SCAN TO PAY

(“POLICY”)

1. RECITALS

1.1. https://www.scantopay.io/ (our website) is provided by Ukheshe Technologies

(Pty) Ltd (‘we’, ‘our’ or ‘us’). We are the controller of personal data obtained via

our website, meaning we are the organisation legally responsible for deciding

how and for what purposes it is used.

1.2. We take your privacy very seriously. Please read this privacy policy carefully as

it contains important information on who we are and how and why we collect,

store, use and share any information relating to you (your personal data) in

connection with your use of our website. It also explains your rights in relation to

your personal data and how to contact us or a relevant regulator in the event

you have a complaint.

1.3. We collect, use and are responsible for certain personal data about you. When

we do so we are subject to certain data privacy legislation, more specifically,

The Protection of Personal Information Act 4 of 2013 (“POPIA”).

1.4. Given the nature of our website/App, we do not expect to collect the personal

data of anyone under 18 years old. If you are aware that any personal data of

anyone under 18 years old has been shared with our website/App please let us

know so that we can delete that data.

2. DEFINITIONS

2.1. Unless a contrary intention clearly appears, the following terms shall have the

following meanings assigned to them and cognate expressions shall have

corresponding meanings, namely –

2.1.1. “App” means the Scan to Pay mobile application which You utilize to

access the Services which will be rendered and/or utilised on Your

instruction;

2.1.2. “Payment Information” means you Card number and expiration date,

billing information and other information for your card(s), along with

your preferred shipping address;

2.1.3. “Personal Information” has the meaning ascribed to it in the Protection

of Personal Information Act 4 of 2013 and any applicable law in South

Africa and/or in any other jurisdiction where the Services and/or

Products are provided and/or used;

2.1.4. “PIN” means personal identification number;

2.1.5. “POPIA” means the Protection of Personal Information Act 4 of 2013, as

amended, varied, re-enacted, novated or substituted from time to

time;

2.1.6. “Processing” has the same meaning as “processing” as defined in

POPIA, which for instance will include (subject to the provisions of

POPIA, which may be amended from time to time): collecting, storing,

collating, using, modifying, sending, distributing, deleting and

destroying Personal Information;

2.1.7. “Scan to Pay” means the mobile payment platform developed by

Ukheshe known as "Scan to Pay" and all technical interfaces,

application programming interfaces, websites, dashboards and

Intellectual Property Rights in and to Scan to Pay;

2.1.8. “Services” or “Products” means the provision of any payment related

services or products rendered through any channel, App, WhatsApp or

any other medium through which the Service is rendered and as

described more fully in the clause with heading “Services” of this

Agreement;

2.1.9. “We” or “Us” or “Our” or “Ukheshe” or “Service Provider” shall mean

Ukheshe Technologies (Proprietary) Limited, Registration Number:

2017/471522/07, 1st Floor, Golfers Corner, Design Quarter, Fourways,

Johannesburg 2191;

2.1.10. “Website” means https://www.scantopay.io/ ;

2.1.11. “You or User” means the person who registers, creates a profile either

via the Ukheshe interface or App and/or any person who utilises any of

the services offered by Ukheshe. ”Your” and “User” shall have

corresponding meanings.

2.2. Any reference in this agreement to the singular also includes the plural or the

reference to male also includes the female.

3. WHAT THIS POLICY APPLIES TO

3.1. This privacy policy relates to your use of our Website and App only.

3.2. Throughout our Website and/or App we may link to other websites owned and

operated by certain trusted third parties to make additional products and

services available to you. Those third-party websites may also gather

information about you in accordance with their own separate privacy policies.

For privacy information relating to those third-party websites, please consult

their privacy policies as appropriate.

4. PERSONAL DATA WE COLLECT ABOUT YOU

4.1. The personal data we collect about you depends on the particular activities

carried out through our Website/App. We will collect and use the following

personal data about you:

4.1.1. your name and surname;

4.1.2. gender;

4.1.3. mobile number;

4.1.4. email address;

4.1.5. card information;

4.1.6. Date of birth;

4.1.7. address;

4.1.8. location;

4.1.9. billing information, transaction and payment card or other payment

method information;

4.1.10. bank account and payment details;

4.1.11. details of any information, feedback or other matters you give to us by

phone, email, post or via social media;

4.1.12. device information;

4.1.13. your activities on, and use of, our Website/App;

4.1.14. information about the services we provide to you;

4.1.15. your purchase history;

4.1.16. information about how you use our Website/App and technology

systems;

4.1.17. your responses to surveys, competitions and promotions.

4.2. You must provide this personal data to use our Website and/or App and the

services on it unless we tell you that you have a choice.

4.3. Sometimes you can choose if you want to give us your personal data and let us

use it. Where that is the case we will tell you and give you the choice before

you give the personal data to us. We will also tell you whether declining to

share that personal data will have any effect on your use of our Website/App

or any services on it.

4.4. We collect and use this personal data for the purposes described in the section

‘How and why we use your personal data’ below.

5. HOW YOUR PERSONAL DATA IS COLLECTED

5.1. We collect personal data from you:

5.1.1. directly, when you enter or send us information, such as when you

utilise our services via our Website/App and complete customer surveys

or participate in competitions via our Website/App, and

5.1.2. indirectly, such as your browsing activity while on our Website/App; we

will collect information indirectly using the technologies explain in the

section on ‘Cookies’ below.

6. HOW AND WHY WE USE YOUR PERSONAL DATA

6.1. Under data protection law, we can only use your personal data if we have a

proper reason, eg:

6.1.1. where you have given consent;

6.1.2. to comply with our legal and regulatory obligations;

6.1.3. for the performance of a contract with you or to take steps at your

request before entering into a contract; or

6.1.4. for our legitimate interests or those of a third party.

6.2. A legitimate interest is when we have a business or commercial reason to use

your personal data, so long as this is not overridden by your own rights and

interests. We will carry out an assessment when relying on legitimate interests, to

balance our interests against your own. You can obtain details of this

assessment by contacting us (see ‘How to contact us’ below).

6.3. The table below explains what we use your personal data for and why.

What we use your personal data for

Our reasons

Create and manage your account with

In order to register for an account with

us, and in order to provide the services,

we require certain personal information,

once we have said information we can

proceed to register the account and

provide you with the services.

Providing services to you

To perform our contract with you or to

take steps at your request before

entering into a contract

Conducting checks to identify you and

verify your identity or to help prevent

and detect fraud against you or us

To comply with our legal and regulatory

obligations

To enforce legal rights or defend or

undertake legal proceedings

Depending on the circumstances:

—to comply with our legal and

regulatory obligations

—in other cases, for our legitimate

interests, ie to protect our business,

interests and rights

Customise our website/App and its

content to your particular preferences

based on a record of your selected

preferences or on your use of our

website/App

Depending on the circumstances:

your consent as gathered by the

separate cookies tool on our website

see ‘Cookies’ below

—where we are not required to obtain

What we use your personal data for

Our reasons

your consent and do not do so, for our

legitimate interests, ie to be as efficient

as we can so we can deliver the best

service to you at the best price

If you have provided such a consent

you may withdraw it at any time by

changing the setting on the cookies

tool (this will not affect the lawfulness of

our use of your personal data in reliance

on that consent before it was

withdrawn)

Retaining and evaluating information

on your recent visits to our Website/App

and how you move around different

sections of our website for analytics

purposes to understand how people

use our Website/App so that we can

make it more intuitive or to check our

Website/App is working as intended

Depending on the circumstances:

—your consent as gathered by the

separate cookies tool on our website—

see ‘Cookies’ below

—where we are not required to obtain

your consent and do not do so, for our

legitimate interests, ie to be as efficient

as we can so we can deliver the best

service to you at the best price

If you have provided such a consent

you may withdraw it at any time (this will

not affect the lawfulness of our use of

your personal data in reliance on that

consent before it was withdrawn)

Communications with you not related

to marketing, including about changes

to our terms or policies or changes to

Depending on the circumstances:

—to comply with our legal and

regulatory obligations

What we use your personal data for

Our reasons

the services or other important notices

—in other cases, for our legitimate

interests, ie to be as efficient as we can

so we can deliver the best service to

you at the best price

Protecting the security of systems and

data used to provide the services

To comply with our legal and regulatory

obligations

We may also use your personal data to

ensure the security of systems and data

to a standard that goes beyond our

legal obligations, and in those cases our

reasons are for our legitimate interests,

ie to protect systems and data and to

prevent and detect criminal activity

that could be damaging for you and/or

Statistical analysis to help us understand

our customer base

For our legitimate interests, ie to be as

efficient as we can so we can deliver

the best service to you at the best price

Updating and enhancing customer

records

Depending on the circumstances:

—to perform our contract with you or to

take steps at your request before

entering into a contract

—to comply with our legal and

regulatory obligations

—where neither of the above apply, for

our legitimate interests, eg making sure

that we can keep in touch with our

customers about existing orders and

What we use your personal data for

Our reasons

new products

Disclosures and other activities

necessary to comply with legal and

regulatory obligations that apply to our

business, eg to record and demonstrate

evidence of your consents where

relevant

To comply with our legal and regulatory

obligations

Marketing our services to existing and

former customers

For our legitimate interests, ie to

promote our business to existing and

former customers

See ‘Marketing’ below for further

information

The audit of our systems and processes

For our legitimate interests, ie to

maintain our accreditations so we can

demonstrate we operate at the highest

standards

To share your personal data with

members of our group and third parties

that will or may take control or

ownership of some or all of our business

(and professional advisors acting on our

or their behalf) in connection with a

significant corporate transaction or

restructuring, including a merger,

acquisition, asset sale, initial public

offering or in the event of our insolvency

In such cases information will be

anonymised where possible and only

Depending on the circumstances:

—to comply with our legal and

regulatory obligations

—in other cases, for our legitimate

interests, ie to protect, realise or grow

the value in our business and assets

What we use your personal data for

Our reasons

shared where necessary

7. HOW AND WHY WE USE YOUR PERSONAL DATA—SPECIAL CATEGORY PERSONAL

DATA

7.1. We do not collect personal data which is classified as special personal

information, as an example, we do not collect:

7.1.1. racial or ethnic origin, political opinions, religious beliefs, philosophical

beliefs or trade union membership;

7.1.2. biometric data (when used to uniquely identify an individual);

7.1.3. data concerning health, sex life or sexual orientation.

8. HOW AND WHY WE USE YOUR PERSONAL DATA—SHARING

8.1. See ‘Who we share your personal data with’ for further information on the steps

we will take to protect your personal data where we need to share it with

others.

9. MARKETING

9.1. We will use your personal data to send you updates (by push messages via the

App, email, text message, telephone or post) about our products and/or

services, including exclusive offers, promotions or new products and/or

services.

9.2. We have a legitimate interest in using your personal data for marketing

purposes (see above ‘How and why we use your personal data’). This means

we do not need your consent to send you marketing information. If we change

our marketing approach in the future so that consent is needed, we will ask for

this separately and clearly.

9.3. You have the right to opt out of receiving marketing communications at any

time by:

9.3.1. contacting us at support@scantopay.io;or

9.3.2. using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

9.4. We may ask you to confirm or update your marketing preferences if you ask us

to provide further products and/or services in the future, or if there are changes

in the law, regulation, or the structure of our business.

9.5. We will always treat your personal data with the utmost respect and never sell

or share it with other organisations outside the Ukheshe Group of Entities for

marketing purposes.

9.6. For more information on your right to object at any time to your personal data

being used for marketing purposes, see ‘Your rights’ below.

10. WHO WE SHARE YOUR PERSONAL DATA WITH

10.1. We routinely share personal data with:

10.1.1. third parties we use to help deliver our products and/or services to you,

eg payment service providers, Banks, Card Schemes, Mobile Networks;

10.1.2. other third parties we use to help us run our business, eg marketing

agencies or website hosts and website analytics providers;

10.2. We only allow those organisations to handle your personal data if we are

satisfied they take appropriate measures to protect your personal data.

10.3. We or the third parties mentioned above occasionally also share personal data

with:

10.3.1. our and their external auditors, eg in relation to the audit of our or their

accounts, in which case the recipient of the information will be bound

by confidentiality obligations;

10.3.2. our and their professional advisors (such as lawyers and other advisors),

in which case the recipient of the information will be bound by

confidentiality obligations;

10.3.3. law enforcement agencies, courts, tribunals and regulatory bodies to

comply with our legal and regulatory obligations;

10.3.4. other parties that have or may acquire control or ownership of our

business (and our or their professional advisers) in connection with a

significant corporate transaction or restructuring, including a merger,

acquisition, asset sale, initial public offering or in the event of our

insolvency—usually, information will be anonymised but this may not

always be possible. The recipient of any of your personal data will be

bound by confidentiality obligations.

11. WHO WE SHARE YOUR PERSONAL DATA WITH—FURTHER INFORMATION

11.1. If you would like more information about who we share our data with and why,

please contact us (see ‘How to contact us’ below).

12. HOW LONG YOUR PERSONAL DATA WILL BE KEPT

12.1. We will not keep your personal data for longer than we need it for the purpose

for which it is used.

12.2. Different retention periods apply for different types of personal data.

12.3. If you stop using your account we will delete or anonymise your account data

after five years.

12.4. Following the end of the of the relevant retention period, we will delete or

anonymise your personal data.

13. TRANSFERRING YOUR PERSONAL DATA OUT OF SOUTH AFRICA

13.1. It is sometimes necessary for us to transfer your personal data to countries

outside of South Africa. In those cases we will comply with applicable data

protection laws designed to ensure the privacy of your personal data.

13.2. We will transfer your personal data to:

13.2.1. our service providers located outside of South Africa in Ireland, and

Frankfurt, Germany.

14. COOKIES

14.1. A cookie is a small text file which is placed onto your device (eg computer,

smartphone or other electronic device) when you use our website/App. We

use cookies on our website. These cookies, eg help us recognise you and your

device and store some information about your preferences or past actions.

15. YOUR RIGHTS

15.1. You generally have the following rights, which you can usually exercise free of

charge:

Access to a copy of your personal data

The right to be provided with a copy of

your personal data

Correction (also known as rectification)

The right to require us to correct any

mistakes in your personal data

Erasure (also known as the right to be

forgotten)

The right to require us to delete your

personal data—in certain situations

Restriction of use

The right to require us to restrict use of

your personal data in certain

circumstances, eg if you contest the

accuracy of the data

Data portability

The right to receive the personal data

you provided to us, in a structured,

commonly used and machine-readable

format and/or transmit that data to a

third party—in certain situations

To object to use

The right to object:

—at any time to your personal data

being used for direct marketing

(including profiling)

—in certain other situations to our

continued use of your personal data,

eg where we use your personal data for

our legitimate interests unless there are

compelling legitimate grounds for the

processing to continue or the

processing is required for the

establishment, exercise or defence of

legal claims.

Not to be subject to decisions without

human involvement

The right not to be subject to a decision

based solely on automated processing

(including profiling) that produces legal

effects concerning you or similarly

significantly affects you.

We do not make any such decisions

based on data collected by our

website.

The right to withdraw consents

If you have provided us with a consent

to use your personal data you have a

right to withdraw that consent easily at

any time.

Withdrawing a consent will not affect

the lawfulness of our use of your

personal data in reliance on that

consent before it was withdrawn.

15.2. For further information on each of those rights, including the circumstances in

which they do and do not apply, please contact us (see ‘How to contact us’

below).

15.3. If you would like to exercise any of those rights, please email, call or write to

us—see below: ‘How to contact us’. When contacting us please:

15.3.1. provide enough information to identify yourself (eg your full name, cell

number and physical address) and any additional identity information

we may reasonably request from you, and

15.3.2. let us know which right(s) you want to exercise and the information to

which your request relates.

16. KEEPING YOUR PERSONAL DATA SECURE

16.1. We have appropriate security measures to prevent personal data from being

accidentally lost, or used or accessed unlawfully. We limit access to your

personal data to those who have a genuine need to access it.

16.2. We also have procedures in place to deal with any suspected data security

breach. We will notify you and any applicable regulator of a suspected data

security breach where we are legally required to do so.

17. HOW TO COMPLAIN

17.1. Please contact us if you have any queries or concerns about our use of your

personal data (see below ‘How to contact us’). We hope we will be able to

resolve any issues you may have.

17.2. You may also lodge a complaint with the Information Regulator. The contact

details of the Information Regulator are available on its website at

https://justice.gov.za/inforeg/.

18. CHANGES TO THIS PRIVACY POLICY

18.1. We may change this privacy policy from time to time—when we make

significant changes we will take steps to inform you, for example by including a

prominent link to a description of those changes on our website for a

reasonable period or by other means, such as email.

19. HOW TO CONTACT US

19.1. You can contact us and/or our Data Protection Officer by email or telephone if

you have any questions about this privacy policy or the information we hold

about you, to exercise a right under data protection law or to make a

complaint.

19.2. Our contact details are shown below:

Our contact details

Our Data Protection Officer’s contact

details

privacy@ukheshe.com

First Floor, Golfers Corner, Design

Quarter, William Nicol, Gauteng

Paul Carter Brown

paul@ukheshe.com

+27834427179

20. LIMITATION OF LIABILITY

20.1. To the fullest extent permissible by law, under no circumstances whatsoever,

including as a result of Our negligent acts or omissions or those of Our servants

or agents or other persons for whom in law may We be liable –

20.1.1. for any direct, indirect, special, or consequential loss or damages (for

instance, loss that is too far removed from or not foreseen by the

parties as being connected to this Agreement) howsoever caused

(whether arising under contract, delict or otherwise and whether the

loss or damage was actually foreseen or reasonably foreseeable),

sustained by You, servants or agents, including any loss of profits, loss of

revenue, loss of operation time, corruption or loss of information and/or

loss of contracts;

20.1.2. for loss of Your data regardless of how such loss is occasioned. You

acknowledge that back-up of such data is Your responsibility and can

be undertaken easily so as to recover any data which is lost.

Accordingly, You indemnify and hold Us harmless against any losses,

damage and damages incurred by You arising directly or indirectly out

of or in connection with the loss of any of Your data.

20.2. We shall not be liable to You for any damage or loss that You may suffer as a

result of the following:

20.2.1. any person gaining unauthorised access to any information or data;

20.2.2. incorrect information being given to any person; and

20.2.3. us processing any information incorrectly.

20.3. To the fullest extent permissible by law (including consumer laws, where

applicable) Our (in whose favour this constitutes a benefit for a third party)

maximum aggregate liability for any direct loss, damage or damages of any

kind whatsoever or howsoever caused(whether arising under contract, delict

or otherwise and whether the loss was actually foreseen or reasonably

foreseeable), sustained by You, shall not exceed R10,000-00.

21. GOVERNING LAW, JURISDICTION AND LANGUAGE

21.1. This Agreement shall be governed by and interpreted in accordance with the

laws of the Republic of South Africa and all disputes, actions and other matters

relating thereto will be determined in accordance with such law.

21.2. The parties hereby irrevocably submit to the jurisdiction of the High Court of

South Africa (South Gauteng High Court, Johannesburg) (or any successor to

that court) in respect of all and any matters arising out of or in connection with

this Agreement.

21.3. This Agreement has been concluded in the English language. In the case of

any conflict between the English and any other translation version, the English

version shall prevail.

22. ADDRESS FOR NOTICES AND LEGAL PROCEEDINGS

22.1. We choose the registered address at First Floor Golfers Corner, Design Quarter,

William Nicol, Gauteng and legal@ukheshe.com as the addresses where any

legal document or notice must be served or delivered to us.

22.2. We will send any legal documents or notices to you at the address we have for

you on our records.

22.3. We may send any other written communication to your street, postal or e-mail

address, or through the App message system. We will regard a

communication sent by e-mail as having been received by you one day after

it was sent.

22.4. Any legal document of notice to be served in legal proceedings must be

written on paper. The relevant provisions of the Electronic Communications

and Transactions Act 35 of 2002 do not apply to these legal documents or

notices.

23. CIRCUMSTANCES BEYOND OUR CONTROL

23.1. We shall be under no liability to You in respect of anything which, in the

absence of this provision might constitute a breach of this Agreement, arising

by reason of circumstances beyond Our reasonable control, even if We should

have foreseen the possibility of the occurrence or existence of those

circumstances.

23.2. For the purposes hereof, this includes acts or omissions of any government,

government agency, provincial or local or similar authority, civil strife, riots,

pandemics, sabotage, insurrection, acts of war or public enemy, illegal strikes,

combination of workmen, interruption of transport, lockouts, interruption of

essential services from public utilities (including electricity, water and

sewerage), prohibition of exports, inability on Our part due to such

circumstances to obtain goods or services from its suppliers (including

telecommunications suppliers and Selected Merchants), rationing of supplies,

flood, storm, fire or any other circumstances (without limitation) beyond the

reasonable control of the party claiming “Force Majeure” (which means

unforeseeable circumstances that prevents someone from fulfilling a contract)

and comprehended in the term Force Majeure.

24. WHOLE AGREEMENT, AMENDMENTS AND UPDATES

24.1. This Agreement constitutes the whole agreement between the parties relating

to its subject matter, supersedes all prior or oral or written communications and

representations with respect to the Services and the Software, and, prevails

over any conflicting or additional terms in any document or other

communication between the parties leading up to and during the term of this

Agreement.

24.2. We may amend this Agreement from time to time without prior notice to You.

Except where We specifically stated that We will provide You with prior notice

in this Agreement.

24.3. You should regularly view this Policy to ensure that You are satisfied with any

changes. If You are not satisfied with the revisions made, You should stop using

the Website/App service immediately.

24.4. To the extent permissible by law, We shall not be bound by any express or

implied term, representation, warranty, promise or the like not recorded herein,

whether it induced the contract and/or whether it was negligent or not.

25. SEVERABILITY

25.1. Any provision in this Agreement which is or may become illegal, invalid or

unenforceable shall be ineffective to the extent thereof and shall be treated as

not written and severed from the balance of this Agreement, without

invalidating the remaining provisions.

26. INTERPRETATION

26.1. In this Agreement:

26.1.1. clause headings are for convenience and reference only and shall not

be used in interpreting, modifying or amplifying its terms or clauses;

26.1.2. unless a contrary intention clearly appears, words importing any one

gender include the other two, the singular include the plural and vice

versa, and, natural persons include created entities (corporate or

unincorporate) and the state and vice versa;

26.1.3. any reference to an enactment is to that enactment as at the date of

acceptance of this Agreement and as amended or re-enacted from

time to time;

26.1.4. if a provision in a definition confers rights or imposes obligations on a

party, effect shall be given to it as if it was a substantive provision in the

body of the Agreement, notwithstanding that it is only in a definition;

26.1.5. any reference to “days” shall mean business / working days and shall

be calculated by including the first day excluding the last day – unless

the last day falls on a Saturday, Sunday or public holiday, in which case

the last day shall be the next day which is not a Saturday, Sunday or

public holiday;

26.1.6. its termination shall not affect those terms as expressly provide that they

will operate after termination or which of necessity must continue to

have effect after termination, notwithstanding that the clauses

themselves do not expressly provide for this;

26.1.7. the rule of construction that a contract shall be interpreted against the

party responsible for the drafting or preparation of the contract, shall

not apply, and You agree not to use or rely upon that rule in any

proceedings in relation to this Agreement;

26.1.8. any reference to a party to it shall, if such party is liquidated or

sequestrated, be applicable also to and binding on that party’s

liquidator or trustee;

26.1.9. the words “include”, “including” and “in particular” shall be construed

as being by way of example or emphasis only and shall not be

construed nor take effect as limiting the generality of any preceding

words;

26.1.10. the words “other” and “otherwise” shall not be construed as being of

the same kind or nature as any preceding words where a wider

construction is possible.

27. CONTACT

27.1. Should You have any questions or concerns regarding this Agreement, the

Interface, or the Services, please consider the information provided at

www.ukheshe.com, alternatively contact us at support@scantopay.io .

Policy version: 27.02.2023