Shop Now
Search

Privacy Policy

1. INTRODUCTION

Welcome to My Spirit Soul and Body (hereinafter referred to as “we”, “us”, or “our”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your Personal Information when you interact with our website, https://myspiritsoulandbody.com, and use our products and services.

This policy is designed to comply with the Protection of Personal Information Act, 4 of 2013 (“POPIA”), South African law, and other applicable data protection regulations. By accessing or using our Website and services, you signify your acceptance of this Privacy Policy. If you do not agree with the terms herein, please do not use our Website or services.

2. WHO WE ARE

  • Business Name: My Spirit Soul and Body (Operating as a Sole Proprietorship/Unregistered Business)
  • Website Address: https://myspiritsoulandbody.com
  • Physical Address: 22 Jeremy Road, Hadison Park, Kimberley, 8301
  • Information Officer: Venessa Holtzhausen
  • Contact Email for Privacy Matters: hello@myspiritsoulandbody.com

3. DEFINITION OF PERSONAL INFORMATION (AS PER POPIA)

“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;  
  • information relating to the education or the medical, financial, criminal or employment history of the person;  
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;  
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;  
  • the views or opinions of another individual about the person; and  
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.  

4. COLLECTION OF PERSONAL INFORMATION

We collect Personal Information from you in various ways, including:

4.1. Information You Provide Directly To Us:

  • Account Registration: When you create an account on our Website, we collect your name, email address, password, and potentially your contact number.
  • Purchases/Orders: When you place an order, we collect your billing address, shipping address, contact number, email address, and payment information (note: payment processing details are typically handled by secure third-party payment gateways as described in Section 6.2).
  • Comments and Reviews: When you leave comments or product reviews on our site, we collect the data shown in the comments/review form, your IP address, and your browser user agent string for spam detection. An anonymized string (hash) from your email may be provided to the Gravatar service for profile picture display. Your profile picture will be visible publicly with your comment/review upon approval.
  • Contact Forms & Inquiries: When you use our contact forms or send us emails, we collect your name, email address, and the content of your message.
  • Newsletter Subscriptions: If you subscribe to our newsletter, we collect your email address.
  • Surveys & Promotions: If you participate in surveys or promotions, we may collect information you provide.

4.2. Information We Collect Automatically (Passive Collection):

  • Website Usage Data: We automatically collect certain information about your device and how you interact with our Website, including your IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and clickstream data.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance your Browse experience, analyze site traffic, remember your preferences, and facilitate functionalities like shopping carts and user login. (See Section 7 for more details).
  • Embedded Content: Articles and pages on this site may include embedded content (e.g., videos, images, articles from other websites). This embedded content behaves in the exact same way as if the visitor has visited the other website. These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, even if you have an account and are logged in to that website. We are not responsible for the privacy practices of such third-party sites.
  • Media Uploads: If you upload images to the Website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the Website can download and extract any location data from images on the Website.

5. PURPOSE AND LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

We collect and process your Personal Information for the following legitimate purposes and based on the following lawful grounds as per POPIA:

5.1. Performance of a Contract:

  • To process and fulfil your orders for products purchased through our Website, including managing payments, shipping, and delivery.
  • To provide customer support related to your purchases or account.

5.2. Your Consent:

  • To send you marketing communications, newsletters, and promotional offers, where you have explicitly opted-in to receive such communications.
  • To use certain cookies or tracking technologies that are not strictly necessary for the Website’s functionality.
  • Where specific personal information processing requires your explicit consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5.3. Legitimate Interests:

  • To improve and optimize our Website’s functionality, user experience, and product offerings.
  • To personalize your experience on our Website (e.g., displaying relevant products).
  • To analyze Website usage, identify trends, and gather statistical data (anonymized or aggregated where possible).
  • To detect and prevent fraud, spam, and other malicious activities.
  • To protect the security and integrity of our Website and systems.
  • To communicate with you regarding non-marketing operational matters, such as order updates, policy changes, or security alerts.
  • To respond to your inquiries and provide customer service.

5.4. Compliance with Legal Obligations:

  • To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax, consumer protection laws).
  • To enforce our Terms and Conditions.

6. DISCLOSURE AND SHARING OF PERSONAL INFORMATION

We will not sell, rent, or trade your Personal Information to third parties. We may share your Personal Information with the following categories of recipients only when necessary for the purposes outlined in this policy and in compliance with POPIA:

6.1. Our Employees and Agents: Access to your Personal Information is limited to employees and agents who need it to perform their job functions (e.g., order fulfilment, customer service, IT support).

6.2. Third-Party Service Providers: We engage trusted third-party service providers who perform functions on our behalf. These may include:

  • Payment Gateways: Yoco and Payfast to securely process your payments. We do not directly store your full credit card details.
  • Shipping and Delivery Companies: The Courier Guy, Aramex, and others to deliver your orders.
  • Website Hosting and IT Services: Providers that host our Website and manage our IT infrastructure.
  • Analytics Providers: Google Analytics to help us understand Website usage and improve our services.
  • Marketing and Email Service Providers: Mailchimp and others for sending newsletters and promotional communications (only with your consent).
  • Spam Detection Services: Wordfence to filter comments and forms.
  • Customer Support Platforms: For managing customer inquiries and communications.

These service providers are contractually obligated to protect your Personal Information and are prohibited from using it for any purpose other than providing the services we have engaged them for, and in compliance with POPIA.

6.3. Legal Requirements and Business Transfers:

  • We may disclose your Personal Information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights or property, or ensure the safety of our users or the public.
  • In the event of a merger, acquisition, or sale of all or a portion of our assets, your Personal Information may be transferred as part of that transaction, provided the recipient agrees to adhere to a similar privacy policy.

6.4. International Data Transfers: As some of our third-party service providers (e.g., Google, Mailchimp) may operate or store data outside of South Africa, your Personal Information may be transferred to and processed in countries other than South Africa. We will take reasonable steps to ensure that any such transfer is made in accordance with POPIA, by ensuring that the recipient country has similar data protection laws or that appropriate contractual clauses (such as standard contractual clauses) are in place to safeguard your data.

7. COOKIES AND TRACKING TECHNOLOGIES

Our Website uses “cookies” and similar tracking technologies to enhance your online experience. A cookie is a small text file that is placed on your device when you visit a website.

7.1. Types of Cookies We Use:

  • Strictly Necessary Cookies: Essential for the Website’s basic functionality, enabling core features like shopping cart, user login, and secure checkout. Without these, the Website cannot function properly.
  • Analytical/Performance Cookies: Collect information about how visitors use our Website (e.g., which pages are most popular, time spent on site). This helps us improve the Website’s performance and design.
  • Functionality Cookies: Remember your preferences (e.g., username, language, region) to provide a more personalized experience.
  • Marketing/Advertising Cookies: Used to deliver relevant advertisements to you based on your interests and Browse history. These may be placed by us or by third-party advertising networks.

7.2. Specific Cookie Examples from WordPress:

  • Comment Cookies: If you leave a comment on our site, you may opt-in to saving your name, email address, and website in cookies for convenience. These cookies last for one year.
  • Login Cookies: If you visit our login page, a temporary cookie is set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, several cookies save your login information (last for two days) and screen display choices (last for a year). If you select “Remember Me”, your login persists for two weeks. Logging out removes login cookies.
  • Article Editing Cookies: If you edit or publish an article, an additional cookie is saved in your browser, indicating the post ID of the article edited. It expires after 1 day.

7.3. Managing Cookies: Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies or to notify you when a cookie is being placed. Please note that disabling cookies may affect the functionality and features of our Website. For more detailed information on managing cookies, refer to your browser’s help documentation.

8. DATA SECURITY

We implement appropriate technical and organisational measures to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • SSL Encryption: Our Website uses SSL (Secure Sockets Layer) encryption to secure data transmitted between your browser and our server.
  • Access Controls: Limiting access to Personal Information to authorized personnel on a need-to-know basis.
  • Regular Security Audits: Conducting periodic security assessments to identify and address vulnerabilities.
  • Data Minimisation: Collecting only the Personal Information necessary for stated purposes.

While we strive to protect your Personal Information, we cannot guarantee absolute security as no method of transmission over the Internet or electronic storage is 100% secure. You are also responsible for maintaining the confidentiality of your account password.

9. DATA RETENTION

We retain your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Comments and Metadata: If you leave a comment, the comment and its metadata are retained indefinitely to recognize and approve any follow-up comments automatically.
  • Registered User Data: For users who register on our Website, we store the Personal Information they provide in their user profile. This data is retained for as long as your account remains active or as needed to provide you with services.
  • Transaction Data: Financial transaction records are retained for periods required by tax and accounting laws (typically 5-7 years in South Africa).
  • Marketing Consent: We retain your contact details for marketing purposes until you withdraw your consent or opt-out.

Upon expiration of the retention period, your Personal Information will be securely deleted or anonymized.

10. YOUR RIGHTS AS A DATA SUBJECT (POPIA RIGHTS)

As a data subject under POPIA, you have the following rights regarding your Personal Information held by us:

10.1. Right to be Informed:

  • You have the right to be informed about the collection and use of your Personal Information. This Privacy Policy serves to fulfil this right.

10.2. Right of Access:

  • You have the right to request access to the Personal Information we hold about you. This includes requesting an exported file of the personal data we hold about you, including any data you have provided to us. We will provide this information within a reasonable timeframe, subject to reasonable processing fees where applicable (as permitted by POPIA).

10.3. Right to Rectification/Correction:

  • You have the right to request the correction of any inaccurate or incomplete Personal Information we hold about you. For registered users, you can typically see, edit, or delete your personal information at any time (except you cannot change your username) via your user profile. Website administrators can also see and edit that information.

10.4. Right to Erasure (“Right to be Forgotten”):

  • You have the right to request the erasure of your Personal Information where there is no longer a legitimate reason for us to continue processing it. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

10.5. Right to Object to Processing:

  • You have the right to object to the processing of your Personal Information based on legitimate interests or for direct marketing purposes.

10.6. Right to Restrict Processing:

  • You have the right to request the restriction of processing of your Personal Information under certain circumstances (e.g., if you contest its accuracy).

10.7. Right to Data Portability:

  • You have the right to request that your Personal Information be transferred to another party in a structured, commonly used, and machine-readable format, where technically feasible.

10.8. Right to Withdraw Consent:

  • Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before you withdraw your consent.

10.9. Rights Regarding Automated Decision-Making:

  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10.10. Right to Lodge a Complaint:

  • You have the right to lodge a complaint with the South African Information Regulator if you believe your rights under POPIA have been infringed.
    • Information Regulator Contact Details:
      • Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
      • Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017
      • Complaints email: complaints.IR@justice.gov.za
      • General enquiries email: inforeg@justice.gov.za

To exercise any of these rights, please contact our Information Officer using the contact details provided in Section 2. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights).

11. THIRD-PARTY WEBSITES

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or the content of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

12. CHILDREN’S PRIVACY

Our Website and services are not intended for individuals under the age of 18. We do not knowingly collect Personal Information from children. If you are a parent or guardian and believe that your child has provided us with Personal Information, please contact us, and we will take steps to remove that information from our systems.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on our Website with a revised “Effective Date.” We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of the Website after any changes indicates your acceptance of the updated policy.

14. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Information Officer at:

Information Officer – Venessa Holtzhausen
Email: hello@myspiritsoulandbody.com
Telephone: 0871883944

Join Our Mailing List