1. Introduction

DotMe Capital (Pty) Ltd, a registered subsidiary of DotMe Holdings (Pty) Ltd, is committed to safeguarding your privacy and ensuring compliance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African laws, including regulations from the Financial Sector Conduct Authority (FSCA) and National Credit Regulator (NCR). This Privacy Policy explains how we collect, process, store, and protect your personal information when you visit our website (www.dotmecapital.co.za) or engage with our financial services. By using our website or services, you consent to the practices outlined in this policy. If you do not agree, please refrain from using our website or services.

2. Information We Collect

We collect the following types of information to provide our services and comply with legal obligations:

• Personal Information: Includes your name, contact details (email, phone number, address), identity number, financial information (e.g., income, banking details), credit history, and other details necessary for loan applications or account management.
• Non-Personal Information: Includes browser type, device information, IP address, and website usage data (e.g., pages visited, time spent) to enhance user experience and analytics.
• Cookies and Tracking Technologies: We use cookies and similar technologies to track preferences, improve website functionality, and analyze usage. You can manage cookie preferences via your browser settings, though this may impact your experience.

3. How We Use Your Information

Your information is used for the following purposes, in compliance with POPIA and financial regulations:

• Service Delivery: To process loan applications, verify identity, assess creditworthiness, and manage accounts.
• Communication: To respond to inquiries, provide updates on services, and send transactional or service-related communications.
• Direct Marketing: To send promotional materials about our products, only with your explicit, voluntary, and informed consent, as required by POPIA. You may opt out at any time.
• Compliance: To meet legal and regulatory obligations, including reporting to the NCR, FSCA, and other authorities.
• Analytics: To aggregate non-personal data for improving our services, website functionality, and customer experience.

4. Disclosure of Your Information

We may share your personal information under the following circumstances:

• Service Providers: With trusted third parties (e.g., credit bureaus, financial institutions, IT providers) who assist in delivering our services, subject to strict confidentiality agreements.
• Regulatory Bodies: With authorities like the NCR, FSCA, or South African Reserve Bank (SARB) as required by law.
• Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred to the new entity, with safeguards to protect your privacy.
• Legal Obligations: To comply with court orders, legal processes, or to protect our rights, property, or safety.
• We do not sell, trade, or rent your personal information for marketing purposes.

5. Cybersecurity and Data Protection

In compliance with Joint Standard 2 of 2024 (effective June 1, 2025), we implement robust cybersecurity measures to protect your data:

• Security Measures: Encryption, secure servers, access controls, and regular security audits to prevent unauthorized access, alteration, or loss.
• Incident Response: In the event of a material cyber incident (e.g., data breach affecting confidentiality, integrity, or availability), we will notify the FSCA, PA, and affected individuals promptly, as required by law.
• Limitations: While we strive to protect your data, no system is completely secure. You are responsible for safeguarding your account credentials.

6. Cross-Border Data Transfers

If your data is transferred outside South Africa (e.g., for cloud storage or processing), we ensure the recipient complies with POPIA or equivalent standards (e.g., GDPR for EU customers). We use contractual safeguards to protect your information during international transfers.

7. Your Rights

Under POPIA, you have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request corrections to inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal retention requirements.
• Objection: Object to the processing of your data for specific purposes (e.g., direct marketing).
• Restriction: Request restrictions on how your data is processed.
• Withdrawal of Consent: Withdraw consent at any time, which may limit our ability to provide certain services.
• Complaints: Lodge a complaint with the Information Regulator if you believe your rights have been violated.
• To exercise these rights, contact our Information Officer at [email protected] or 010 593 4949.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations (e.g., NCR reporting requirements), resolve disputes, or enforce agreements. When no longer needed, your data is securely deleted or anonymized in accordance with our retention policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The latest revision date is indicated below. Continued use of our website or services after updates signifies your acceptance of the revised terms. We encourage you to review this policy periodically.

Last Updated: July 16, 2025

10. Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa. Any disputes arising from this policy are subject to the exclusive jurisdiction of South African courts.

11. Contact Us

For questions, concerns, or to exercise your data rights, please contact our Information Officer:

• Email: [email protected]
• Phone: 010 593 4949
• Address: DotMe Capital, Johannesburg, South Africa

You may also contact the Information Regulator at [email protected] or visit inforegulator.org.za for complaints.