Custom Leather Patches from R45

RetroCraft - Premium Leather Patch Hats
0
Legal

Privacy Policy

Last updated: 13 January 2026

Protection of Personal Information Act (POPIA) Compliance

RetroCraft (Pty) Ltd is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). This privacy policy explains how we collect, use, and safeguard your information.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you use our services:

  • Identity Information: Full name, company name, identification numbers (for business verification)
  • Contact Information: Email address, phone number, physical and postal addresses
  • Financial Information: Banking details for payments, VAT registration numbers
  • Transaction Information: Order history, payment records, delivery information
  • Account Information: Username, password (encrypted), account preferences
  • Business Information: Company registration details, tax information, reseller credentials

1.2 Technical Information

  • IP address, browser type, device information
  • Usage data, browsing patterns, session information
  • Cookies and similar tracking technologies

2. How We Use Your Information

We process your personal information for the following purposes:

  • Order Processing: To fulfill your orders, process payments, and arrange delivery
  • Account Management: To create and manage your customer or reseller account
  • Communication: To send order updates, respond to inquiries, and provide customer support
  • Marketing: To send promotional materials (with your consent, which can be withdrawn)
  • Business Operations: To manage reseller relationships, calculate commissions, and maintain records
  • Legal Compliance: To comply with South African tax, financial, and business regulations
  • Fraud Prevention: To detect and prevent fraudulent transactions and protect our business

3. Legal Basis for Processing (POPIA)

Under POPIA, we process your personal information based on:

  • Consent: You have given clear consent for specific purposes (e.g., marketing communications)
  • Contractual Necessity: Processing is necessary to fulfill our contract with you (e.g., order fulfillment)
  • Legal Obligation: Required by South African law (e.g., tax records, financial regulations)
  • Legitimate Interests: Necessary for our business operations while respecting your rights

4. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Payment processors (PayFast), courier services, email providers
  • Business Partners: Manufacturers and suppliers (only information necessary for order fulfillment)
  • Professional Advisors: Lawyers, accountants, auditors (under confidentiality obligations)
  • Regulatory Authorities: SARS, CIPC, and other government bodies when legally required
  • Law Enforcement: When required by law or to protect our legal rights

We do not sell your personal information to third parties.

5. Your Rights Under POPIA

You have the following rights regarding your personal information:

  • Right of Access: Request a copy of your personal information we hold
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Object: Object to processing for direct marketing or legitimate interests
  • Right to Restrict Processing: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your information in a structured, commonly used format
  • Right to Lodge a Complaint: File a complaint with the Information Regulator

To exercise your rights, contact our Information Officer at privacy@retrocraft.co.za

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption of sensitive data in transit and at rest
  • Secure data centers with restricted physical access
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and confidentiality
  • Access controls and authentication mechanisms
  • Regular data backups and disaster recovery procedures

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (e.g., tax records for 5 years as required by SARS)
  • Resolve disputes and enforce our agreements
  • Support business operations and historical analysis

Upon account closure or deletion request, we will delete or anonymize your information within 30 days, except where retention is required by law.

8. Contact Information

Information Officer:

RetroCraft (Pty) Ltd

Registration Number: 2022/123456/07

Email: privacy@retrocraft.co.za

Phone: +27 11 393 1200

Address: Kempton Park, Gauteng, South Africa

Information Regulator (South Africa):

If you have a complaint about how we handle your personal information, you may contact:

The Information Regulator (South Africa)

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg/

Questions About Your Privacy?

We're committed to transparency and protecting your rights. If you have any questions about this privacy policy or how we handle your data, please don't hesitate to contact us.

Contact Our Privacy Team →