Privacy Policy

At Mustang Financial (Pty) Ltd (“Mustang Financial”) in terms of MustangPay as a third-party payment service provider (“We”, “Us”, or “Our”), our Customers are our priority. We are committed to the fair treatment of all our Customers, regardless of the scale of their investments or how they access our services. Customer satisfaction is the foundation upon which our long-term success is built, and delivering optimal customer outcomes is an enterprise-wide responsibility. While we adhere to all legislative and regulatory obligations, treating customers fairly is our business imperative. As an independent financial services provider, we understand that our success depends on maintaining strong relationships with our Customers. Their satisfaction drives our commitment to ensuring that their needs are always at the forefront of our operations. Our Customer-centric business model is reflected in our Customer Charter and Core Values.

As per our Customer Charter, we always prioritize Customers' best interests; commit to building sustainable, long-term Customer relationships; deliver investment performance that meets Customer objectives over meaningful time frames; and maintain the highest standards of ethics and governance across all business functions.

Our Core Values include Ownership; Long-term thinking; Customer-first focus; Integrity; Teamwork; and Strong performance culture.

Our Customer Charter and Core Values have been integral to our strategy and operations, guiding our day-to-day interactions with Customers.

The Financial Sector Conduct Authority (FSCA) introduced the Treating Customers Fairly (TCF) framework to promote the fair treatment of consumers and to reduce market conduct risks, which is embedded into our business governance, strategy, and daily processes, with particular focus on the following outcomes:

Our services philosophy is built on long-term thinking, proprietary research, and the integration of environmental, social, and governance (ESG) factors into our fair value assessments. As we expand from a third-party payment platform into a comprehensive financial services provider, including offering loan products, we remain committed to providing solutions that address our Customer needs. We regularly review our product offerings to ensure that they align with evolving customer expectations, while maintaining our focus on responsible financial management and sustainable growth.

We are committed to maintaining the highest standards of Customer engagement and service excellence. Guided by our Customer Charter and core values, we ensure that every Customer interaction is grounded in transparency, accessibility, and efficiency. We take pride in offering tailored financial solutions to meet the evolving needs of our Customers, whether they are seeking payment services or expanding into our future loan offerings.

We foster strong relationships through regular Customer engagement, including but not limited to, ongoing communication via face-to-face meetings, investment report-backs, operational feedback, as well as monthly and quarterly reports. Dedicated relationship managers and Customer service professionals ensure that all inquiries are addressed promptly and that our Customers receive consistent updates on our products and services.

To maintain our high standards, we conduct regular Customer surveys to assess our Customer satisfaction. Feedback from these surveys is instrumental in shaping our service improvements and product innovations. We in addition engage with our Customers through various formalized platforms, including but not limited to, online communication, periodic newsletters, and tailored presentations.

We recognize the importance of protecting our Customer information. Our data protection protocols are aligned with industry best practices and legal requirements, ensuring compliance with relevant legislation such as the Protection of Personal Information Act (POPIA). We are committed to implementing robust governance, utilizing advanced encryption and secure channels for all financial transactions.

Our information security framework is regularly reviewed by external providers to identify and address potential risks. We ensure that all Customer transactions are secure, and personal data is protected from unauthorized access, use, or disclosure. Customer data protection remains a top priority in all our service offerings, whether within payment solutions or loan services.

We are committed in ensuring that our Customers do not face unreasonable barriers when managing their accounts, switching between products, or changing service providers. We do not impose exit penalties, surrender fees, or charges that could disincentivize Customers from making financial decisions in their best interest. However, once an electronic funds transfer credit payment is made, it is final and irrevocable, and the payer cannot reverse or cancel the transaction.;

Customer satisfaction is central to our operations, and we have established a transparent, user-friendly complaint-handling process. Customers may submit complaints through multiple channels, including email, phone, or online forms. We ensure that all complaints are addressed fairly and within reasonable timeframes, in line with our formal complaint resolution policies. Our dedicated customer service team ensures that expectations are managed throughout the process and that Customers are regularly updated on the status of their complaints.

We operate under a strong corporate governance framework, guided by our board of directors and management committees. We are committed to upholding the principles of TCF by continuously embedding these principles into our strategic decision-making. Our governance structures ensure compliance with regulatory requirements across all operations, including our loan services and third-party payment platforms.

We engage with local and international regulators transparently and proactively. We work closely with financial regulatory bodies, including the FSCA and the South African Reserve Bank (SARB), to ensure full compliance with existing regulations and to contribute to shaping a safer financial services sector. Our governance and compliance teams ensure that the business operates in line with all applicable statutory obligations.

As Mustang Financial grows, we remain dedicated to keeping pace with the ever-evolving regulatory landscape. We regularly review and update our TCF policies to remain compliant with new regulations and industry best practices. Our compliance team works closely with external advisors to stay ahead of regulatory developments and ensure that our services—whether payments, loans, or other financial offerings—are fully compliant.

In line with our long-term strategy, we remain focused on sustainable innovation. We only develop new products, such as loan services, when we have the resources, capacity, and expertise to meet clearly defined Customer needs. We ensure that these products align with our values of transparency, ethical financial practices, and fair treatment of Customers. We also aim to ensure that our product offerings—both domestic and international—continue to serve Customers’ evolving needs effectively.

We offer a focused range of products, governed by management agreements as agreed upon with our Customers. Our products, including payment solutions and future financial services such as loans, are designed to meet the specific needs of our Customers. We innovate and develop products only when there is a clear, sustainable mandate to meet a defined Customer need.

We regularly review our product offerings to ensure their suitability for Customers. Key product information and updates are communicated to Customers through monthly newsletters and quarterly reports. We provide Customers with clear and comprehensive information on product performance and any relevant changes.

Given the increasing importance of technology in financial services, we takes great care in safeguarding confidential Customer and company data in accordance with all data and privacy laws of the Republic of South Africa. We employ rigorous data security measures and work with external providers to assess our security framework continually. All interactions are governed by strict compliance with data protection regulations, ensuring that Customer information is secure at all times.

This Promotion of Access to Information Act 2 of 2000 (“PAIA”) Policy ("Policy") provides guidance on how Mustang Financial (Pty) Ltd, in relation to MustangPay being the Third-Party Payment Platform ("We," "Us," or "Our"), complies with PAIA in South Africa. This Policy explains how you, as a requester, can access records and information held by MustangPay under PAIA.

MustangPay is committed to promoting transparency and accountability in accordance with the provisions of PAIA, ensuring that the public has access to information while protecting confidential business information and personal data.

This Policy applies to all divisions and services provided by MustangPay and covers the procedures for requesting access to records, the processing of requests, and the circumstances in which access may be refused in compliance with the law.

MustangPay is committed to ensuring that the public's right to access information held by the State or any other person (or private body) in terms of section 32 of the Constitution is respected while safeguarding personal and confidential business information.

The purpose of our Policy is to promote and foster a culture of transparency and accountability in the operations of MustangPay in line with PAIA and other applicable legal frameworks.

This Policy sets out the procedures and principles in accordance with Section 51 of PAIA for processing requests for information, including when we may deny access under legally justifiable grounds such as the protection of third-party privacy, commercial confidentiality, and sensitive business data.

For the purposes of this Policy, the following terms shall have the meanings ascribed to them:

Confidential Information – Proprietary business data, trade secrets, or personal information that requires protection from unauthorized disclosure.

Information Officer – The information Officer is the person authorised to handle PAIA requests. Chief Executive Officer or the Managing Director or equivalent officer of the juristic person or any person duly authorised by the leader.

Information Regulator – The Office of the Information Regulator has been established, in terms of section 39 of POPIA, to monitor and enforce compliance with both POPIA and PAIA.

Personal Information – Information relating to an identifiable, natural person, including contact details, identification numbers, and financial data, as defined in the Protection of Personal Information Act 4 of 2013 (POPIA).

Record – A record is any recorded information regardless of the from, including, for example, written documents, audio, digital and video materials. A record requested from a public or private body refers to a record that is in that body’s possession regardless of whether that body created the record.

Regulations – PAIA allows the Minister to issue regulations that supplement the Act, which must be published in the Government Gazette, and covers issues like the forms to be used and fees that may be charged for certain processes.

Requestor – Any person (or their representative) who makes a request for access to a record held by MustangPay in terms of PAIA.

MustangPay may collect information related to its business operations and its clients, employees, and third-party service providers. This may include personal, business, and transactional data that is subject to the provisions of PAIA and POPIA.

The types of information that MustangPay holds include but is not limited to: Company registration documents; Financial statements; Employment records; Legal contracts and agreements; and Transactional records relating to payment services.

The information we hold is used for the day-to-day functioning of our business, in compliance with legal, regulatory, and contractual obligations.

In terms of PAIA, this information may be accessed by a requestor, provided the request complies with the requirements of the Act and the information is not subject to confidentiality or other lawful restrictions.

When a request for access is made, we use the provided information solely for the purpose of processing the request and providing the relevant records or declining access, where appropriate.

MustangPay is required to disclose certain records in accordance with PAIA, provided the access request satisfies the legal requirements and there is no overriding reason for refusal.

We do not sell or trade the information we collect. Data may be shared internally within MustangPay and with legal authorities where mandated by law or in compliance with court orders.

In some cases, personal or business data held by MustangPay may be transferred to or stored in international jurisdictions, especially where cloud-based services are utilized. Such transfers are in accordance with the provisions of both PAIA and POPIA.

MustangPay employs robust security measures to protect the data and records in its control. These include access control protocols, encryption, and secure data storage practices.

Despite our best efforts, there is no guarantee of absolute security. Requestors should report any suspicious activity or concerns to MustangPay's Compliance Department

MustangPay retains records and information for the periods specified by legal, regulatory, and business requirements. Once the retention period expires, information is securely deleted, anonymized, or archived.

You have the right to request access to your personal information or records held by MustangPay, as well as request corrections to any inaccuracies.

You may also request the deletion of personal information under certain circumstances, or object to the processing of your personal data. MustangPay will process such requests in accordance with applicable laws, including PAIA and POPIA.

MustangPay reserves the right to update this Policy as necessary, in response to changes in the law, technology, or business practices. Any significant updates will be posted on our website, and it is your responsibility to regularly access our website to ensure that you are aware of these updates. The effective date will reflect the latest revision.

In accordance with section 10(1) of the PAIA, as amended, the Information Regulator has updated and made available a revised Guide for individuals looking to exercise their rights under both PAIA and the Protection of Personal Information Act (POPIA). This Guide is designed to be user-friendly and accessible to anyone needing to understand their rights under these laws.

The Guide is available in all official South African languages, as well as in braille. For further details, please visit the Regulator’s website at https://inforegulator.org.za/paia-guidelines/

The Guide covers the following important areas:

The purpose and objectives of PAIA and POPIA.

Contact details for Information Officers, including:

The postal and physical addresses, phone, fax, and email details of:

Requesting a copy from the Information Officer.

Downloading it from the Information Regulator’s website: https://inforegulator.org.za/

Under PAIA, an individual may request access to records held by a private body, provided the information is required to exercise or protect a right. When a public body submits a request for access to a record, the request must be made in the public interest.

All requests under PAIA must follow the prescribed procedures, and any applicable fees must be paid as required.

For all requests that are not classified as personal, the following procedures and fees apply:

This privacy policy (“Policy”) explains how MustangPay, as a third-party payment service provider (“We”, “Us”, or “Our”), collects, stores, uses, and discloses your personal and business information when you interact with our platform, including but not limited to our website, mobile applications, and associated payment services (collectively referred to as “Services”).

We are committed to protecting your privacy and ensuring the security of your information. By accessing or using our Services, you agree to the collection and use of your information in accordance with this Policy. Should you sign up as a merchant, the collection, use, and disclosure of your customers' information (which you shall have sole responsibility for the accuracy, quality and legality of such customer information) will be governed by this Policy and the Master Terms of Service Agreement (“MSA”) you enter into with us.

This Policy does not apply to third-party websites, products, or services that are not operated or controlled by MustangPay, even in the event that they link to our Services or vice versa. We advise you to review the privacy policies of any third parties involved.

This Privacy Policy is established to protect the privacy of users and to comply with relevant data protection laws, including but not limited to the Protection of Personal Information Act No. 4 of 2013 (“POPIA”) of South Africa, and any other applicable privacy laws. MustangPay recognizes the importance of the lawful processing of personal and business data, and this Policy sets out our commitment to ensure that all information collected is handled with the highest level of integrity, confidentiality, and security.

In essence, this Privacy Policy outlines the practices and procedures MustangPay follows to protect data, ensuring that all information is collected, used, and disclosed in accordance with the legal rights of the users. By doing so, we seek to build trust with users, who can engage with our platform, services, and payment systems knowing that their data is managed responsibly.

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them:

MustangPay collects both personal and business information directly from users when they engage with our services. By entering their login credentials, the users share the credentials with MustangPay, and they know they do not log on to the user’s online banking website or application. This includes information voluntarily provided when creating accounts, communicating with our customer service team, or submitting feedback. The information collected includes but is not limited to full names, title, position, employer, contact information (company contact information, email addresses, contact numbers, physical addresses), identification details, business registration information, financial records, account numbers and transactional data. Additionally, users may provide us with information when participating in surveys, promotions, or by submitting requests through the platform.

The user hereby authorizes the designated Mustangpay to use their online banking credentials solely for the purpose of issuing an electronic funds transfer credit payment instruction on their behalf. The provided credentials shall not be used for any other purpose beyond the specified transaction.

We also automatically gather certain data through the use of cookies, tracking pixels, and server logs. This includes information such as IP addresses, device information, browser types, operating system details, geographic location, and user behaviour on the platform. This data is critical for maintaining the platform’s security and improving user experience. If users prefer to restrict the use of cookies, they may modify their browser settings; however, doing so may affect their ability to fully utilize our services.

We process customers personal information on explicit written instructions by the merchant in terms of applicable Data Protection Laws and Regulations. To the extent legally permitted, the merchant shall be responsible for any costs arising from provision of any assistance by us under this clause.

The information collected is utilized for a range of legitimate business purposes. Primarily, we use personal and business data to deliver, manage, and improve the services we offer. This includes processing payments, facilitating transactions, managing user accounts, and offering customer support.

Compliance with legal and regulatory requirements is another key use of the information we collect. MustangPay is obligated to adhere to the National Payment System Act (“NPSA”) and other financial regulations. Information is collected for purposes such as anti-money laundering compliance, fraud detection and prevention, and ensuring transparency in our operations.

We also use data to customize user experiences, providing personalized content and targeted marketing where applicable, and ensuring that users receive relevant offers. Users can opt out of receiving marketing communications at any time by following the unsubscribe instructions in any such communication or by contacting us directly.

Additionally, MustangPay employs data analytics to monitor platform usage, conduct research, and develop new products or services that enhance user experience. Information collected through analytics is anonymized or aggregated to protect user privacy.

Security is a priority, and we use collected data to identify and prevent potential risks such as fraud, unauthorized access, and illegal activities. We also use information to maintain the integrity and security of the platform, employing technologies like encryption and access control measures.

Finally, in certain instances, we may need to disclose your information to comply with legal obligations or regulatory requests, respond to governmental inquiries, or in the course of legal proceedings. In such cases, only the information required to fulfil these legal obligations will be shared.

MustangPay does not sell your personal information. However, to provide certain services, we may need to share your data with trusted third-party service providers. These providers may offer cloud hosting services, payment processing solutions, or verification tools that are necessary for the operation of the platform. All third-party service providers are vetted to ensure they comply with relevant data protection laws and maintain the security of your information.

We may also share information with our corporate affiliates, including subsidiaries or partners, for purposes aligned with those outlined in this Policy. In the event of corporate mergers, acquisitions, or other business transactions, your information may be transferred as part of the company's assets. Should this occur, the new entity will be required to uphold the same commitments to privacy.

Where mandated by law or necessary to protect our rights, we may disclose user information in response to court orders, subpoenas, or legal investigations. This can also apply if we detect fraudulent or suspicious activity, in which case we may share information with relevant financial institutions or law enforcement agencies.

Given the global nature of our operations, your data may be transferred to and stored in countries outside your own jurisdiction. This may include transfers to regions such as the Peoples Republic of China, the European Union, the United States, or wherever MustangPay and its partners operate. We take the necessary steps to ensure that such transfers comply with applicable data protection laws, utilizing mechanisms such as standard contractual clauses or similar legal safeguard.

MustangPay employs a variety of security measures designed to protect your personal and business information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption technologies, secure server infrastructure, and restricted access to sensitive data. Employees and service providers who have access to personal data are required to adhere to strict confidentiality obligations.

While we take every precaution to safeguard your data, no system is entirely infallible. Users are encouraged to protect their account credentials and exercise caution when sharing sensitive information. Should you suspect any breach of security involving your account, we urge you to report it immediately to our support team.

We retain personal and business information for as long as is necessary to fulfil the purposes outlined in this Privacy Policy. This duration will vary depending on legal, regulatory, or contractual requirements. Once the retention period expires, we will securely delete or anonymize the data, ensuring compliance with applicable legal obligations.

You have certain rights concerning your personal information. These include the right to access the data we hold about you, request corrections to inaccuracies, and request the deletion of your information in specific circumstances. You also have the right to object to certain processing activities, such as marketing communications. Requests regarding your data can be made by contacting our data protection team, and we will endeavour to fulfil your request in accordance with applicable legal requirements.

For any inquiries related to this Privacy Policy or your personal data, you may contact us at support@mustangpay.co.za.

We reserve the right to modify this Privacy Policy from time to time in response to changes in our business, legal obligations, or advancements in technology. Any significant updates will be posted on our website, and it is your responsibility to regularly access our website to ensure that you are aware of these updates. The effective date at the top of this Policy will reflect the latest revision. Continued use of our services following these changes will be considered your acceptance of the updated Policy.