This page is accessible from outside as:
www.eocaress.co.za/ideal/eocprivacypolicy.php
A refresher on S.Africa POPI Act and Ecommerce
The Protection of Personal Information Act (POPI Act) is South Africa's data protection law that regulates the processing of personal information.
It seeks to protect personal data, ensure lawful and transparent processing, and provide individuals with rights to protect their privacy.
Key Aspects of the POPI Act Relevant to E-commerce:
- Consent: The POPI Act requires processing personal information only with the consent of the individual, unless necessary for contract performance.
Thus, e-commerce can use personal details for transactional purposes like sending SMS or Whatsapp order updates without explicit consent,
as part of contract fulfillment.
- Purpose Specification: Personal information must be collected for specific, legitimate purposes.
Any use beyond the fulfillment of the order or directly related services typically requires separate consent.
- Further Processing Limitation: Information should not be retained longer than necessary for the intended purpose.
Explicit consent is needed for using personal information for future marketing or promotional activities.
- Notification: Individuals must be notified when their personal information is collected, including the collection's purpose.
This is usually covered in privacy policies or terms agreed during the checkout process on e-commerce sites.
Practical Implications for E-commerce Sites:
- Transactional Messages: E-commerce sites can send transactional messages related to an order,
such as confirmations and delivery updates, without separate consent because they are necessary for contract performance.
- Marketing Messages: For promotional messages sent after the transaction, explicit consent is required.
This can be obtained through opt-in mechanisms during checkout or registration.
During ordering:
- Under the POPI Act, it is legitimate for e-commerce platforms to send transactional SMS messages or emails as part of the order process.
- However, explicit consent is required for any non-transactional communications like marketing or promotional messages sent later.
- If you receive such content without consent, it could be a violation of the POPI Act.
- For specific instances or further clarification on compliance, reviewing the privacy policies of the websites in use is recommended,
- as these should detail adherence to the POPI Act.
1. Purpose
Ephemeral Ocular Caress ("EOC") respects your privacy. This Privacy Policy explains how EOC collects, uses, stores, and protects personal information when you browse the website, contact the business, request a quote, place an order, or arrange delivery or collection.
2. What We Collect
- Name and surname
- Email address and telephone number
- Delivery or collection details
- Order details, enquiry details, and communication history
- Proof of payment or EFT-related reference details where relevant
- Basic technical usage data needed for security, diagnostics, and normal website operation
3. Why We Collect It
- To respond to enquiries and quotes
- To process, confirm, and fulfil orders
- To arrange packaging, courier delivery, or collection
- To detect fraud, mistakes, or abuse
- To keep a proper business record of transactions and customer communication
- To comply with legal, tax, or accounting obligations
4. How We Use Your Information
EOC uses your personal information only for legitimate business purposes connected to the running of the art storefront. We do not sell your personal information to data brokers or unrelated advertisers.
5. When We May Share It
- With courier or delivery partners when needed to fulfil your order
- With payment, banking, accounting, hosting, or technical service providers where reasonably necessary
- With legal or regulatory authorities when required by law or when necessary to protect rights, safety, property, or investigate fraud
6. EFT and Payment Records
EOC currently accepts EFT payment. Proofs of payment, payment references, and related order records may be stored so that orders can be matched correctly and business records can be maintained.
7. Storage and Security
EOC takes reasonable technical and organisational steps to protect personal information against loss, misuse, unauthorised access, or accidental disclosure. No internet-connected system can promise absolute security, but reasonable care is taken.
8. Retention
Personal information is retained only for as long as reasonably necessary for the purpose for which it was collected, or for as long as the law, bookkeeping requirements, dispute handling, and fraud-prevention needs require.
9. Your Rights
Subject to applicable South African law, you may request access to your personal information, request correction of inaccurate information, or raise an objection where you believe information is being handled improperly.
10. Third-Party Links and Platforms
If you follow links to third-party websites, social platforms, or services, EOC is not responsible for their privacy practices. Please review their policies separately.
11. Contact
For privacy-related enquiries, please contact EOC at dG91Y2hAZW9jYXJlc3MuY28uemE= or MDYwLTM3Mi04NjA0.
12. Updates
This policy may be updated from time to time. The latest version published on the website is the version that applies.