Siglonet Payment Gateway - Privacy Policy

Last Updated: May 20, 2025

Siglonet Lda. ("Siglonet," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website ("Website") and use our payment gateway services ("Services"). This Privacy Policy describes how we collect, use, process, and disclose your information in connection with your access to and use of our Website and Services.

By using our Website or Services, you agree to the collection and use of your information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Website or Services.

1. Who This Policy Applies To

This Privacy Policy applies to:

• Merchants: Individuals or businesses that register for and use Siglonet's payment gateway Services to process payments.
• Website Visitors: Individuals who browse our Website.
• Buyers (End-Users of Merchants): Individuals who make payments through a Merchant using Siglonet's Services.

2. Information We Collect

We collect various types of information, including personal data, to provide and improve our Services. The type of information we collect depends on how you interact with us.

2.1. Information You Provide to Us Directly:

• For Merchants:
  • Contact Information: Name, email address, phone number, postal address.
  • Business Information: Company name, business type, registration details, tax identification numbers, industry.
  • Financial Information: Bank account details for payouts, information related to your acquiring bank.
  • Identity Verification Information (KYC/AML): Copies of identification documents (e.g., ID card, passport), proof of address (e.g., utility bills), beneficial ownership information.
  • Account Credentials: Username and password for your Siglonet account.
  • Communications: Information you provide when you communicate with our customer support, send us feedback, or participate in surveys.
• For Website Visitors:
  • Contact Information: Name, email address, phone number (if you use contact forms or subscribe to newsletters).
  • Communications: Information you provide when you communicate with us.

2.2. Information We Collect Automatically (for Merchants, Buyers, and Website Visitors):

• Device and Usage Information: IP address, browser type and version, operating system, device identifiers, language settings, access dates and times, referring URLs, and how you interact with our Website and Services (e.g., pages viewed, features used).
• Transaction Information (primarily for Buyers via Merchants): When a Buyer makes a payment through a Merchant using Siglonet's Services, we collect transaction details, including:
  • Payment Instrument Details: Encrypted or tokenized credit/debit card numbers, expiration dates, card type. (Siglonet adheres to PCI DSS and does not store sensitive cardholder data like CVV/CVC codes).
  • Transaction Amount and Currency.
  • Date and Time of Transaction.
  • Merchant ID and Transaction ID.
  • Buyer's Information: Where provided by the Merchant, this may include Buyer's name, email, billing address, and shipping address.
• Cookies and Tracking Technologies: We use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect information about your Browse activities, preferences, and to enhance your experience. For more details, please see our Cookie Policy (if separate) or the "Cookies and Tracking Technologies" section below.

2.3. Information We Receive from Third Parties:

• Identity Verification Services: We may receive information from third-party identity verification services to verify Merchant identities as part of our KYC/AML compliance.
• Financial Institutions: Information from acquiring banks, payment networks, and fraud prevention services related to transactions, chargebacks, or disputes.
• Publicly Available Sources: We may collect information from public databases or commercial data sources to supplement the information we collect.

3. How We Use Your Information

We use the information we collect for various purposes, primarily to provide, maintain, protect, and improve our Services. Our legal basis for processing your data generally includes:

• The necessity to perform a contract with you (e.g., providing payment gateway services).
• Compliance with legal obligations (e.g., KYC/AML, tax laws).
• Our legitimate interests (e.g., improving our services, preventing fraud, marketing), where these do not override your fundamental rights and freedoms.
• Your consent (where applicable and specifically obtained).

3.1. To Provide and Operate the Services:

• To process payment transactions between Buyers and Merchants.
• To create and manage Merchant accounts.
• To facilitate payouts to Merchants.
• To provide customer support and respond to inquiries.
• To perform fraud detection and prevention.
• To resolve disputes, including chargebacks.

3.2. For Security and Compliance:

• To verify your identity and conduct background checks (KYC/AML).
• To comply with legal, regulatory, and industry standards (e.g., PCI DSS).
• To detect, prevent, and investigate fraudulent or unauthorized activities.
• To enforce our Terms of Use and other policies.

3.3. To Improve and Develop Our Services:

• To understand how users interact with our Website and Services.
• To analyze trends and conduct research to enhance features and functionalities.
• To personalize your experience.

3.4. For Communication and Marketing:

• To send you service-related announcements, updates, and administrative messages.
• To send you marketing communications about Siglonet's products and services that may be of interest to you (you can opt-out at any time).
• To deliver targeted advertisements (where permissible).

4. How We Share Your Information

We do not sell your personal data. We share your information only as described below, with appropriate safeguards in place.

• With Service Providers: We share information with third-party service providers who perform services on our behalf, such as cloud hosting, analytics, customer support, identity verification, fraud prevention, marketing, and IT services. These providers are obligated to protect your information and use it only for the purposes for which it was disclosed.
• With Financial Institutions and Payment Networks: We share transaction data with acquiring banks, payment card networks (e.g., Visa, Mastercard), and other financial institutions involved in processing payments, for the purpose of authorizing, clearing, and settling transactions, and for fraud prevention.
• With Merchants (regarding Buyers): When a Buyer makes a payment through Siglonet, we share relevant transaction details and, where provided by the Buyer or the Merchant, Buyer's contact and billing/shipping information with the respective Merchant to complete the transaction and for the Merchant's record-keeping, customer service, and fulfillment purposes.
• In Business Transfers: If Siglonet is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
• For Legal Reasons: We may disclose your information if required to do so by law, in response to a subpoena or court order, or if we believe in good faith that such action is necessary to:
  • Comply with a legal obligation.
  • Protect and defend the rights or property of Siglonet.
  • Prevent or investigate possible wrongdoing in connection with the Services.
  • Protect the personal safety of users of the Services or the public.
  • Protect against legal liability.
• With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. This typically includes:

• For Merchants: Your account information and transaction data will be retained for the duration of your active account and for a period thereafter as required by legal obligations (e.g., AML, tax laws) or for fraud prevention and dispute resolution.
• For Buyers: Transaction data is retained in accordance with legal and regulatory requirements applicable to payment processors, and for fraud prevention and dispute resolution.

When we no longer need your personal information, we will securely delete or anonymize it.

6. Data Security

Siglonet implements robust technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Using SSL/TLS encryption for data in transit.
• Access Controls: Restricting access to personal data to authorized personnel on a need-to-know basis.
• Regular Security Audits: Performing regular security assessments and penetration testing.
• PCI DSS Compliance: Maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) for handling cardholder data.
• Employee Training: Training our employees on data privacy and security best practices.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

7. International Data Transfers

Siglonet operates globally. Your information may be stored and processed in countries outside of Mozambique, including where our servers, affiliates, or service providers are located. These countries may have data protection laws different from those in your jurisdiction.

When we transfer your information internationally, we implement appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy and applicable laws. This may include relying on standard contractual clauses, ensuring the recipient country has been deemed to provide an adequate level of data protection, or obtaining your explicit consent.

8. Your Data Protection Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: To request a copy of the personal data we hold about you.
• Right to Rectification: To request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): To request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected).
• Right to Restriction of Processing: To request that we limit the processing of your personal data under certain circumstances (e.g., if you contest the accuracy of the data).
• Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object: To object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: To lodge a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us using the contact information provided in Section 10. We may need to verify your identity before fulfilling your request.

9. Cookies and Tracking Technologies

Siglonet uses cookies and similar tracking technologies to operate and improve our Website and Services.

• What are Cookies? Cookies are small text files placed on your device (computer, tablet, mobile) when you visit a website. They are widely used to make websites work or work more efficiently, as well as to provide information to the owners of the site.
• How We Use Cookies: We use cookies for:
  • Essential Functionality: To enable core Website features (e.g., login, security).
  • Performance and Analytics: To collect information about how visitors use our Website (e.g., pages visited, time spent) to improve its performance and design.
  • Personalization: To remember your preferences and settings.
  • Advertising: To deliver relevant ads and measure the effectiveness of our marketing campaigns.
• Your Choices Regarding Cookies: Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed. However, if you disable cookies, some features of our Website and Services may not function properly. For more detailed information, please refer to your browser's help section.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically. Your continued use of the Website or Services after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.