1. Introduction

MFS Africa Limited with its group companies ("we, "us", and "our") are committed to protecting and respecting your privacy and handling your information in a secure, lawful and transparent manner.

This data exchange and privacy policy (the "Privacy Policy") applies to your use of:
1) the MTN Homeland mobile application (the "App") once you have downloaded a copy of the App onto your mobile phone or other device; and
2) any of the money transfer or airtime top-up and any other services accessible through the App (the "Services").

In this Privacy Policy, references to "you" and "your" shall have the meaning given in the Terms of Service for the App which can be accessed in the App > Account > Terms & Conditions.

We have implemented this Privacy Policy to explain how we collect, process and share personal data collected from you and what we will use it for. This Privacy Policy also sets out your rights and who you can contact for more information. Please read the following carefully to understand our commitments and practices regarding your personal data and how we treat it.

In this Privacy Policy, your information is sometimes referred to as "personal data". We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data as "processing" such personal data.

In this Privacy Policy the term "GDPR" means the European Union General Data Protection Regulation 2016/679, and
shall be read with all other applicable legislation relating to privacy or data protection.


2. Information we collect about you

2.1. We will collect and process the following data about you:

2.1.1. Information you give us. This is information you give us about you by filling in forms on the App, or by corresponding with us (for example, by email or via chat functions on the App). It includes information you provide when you register to use the App, download or register the App, subscribe to any of the Services, enter into any transaction on the App or the Website, participate in discussion boards or other social media functions on the Ap, enter a competition, promotion or survey and when you report a problem with the App, or the Services. If you contact us, we will keep a record of that correspondence. The information you give us may include your name, address, date of birth, email, computer, mobile or other device ("Device") identification number, username, password/passcode and other registration information, financial information, details of your bank account including the details of your bank cards including the long number, relevant expiry dates and CVC, identification document numbers, copies of
identification documents (for example, passport, driver's license and utility bill or bank statement), personal description and photograph and any other information you provide us in order to prove your eligibility to use the Services.

2.1.2. Information we collect about you and/or your Device. Each time you visit the App we may collect certain types of data about you. Some of them are required for us to be able to provide the Services to you. Some of them are only required for us to enhance your user experience and are not necessary for us to deliver the Services. In such case, we will ask your consent before collecting these data. Examples of both types of data include:

2.1.2.1. Technical information, including the internet protocol (IP) address used to connect your Device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, Device information, a unique Device identifier
(for example, your Device's IMEI number, the MAC address of the Device's wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting.

2.1.2.2. Analytics data. we may use mobile analytics software to allow us to better understand the functionality of our App on your Device. This software may record information about your visit, including the full uniform resource locators (URL), how often you use the App, the events that occur
within it, aggregated usage, performance data, where the App was downloaded from, clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information
(such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, Device information.

2.1.2.3. Transaction information including date, time, amount, currencies used, exchange rate, beneficiary details, sender's and receiver's name and registration information, messages sent or received with the payment, Device information used to facilitate the payment and the payment instrument used.

2.1.2.4. Information stored on your Device, including if you allow us to access contact information from your address book, login information, photos, videos or other digital content, check-ins. The App will periodically recollect this information in order to stay up-to-date.

2.1.2.5. Details of your use of our App including transaction details relating to your use of the Services, including who you have transacted with, time and date the transaction was entered into.

2.2. Location Information. We may use GPS technology and your IP address to determine your location - this may be used when the App is running in the foreground and the background of your Device. We will always obtain your consent or apply other legal basis before using your location information. If you wish to use a particular feature and we ask you for your consent to use your location data for that feature's purpose, you need to give such consent on your Device or we cannot provide you with such a feature. You can withdraw your consent at any time by disabling location permission for the App within your Device's settings.

2.3. Information to help us deliver our Service to you. We work closely with third parties in order to help us deliver our Service to you. These third parties may provide us with information about you. These third parties include business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers and developers. Information we may collect about you from such parties can include credit search information, information which helps us to verify your identity or information relating to your payment transactions. These Third Parties with whom we collaborate are either subject to or aligned with our Data Privacy and Exchange Policy and commit to obtain and process your personal information in accordance with the GDPR.


3. How we use your information and why our processing is lawful

3.1. Our primary purpose in collecting your information is to provide you with a safe, smooth, efficient, and customised experience and to provide the Services you have requested from us. We may also use the information that you have provided to ensure that the content we provide to you through the App is presented in the most effective manner for you and your Device.

3.2. The GDPR permits us to process your personal data in the way we do because the processing is:

3.2.1. necessary for the purposes of the legitimate interests that we pursue, including to run and administer our business, to prevent fraud; to provide you with the Services, to evaluate, develop or improve the Services, to keep you informed about relevant products and services you are using, to discharge our legal obligations to store and disclose information where necessary, and/or to provide you with an efficient and smooth customer experience;

3.2.2. necessary for the performance of our contract with you to provide you with the Services including to register you for a Service account or to fulfil your transaction request;

3.2.3. necessary in order to comply with a legal obligation to which we are subject; or

3.2.4. permitted by you, because you have given us your specific, informed and unambiguous consent.

3.3. In addition, other lawful purposes for which we may use your information are the following:

3.3.1. to notify you about changes to the Services;

3.3.2. to ensure that content from the App is presented in the most effective manner for you and for your Device;

3.3.3. to send you marketing communications, provided that you have given us your contact details in the course of a sale (or of negotiations for a sale) of our products or services and that you do not decide to opt out from this type of communications, in accordance with GDPR regulations;

3.3.4. to administer our App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

3.3.5. as part of our efforts to keep our App and the Services safe and secure;

3.3.6. subject to you having consented to this type of functionality, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you (for instance, we may do this through simple software called "Cookies");

3.3.7. subject to you having consented to this type of functionality, to make suggestions and recommendations to you and other users of our App about Services that may interest you; and


4. Sharing your information

4.1. The following categories of recipients may receive your personal information and process it exclusively for the purposes outlined in this Privacy Policy.

4.2. We may disclose data to provide the Services to respond to legal requirements, enforce our policies, liaise with judicial or regulatory authorities where required under applicable law, and protect our rights and property.

4.3. The personal information you provide to us may also be shared with trusted third party companies, agents, contractors, service providers or related companies, including without limitation:

4.3.1. with credit reference agencies to verify your identity or recipients of transactions through the Service, if this is necessary to provide you with the Services, respond to your enquiries or for any other related purposes, and

4.3.2. with fraud prevention agencies who may use it to prevent fraud and money-laundering and to verify your identity (please note that those who commit fraud can be refused services, finance or employment).

4.4. We may also share your personal information with:

4.4.1. other companies we have instructed to provide services to or for us;

4.4.2. other third parties for those purposes that may be reasonably ascertained from the circumstances in which the information was submitted;

4.4.3. other business entities, should we plan to merge with, or be acquired by, or be invested in by that business entity, or if we undergo a corporate re-organisation;

4.4.4. any successor in interest, in the event of a liquidation or administration of MFS Africa UK, it's parent company MFS Africa Ltd, or any of this latter company's subsidiaries or affiliates or the shareholders of these entities; and

4.4.5. to any other third party, subject to your prior consent.

4.5. We use contracts that include privacy and confidentiality clauses to ensure that these third parties are prohibited from using your personal information except for the specific purposes for which your data has been collected.


5. Data protection

5.1. Insofar as compliance with GDPR s concerned, we are the data controller responsible for your personal data and we are registered with the Information Commissioner's Office in the United Kingdom with reference number Z3649463.

5.2. We have appointed a data protection officer ("DPO") within our organisation. Our DPO has a number of important responsibilities including:

5.2.1. monitoring our compliance with the GDPR and other relevant data protection laws;

5.2.2. raising awareness of data protection issues, training our staff and conducting internal audits;

5.2.3. cooperating with supervisory authorities such as the ICO on our behalf.

5.3. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us via in-App support or as outlined in this Privacy Policy.


6. Links to other sites

6.1. Our App may contain links to other sites, including via social media buttons.

6.2. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites and a link does not constitute an endorsement of that website. Once you link to another website from our App you are subject to the terms and conditions of that website, including, but not limited to, its privacy policy and practices.

6.3. Please check these policies before you submit any data to such other sites.


7. How we protect your information

7.1. We ensure that there are appropriate technical, physical, electronic, and administrative safeguards in place to protect your personal information from loss, alteration or unauthorised access. When you enter certain information such as a bank card number on our order forms, we encrypt the transmission of that information using reasonable security measures. We follow generally accepted industry standards to protect the personal
information submitted to us, both during transmission and once we receive it.

7.2. Unfortunately, the transmission of information via the internet (including by email) is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our App; therefore, any transmission is at your own risk.

7.3. Once we have received your information, we will use strict procedures and security features to try to prevent loss, alteration or unauthorised access.


8. How long we keep your information

8.1. We will only keep the information we collect about you for as long as required for the purposes set out above, or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate, up-to-date and still required.

8.2. The period for which we will retain information about you will vary depending on the type of information and the purposes that we use it for. In general, we will keep our records for at least seven years after you have terminated your relationship with us, in order to comply with our legal obligations.

8.3. We may retain your contact information collected for the purposes of sending you marketing communications in accordance with this policy for as long as you do not unsubscribe from receiving the same from us.

8.4. We may also, in some instances, wish to retain certain data for unlimited periods. If we do so, we will ensure that it is permanently anonymised. Anonymised data is not governed by the GDPR and this Privacy Policy.


9. Transferring data outside of the european economic area

9.1. Data that you submit via our App is sent to- and stored on secure servers owned by, or operated for, us in the European Economic Area ("EEA"). Data may be transferred to, or stored at, a destination outside the EEA and may also be processed by staff operating outside the EEA who work for us, or for one of our trusted service providers, related companies, agents or contractors. Such transfers may be made in order to operate, or improve the
Service, App or to assist in our security or fraud protection activities.

9.2. Where recipients are outside the EEA, we require them to provide an adequate level of protection for your personal data or confirm that the transfer is otherwise permitted under GDPR, by methods including using standard contractual clauses, binding corporate rules, registration for the Privacy Shield program or by relying on a relevant adequacy decision by the European Commission or on other legal grounds or conditions, always in
accordance with GDPR.

9.3. Where necessary or appropriate, we may seek to rely on your consent as the legal basis for transferring your personal data to outside the EEA, however we do not generally do so. Where we do, you may withdraw your consent at any time.


10. Opting out

10.1. Where required by GDPR, you will be given a choice when you provide us with your personal information to opt in or opt out of receiving marketing communications.

10.2. You have the option of unsubscribing from our mailing list for marketing communications, alerts and updates at any time, thereby disabling any further marketing email communication from being sent to you.

10.3. Details of how to unsubscribe will be included on each electronic mailing we send You. Alternatively, just send an email support@homeland.mtn.com with "UNSUBSCRIBE REQUEST" in the subject line and the email address that you wish to be removed within the email.

10.4. We will action any opt out request from you without delay.


11. Your rights to your information

11.1. At any time you have the right:

11.1.1. to be informed about the processing of your personal data (i.e., for what purposes, what type of personal data, to what recipients it is disclosed, storage periods, any third-party sources from whom it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences). Reading this Privacy Policy forms part of your right to be informed;

11.1.2. to request access to or a copy of any personal data which we hold about you;

11.1.3. to rectification of your personal data, if you find out that it is inaccurate or not up-to-date;

11.1.4. to ask us to delete your personal data, if you consider that we do not have the right to hold it;

11.1.5. to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);

11.1.6. to ask us to stop or start sending you marketing messages at any time by using the below contact details;

11.1.7. to restrict processing of your personal data;

11.1.8. to data portability (obtain your personal data in a structured, current and machine-readable format in order to move it elsewhere) in certain circumstances; and

11.1.9. to object to your personal data being processed in certain circumstances.

11.2. You can contact us at support@homeland.mtn.com if you want to enforce any of these rights. We will comply with our legal obligations as regards your rights as a data subject, while considering our obligation to maintain complete and accurate records.

11.3. Any request for access to your personal data must be in writing and we will endeavour to respond, at no cost for you, within a reasonable period and in any event within 30 days from receipt of your request. Should the requests you address to us be complex or numerous, we reserve the right to extend this period to 90 days from receipt of your request. We will notify you accordingly.

11.4. We reserve the right to charge a reasonable fee (reflecting the costs of providing the information) or to refuse to act on your request where it is manifestly unfounded or excessive. Where this is the case, we will explain the situation to you and we will inform you about your rights. You will have the possibility of lodging a complaint as explained below (Complaints).

11.5. We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, you will need to let us know if any of your personal details change. Upon your request, we will take reasonable steps to ensure that the data is accurate, and we will rectify any personal data that is incorrect promptly and in any case within 30 days of your request.


12. Changes to this privacy policy

12.1. Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please ensure we have your correct email information and check back frequently to see any updates or changes to our Privacy Policy.

12.2. In the event of future changes to this Privacy Policy, you can retrieve old versions and information on the periods for which they were valid through the App > Account > Terms & Conditions > View previous T&Cs.


13. Complaints

13.1. If you have any concerns about our use of your information you have the right to make an enquiry or a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) via their helpline on 0303 123 1113.

13.2. If you are based in a different European Union or EEA or European Free Trade Association country, the national data protection supervisory authority in such country can be found at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

13.3. We would, however, appreciate the chance to deal with your concerns before you approach the ICO/national data protection authority, so please contact us in the first instance as follows:

Email: support@homeland.mtn.com

In writing:
MFS Africa UK Ltd
Attn: Data Protection Officer
Palladium House
1-4 Argyll Street
London W1F 7LD
United Kingdom


Version date: 24 April 2019