Privacy Policy

Effective Date: 9 December 2024 Revised on: 06 January 2026

1. Introduction

Welcome to J-Cred, a platform developed and operated by KTO Digital (Pty) Ltd (“KTO Digital”, “we”, “us”, or “our”). We are committed to protecting your privacy and ensuring that your Personal Information is collected and processed properly, lawfully, and transparently in compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.j-cred.co.za, register for an account, or use our Identity Intelligence, KYC, and Risk Management services.

2. Who We Are

KTO Digital is a software development and data aggregation company. The J-Cred platform serves as a Niche Bureau and Identity Intelligence solution, assisting organizations in managing business risks through data-driven decision-making, including conducting KYC (Know Your Customer) and KYB (Know Your Business) verifications.

  • Legal Entity: KT OPPORTUNITIES (PTY) LTD (Reg: 2016/544228/07)
  • Trading As: KTO Digital / J-Cred
  • Physical Address: Unit 16, No.526 16th Road, Constantia Square Office Park, Ranjespark, Gauteng 1685

3. The Information We Collect

We collect personal information to provide our verification and risk management services. This data is collected in three ways:

A. Information You Provide to Us Directly

When you register on J-Cred, request a demo, contact support, or submit a form, we may collect:

  • Identity Data: Name, Surname, Identity Number (ID), Passport Number.
  • Contact Data: Email address, physical address, telephone number, mailing address.
  • Account Information: Username, password, and security credentials.
  • Financial Information: Billing address, VAT numbers, and credit card information (processed securely via payment gateways).
  • Business Data: Company registration details and directorship information.

B. Information We Collect Automatically

When you visit www.j-cred.co.za, we automatically collect technical data to improve security and user experience:

  • Log Data: IP address, browser type, operating system, and access times.
  • Usage Data: Pages viewed, links clicked, features used, and search terms.
  • Cookies: Small text files stored on your device to remember your preferences (see “Cookies Policy” below).

C. Information from Third Parties (Verification Services)

As a data aggregation and risk management platform, J-Cred processes data from legitimate third-party sources (such as the CIPC, Department of Home Affairs, Credit Bureaus, and public records) to fulfill our service mandates. This may include:

  • Credit history and financial data.
  • Director and beneficial ownership status.
  • Fraud prevention listings.

4. Special Personal Information

Due to the nature of our services (Identity Intelligence and Forensic Auditing), we may process Special Personal Information as defined in Section 26 of POPIA. This processing is strictly conducted under specific legal authorizations (e.g., fraud prevention, verification, or consent) and may include:

  • Biometric Information: Fingerprints, facial recognition data, or voice recognition for identity verification.
  • Criminal Behavior: Information regarding alleged offenses or proceedings, processed only where legally authorized for fraud detection or background checks.
  • Sensitive Personal Information: In some cases, we may collect financial information or health data, strictly as necessary for providing specialized verification services.

5. How We Use Your Information

We use your information for the following specific purposes:

  • Service Delivery: To verify identities, perform KYC/KYB checks, generate risk reports, and process background checks.
  • Account Management: To manage your subscription, process payments, and handle billing.
  • Compliance: To fulfill obligations under FICA (Financial Intelligence Centre Act) and the National Credit Act.
  • Security & Fraud Prevention: To detect and prevent fraudulent activities, money laundering, and unauthorized access to our platform.
  • Communication: To send you administrative notices, service updates, or marketing material (only if you have consented or are an existing client). You may opt-out of marketing communications at any time.
  • Research and Analysis: To analyze data to improve our services, develop new products, and understand customer trends.

6. Disclosure of Information

We may share your information with:

  • Clients: Organizations that have engaged us to perform verification checks on you (e.g., a bank or employer), provided they have the necessary consent or legal justification.
  • Service Providers (Operators): Trusted third-party companies that provide services on our behalf (such as hosting, data processing, and customer support), subject to strict confidentiality agreements.
  • Affiliates and Subsidiaries: For business purposes, such as data processing and customer support.
  • Regulatory Bodies: The Information Regulator, NCR, law enforcement agencies, or government bodies if required by law or court order.

Note: The data held in the J-Cred system is not available for sale to third parties for marketing purposes. Your private data is kept private from other logged-in users; users are limited to seeing only the information applicable to the facilities they require.

7. International Data Transfers

We generally store data within South Africa. If we transfer data outside the country, we ensure the recipient is subject to a law or binding agreement that provides an adequate level of data protection substantially similar to POPIA.

8. Data Security

We employ industry-standard technical and organizational measures to secure the integrity and confidentiality of your personal information.

  • Secure Infrastructure: We use secure, scalable cloud architecture with firewalls and regular security audits.
  • Encryption: We use encryption technologies to protect data in transit and at rest.
  • Access Control: We implement strict access controls to limit access to personal information to only highly qualified staff who require it.
  • Employee Training: We train employees on data security best practices.

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

9. Your Rights

Under POPIA and applicable law, you have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we update or correct inaccurate or incomplete information.
  • Deletion (Erasure): Request that we delete your personal information (subject to legal retention requirements).
  • Objection: Object to the processing of your personal information on reasonable grounds.
  • Restriction: Request the restriction of processing your personal information in certain circumstances.
  • Data Portability: Request the transfer of your personal information to another data controller in certain circumstances.

10. Children’s Privacy

Our services are not intended for children under the age of 18. We do not knowingly collect personal information from children under the age of 18. Any information obtained on minors will not be obtained without the guardian’s explicit consent.

11. Cookies Policy

Our website uses cookies to distinguish you from other users.

  • Essential Cookies: Necessary for the website to function (e.g., secure login).
  • Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of our site.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and, if necessary, by other means, such as email.

13. Contact Us

If you have any questions about this Policy or wish to exercise your rights, please contact our Information Officer.

  • Information Officer: The Compliance Officer
  • Email: legal@kto.co.za
  • Address: Unit 16, No.526 16th Road, Constantia Square Office Park, Ranjespark, Gauteng 1685

If you are unsatisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Regulator (South Africa):

  • Website: https://inforegulator.org.za/
  • Email: POPIAComplaints@inforegulator.org.za