Data Protection in South Africa FAQs

security icon

Privacy FAQs

cubersecurity icon


What kind of Personal information is in PayU South Africa’s possession?

The scope of Personal information we process about you will depend whether you use PayU payment services as a merchant, or you submit a request to us or you visit our PayU South Africa website. We may collect the following categories of personal information account log in information, contact information, financial information, transactional information, usage and technical information.  You can read more here.

What are my rights under the Protection of Personal Information Act, 2013?

Please click on this link, you will be taken directly to section in our Privacy Statement on what your individual rights are and you can submit a request relating to POPIA and your personal information that is processed by PayU South Africa.

Why does PayU need my email address?

We may need your email address in order to register and process your payment with our merchants. Your email can be also needed when you want to log-in to relevant PayU South Africa’s services.

Why does PayU need my mobile number?

We may need your email address in order to register and process your payment with our merchants. Your email can be also needed when you want to log-in to relevant PayU South Africa’s services.

How does PayU protect my personal information and keep my personal information secure?

The security of your personal information is important to us. We take legal, technical and organizational measures that we consider necessary in order to maintain the confidentiality and security of your personal information, with due regard to the applicable obligations and exceptions under the POPIA and other applicable legislation in force.


We follow the payments industry standards regarding the protection of payment card information. PayU is regularly audited to maintain the highest level of security certification with the Payments Card information Security Standard Council (PCI) in respect of protecting card data.

What is the purpose of processing my personal information by PayU?

PayU may need to process your personal information for purposes related to the payment services you have subscribed to from PayU and meet relevant legal obligations resulting from providing you such services.

Which companies may have access to my Personal information and when?

We may engage external vendors who support our infrastructure or our processes necessary to render you payment services. Each such vendor is bound with confidentiality and security obligations in order to protect your personal information.


We may also share your personal information with other payment providers engaged in the process of rendering you the payment services eg. Banks, payment schemes like Visa, Mastercard or Diners Club.

Why do you share my personal information with other companies?

We may need to share your personal information with our vendors so they can provide services to us or to provide us the infrastructure we need to serve your payments.

We may be also obliged to share your personal information with entities that are authorised to receive it under the applicable provisions of law, including relevant judicial authorities subject appropriate request process such as a subpoena or court order.


We may also share your personal information with other payment providers engaged in the process of rendering you the payment services eg. Banking partners, payment services partners and payment schemes like VISA or Mastercard.

How long do you keep my personal information for?

We may store your personal information for as long as required for the fulfilment of the purposes for which we collected it. The retention of Personal information by us is determined by considering compliance with legal (contractual or statutory requirements), accounting and compliance reporting requirements under South African law.

Can I remove personal information that PayU holds about me and how?

Yes. You have the right to have your personal information removed if your personal information is no longer needed for its original purpose and no other lawful purpose exists. You may ask us about how we process your personal information by contacting us through our Privacy Portal


PayU may not immediately fully remove all your personal information. As financial and payments services provider we have a legal duty to store payment transaction data for a mandatory period of time under applicable laws in South Africa or in the world e.g., to prevent anti-money laundering and combat anti-corruption and financing of terrorism.  However we do not keep personal information for longer than is required.

What does POPIA stand for?

The Protection of Personal Information Act 4 of 2013. It is also often called “POPI”.

What is the purpose of POPIA?

The purpose is to regulate the processing of Personal Information. It is aimed to encourage the flow of information in a secure, lawful and responsible manner. The spirit of POPIA is to ensure that organisations that hold and process personal information do so carefully and with respect for the rights and interests of the people to whom it pertains.

Who does POPIA apply to?

Public and Private Sector, Natural and Juristic persons (meaning registered companies and organisations) Paper and electronic records.

What is considered personal information?

Personal information is information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.

Any information about an identifiable human being or an identifiable company.


Examples of personal information include: race, gender, sex, marital status, nationality, sexual orientation, age, physical or mental health, disability, religion, language, education, medical, financial, employment information, ID number, email, address, telephone number, location information, blood type, biometric information, personal opinions, preferences, private or confidential correspondence, and views or opinions of another person.

Why did POPIA come into effect?

It is becoming more difficult to protect the privacy of information, as information becomes more vulnerable to new threats that keep emerging. Privacy is a fundamental human right under the South African Constitution.


Worldwide data protection is also becoming more recognised as a fundamental business practice which cannot be ignored.


You can read about the importance of a global privacy program here.

Who is the PayU South Africa’s Information Officer?

The registered Information Officer for PayU South Africa listed in our PAIA manual accessible here.