Privacy Policy

1. Introduction

Welcome to LegendTags ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code payment services and website.

This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and international data protection standards.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Full name, mobile number, email address, password
• Financial Information: Bank account details for payment processing and disbursements
• Business Information: Business name, type, location (if applicable)
• Communication Data: Messages, support requests, feedback you send to us

2.2 Transaction Information

• Payment amounts and dates
• Transaction history and receipts
• QR code scan data
• Payment method used by customers

2.3 Automatically Collected Information

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, features used, time spent on platform
• Location Data: Approximate location based on IP address (with your consent)
• Cookies and Tracking: We use cookies to enhance user experience (see Section 9)

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Provision: To create and manage your account, process payments, and generate QR codes
• Payment Processing: To facilitate transactions between you and your customers
• Security: To detect and prevent fraud, unauthorized access, and illegal activities
• Communication: To send transaction confirmations, account updates, and support responses
• Improvement: To analyze usage patterns and improve our services
• Legal Compliance: To comply with legal obligations and respond to lawful requests
• Marketing: To send promotional materials (with your consent, which you can withdraw at any time)

4. Legal Basis for Processing (POPIA Compliance)

We process your personal information based on:

• Consent: When you agree to our terms and provide information voluntarily
• Contractual Necessity: To fulfill our service agreement with you
• Legitimate Interests: To improve services, prevent fraud, and ensure security
• Legal Obligation: To comply with South African financial regulations and tax laws

5. Information Sharing and Disclosure

5.1 We Share Information With:

• Payment Processors: Third-party payment gateways (Mastercard, Visa, Apple Pay, Google Pay) to process transactions
• Banking Partners: Financial institutions for fund transfers and account verification
• Service Providers: Cloud hosting, email services, customer support platforms
• Analytics Providers: To understand usage patterns (anonymized data)
• Legal Authorities: When required by law or to protect our rights

5.2 We Do NOT:

• Sell your personal information to third parties
• Share your data for unrelated marketing purposes without consent
• Disclose sensitive financial data except as necessary for service provision

5.3 Third-Party Obligations:

• All third parties are required to implement appropriate safeguards to protect your personal information in accordance with applicable data protection laws.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmission is encrypted using SSL/TLS protocols
• Secure Storage: Personal data is stored on secure servers with restricted access
• Authentication: Password-protected accounts with secure login procedures
• Regular Audits: Periodic security assessments and vulnerability testing
• Payment Card Industry (PCI) Compliance: We follow PCI DSS standards for payment data
• Access Controls: Access is restricted based on role and need-to-know principles

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6A. Data Breach Notification

In the event of a data breach that poses a risk to your personal information, we will:

• Notify Affected Users: We will notify you as soon as reasonably possible after becoming aware of a breach involving your personal information.
• Notify the Information Regulator: We will report the breach to the Information Regulator of South Africa in accordance with POPIA requirements.
• Provide Details: Notifications will include the nature of the breach, the data affected, and the steps we are taking to address it.
• Remediation: We will take prompt action to contain the breach and prevent further unauthorized access.

7. Your Rights Under POPIA

As a South African resident, you have the following rights:

• Right to Access: Request a copy of your personal information we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal information (subject to legal obligations)
• Right to Object: Object to processing of your data for direct marketing
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with the Information Regulator of South Africa

To exercise your rights, please use our Contact Page.

8. Data Retention

We retain your personal information for as long as:

• Your account is active
• Required to provide services to you
• Necessary for legal, tax, or regulatory purposes (minimum 5 years for financial records)

After the retention period, we securely delete or anonymize your data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and login status
• Analyze website traffic and user behavior
• Personalize your experience
• Prevent fraud and enhance security

You can control cookies through your browser settings. Disabling cookies may limit some website functionality.

10. Third-Party Links

Our website may contain links to third-party websites (e.g., payment processors, social media). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover such data has been collected, we will delete it immediately.

12. International Data Transfers

Your data may be processed in South Africa and other countries where our service providers operate. We ensure adequate safeguards are in place to protect your data in accordance with POPIA and international standards.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

• Email notification to your registered address
• Prominent notice on our website
• Updated "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy.

14. Consent

By using LegendTags services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent at any time by contacting us, though this may affect our ability to provide services to you.