevention Services.

Right to object – You have the right to object on reasonable grounds to the processing of your personal information. You must submit your objection to us in writing (for our contact details, refer to Section 13 below). Please note that TymeBank may in certain cases be unable to give effect to your objection, for example, if the processing is completed in accordance with an obligation or right in law, or if the processing is necessary to conclude or perform in terms of our agreement with you.

Right to request access to your personal information, to have your personal information updated, corrected or deleted. Refer to section 10 below for further information in this regard.

Credit Declines

If you have been declined for credit due to you having an adverse credit bureau profile, please contact any of the following credit bureaux to obtain your credit bureau report:

Experian

Telephone:
+27 (0) 861 10 56 65

Email:
[email protected]

Address:
Johannesburg Head Office
Ballyoaks Office Park
Bryanston
Johannesburg
2194

TransUnion

Telephone:
+27 (0) 0861 482 482
Email:
[email protected]
Address:
10th floor
11 Alice Lane
Sandton
Johannesburg
2196

XDS

Telephone:
+27 (0) 11 645 9100
Email:
[email protected]
Address:
Atrium on 5th
4th Floor Sandton City
Johannesburg
South Africa

Our staff are trained to keep your information safe and secure. We will only keep your information for as long as:

• We require the information to fulfil the lawful purposes related to our function, or to achieve the purposes as set out in this policy.
• The law requires us to keep the information.
• We are required to keep the information in terms of our agreement with you.
• You have consented to us keeping the information.
• We require the information for statistical or research purposes.
• An industry code of conduct requires us to retain the information.
• We are required to keep it to achieve the purposes listed in this policy.
• We require it for lawful business purposes.
• TAKE NOTE: We may keep your personal information even if you no longer have a relationship with us if the law permits or requires this.

We store your information as electronic records in secure buildings and systems or use trusted third parties. Here are some of the things we do to protect your information:

Please contact us if you wish to view your information. To access more detailed information, you may need to fill out a request form. If your information isn’t correct or requires updating, let us know as soon as possible.

Can you see what information we have?

You have the right to request access to the personal information that we hold about you. This includes requesting:

• confirmation that we hold your personal information, or
• requesting a copy or description of the record containing your personal information, such as your transaction history or credit information;
• the identity or categories of third parties who have had access to your personal information.

We will attend to requests for access to personal information within a reasonable time. We may require you to pay a reasonable fee to receive copies or descriptions of records, or information about third parties. We will inform you of the fee before attending to your request. Please note that before we can release any information, we will need to confirm your identity.

Please note that the law may limit your right to access information. Please refer to our information manual prepared in accordance with Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 (information manual) for further information on how you can give effect to this right. The information manual is available on our website at: www.tymebank.co.za/legal/paia-manual/.

You can submit an access request by going online or contacting us via any of our other channels.

Is there a fee to access personal information?

There is no fee to request your personal information. However, we may charge a fee where your personal information is being requested by a third party with your consent or if you are requesting information on a third party. In certain instances, we may charge an access fee to cover the time we spend sourcing and collating the information you want. If we determine that a fee will be charged, we will let you know the cost so that you can decide if you want to go ahead or not. Generally, the fee is based on an hourly rate plus other expenses that may be reasonably incurred. You will be required to pay the fee or give us permission to deduct it from your bank account before we go ahead with your request. Our PAIA manual, which is available on our website, will indicate the process you would need to follow and the applicable fees, if any.

How long will it take?

We try to make your information available within 30 days of you asking for it. Before releasing the information, we will need to confirm your identity.

Can we refuse you access to your information?

In some cases, we can refuse access, or we’ll only let you access certain information. For example, we might not let you access information that is commercially sensitive. If so, we will contact you to let you know why. You have the option to query this decision as set out in Section 11.

Updating your information

It’s important that we have your correct contact details, such as your current home address, email address and phone number. You can check or update your information by logging in to our website/app or contacting us via any of our other channels. For our contact details, refer to Section 13 below.

Can we correct, delete or update your information?

You can ask us to correct, delete or update any information we have for you (including credit information that was submitted by us to a credit bureau) if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or if we are no longer authorised to retain the information. You must submit your request to us in writing. We will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on our systems. We may request documents from you to verify the change in personal information and we may require you to complete a form to assist you with your request. The relevant form (form 2) is included as an annexure to this policy.

No fee is charged for this. Note that if the law requires us to retain the information you have requested us to delete, we may not be able to delete this information immediately. Note further that the deletion of certain personal information could result in the suspension or termination of your business relationship with TymeBank.

If the incorrect credit information was given to us by a credit bureau, we will advise you accordingly. It is your responsibility to either contact the credit bureau directly or lodge a formal complaint with the National Credit Regulator and request the information to be corrected.
You can give effect to this right by contacting us on 0860 999 119 or [email protected] alternatively, go to our website for more information: www.tymebank.co.za/help-support/

Other rights you have

Right to objection

You may object on reasonable grounds to the processing of your personal information where it is in your legitimate interest or in the legitimate interest of another party.
You must inform us of your objection in the prescribed form. Prescribed form 1 is included as an annexure to this policy.
We will not be able to give effect to your objection if the processing of your personal information was and is permitted by law, you have provided consent to the processing and our processing was conducted in line with your consent; or the processing is necessary to conclude or perform under a contract with you.
We will also not be able to give effect to your objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence.
We will provide you with feedback regarding your objections.

Right to withdraw consent

Where you have provided your consent for the processing of your personal information, you may withdraw your consent. If you withdraw your consent, we will explain the consequences of this to you, which may include that we may not be able to provide certain products or services to you. We will inform you if this is the case. We may proceed to process your personal information, even if you have withdrawn your consent, if the law permits or requires it. It may take a reasonable time for the change to reflect on our systems. During this time, we may still process your personal information.

You can give effect to this right by contacting us on 0860 999 119 or [email protected] alternatively, go to our website for more information: www.tymebank.co.za/help-support/

If you have a concern or complaint about your privacy, please let us know and we’ll do our best to address it. If you’re not satisfied with how we handled the issue, there are other courses of action available to you.
How do you make a complaint?

We do our best to get things right the first time. If, however, we don’t, we will do whatever we can to fix it. If you are concerned about your privacy (including credit information), you have the right to lodge a complaint and we’ll do our best to address it.

If you have a privacy related concern or complaint, please first raise this with TymeBank directly and we will do our best to resolve the issue speedily.

To lodge a complaint, please contact our Customer Contact Centre via any of our channels. We will then investigate the issue and do our best to resolve your complaint immediately. You can call our Customer Contact Centre team on 0860 999 119 or email us at [email protected] or contact us via any of our other channels.

How do we manage complaints?

Where we receive a complaint, we will:

• Acknowledge your complaint and give you a reference number for your complaint.
• We will make every effort to resolve your complaint within 5 working days or we’ll tell you if we need more time to investigate it. Your complaint will be handled in terms of our Customer Complaints Handling Policy, which you can ask for.
• Keep you updated on what we are doing to address the problem.
• Give our final response within 5 days. If we can’t give you a response in this time, we’ll contact you to tell you why and work out an appropriate new timeframe with you.
• Keep a record of your complaint.

Credit information complaints

If you lodge a complaint with us regarding the accuracy of the credit information that we’ve given to the credit bureaux, we will investigate your complaint. Within 20 business days of you lodging your complaint, we will either provide you with a copy of any credible evidence proving the accuracy of the information we had submitted, or we will ask the credit bureau to remove the information and we’ll update our internal records accordingly.

What else can you do?

If we do not resolve your dispute, or you are not satisfied with the outcome of our complaints handling process, you are welcome to make use of the services of the National Financial Ombud Scheme, also called the “NFO”.

The NFO is an umbrella Financial Services Ombud scheme formed by the amalgamation of 4 separate previously existing South African Ombud Schemes: the offices of the Banking Ombud (OBS); the Credit Ombud (CO); the office of the Long-term Insurance Ombud (OLTI); and the Short-Term Insurance Ombudsman (OSTI). The NFO commenced operations on 1 March 2024.

The NFO is an external complaint resolution ombud scheme established in terms of Chapter 14 of the Financial Sector Regulation Act 9 of 2017, and is tasked with resolving complaints between financial services providers and complainants in a fair, effective, impartial and timely manner – without charge to complainants. The NFO adjudicates complaints in terms of its rules which can be found on the website of the NFO: nfosa.co.za/.

NFO Contact Details
0860-800-900
Email: [email protected]

Address:

NFO Johannesburg
110 Oxford Road
Rosebank
Johannesburg
Gauteng
2198

NFO Cape Town
Claremont Central Building
6th Floor
6 Vineyard Road, Claremont
Western Province
7700

If your complaint relates to your credit information with the credit bureaux, you can contact the National Credit Regulator.

National Credit Regulator
127 15th Road
Randjespark
1683
Johannesburg
Tel: 0860 627 627
Visit www.ncr.org.za

You have the right to escalate a complaint to the Information Regulator if you are aggrieved by a determination made by the Ombudsman for Banking Services. You can also escalate a complaint directly to the Information Regulator in instances where the complaint warrants the attention of the Regulator, as provided for by the Protection of Personal Information Act 4 of 2013.

The Information Regulator (South Africa)
JD House, 27 Stiemens Street
Braamfontein
Johannesburg, 2001

Tel no. +27 (0)10 023 5200
Visit: inforegulator.org.za

Email: [email protected] or [email protected] (for PAIA related complaints).

TymeBank as a member of the Banking Association of South Africa (BASA), is bound by an industry POPIA Code of Conduct that was approved and issued by the Information Regulator in 2022. The Code is intended to outline and expand on the specific obligations of Banks when processing personal information of data subjects, and does not replace the provisions of POPIA. This Code can be accessed on the Information Regulator’s website: POPIA Code of Conduct for the Banking Industry.

A cookie, in its basic form, is a short line of text that a website puts on your computer’s hard drive or device when you access that website. That way, when you return, that website knows you were there before and can automate some things for you.

The purpose of a cookie is therefore to provide a reliable mechanism to “remember” customer behaviour (keeping track of previous actions), e.g. remembering the contents of an online shopping cart, and actions the user performed whilst browsing when not signed up or logged into their online account.

A cookie does not allow us to identify the individual unless they have used the same computer or device to login to one of our products like Internet Banking.

By using our website or applications, customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable us to know that you have visited a website or application before and will identify the customer. We may also use the cookie to prevent fraud.

Please refer to our cookie policy for further information. Our cookie policy is available on our website at www.tymebank.co.za/legal/cookie-policy/

If you want to update your personal information, have a concern about privacy, need more information or want to update your preferences, we’re just a phone call away.

If you have a query, need to access your personal information, make a correction or lodge a complaint, please call 0860 999 119 or email [email protected].  Alternatively, go to our website: www.tymebank.co.za/help-support/.

Forms

Form 1: OBJECTION TO THE PROCESSING OF PERSONAL INFORMATION IN TERMS OF SECTION 11(3) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018 [Regulation 2]. Download form.

Form 2: REQUEST FOR CORRECTION OR DELETION OF PERSONAL INFORMATION OR DESTROYING OR DELETION OF RECORD OF PERSONAL INFORMATION IN TERMS OF SECTION 24(1) OF THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (ACT NO. 4 OF 2013) REGULATIONS RELATING TO THE PROTECTION OF PERSONAL INFORMATION, 2018 [Regulation 3]. Download form.