Privacy Notice

Wave's mission is to make Africa the first cashless continent by using technology to build a radically inclusive and affordable financial network. When you use Wave, you trust us with your personal data. We’re committed to keeping that trust by helping you understand our privacy practices. This Privacy Notice describes the personal data we collect when you use our applications, QR cards, features, or other services (“our services”), how it’s used and shared, and your legal rights regarding your personal data.

Who this Privacy Notice applies to

This Privacy Notice applies to all users of our services including:

Customers who use Wave to send or receive money;
Agents who provide services to customers; and
Merchants and other clients who accept payment using Wave.

Wave may also collect personal data about staff of agents and merchants, and prospective users of Wave’s services. All individuals subject to this Privacy Notice are referred to as “users” in this Privacy Notice.

Types of personal data we collect and how we collect it

Wave collects the following types of personal data from users of our services:

Data provided by users

Account information: We collect data when users create or update their Wave accounts. This may include their name, email, phone number, login name and password, address, and payment or banking information.
Identity information: We collect data submitted by users to verify user identity in compliance with our legal obligations. This may include government identification documents such as passports and commercial registrations (which may indicate document numbers as well as birth date, gender, photograph and home address). For businesses, this may also include identification information for staff and legal representatives. This information may be collected by an authorized partner on Wave’s behalf.
User communications: We collect the data submitted by users when they contact service support, including for the purpose of fulfilling user requests and addressing user complaints, and reporting on the same to regulatory authorities where this is required. Information collected may include feedback or other information submitted by users in connection with service support. We may also record telephone calls to our service support teams.

Data created during use of our services

Transaction information: We collect transaction information related to the use of our services, including the type of services requested or provided, order details, the names of the parties to the transaction and payment information, including location, date, time and value.
Usage data: We collect data about how users interact with our services. This includes data such as access dates and times, application features used, pages viewed, crashes and other system activity.
Device data: We collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data.
Location data: To the extent permitted by applicable law, we may collect users' precise or approximate location data to prevent and detect fraud, and to satisfy legal requirements.

Data received from other parties

Other users of Wave services: Wave customers, merchants or agents may provide us with information relating to other users in the course of using our services, or in connection with queries, claims or disputes.
Wave agents: Wave agents through which customers create or access their Wave account provide us with information about customers, including information required to create customer accounts and identify customers.
Wave partners and vendors: We may receive user personal data from partner banks and providers of services available on our application (e.g. utility service providers) as necessary to deliver the relevant services (e.g. payment of bills).
Referencing agencies: We may work with background checks companies and credit referencing agencies who help us to verify users' identity and background information, and to screen users, including in connection with sanctions, anti-money laundering and know-your-customer requirements.
Publicly available sources: We may collect information from marketing service providers or data resellers for research or marketing purposes.
Governmental and law enforcement authorities: We may receive information from governmental and law enforcement authorities in order to detect, prevent and investigate fraud or other suspicious activity, and to comply with applicable laws and regulations.

Cookies and other tracking technologies

Cookies are small text files that are used to store small pieces of nformation on devices and websites loaded on browsers. We do not use cookies or similar tracking technologies on our website. We do use similar tracking technologies on our mobile applications, to collect usage and device data, as described in section 3 above (see “Data created during use of our services”).

How we use personal data

Wave uses personal data in order to provide and continually improve our services, and for sales and marketing purposes.

Specifically, we use personal data for the following purposes:

To provide our services: We use data to provide, personalize and maintain our services. This includes using data to: create/update accounts; process payments and receipts of e-money; facilitate invoicing; troubleshoot software bugs and operational problems; and perform other operations necessary to maintaining our services.
Research and development: We may use personal data for Wave’s internal testing, research, analysis, product development, and machine learning to improve the user experience.
User support: We use the personal data that we collect from users (which may include call recordings) to provide service support, including to investigate and address user concerns and to monitor and improve our support responses and processes.
Marketing communications: We may use personal data to market our services and our partner services to users. This includes sending users communications about services, features, promotions, studies, surveys, news, updates, and events. We may do so through various methods, including email, text messages, push notifications, in-app communications and ads, as well as ads on third party platforms. Wave does not sell user personal data to third parties for their direct marketing, except with users' consent.
Transactional communications: We may use personal data to generate and provide users with receipts; inform them of changes to our terms, services, or policies; or send other communications that are necessary for the effective delivery of services.
Fraud prevention and compliance with law: We use personal data to prevent, detect and investigate fraud; and comply with applicable laws, regulations, and operating licenses. This includes:
- performing background checks;
- performing facial verification of photographs; and
- monitoring and analysing device and usage data, including, location data.
Claims, disputes and legal proceedings: We may use personal data to investigate or address claims or disputes relating to use of our services, including in the context of legal proceedings.

Wave’s services, operations, business transactions and legal obligations, may require that we share personal data with other users or third parties.

Wave may share personal data with the following third parties:

Other users: We share personal data, including customer telephone number and names (redacted where possible), with other users when sending or receiving e-money or issuing statements containing information such as transaction history.
Wave subsidiaries and affiliates: We share personal data with our subsidiaries and affiliates to help us provide our services or conduct data processing on our behalf.
Marketing service providers: We share personal data (including usage data and device data) with marketing agencies, research partners, social media and marketing platform providers, advertising networks and third-party data providers to reach or better understand our users, target advertising and measure advertising effectiveness.
Other vendors and business partners: We share personal data (including usage and device data) with vendors, consultants, and other service providers or business partners who we engage to perform certain functions on our behalf. These may include: payment processors and facilitators; background check and identity verification providers; cloud storage providers; software and digital security providers; insurance and financing partners; and professional service providers including consultants, lawyers, accountants.
The general public: Questions or comments from users submitted through public forums such as Wave blogs and Wave social media pages may be viewable by the public, including any personal data included in the questions or comments submitted by a user.
Law enforcement and other government authorities: We may share personal data with law enforcement or other government authorities if we are issued with the appropriate lawful mandate and if the form and scope of the demand is compliant with the law.
The judiciary: We may share personal data with lawyers, the judiciary and other third parties for the purpose of enforcing Wave terms and conditions, agreements, codes, policies and guidelines; or to protect Wave’s rights or property or the rights, or property of others; or in the event of a claim or dispute relating to the use of our services.
Business transfers and transactions: As we continue to develop our business, we might restructure, refinance, merge or sell (all or parts of) our business or services. In connection with, or during negotiations of, such transfers and transactions, user personal data may be transferred, together with other business assets.

Wave may share a user’s personal data other than as described in this Privacy Notice if we notify the user and they consent to the sharing.

In the event of transfers of personal data to third parties, we shall require them to agree to measures necessary to protect the data, and continue to respect users legal rights pursuant to the terms of this Privacy Notice and applicable laws in the user location.

International data transfers

Wave operates, and processes personal data, in several countries. We may transfer personal data internationally, where this is permissible pursuant to applicable laws in the user’s location.

In the event of international transfers of personal data, we shall put in place measures necessary to protect the data, and we shall continue to respect the user’s rights pursuant to the terms of this Privacy Notice and applicable laws in the user’s location.

Data security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, disclosed or used in an unauthorised way.

In addition, we limit access to personal data to those employees, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify users and any applicable regulator of a breach where we are legally required to do so.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to access, correct or erase your personal data, object to or restrict processing of your personal data, and unsubscribe from our emails and newsletters.

Users may exercise these rights at any time by writing to us at Data-Requests@Wave.com

Following an account deletion request, Wave deletes the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute.

Wave retains user data for as long as necessary for the purposes described above. This means that we retain different categories of data for different periods of time depending on the type of data, the category of user to whom the data relates, and the purposes for which we collected the data.

Updates to this Privacy Notice

We may occasionally update this Privacy Notice. If we make significant changes, we will notify users in advance of the changes through the Wave apps or through other means, such as email. We encourage users to periodically review this Privacy Notice for the latest information on our privacy practices. Use of our services after an update constitutes consent to the updated Privacy Notice to the extent permitted by law.

1 December 2022