Sarafa Data Protection Policy
1. Introduction
Sarafa Ltd ("we," "us," or "our") is committed to protecting the privacy and confidentiality of our users' personal data. This policy outlines how we collect, use, and safeguard personal information in compliance with applicable laws in South Sudan, including any future regulations, and in accordance with international best practices such as the General Data Protection Regulation (GDPR) and the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention).
2. Scope
This policy applies to all users of Sarafa’s services, including but not limited to customers, partners, and employees. It governs the collection, processing, and storage of personal data in the course of providing our services.
3. Legal Basis for Data Processing
We process personal data based on:
- Consent: Users must provide clear and explicit consent before their data is collected and processed.
- Contractual Necessity: Personal data is processed to fulfill contractual obligations, such as processing remittances.
- Legal Obligation: We process data as required to comply with South Sudanese laws and other applicable regulations.
- Legitimate Interest: In cases where processing is necessary for legitimate business interests, provided it does not override users' fundamental rights and freedoms.
4. Type of Data Collected
We may collect the following types of personal data:
- Identity Data: Name, date of birth, national identification number, or passport number.
- Contact Data: Email address, phone number, and residential address.
- Financial Data: Bank account information, transaction history, and details required to facilitate payments.
- Technical Data: IP address, device information, and browser type for security and optimization purposes.
5. Purpose of Data Collection
Sarafa collects and processes personal data for the following purposes:
- To provide and improve our services, including processing and completing remittance transactions.
- To verify user identity and comply with legal obligations related to anti-money laundering (AML) and counter-terrorism financing (CTF).
- To communicate with users regarding updates, notifications, and service enhancements.
- To maintain security, detect fraud, and prevent misuse of our platform.
6. Data Sharing and Third-Party Access
Sarafa will not share or disclose personal data to third parties unless:
- We have obtained the user's explicit consent.
- It is necessary to comply with a legal obligation, such as cooperating with law enforcement agencies.
- It is required to fulfill the terms of service, such as sharing data with payment processors or financial institutions for completing transactions.
All third-party partners and service providers are bound by contractual agreements to ensure the protection and confidentiality of personal data.
7. Data Security
We implement appropriate technical and organizational measures to ensure the security and integrity of personal data. This includes encryption, secure servers, firewalls, and regular security audits to protect against unauthorized access, loss, or damage.
8. Data Rentention
Sarafa will retain personal data for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and resolve disputes. Data that is no longer needed will be securely deleted or anonymized.
9. User Right
Under South Sudanese law and applicable international standards, users have the following rights:
- Access: Users may request access to the personal data we hold about them.
- Rectification: Users have the right to correct any inaccuracies in their personal data.
- Erasure: Users may request the deletion of their personal data, subject to legal and contractual obligations.
- Restriction: Users may request the limitation of the processing of their personal data in certain circumstances.
- Portability: Users can request the transfer of their personal data to another service provider.
Requests to exercise these rights should be directed to our Data Protection Officer at [contact details].
10. International Data Transfers
Where necessary, Sarafa.io may transfer personal data to countries outside South Sudan. We ensure that any such transfer is conducted with adequate safeguards in place, including compliance with international data protection standards.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyze platform performance, and customize content. Users can manage their cookie preferences through their browser settings.
12. Compliance with South Sudanese Laws
Although South Sudan currently lacks a comprehensive data protection framework, Sarafa is committed to adhering to any applicable legal obligations related to privacy and data protection. Such as Article 22 of the transitional constitution of South Sudan which protects the right to privacy. We also follow international best practices to ensure the highest standard of user data security.
13. Policy Updates
Sarafa reserves the right to update this Data Protection Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Users will be notified of any significant updates through our platform.
14. Contact Information
If you have any questions or concerns regarding this policy or your personal data, please contact our Data Protection Officer at: - Email:
[email protected] - Address: Sarafa,Addis Ababa road, Juba, South Sudan Effective Date:30th march 2024 Last Updated:30th August 2024