1. Introduction and Overview
Welcome to FinTechDiscovery (“we”, “our”, “us”, or the “Company”). We are committed to protecting your privacy and ensuring that your personal information is handled in a safe, responsible, and transparent manner.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you:
- Visit our website at www.fintechdiscovery.com (the “Website”)
- Subscribe to our newsletters
- Engage with our content, services, or platforms
- Interact with us through social media or other communication channels
- Participate in surveys, competitions, or promotional activities
FinTechDiscovery is a digital media platform focused on fintech news, insights, analysis, and trends across South Africa and the African continent. As such, we are subject to the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa as our primary regulatory framework.
Where applicable, we also adhere to international privacy standards, including principles aligned with the General Data Protection Regulation (GDPR) for users accessing our services from the European Economic Area (EEA), and emerging data protection frameworks across African jurisdictions.
By accessing or using our Website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Website immediately.
2. Who We Are
FinTechDiscovery is a registered South African entity operating as a digital media and information platform. Our primary focus is delivering timely, accurate, and insightful coverage of the fintech industry across South Africa and the broader African continent.
For the purposes of POPIA, FinTechDiscovery is the “Responsible Party” for the processing of your personal information. This means we determine the purpose and means of processing personal information collected through our platforms.
3. Scope of This Privacy Policy
This Privacy Policy applies to:
- All visitors to our Website
- Subscribers to our email newsletters and alerts
- Registered users of any FinTechDiscovery platforms or services
- Contributors, advertisers, partners, and sponsors engaging with us
- Participants in events, webinars, surveys, or competitions hosted by FinTechDiscovery
- Users interacting with us via social media platforms
This policy does not apply to third-party websites, applications, or services that may be linked from our Website. We encourage you to review the privacy policies of any third-party sites you visit.
4. Information We Collect
We collect various types of information depending on how you interact with us. This includes information you provide directly, information collected automatically, and information obtained from third parties.
4.1 Information You Provide Directly
When you engage with FinTechDiscovery, you may voluntarily provide personal information, including but not limited to:
| Category | Examples |
|---|---|
| Identity Information | Full name, title, job title, employer/organisation |
| Contact Information | Email address, phone number, physical address |
| Account Information | Username, password, account preferences |
| Professional Information | Industry sector, company size, professional interests |
| Communication Information | Correspondence, feedback, enquiries, comments |
| Financial Information | Payment details (for advertising or subscription services) |
| Event Participation | Registration details, dietary requirements, accessibility needs |
| Survey Responses | Opinions, preferences, feedback provided in surveys |
4.2 Information Collected Automatically
When you visit our Website, we automatically collect certain technical and usage information through cookies, log files, and similar technologies:
| Category | Examples |
|---|---|
| Device Information | Device type, operating system, browser type and version |
| Network Information | IP address, internet service provider, geographic location |
| Usage Information | Pages visited, time spent on pages, click patterns, referral URLs |
| Interaction Data | Links clicked, content downloaded, videos watched |
| Cookie Data | Session identifiers, preferences, tracking information |
4.3 Information From Third Parties
We may receive information about you from third-party sources, including:
- Social Media Platforms: When you interact with us via LinkedIn, Twitter/X, Facebook, or other platforms
- Business Partners: Companies with whom we collaborate on events, content, or services
- Advertising Partners: Data from advertising networks and analytics providers
- Public Sources: Publicly available information relevant to our content coverage
- Data Enrichment Services: Professional data to enhance our understanding of our audience
5. How We Collect Information
We collect personal information through various methods:
5.1 Direct Collection
- Newsletter subscription forms
- Contact forms and enquiry submissions
- User registration processes
- Event registration and participation
- Survey and feedback forms
- Competition and promotion entries
- Job applications
- Advertising and partnership enquiries
5.2 Automated Collection
- Cookies and similar tracking technologies
- Web beacons and pixel tags
- Server log files
- Analytics tools (e.g., Google Analytics)
- Social media plugins and widgets
5.3 Third-Party Collection
- Social media platforms when you engage with our content
- Advertising and marketing partners
- Analytics service providers
- Event management platforms
- Payment processors
6. How We Use Your Information
We process your personal information for specific, legitimate purposes. Under POPIA, we are required to have a lawful basis for each processing activity. Our purposes include:
6.1 Service Delivery and Communication
| Purpose | Description | Legal Basis (POPIA) |
|---|---|---|
| Newsletter delivery | Sending subscribed email content | Consent |
| Content personalisation | Tailoring content to your interests | Legitimate interest |
| Customer support | Responding to enquiries and requests | Contract/Consent |
| Account management | Managing user accounts and preferences | Contract |
6.2 Website Operations and Improvement
| Purpose | Description | Legal Basis (POPIA) |
|---|---|---|
| Website functionality | Ensuring the Website operates correctly | Legitimate interest |
| Analytics and insights | Understanding user behaviour and preferences | Legitimate interest |
| Security measures | Protecting against fraud and abuse | Legal obligation/Legitimate interest |
| Technical improvements | Enhancing website performance and features | Legitimate interest |
6.3 Marketing and Advertising
| Purpose | Description | Legal Basis (POPIA) |
|---|---|---|
| Promotional communications | Sending marketing materials about our services | Consent |
| Targeted advertising | Displaying relevant advertisements | Consent/Legitimate interest |
| Event promotion | Informing you about upcoming events and webinars | Consent |
| Partner offers | Sharing relevant third-party offers (with consent) | Consent |
6.4 Business Operations
| Purpose | Description | Legal Basis (POPIA) |
|---|---|---|
| Financial transactions | Processing payments for services | Contract |
| Legal compliance | Meeting regulatory and legal requirements | Legal obligation |
| Business development | Analysing market trends and opportunities | Legitimate interest |
| Partnership management | Managing relationships with advertisers and partners | Contract/Legitimate interest |
6.5 Research and Development
| Purpose | Description | Legal Basis (POPIA) |
|---|---|---|
| Industry research | Conducting surveys and studies | Consent/Legitimate interest |
| Content development | Creating relevant and valuable content | Legitimate interest |
| Product innovation | Developing new features and services | Legitimate interest |
7. Legal Basis for Processing (POPIA Compliance)
Under the Protection of Personal Information Act (POPIA), we must have a valid legal basis for processing your personal information. We rely on the following grounds:
7.1 Consent
Where you have given clear, informed, and voluntary consent for us to process your personal information for specific purposes. You may withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.
Examples: Newsletter subscriptions, marketing communications, participation in surveys.
7.2 Contract
Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Examples: Providing subscription services, processing event registrations, managing advertiser accounts.
7.3 Legal Obligation
Where processing is necessary to comply with a legal obligation to which we are subject.
Examples: Maintaining financial records for tax purposes, responding to lawful requests from authorities.
7.4 Legitimate Interest
Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests.
Examples: Website analytics, fraud prevention, business development, content personalisation.
7.5 Protection of Legitimate Interests of Data Subject
Where processing is necessary to protect your legitimate interests.
Examples: Emergency contact in case of an incident at an event.
8. Sharing and Disclosure of Information
We may share your personal information with third parties in certain circumstances. We do not sell your personal information to third parties.
8.1 Service Providers and Partners
We engage trusted third-party service providers to assist in our operations:
| Provider Type | Purpose | Safeguards |
|---|---|---|
| Email Service Providers | Newsletter distribution | Data processing agreements |
| Analytics Providers | Website analytics and insights | Anonymisation where possible |
| Hosting Providers | Website hosting and infrastructure | Security certifications |
| Payment Processors | Processing financial transactions | PCI-DSS compliance |
| Event Platforms | Managing event registrations | Contractual obligations |
| Advertising Networks | Delivering targeted advertising | Industry standards compliance |
| CRM Systems | Managing subscriber relationships | Data processing agreements |
8.2 Business Partners
We may share information with:
- Sponsors and Advertisers: Aggregated, anonymised data for campaign reporting
- Content Partners: Information necessary for collaborative content production
- Event Partners: Registration data for co-hosted events (with your consent)
8.3 Legal and Regulatory Disclosure
We may disclose your information when required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Requests from law enforcement or government authorities
- Regulatory enquiries from bodies such as the Information Regulator
- Protection of our legal rights and interests
- Investigation of suspected fraud or illegal activities
8.4 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.
8.5 With Your Consent
We may share your information with third parties when you have expressly consented to such sharing.
9. Cookies and Tracking Technologies
9.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites function efficiently and provide information to website owners.
9.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Examples |
|---|---|---|---|
| Strictly Necessary | Essential for website functionality | Session | Login authentication, security |
| Performance | Collect anonymous usage data | Persistent | Google Analytics |
| Functionality | Remember your preferences | Persistent | Language settings, display options |
| Targeting/Advertising | Deliver relevant advertisements | Persistent | Google Ads, Facebook Pixel |
| Social Media | Enable social sharing features | Persistent | LinkedIn, Twitter widgets |
9.3 Third-Party Cookies
Our Website may include cookies from third-party services, including:
- Google Analytics: Website traffic analysis
- Google Ads: Advertising and remarketing
- Facebook/Meta: Social media integration and advertising
- LinkedIn: Professional networking and advertising
- Twitter/X: Social media integration
9.4 Managing Cookies
You can control cookies through:
- Browser Settings: Most browsers allow you to block or delete cookies
- Cookie Consent Banner: Use our cookie preferences tool to manage consent
- Opt-Out Tools: Use industry opt-out mechanisms (e.g., NAI, DAA)
Please Note: Disabling certain cookies may affect website functionality and your user experience.
9.5 Do Not Track Signals
Our Website currently does not respond to “Do Not Track” browser signals. We continue to monitor industry developments in this area.
10. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
10.1 Retention Periods
| Data Category | Retention Period | Basis |
|---|---|---|
| Newsletter Subscriptions | Until unsubscription + 6 months | Consent withdrawal |
| User Accounts | Duration of account + 2 years | Contract completion |
| Website Analytics | 26 months | Industry standard |
| Financial Records | 7 years | Legal requirement (Tax) |
| Event Registrations | 3 years post-event | Legitimate interest |
| Correspondence | 3 years | Legitimate interest |
| Cookies | As specified per cookie type | Technical requirement |
10.2 Retention Criteria
When determining retention periods, we consider:
- The nature and sensitivity of the personal information
- The purposes for which we process the data
- Legal, regulatory, and contractual requirements
- Statute of limitations for potential legal claims
- Industry best practices and standards
10.3 Deletion and Anonymisation
When retention periods expire, we will either:
- Securely delete the personal information, or
- Anonymise the data so it can no longer identify you
11. Data Security
We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.
11.1 Technical Measures
| Measure | Description |
|---|---|
| Encryption | SSL/TLS encryption for data in transit |
| Access Controls | Role-based access to personal information |
| Firewalls | Network security to prevent unauthorised access |
| Secure Hosting | Reputable hosting providers with security certifications |
| Regular Updates | Timely software and security patches |
| Backup Systems | Regular data backups with secure storage |
11.2 Organisational Measures
| Measure | Description |
|---|---|
| Staff Training | Privacy and security awareness training |
| Access Policies | Strict policies governing data access |
| Vendor Management | Due diligence on third-party service providers |
| Incident Response | Procedures for handling data breaches |
| Regular Audits | Periodic security assessments |
11.3 Data Breach Procedures
In the event of a personal information breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects where required under POPIA
- Take immediate steps to mitigate the impact of the breach
- Document the breach and our response measures
12. Your Rights Under POPIA
As a data subject, you have specific rights regarding your personal information under the Protection of Personal Information Act (POPIA). We are committed to facilitating the exercise of these rights.
12.1 Right to Access
You have the right to request confirmation of whether we hold personal information about you and to request access to that information.
12.2 Right to Correction
You have the right to request that we correct or update any inaccurate or incomplete personal information we hold about you.
12.3 Right to Deletion
You have the right to request that we delete your personal information, subject to legal and contractual limitations.
12.4 Right to Object
You have the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.
12.5 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal information in certain circumstances.
12.6 Right to Data Portability
You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format.
12.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
12.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed.
Information Regulator Contact:
- Website: www.justice.gov.za/inforeg
- Email: inforeg@justice.gov.za
- Phone: 012 406 4818
12.9 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@fintechdiscovery.com
We will respond to your request within a reasonable period, and in any event within one month as required by POPIA. We may request verification of your identity before processing your request.
13. International Data Transfers
As FinTechDiscovery operates across African jurisdictions and uses international service providers, your personal information may be transferred to and processed in countries outside South Africa.
13.1 Transfer Safeguards
When transferring personal information internationally, we ensure appropriate safeguards are in place:
| Safeguard | Description |
|---|---|
| Adequacy Decisions | Transfers to countries with adequate data protection laws |
| Standard Contractual Clauses | Approved contractual protections |
| Binding Corporate Rules | Intra-group transfer mechanisms |
| Consent | Explicit consent for specific transfers |
| Contractual Necessity | Transfers necessary to perform a contract with you |
13.2 African Data Protection Landscape
We monitor and comply with emerging data protection frameworks across Africa, including:
- Nigeria: Nigeria Data Protection Regulation (NDPR)
- Kenya: Data Protection Act 2019
- Ghana: Data Protection Act 2012
- Rwanda: Law Relating to the Protection of Personal Data
- Mauritius: Data Protection Act 2017
13.3 GDPR Compliance
For users accessing our services from the European Economic Area (EEA), we take steps to ensure GDPR-compliant processing, including appropriate transfer mechanisms and respect for enhanced data subject rights.
14. Children’s Privacy
FinTechDiscovery’s services are not directed at children under the age of 18. We do not knowingly collect personal information from children.
If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete such information from our systems.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@fintechdiscovery.com.
15. Third-Party Links and Services
Our Website may contain links to third-party websites, applications, and services that are not operated by FinTechDiscovery. These include:
- News sources and publications
- Fintech companies and service providers
- Social media platforms
- Advertising partners
- Event registration platforms
We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
The inclusion of a link does not imply endorsement of the linked site or service by FinTechDiscovery.
16. Direct Marketing
16.1 Our Approach
We may use your personal information to send you direct marketing communications about our services, content, events, and partner offers where you have consented or where we have a legitimate interest to do so.
16.2 Your Choices
You can manage your marketing preferences at any time:
| Method | How |
|---|---|
| Unsubscribe Link | Click the unsubscribe link in any marketing email |
| Email Request | Send an email to privacy@fintechdiscovery.com |
| Preference Centre | Update your preferences in your account settings |
16.3 What This Affects
Opting out of marketing communications will not affect:
- Transactional communications (e.g., account confirmations)
- Service-related announcements
- Legal or regulatory notices
17. Automated Decision-Making
We may use automated systems to process your personal information in certain circumstances:
17.1 Content Personalisation
We use algorithms to recommend content based on your browsing history and preferences. This does not produce legal or similarly significant effects.
17.2 Advertising Targeting
Automated systems may be used to display relevant advertisements based on your interests and behaviour.
17.3 Your Rights
Where automated decision-making has significant effects on you, you have the right to:
- Request human intervention
- Express your point of view
- Contest the decision
18. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.
18.1 Notification of Changes
When we make material changes:
- We will update the “Last Updated” date at the top of this policy
- We may notify you via email (if you are a subscriber)
- We may display a prominent notice on our Website
18.2 Review Recommendation
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
18.3 Continued Use
Your continued use of our Website and services after any changes constitutes acceptance of the updated Privacy Policy.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
General Enquiries
| Contact Method | Details |
|---|---|
| info@fintechdiscovery.com | |
| Website | www.fintechdiscovery.com/contact |
We aim to respond to all privacy-related enquiries within 10 business days.
20. Regulatory Information
20.1 South African Regulators
| Regulator | Jurisdiction | Contact |
|---|---|---|
| Information Regulator | Data Protection (POPIA) | www.justice.gov.za/inforeg |
| Financial Sector Conduct Authority (FSCA) | Financial Services | www.fsca.co.za |
| National Credit Regulator (NCR) | Credit Industry | www.ncr.org.za |
| South African Reserve Bank (SARB) | Banking Sector | www.resbank.co.za |
20.2 Applicable Laws
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of South Africa, including:
- Protection of Personal Information Act 4 of 2013 (POPIA)
- Electronic Communications and Transactions Act 25 of 2002 (ECTA)
- Consumer Protection Act 68 of 2008 (CPA)
- Promotion of Access to Information Act 2 of 2000 (PAIA)
21. Definitions
For the purposes of this Privacy Policy:
| Term | Definition |
|---|---|
| Personal Information | Information relating to an identifiable, living natural person or juristic person |
| Processing | Any operation concerning personal information, including collection, storage, use, and disclosure |
| Data Subject | The person to whom personal information relates |
| Responsible Party | The person who determines the purpose and means of processing personal information |
| Operator | A person who processes personal information on behalf of the responsible party |
| Consent | Voluntary, specific, and informed expression of will |
| Direct Marketing | Communication of any advertising or marketing material directed at a specific person |
This Privacy Policy was last reviewed and updated on 1 December 2025.