Privacy Policy

1. Introduction

1.1. This Privacy Policy explains how Doto South Africa (PTY) LTD (“Doto”, “controller”, “we,” “our” or “us”), licensed by Financial Services Commission, Mauritius pursuant to section 29 of the Securities Act 2005 and Rule 4 of the Securities (Licensing) Rule 2007, collects, uses, discloses, and transfers personal data that has been provided to us. Personal Data about individuals (collectively, “users”, “data subject” “your “or “you”) means any information relating to an identified or identifiable natural person.
1.2. Doto offers and provides its services to individuals based in various countries and as such we are subject to the data protection law in South Africa and in some circumstances, to foreign data protection law and regulations when we deal with a foreign citizen.
1.3. Our Privacy Policy must be read together with any legal notices or terms and conditions which may be available on other pages of our website. Unless otherwise superseded by alternative terms and conditions (such as in the Client agreement), the method is in which the user's personal information is collected, used, distributed, and maintained will be following this policy.
1.4. For any questions you can contact our Data Protection Officer: info-za@doto.com.
1.5. In course of business relations Doto can be qualified as a Joint Controller with Doto Global Ltd. For joint processing activities, liability is shared jointly, according to the signed agreement between the legal entities.

2. Definitions

2.1. “Controller” means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision making power with respect to the processing.
2.2. “Consent” means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed.
2.3. “Data Subject” means an identified or identifiable individual (hereinafter referred to as “users” “your “or “you”), in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
2.4. “Personal Data” means any information relating to a data subject.
2.5. “Processing” means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.6. “Processor” means a person who, or public body which, processes personal data on behalf of a controller.
2.7. “Third party” means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorized to process personal data.

3. Personal Data we collect and hold about you

3.1. We collect and process different categories of your Personal Data as described below.

Purpose

Data categories

Legal Grounds

Provision of services, including account management

All Data, except Audio and Video Data, Location Data, Marketing and Communication Data, Conformity Data, Usage Data, Technical Data

Contract

Provision of support services, including communication about possible legally significant consequences

Identity Data

Contact Data

Profile Data

Contract

Managing users’ complaints and resolutions

Depending on the request, it could be

Identity Data

Contact Data

Profile Data

Financial Data

Transaction Data & Purchase history

Payment Data

Economic Profile Data

KYC Data

Contract

Manage transactions (deposits, withdrawals, etc.)

Identity Data

Contact Data

Financial Data

Transaction Data & Purchase history

Payment Data

Economic Profile Data

Contract

Performing KYC/AML checks and monitoring transactions

Identity Data

Contact Data

Economic Profile Data

KYC Data

Special Categories of Data/ ‘Sensitive’ Data

Conformity Data Location Data

Conformity Data

Location Data

Legal obligation

Sharing information on suspected financial crimes, fraud and threats with law enforcement agencies and regulatory authority.

Identity Data

Contact Data

Economic Profile Data

KYC Data Special Categories of Data/ ‘Sensitive’ Data

Conformity Data

Transaction Data and Purchase history Profile Data

Legal obligation

Fraud prevention

All Data, except Audio and Video Data, Location Data, Marketing and Communication Data, Conformity Data

Legitimate interest

To defend against lawsuits and claims

All Data, except Audio and Video Data, Location Data, Marketing and Communication Data, Conformity Data

Legitimate interest

Carrying out statistical analysis

Profile Data Technical Data Usage Data

Legitimate interest

Notifying you about changes to our services

Identity Data Contact Data

Legitimate interest

Improve product support service

Identity Data

Contact Data

Profile Data

Legitimate interest

Application and web functionality improvement

Usage Data

Technical Data

Legitimate interest

Marketing and product analytics

Contact Data

Technical Data

Usage Data

Profile Data

Legitimate interest

Ensure security of the service from computer attacks and users from unauthorized access to data

All Data Categories

Legitimate interest

Personalization of our services

Profile Data

Usage Data

Technical Data

Legitimate interest

Direct marketing (sending information about promotional activities and events, etc.)

Identity Data

Contact Data

Marketing and Communication Data

Legitimate interest

Launch targeting advertising

Marketing and Communication Data

Consent

Affiliate program

Identity Data

Transaction Data and Purchase history

Consent

3.2 You consent to transfer your Personal Data to third parties as described in section 6.3 of this Privacy Policy and for following purposes: launch targeting advertising, provide affiliate program.
3.3 You have the right to withdraw your consent and use of your information by changing your account settings, closing your account, emailing info-za@doto.com to withdraw your consent at any time.
3.4 You should also be aware that we do not sell, rent, or disclose your Personal Data in exchange for money or other valuable consideration to any third parties, and we shall not incorporate such practice in our business.

4. Cookies

4.1. We and our trusted partners use cookies and other technologies in our related services, including when you visit our site or access our Services. A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services.
4.2. Our website (www.doto.com/za) uses the following types of cookies:
- 'Session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed;
- 'Persistent cookies' which are read only by our website, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in;
- 'Third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access.
4.3. For more information, please refer to the Cookie Policy.

5. Third-party collection of Personal Data

5.1. In course of marketing we use a tool called “Google Analytics” to collect information about your use of website. Google Analytics collects information such as how often users access the services, what pages they visit when they do so, etc. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.
5.2. We may also request additional information about you from our trusted third parties for AML checks and KYC verification.

6. Sharing your Personal Data

6.1. We do not rent, sell, or share your Personal Data with third parties except as described in this Privacy Policy.
6.2. We may transfer or disclose Personal Data to our subsidiaries, and other affiliated companies, and/or business introducers to provide the services you have requested and to fulfill our contractual obligations to you, and to fulfill legal and regulatory requirements.
6.3. We may share your Personal Data with third parties who process Personal Data on our behalf to provide you or us with products or services for the purposes outlined above. These third parties include:
- Affiliates;
- Professional advisers, including lawyers, insurers, auditors, translating agencies and tax advisers;
- Screening services provider and external compliance companies, including due diligence and financial crime screening databases providers;
- IT consultants and service providers, including hosting and cloud services providers;
- Card processing companies, and payment service providers, cloud storage companies;
- Other suppliers and providers of services to us, including banks, our sub-contractors agents and other entities within our group.
6.4. We may disclose Personal Data, or any information you submitted via the services of we have a good faith belief that disclosure of such information is helpful or reasonability necessary to
- Comply with any applicable law, regulation, legal process, or governmental department s request;
- Enforce our policies (including our agreement), including investigations of potential violations thereof;
- When we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal purpose;
- For the prevention, detection, investigate or take action regarding of any fraud or illegal activities or other criminal activity;
- To establish or exercise our rights to defend against legal claims;
- Prevent harm to the rights, property or safety of us, our users, yourself or any third party; or
- For the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.

7. Cross-Border transfers of your Personal Data

7.1. Where we transfer your Personal Data outside of Mauritius, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information and where required, with your consent.
7.2. We may put in place appropriate safeguards (such as contractual commitments) in accordance with applicable data protections laws to ensure that your Personal Data is adequately protected.
7.3. We may during the course of business transfer and store your personal data to a web hosting and/or cloud service provider, which may be located outside of South Africa.
7.4. You can request further details about the safeguards that we have in place in respect of transfers of Personal Data outside South Africa.

8. Retention of your Personal Data

8.1. We retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain records for a certain period of time;
- maintain business records for analysis and/or audit purposes;
- defend or bring any existing or potential legal claims;
- deal with any complaints regarding the services; and
- guidelines issued by relevant data protection authorities.
8.2. We may be required to retain records for a significant period of time (after you are no longer our customer) in accordance with certain anti-money laundering laws that require us to retain copies of the documents we used to fulfill our obligations to our client as well as supporting evidence and records of transactions with you.

9. Deletion and rectification requests

9.1 You have the right to obtain from us the rectification of inaccurate personal data, and therefore you may, at any time, request to change and update your personal data by emailing us at info-za@doto.com.
9.2 You can also request that we will correct errors or that we will delete your personal data (except personal data that we are required to keep under applicable laws and regulations) by emailing us at info-za@doto.com.
9.3. The deletion or rectification requests can be sent to us in a free form (in the body of a letter, scan, etc.) to info-za@doto.com with your full name and contact information for a quicker processing of your request. If we are not satisfied you are who you claim to be, we reserve the right to refuse to grant your requests.
9.4 Please note that personal data is deleted by default when we no longer have a legitimate purpose for the continued processing or storage of personal data, or when personal data is no longer required to be stored in accordance with applicable legal requirements.
9.5 Unless you instruct us otherwise, we retain the information we collect for as long as needed to provide the services and to comply with our legal obligations, resolve disputes and enforce our agreements. We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

10. Account deletion

10.1 You may delete your account using the user interface in the Android and iOS mobile applications or by submitting an account deletion request. At any time, you may request account deletion by sending a blank message with the words "delete account" to info-za@doto.com.
10.2 Provided that applicable laws and regulations prohibit us from deletion of all personal data, you hereby acknowledge that in case of the account deletion we will store necessary personal data, as specified above, in order to comply with applicable laws and regulations and prevent fraudulent actions and platform manipulations and other dishonest actions for the term specified in the applicable laws, regulations, and recommendations. We will take all reasonable actions in order to secure data minimization and anonymization. We will cease using your personal data for any other purposes that are not specified in the present abstract, including advertising and marketing purposes, upon account deletion.

11. Protection of your Personal Data

11.1. We take the security of our physical premises, our servers and the Website seriously and we take all appropriate technical measures using recognized security procedures and tools in accordance with good industry practice to protect your personal information.
11.2. We use technical and organizational security measures in order to protect the Personal Data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons.

12. Your Rights

12.1. Your rights in relation to the personal data include:
- Right to Access: You have the right to request a confirmation from us as to whether or not we process your personal data and forward you a copy of same. You also have the right to certain other supplementary information that this Privacy Policy is already designed to address. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information. In particular, information that is subject to legal professional privilege will not be disclosed other than to our users and as authorised by our users.
- Right to Rectification: You have the right to have your incomplete personal data completed.
- Right to Erasure: This provides for the right to have your data erased in case the processing of your personal data is not justified. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled/obliged to retain it.
- Right to Restrict: You have the right to restrict the processing of your personal data.
- Right to Object: In some cases, required by law, you may ask us to stop processing your Personal Data.
- Right of Portability: You have the right to receive the Personal Data concerning you in a structured, commonly used, and machine-readable format and/or transmit those Personal Data to another data controller.
- Withdrawal of consent: You have the right to withdraw your consent at any point in time, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- Right to Complaint: You have the right to lodge a complaint regarding the processing of your personal data by us.
12.2. If you want to exercise your rights or you are unhappy with the way in which your Personal Data has been processed or should you have any questions regarding the processing of your Personal Data, you may refer in the first instance to the Data Protection Officer, who is available, at the following email address: info-za@doto.com or you can write to the address below: Atrium on 5th, 9th Floor, 5th Street, Sandton, Johannesburg, 2196, South Africa, Office number 9053.
12.3. Your requests can be sent to us in a free form (in the body of a letter, scan, etc.) to info-za@doto.com with your full name and contact information for a quicker processing of your request. In case of doubt of your identity, we may ask you to justify it by enclosing a copy of any identity document. If we are not satisfied you are who you claim to be, we reserve the right to refuse to grant your requests.

13. Changes to this Privacy Policy

13.1. The Website and/or any other information displayed on the Website may change from time to time. As a result, at times it may be necessary for us to make changes to the Website and this Privacy Policy. You will be notified of important changes to the Privacy Policy regarding the purposes of the processing, the identity of the controller, how rights are exercised, and cross-border transfers. Such notification will be made within a reasonable time before the changes take effect.
13.2. You may request a copy of this privacy policy from us using the contact details set out above. If we change this privacy policy, the updated version will be posted on our website in a timely manner.

14. Contact us

If you have questions, complaints or concerns regarding the way in which your Personal Data has been used, please contact:
Data Protection Officer Doto South Africa (PTY) LTD Atrium on 5th, 9th Floor, 5th Street, Sandton, Johannesburg, 2196, South Africa, Office number 9053 Email: info-za@doto.com
Copyright © 2023. All rights reserved.