Effective Date: [6th March 2025]

1. Introduction

Fundoh (“we,” “our,” or “us”) is committed to protecting the privacy and security of our clients’ personal and business data. This policy outlines how we collect, store, process, and safeguard data in compliance with South Africa’s Protection of Personal Information Act (POPIA) and other relevant data protection regulations.

As a growing SME-focused funding platform, we recognize the importance of ensuring that data privacy is upheld while maintaining efficient financial operations.

2. Scope

This policy applies to all individuals and businesses interacting with Fundoh, including:

• SMEs applying for funding
• Funding partners and financial institutions
• Employees, contractors, and third-party service providers

3. What Data We Collect

We only collect essential data required for funding applications and business services, including:

Personal Information

• Full name
• Contact details (phone, email)
• Identity number (for verification and compliance)
• Financial and credit information

Business Information

• Company registration details
• Business financials (bank statements, revenue reports, tax compliance)
• Funding application history

Technical Information

• IP address, website activity, and cookies (for analytics and security)

4. How We Use Data

Fundoh collects and processes data for legitimate business purposes, including:

• Matching SMEs with appropriate funding partners
• Assessing funding eligibility and financial risk
• Complying with legal and regulatory requirements
• Communicating funding updates and business opportunities
• Enhancing user experience on our platform

5. Data Protection Measures

We implement strict security measures to prevent data breaches, unauthorized access, and misuse. These include:

• Encryption: Sensitive financial and personal data is encrypted during transmission and storage.
• Access Control: Only authorized employees and verified funding partners can access specific data.
• Regular Security Audits: We continuously monitor and update our security infrastructure.
• Third-Party Compliance: Any external service providers we engage must comply with POPIA and adhere to strict data protection protocols.

6. Data Sharing & Third-Party Access

Fundoh only shares SME data with:

• Funding Partners – To facilitate funding applications.
• Regulatory Authorities – If legally required to do so.
• Third-Party Service Providers – For analytics, fraud prevention, and platform functionality (e.g., cloud hosting).

We never sell or distribute SME data to advertisers or unauthorized third parties.

7. Data Retention Policy

We retain SME data only for as long as necessary to fulfill the purpose it was collected for, including legal, regulatory, and operational requirements. Data retention periods are:

• Successful funding applications: Up to 5 years post-approval (for compliance & auditing).
• Unsuccessful applications: 12 months before secure deletion.
• Inactive accounts: Automatically removed after 2 years of inactivity.

8. Data Subject Rights

Under POPIA, SMEs have the right to:

• Request access to their stored data.
• Request corrections to inaccurate data.
• Request deletion of unnecessary personal data.
• Withdraw consent for certain types of data processing.

Requests can be made by contacting our Data Protection Officer at [Insert Email].

9. Handling Data Breaches

In the event of a data breach, we will:

• Assess the impact and immediately secure affected data.
• Notify affected parties and regulatory authorities within 72 hours.
• Mitigate risks by strengthening our security protocols.

10. Policy Review & Updates

This policy is reviewed annually and updated when necessary to reflect regulatory changes and company growth.

11. Contact Information

For inquiries regarding this Data Protection Policy, SMEs can contact:

Fundoh Data Protection Officer
[Rory Austin]
[[email protected]]
[+1 (281) 203-9086] US line