Privacy Policy

FlexBuy respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how FlexBuy collects, uses, stores, shares, and protects personal information when you access or use the FlexBuy website, web applications, lay-by services, payment features, support channels, and related services.

By accessing or using FlexBuy, you acknowledge that you have read and understood this Privacy Policy.

1. Definitions

In this Privacy Policy, unless the context requires otherwise:

• “FlexBuy”, “we”, “our”, or “us” means the FlexBuy platform and related services operated under the FlexBuy name.
• “personal data” means information relating to an identified or identifiable individual.
• “processing” means any operation performed on personal data, including collection, storage, use, disclosure, transfer, and deletion.
• “services” means the FlexBuy website, lay-by tools, payment-related services, support channels, and connected digital services.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data collected through:

• the FlexBuy website;
• customer account registration and login;
• lay-by and payment processing workflows;
• merchant and customer support interactions;
• live chat and contact forms;
• merchant-assisted onboarding;
• USSD, SMS, email, and related communications; and
• other digital services operated under the FlexBuy platform.

3. Personal Data We Collect

FlexBuy collects only the personal data reasonably necessary to provide and support its services.

3.1 Information You Provide

• full name;
• mobile phone number;
• email address;
• delivery address or pickup location details;
• lay-by contract and order details;
• payment-related records and transaction information;
• account authentication information;
• support messages, chat messages, and submitted inquiries; and
• information submitted through merchant, agent, or other application forms.

3.2 Information Collected Automatically

• browser type and version;
• device type;
• IP address;
• pages visited and timestamps;
• referring URLs; and
• technical logs used for security, monitoring, and troubleshooting.

3.3 Information We Do Not Collect

FlexBuy does not collect, process, or store mobile money PINs, bank PINs, full payment card details, or other sensitive financial authentication credentials. All payment authorization is completed directly through the secure systems of the relevant payment provider, mobile network operator, bank, or gateway partner.

4. Purposes of Processing

FlexBuy processes personal data for lawful and necessary purposes, including to:

• create, authenticate, and manage user accounts;
• establish and administer lay-by contracts;
• process and record payments;
• send balance updates, confirmations, reminders, and service notices;
• coordinate delivery, pickup, and order fulfillment;
• provide customer support and respond to requests;
• detect, investigate, and prevent fraud or unauthorized activity;
• maintain platform security, performance, and reliability; and
• comply with legal, regulatory, audit, and contractual obligations.

5. Legal Basis for Processing

Where required by law, FlexBuy processes personal data on one or more of the following bases:

• your consent;
• the performance of a contract or provision of a requested service;
• compliance with a legal or regulatory obligation;
• legitimate business interests, including service administration, fraud prevention, and security; and
• any other lawful basis permitted under applicable law.

6. Data Minimization

FlexBuy applies the principle of data minimization and aims to collect and process only the personal data necessary to operate the services, fulfill lay-by contracts, support communications, perform lawful verification, prevent fraud, and meet legal obligations.

7. Disclosure and Sharing of Personal Data

FlexBuy does not sell, rent, lease, or otherwise monetize personal data for third-party marketing. Personal data may be shared only where reasonably necessary for service delivery or legal compliance.

Personal data may be disclosed to:

• the specific merchant fulfilling a lay-by, order, or service request;
• authorized payment, telecommunications, or messaging partners;
• service providers supporting hosting, infrastructure, communications, or security;
• professional advisers, auditors, or compliance personnel where necessary; and
• regulators, courts, law enforcement, or other authorities where legally required.

8. Data Security

FlexBuy implements reasonable technical and organizational measures designed to protect personal data against unauthorized access, disclosure, misuse, loss, alteration, or destruction.

These measures may include:

• encryption of data at rest and in transit;
• role-based access restrictions;
• authentication and access-control safeguards;
• system monitoring, logging, and audit review;
• secure cloud infrastructure; and
• internal procedures for secure handling of customer information.

While FlexBuy takes data security seriously, no method of storage or transmission over the internet can be guaranteed to be completely secure.

9. Data Retention

FlexBuy retains personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including service delivery, account administration, dispute resolution, fraud monitoring, and legal compliance.

Certain records may be retained for longer periods where required for legal, regulatory, tax, financial, audit, or contractual reasons, including for up to 7 years where applicable.

When personal data is no longer required, FlexBuy will securely delete, anonymize, or otherwise dispose of it in accordance with internal retention rules and applicable law.

10. Your Rights

Subject to applicable law and lawful limitations, you may have the right to:

• request access to personal data held about you;
• request correction of inaccurate or incomplete personal data;
• request deletion of personal data;
• object to or request restriction of certain processing activities;
• withdraw consent where processing is based on consent; and
• request information about how your personal data is used.

FlexBuy may require reasonable identity verification before acting on such requests.

11. Customer Support and Chat Communications

If you contact FlexBuy through live chat, support forms, email, or other communication tools, FlexBuy may collect and retain those communications for the purpose of responding to your request, improving support quality, resolving disputes, preventing abuse or fraud, and maintaining operational records.

12. Cookies and Similar Technologies

FlexBuy may use cookies, session storage, local storage, and similar technologies necessary for authentication, security, session continuity, functionality, performance, and user experience.

These technologies may be used to maintain sign-in state, remember preferences, support fraud prevention, and improve platform reliability.

13. Third-Party Services and Links

FlexBuy may rely on third-party services for hosting, communications, storage, authentication, payment workflows, customer support, or analytics. Where personal data is processed by such providers, it is done only to the extent necessary for the relevant service.

The FlexBuy website may also contain links to external websites or services. FlexBuy is not responsible for the privacy, content, or security practices of third-party websites not operated by FlexBuy.

14. Cross-Border Processing

Where cloud infrastructure, communications tools, or service providers process data outside Malawi, FlexBuy will take reasonable steps to ensure that such processing is subject to appropriate safeguards and carried out in accordance with applicable legal requirements.

15. Data Breach Response

If FlexBuy becomes aware of a suspected or confirmed personal data breach, it will take reasonable and appropriate steps to investigate, contain, assess, and respond to the incident.

Where required by law, FlexBuy will notify affected persons, relevant partners, or competent authorities within the time required under applicable legal or regulatory obligations.

16. Complaints

If you believe that your personal data has been handled in a manner inconsistent with this Privacy Policy or applicable law, you may contact FlexBuy using the details below.

You may also have the right to raise a complaint with a competent regulator or authority with jurisdiction over data protection matters, subject to applicable law.

17. Governing Law

This Privacy Policy shall be interpreted in accordance with the laws of Malawi, without prejudice to any mandatory rights or protections available to individuals under applicable law.

18. Changes to This Privacy Policy

FlexBuy may update this Privacy Policy from time to time to reflect changes in law, regulation, operational practices, technology, or services. Any updated version will be published on this page with a revised “Last Updated” date.