This page explains how Small Pay processes, protects, stores, and manages personal information in line with South Africa’s data protection requirements.
Small Pay (Pty) Ltd is committed to protecting personal information and processing it lawfully, responsibly, and transparently. This page explains how we collect, use, store, secure, and disclose personal information in connection with our website, products, and services, and how we align our practices with the Protection of Personal Information Act, 4 of 2013 (“POPIA”).
Small Pay (Pty) Ltd acts as the Responsible Party where we determine the purpose and means of processing personal information. This includes personal information collected through our website, contact forms, business enquiries, and any related service interactions.
Depending on how you interact with us, we may process personal information such as:
We process personal information only for legitimate, specific, and clearly defined purposes, including:
We do not process personal information for vague or open-ended purposes. Information is collected only where there is a clear reason for doing so.
We process personal information on one or more lawful bases, including:
We may collect personal information directly from you when you:
We may also collect limited technical information automatically through normal website usage, including analytics, cookies, and server logs.
Our website may use cookies and analytics tools to understand how visitors use the site, improve functionality, and support security and performance monitoring.
These tools help us understand usage patterns, page visits, browser behaviour, and general engagement. Where possible, this information is used in a way that does not unnecessarily identify individual users.
We do not sell personal information. We may share personal information only where necessary and appropriate, including with:
Where third parties process personal information on our behalf, they are expected to do so under appropriate confidentiality and data protection obligations.
Some of our service providers may store or process information outside South Africa. Where this happens, we take reasonable steps to ensure that appropriate safeguards are in place and that the information remains protected in line with applicable legal requirements.
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, to meet legal or regulatory requirements, or to protect legitimate business interests where appropriate.
Once information is no longer required, it will be deleted, destroyed, or de-identified as reasonably practicable.
We apply reasonable technical and organisational safeguards to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.
While we take information security seriously, no transmission or storage system can be guaranteed to be completely secure. We therefore continually work to maintain appropriate standards of protection.
Personal information is handled on a need-to-know basis and only for legitimate, relevant, and limited business purposes.
If we become aware of a compromise involving personal information, we will assess the situation, take appropriate containment and remediation steps, and provide notification where required by law.
Subject to applicable law, you may have the right to:
We do not knowingly collect personal information from children unless this is lawful and appropriate in the specific context and all required protections are in place.
We may update this page from time to time to reflect legal, operational, or service-related changes. The updated version will apply from the date it is published on the website.
If you have any questions about how your personal information is handled, or if you wish to exercise your rights, you can contact us at:
chris@smallpay.co.zaYou may also lodge a complaint with the Information Regulator of South Africa where applicable.
