Website Data Processing
Policy

Data Processing Policy

INTRODUCTION

The Scorefix Company renders credit, financial and legal rehabilitation services. Its operations are regulated by the National Credit Act No. 34 of 2005 and by other applicable Laws, including the Protection of Personal Information Act 4 of 2013. The Scorefix Company protects the integrity of all information housed by it, keeping such information secure. The Scorefix Company is sensitive to the issues regarding privacy of information.

The Scorefix Company is committed to conducting its operations in an ethical manner and in compliance with all applicable Laws. To successfully ensure this, it is vital that all entities doing business with The Scorefix Company ascribe to the same standards. Accordingly, The Scorefix Company has set out, in this policy, obligations that need to be adhered to when an entity processes (including but not limited to the receipt and usage of), Personal Information from or supplies Personal Information to The Scorefix Company.

  1. PURPOSE OF POLICY
    To outline obligations for protecting the integrity and confidentiality of information that is transmitted to and from The Scorefix Company’s systems, as required by applicable Laws and associations relevant to the information services and risk services industry.
  2. APPLICATION OF POLICY
    1. This policy is applicable to all entities who (a) procure and/or use and/or process Personal Information from The Scorefix Company (whether directly OR through an authorised channel partner) and who (b) supply information to The Scorefix Company (whether directly OR through an authorised channel partner) – such parties referred to hereafter as an “Applicable Party”.
    2. The terms of this policy shall be deemed to form part of the Applicable Party’s contract with The Scorefix Company or with a channel partner (as the case may be) as if specifically incorporated therein. A breach of any obligation by the Applicable Party herein (and a contravention of the National Credit Act and/or Protection of Personal Information Act) shall therefore be regarded as a breach of the contract concluded with The Scorefix Company or the channel partner; and shall be managed as such. Therefore, this policy shall continue to be of force and effect for as long as the either Party remains in possession of any Personal Information of the Data Subjects, regardless of the termination of any agreement or contract with The Scorefix Company.
    3. In the event of a conflict between the provisions of this policy and any other agreement between The Scorefix Company and the Applicable Party and any applicable agreement in place between an authorised channel partner and the Applicable Party, the provisions of this policy will take precedence in regard to all aspects pertaining to any processing of Personal Information.
  3. DEFINITIONS
    For purposes of this policy, capitalised terms shall have the meanings ascribed to them below –
    1. “Data Subject” means any person (both individual and juristic entity and/or the like) to whom the specific Personal Information relates, as contemplated in POPIA;
    2. “Laws” means all laws, regulations, by-laws, rules, directives, guidelines, circulars, orders and other requirements of any government or any government agency, body or authority, including any regulator or court;
    3. “NCA” means the National Credit Act No. 34 of 2005 together with the Regulations, as amended from time to time;
    4. “Operator” has the meaning set out in POPIA and for purposes of this policy means the Party who Processes Personal Information on behalf of the other Party or any authorised subcontractor of either of the Parties;
    5. “PAIA” means the Promotion of Information Access to Information Act 2 0f 2000, together with the Regulations, as amended from time to time;
    6. “Party” or “Parties” means either the Applicable Party or The Scorefix Company or both, as the context may require;
    7. “Personal Information” shall have the meaning set out in section 1 of POPIA, and includes special personal information as defined in section 26 of POPIA and relates to the Personal Information of which either Party is the Responsible Party in relation to which The Scorefix Company renders the services to the Applicable Party;
    8. “POPIA” means Protection of Personal Information Act No. 4 of 2013 together with the Regulations, as amended from time to time;
    9. “Processing” or “Process” shall have the meaning set out in POPIA;
    10. “Regulations” means the National Credit Regulations promulgated in terms of the NCA and POPIA from time to time;
    11. “Responsible Party” shall have the meaning ascribed thereto in POPIA, and for purposes of this Agreement shall mean either Party as the context may require;
    12. “The Scorefix Company” means Lucid Clear Credit (Pty) Limited, registration number 2011/128765/07, a private company with limited liability.
  4. COMPLIANCE WITH LAWS AND ASSOCIATED BODIES
    In its dealings with The Scorefix Company and usage of The Scorefix Company’s service offerings, the Applicable Party shall at all times comply with the requirements for the receipt, compilation and reporting of information as prescribed by the NCA and other applicable Laws.
  5. INFORMATION SECURITY
    1. The Applicable Party shall ensure that all persons accessing The Scorefix Company’s services on its behalf have been duly authorised by the Applicable Party to do so. In addition, the Applicable Party shall ensure that only it or its authorised representatives have access to any PIN and/or password PIN issued for the purposes of requesting The Scorefix Company services. The Applicable Party shall be liable for transactions, fees and other costs arising out of the use by any person of The Scorefix Company’s services via the PIN and/or Password whether or not such use is or has been authorised by the Applicable Party.
    2. The Applicable Party shall notify The Scorefix Company in writing of any breach or attempted breach of security of which the Applicable Party may become aware or ought to have become aware of and the Applicable Party shall take reasonable steps to prevent a recurrence thereof and to mitigate the effects of such breach. The Scorefix Company shall be entitled to fully investigate such breach or attempted breach and the Applicable Party shall give The Scorefix Company its full co-operation with such investigation. Furthermore, the Applicable Party shall be liable for transactions, fees and other costs arising out of the use by any person of the The Scorefix Company services including use of such services arising from a security breach in accordance with applicable Laws.
    3. The Applicable Party shall install, implement and maintain the necessary software and IT security systems to ensure that no destructive elements are introduced into The Scorefix Company’s systems. Destructive Elements means code that –
      1. is intentionally designed to disrupt, disable, harm or otherwise impede in any manner, including aesthetic disruptions or distortions, the operation of The Scorefix Company’s software, hardware, computer systems or networks, or any other associate hardware, software, firmware, computer system or network used in relation to The Scorefix Company’s services; or
      2. would disable The Scorefix Company’s software, hardware, computer systems or network or impair in any way their operation based on the elapsing of a period of time, exceeding the authorised number of copies, advancement to particular date or numeral; or
      3. would permit an unauthorised person to access The Scorefix Company’s software, hardware, computer systems or network of and/or of third parties to cause a disruption, disablement, harm or impairment, or which contains any other similar harmful, malicious or hidden procedures, routines or mechanisms which would cause such programs to cease functioning; or that can cause damage to data, storage media, programs, equipment or communications, or otherwise interfere with the operations thereof.
  6. CONSENTS
    The Applicable Party -
    1. shall ensure that prior to submitting to and/or requesting any information from The Scorefix Company (whether directly or via a The Scorefix Company channel partner) it shall have validly obtained all consents (whether from natural or juristic persons – as applicable) that may be required in terms of the NCA and POPIA or any other applicable Laws to submit, request and/or receive such information;
    2. shall obtain upfront, written, express, ongoing and lawfully valid consent in respect of any requests for The Scorefix Company to provide monitoring and account management services; and
    3. shall retain and store all consents obtained and be able to make same available to The Scorefix Company without delay if ever requested.
  7. SUBMISSION OF DATA TO The Scorefix Company
    1. The Applicable Party shall ensure that any information requested from or submitted to The Scorefix Company, whether directly or indirectly -
      1. shall contain, in relation to a natural person, the minimum criteria as set out in Regulation 19(1) of the NCA; and
      2. shall contain, in relation to a juristic person, the juristic person’s registered and trading name; registration number, registered address, physical and postal address.
    2. When submitting any information to The Scorefix Company, whether directly or indirectly, the Applicable Party shall -
      1. be lawfully entitled to submit such information to The Scorefix Company; and
      2. ensure that all information reported to The Scorefix Company is accurate, up-to-date, relevant, complete, valid and not duplicated.
    3. The Applicable Party shall under no circumstances submit the following information to The Scorefix Company –
      1. contact information (viz. Mobile, work tel numbers and email address) that is not accurate, up-to-date, complete and valid in respect of each data subject;
      2. any financial information (viz. Income and expenses) that is not accurate, up-to-date, complete and valid in respect of each data subject;
      3. consumer credit information that is not accurate, up-to-date, complete and valid in respect of each data subject;
      4. E-Tolls and road traffic fines information that is not accurate, up-to-date, relevant, complete, valid and not duplicated;
      5. deeds and property valuation information that is not accurate, up-to-date, relevant, complete, valid and not duplicated; and
      6. motor vehicle and vehicle valuation information that is not accurate, up-to-date, relevant, complete, valid and not duplicated.
    4. The Applicable Party will fully and timeously co-operate with The Scorefix Company’s requests for credible evidence related to any information set out in 7.3 above. Should an Applicable Party fail to respond to The Scorefix Company within 7 (seven) business days, the Applicable Party will be in breach of this agreement.
  8. USE OF INFORMATION
    1. All information received as part of services provided by The Scorefix Company shall:
      1. be used by the Applicable Party solely and exclusively for a purpose permitted in terms of the NCA and POPIA. The Applicable Party shall not, whether directly or indirectly, sell or use any such information for any commercial purpose; and
      2. be for the Applicable Party's exclusive one-time use, which usage shall be strictly related to the lawful purpose for which the service is intended.
    2. The Applicable Party shall only access a person’s information for the purposes of assessing an employment application where that person has (a) consented to such access; AND (b) is being considered for a position that requires honesty in dealing with cash or finances, and where the job description of such position has been clearly outlined in the applicable contract of employment.
    3. In the event that The Scorefix Company is entitled to procure and supply payslip and salary information, the Applicable Party -
      1. acknowledges that payslip and salary information may only be requested and used for lawful purposes.
      2. shall, where it has requested such information from The Scorefix Company, have obtained the prior written consent necessary to authorise The Scorefix Company to access and retrieve a person’s payslip and salary information (a) from the relevant payroll companies, or (b) from The Scorefix Company, for any lawful purpose (as the case may be); and
      3. shall not share, distribute, alter or disseminate the payslip and salary information received by it from The Scorefix Company to any third party whatsoever.
  9. THE PARTIES OBLIGATION CONCERNING PROTECTION OF PERSONAL INFORMATION
    1. It is recorded that, pursuant to the obligations under this policy, either Party will Process Personal Information of Data Subjects in connection with and for the purposes of the provision of The Scorefix Company’s services and will act as the other Party’s Operator.
    2. Unless required by Law, each Party shall Process the Personal Information only:
      1. in compliance with this policy;
      2. for the purposes connected with the provision of the Services as provided for in any agreement or contract with The Scorefix Company or as specifically otherwise instructed or authorised by the other Party in writing;
      3. to the extent permissible in terms of applicable Laws; and
      4. in accordance with The Scorefix Company’s technical and organisational security measures (which may be communicated and/or updated from time to time).
    3. The Parties shall treat the Personal Information that comes to their knowledge or into their possession as confidential and shall not disclose it without the prior written consent of the other Party, unless permissible by law. For avoidance of doubt, the provisions of any agreement or contract with The Scorefix Company in relation to Confidential Information or any non-disclosure policy, or the provisions regarding confidentiality contained in any agreement or contract with The Scorefix Company, as the case may be, entered into between the Parties shall with the necessary changes, apply to this policy.
    4. Without limiting either Party’s obligations under this policy, each Party shall comply with applicable regulations and any Laws, in relation to the safeguarding of Personal Information, which may apply to it.
    5. Each Party shall:
      1. take steps to keep abreast and ensure that it and its Staff comply fully with all applicable laws and regulations that are applicable to the Services;
      2. limit the Processing of and access to the Personal Information to those Staff who need to know the Personal Information to enable the rendering of the Services;
      3. deal promptly, but at all times without exceeding 5 (five) business days, with all reasonable inquiries from the other Party relating to its Processing of the Personal Information;
      4. immediately inform the other Party of its inability to comply with the other Party’s instructions and this clause 9, in which case the other Party is entitled to suspend the other’s Processing of Personal Information and/or terminate any agreement or contract with The Scorefix Company;
      5. provide the other with full co-operation and assistance in relation to any requests for access to, correction of or complaints made by the Data Subjects relating to their Personal Information;
    6. Each Party (the “Notifying Party”) shall notify the other Party in writing:
      1. within 1 (one) business day or otherwise as soon as reasonably possible, if any Personal Information under the control of the Notifying Party as a result of a Contract has been or may reasonably believe to have been accessed or acquired by an unauthorised person or if a breach has occurred with reference to the Notifying Party’s use of the Personal Information under this policy, furnish The Scorefix Company with details of the Data Subjects affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the Personal Information as well as with daily reports on progress made at resolving the compromise;
      2. of any request by a Data Subject for correction of the Personal Information, or complaints received by the Applicable Party, relating to any Personal Information submitted by The Scorefix Company in relation to that Data Subject’s obligations in terms of POPIA and provide The Scorefix Company with full details of such request or complaint; and
      3. to the extent lawfully permissible, promptly of any legally binding request for disclosure of Personal Information or any other notice or communication that relates to the Processing of the Personal Information from any supervisory or governmental body.
    7. Each Party acknowledges and agrees that the other Party retains all right, title and interest in and to the Personal Information.
  10. AUDIT RIGHTS
    1. The Scorefix Company shall have the right to audit the Applicable Party’s Processing facilities in respect of the services, upon separate and specific written policy regarding such audit first being reached with the other Party on each occasion, at least once per year or if there is a reasonable suspicion that the Applicable Party is not complying with the provisions of this policy or where there is a suspicion that the confidentiality, integrity and accessibility of Personal Information is likely to be compromised. The Party being audited shall offer reasonable assistance and co-operation to the other Party and/or its auditors or inspectors in the carrying out of such auditing exercise. Nothing in this clause 10 should be read as providing either Party with unlimited access to audit the other Party without just cause. If an audit takes place, The Scorefix Company shall have no right of access to any confidential information of the Applicable Party’s clients or to any confidential information in general (including Personal Information The Scorefix Company is not responsible for in terms of POPIA or the NCA)
  11. RETURN AND RETENTION OF PERSONAL INFORMATION
    1. Each Party (“requesting Party”) may, at any time on written request to the other Party, require, where it is practically and lawfully possible, that (a) the other Party immediately return to it any Personal Information and may, in addition, require that the other Party furnish a written statement to the effect that upon such return, it has not retained in its possession or under its control, whether directly or indirectly, any such Personal Information or material; or (b) as and when required by the requesting party on written request, destroy all such Personal Information and material and furnish The Scorefix Company with a certificate of destruction to the effect that the same has been destroyed. Where, by the nature of the services that the other Party provides to different clients, the return of information or destruction thereof is not possible, the Party shall provide the requesting Party with written reasons as to why this is the case and seek to reach written policy with the requesting Party as to how to regulate the relevant Personal Information going forward.
    2. Each Party shall comply with any request in terms of this clause 11 within 7 (seven) business days of receipt of such request.
  12. INDEMNITIES
    1. Subject to the provisions contained in any agreement or contract with The Scorefix Company, each Party hereby indemnifies and holds the other Party harmless from any and all losses arising from any claim or action brought against the other Party arising from or due to the one’s Party’s breach of its obligations set out in this policy or any law with respect to the protection of Personal Information.
  13. CONFIDENTIALITY
    1. The Parties agree and undertake –
      1. Except as permitted by this policy, not to disclose or publish any Confidential Information (which for purposes of this clause shall mean any information or data (a) which by its nature or content is identifiable as confidential and/or proprietary to either Party and/or any third party; or (b) which is provided or disclosed in confidence by the one Party (“Disclosing Party”) to the other Party (“Receiving Party”); and (c). which Disclosing Party or any person acting on its behalf may disclose or provide to Receiving Party or which may come to the knowledge of Receiving Party by whatsoever means) in any manner for any reason or purpose whatsoever without the prior written consent of the other Party and provided that in the event of the Confidential Information being proprietary to a third party, it shall also be incumbent on the Parties to obtain the consent of such third party;
      2. Except as permitted by this policy, not to utilise, employ, exploit or in any other manner whatsoever use the Confidential Information for any purpose whatsoever without the prior written consent of the other Party and provided that in the event of the Confidential Information being proprietary to a third party, it shall also be incumbent on the Applicable Party to obtain the consent of such third party;
      3. To restrict the dissemination of the Confidential Information to only those of each Party’s staff who are actively involved in activities for which use of Confidential Information is authorised and then only on a “need to know” basis and each Party shall initiate, maintain and monitor internal security procedures reasonably acceptable to the other to prevent unauthorised disclosure by its staff; and
      4. To take all practical steps, both before and after disclosure, to impress upon its staff who are given access to Confidential Information the secret and confidential nature thereof.
    2. The obligations of each Party with respect to each item of Confidential Information shall endure for an indefinite period from receipt of that item of Confidential Information. The obligations referred to in this clause 13 shall endure notwithstanding any termination of this policy, any other policy entered into between the Parties or any discussions between the Parties.
    3. Each Party hereby indemnifies and holds the harmless from any and all losses arising from, or in connection with, any claim or action arising from the other Party’s breach of any obligation with respect to Confidential Information.
  14. BREACH AND TERMINATION
    1. In the event of either of the Parties committing a breach of any of the conditions of this policy and failing to remedy such breach within 7 (seven) business days of receipt of a notice from the other Party requesting it to remedy such breach, then the other Party shall be entitled to cancel this entire policy forthwith and claim such losses as it may have suffered. In the event of termination of this policy, the Party terminating this policy shall have a right to also exercise its rights of termination under any agreement or contract with The Scorefix Company.
    2. Notwithstanding anything to the contrary contained in this policy, the Parties shall be entitled to terminate this policy by mutual agreement in writing.
    3. The provisions of this clause 14 shall not affect or prejudice any other rights/remedies which the Parties may have in law or in any other written agreement or contract between the Parties.
  15. INFORMATION REQUESTED IN RESPECT OF JURISTIC PERSONS AND THEIR PRINCIPALS.
    1. The Applicable Party acknowledges that in the event that it requests information in relation to any juristic person/s, the relevant report to be provided to it may contain information relating to that juristic person’s directors, senior leadership and/or key stakeholders in the business (“Principals”). The Applicable Party shall be (a) fully authorised, as required by all applicable Laws, to obtain the information in respect of the Principals; and (ii) in the event that it requests information relating to both juristic persons and their Principals, be fully compliant with the requirements as set out in Regulation 18(5) of the NCA. It shall furthermore have obtained all required consents for obtaining and having sight of information regarding the Principals.
  16. CONSEQUENCES OF TERMINATION
    1. The termination of this policy shall not affect the rights of either of the Parties that accrued before termination of this policy or which specifically survives the termination of the policy.
    2. Upon termination of this policy and upon request by either Party, the other Party shall return or destroy any material containing, pertaining or relating to the Personal Information disclosed pursuant to this policy to the requesting Party. Such request will be regulated in accordance with clause 18 and/applicable Laws pertaining to the Processing of Personal Information.
  17. WAIVER
    1. Failure or delay by either Party in exercising any right will not constitute a waiver of that right.
    2. No waiver of any of right under this policy will be binding unless it is in writing and signed by the Party waiving the right.
  18. SEVERABILITY
    1. If any part of this policy is found to be invalid or unenforceable, it shall be severed from the remainder of this policy, which shall remain valid and enforceable.

Last revised – June 2021

The Scorefix Company

503623

Total No. Of Clients Assisted To Date

266430

Client’s we increased scores for with SCOREFIX

181211

Client’s on Blacklist Protection with CREDITCOVER

212459

Client’s whose names were cleared at all Credit Bureau