PayGrid

Privacy Policy

How we collect, use, and protect your information.

FinGrid (Pty) Ltd Effective: April 2026 www.fingrid.co.za

1Introduction

FinGrid (Pty) Ltd ("FinGrid") operates the PayGrid payroll platform at www.fingrid.co.za. We are committed to protecting the privacy and personal information of all users in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable South African privacy legislation.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how we protect it, and what rights you have. By using PayGrid, you consent to the practices described in this policy.

This policy was last updated in April 2026.

2Who This Policy Applies To

  • Registered employers who use the PayGrid platform ("Employers");
  • Employees whose payroll data is processed through PayGrid at the instruction of their Employer ("Employees");
  • Visitors to our website at fingrid.co.za.

3Information We Collect

3.1 Employer Account Information

When you register as an employer, we collect:

  • Full name and business name;
  • Email address and contact number;
  • Business registration number, company type, and trade classification;
  • SARS Tax Number, PAYE Number, UIF Number, SDL Number, and Labour UIF reference number;
  • Physical and postal address;
  • Bank account and payment method details;
  • Business logo (optional).

3.2 Employee Personal Information

Employers upload employee data to the Service. This includes:

  • Full name, date of birth, and gender;
  • South African Identity Number or passport number and country of issue;
  • SARS tax number;
  • Employment details including hire date, termination date, job title, and status;
  • Bank account details (bank name, account number, account type, and branch code);
  • Salary, allowances, deductions, and other payroll figures;
  • Leave records including leave type, dates, and balances;
  • WhatsApp phone number (if the employer enables WhatsApp features);
  • Provident fund and medical aid contribution details;
  • Age (derived from Identity Number for PAYE purposes).

3.3 Usage and Technical Information

  • IP address and browser type;
  • Pages visited and features used;
  • Login timestamps and session duration;
  • Error logs and system performance data.

3.4 WhatsApp Communications

If you use our WhatsApp bot feature, we collect and store messages exchanged between the bot and employees or employers for the purpose of processing leave applications and delivering payslips.

4How We Use Your Information

4.1 Service Delivery

  • Create and manage employer accounts;
  • Process payroll calculations and generate payslips;
  • Generate UIF eDecs files for submission to the Department of Labour;
  • Generate EMP201 returns and payroll reports;
  • Manage employee leave applications and balances;
  • Send automated notifications and payslips via email and WhatsApp;
  • Provide customer support.

4.2 Legal and Regulatory Compliance

  • The Income Tax Act 58 of 1962 (PAYE obligations);
  • The Unemployment Insurance Act 63 of 2001 (UIF);
  • The Skills Development Levies Act 9 of 1999 (SDL);
  • The Basic Conditions of Employment Act 75 of 1997 (leave entitlements).

4.3 Service Improvement

We use aggregated, anonymised data to improve the platform and develop new features. We will never use your personal data to train artificial intelligence models.

4.4 Communications

We may send service-related communications and, with your consent, marketing communications about new features. You may unsubscribe at any time.

5Legal Basis for Processing

  • Contract performance: Processing necessary to provide the Service you have contracted for;
  • Legal obligation: Processing required to assist with SARS, UIF, and other statutory compliance;
  • Legitimate interest: Processing for fraud prevention, security, and service improvement;
  • Consent: Where we have obtained your explicit consent, which may be withdrawn at any time.

6Who We Share Information With

6.1 Authorised Disclosures

We do not sell your personal information to third parties. We may share information with:

  • The Department of Labour: UIF eDecs declaration files are submitted electronically on your behalf to declarations@labour.gov.za;
  • SARS: EMP201 and related payroll data is provided to assist with your SARS obligations;
  • WhatsApp / Meta: If you use our WhatsApp integration, messages are transmitted via Meta's Business API;
  • Service providers: Trusted third-party hosting, email delivery, and payment processing providers contractually bound to protect your data;
  • Law enforcement: Where required by a valid court order or applicable law.

6.2 Employer and Employee Relationship

Employers have access to their employees' data on the platform. Employees do not have access to other employees' data. FinGrid does not share employee data between different employer accounts.

7Cross-Border Data Transfers

Your data is primarily stored and processed in South Africa. Where we use third-party services that may process data outside South Africa, we ensure appropriate safeguards are in place as required by POPIA section 72.

8Data Retention

  • Active account data: Retained for the duration of your Subscription and 90 days after cancellation;
  • Payroll records and payslips: 5 years from the date of the payroll run, in accordance with SARS requirements;
  • UIF submission records: 5 years, in accordance with the Unemployment Insurance Act;
  • Leave records: 3 years from the date of the leave, in accordance with BCEA requirements;
  • Audit logs: 2 years;
  • Usage and technical logs: 12 months.

When data is no longer required, it is securely deleted or anonymised.

9Security

  • Encrypted storage of sensitive data;
  • HTTPS encryption for all data in transit;
  • Access controls limiting staff access on a need-to-know basis;
  • Regular security reviews and vulnerability assessments;
  • Automated backups with restricted access.

In the event of a breach affecting your personal information, we will notify you and the Information Regulator as required by POPIA within the prescribed timeframes.

10Your Rights Under POPIA

  • Right of access: Request confirmation of whether we hold your personal information and a copy of that information;
  • Right to correction: Request correction of inaccurate or incomplete personal information;
  • Right to deletion: Request deletion of your personal information, subject to our legal retention obligations;
  • Right to object: Object to processing of your personal information in certain circumstances;
  • Right to data portability: Request your data in a machine-readable format where technically feasible;
  • Right to complain: Lodge a complaint with the Information Regulator of South Africa at inforeg.org.za.

To exercise any of these rights, please contact us at support@fingrid.co.za.

11Cookies and Tracking

Our website uses cookies and similar technologies to improve user experience, maintain sessions, and analyse usage patterns. You may control cookie preferences through your browser settings.

12Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Service.

13Contact and Complaints

Get in touch

Company FinGrid (Pty) Ltd
FinGrid (Pty) Ltd · www.fingrid.co.za · support@fingrid.co.za · Effective: April 2026