Legal

Privacy Policy

We take your privacy seriously. This policy explains what personal information we collect, why we collect it, and how we keep it safe — in plain language, in line with POPIA.

Effective: [Effective Date]

1. Who we are

Bushveld Web Co is a South African web design and development studio. We build websites, CRM systems, and digital tools for local businesses across South Africa.

Business registration: [Business Registration Number]
Address: [Business Address]
Email: [Business Email]
Phone: 073 914 6692
Website: [Website URL]

As the responsible party under POPIA, we are accountable for the personal information collected through this website and through our service engagements.

2. What information we collect

We only collect information that is relevant to our business relationship with you. This may include:

  • Contact details — your name, email address, phone number, and business name when you fill in a contact or quote form.
  • Project information — details about your business and the services you need, shared during onboarding or project discussions.
  • Payment information — invoicing details such as your company name and VAT number. We do not store card details; payments are processed by secure third-party providers.
  • Website usage data — anonymised analytics such as pages visited, device type, and general location, collected only with your consent via cookies.
  • Communications — emails, WhatsApp messages, or other correspondence you send us.

We do not collect sensitive personal information as defined under POPIA (such as race, health, or financial records) unless strictly required and with your explicit consent.

3. How we use your information

We use your information only for the purposes for which it was collected:

  • To respond to your enquiries and provide you with a quote.
  • To deliver, manage, and invoice for our services.
  • To communicate project updates and support requests.
  • To send relevant business communications (you may opt out at any time).
  • To improve our website and services using anonymised analytics data.
  • To comply with our legal obligations.

We will not use your information for any other purpose without telling you first and, where required, obtaining your consent.

4. Who we share your information with

We do not sell your personal information. We may share it with trusted third parties only where necessary:

  • Service providers — tools we use to run our business (e.g. email platforms, accounting software, cloud storage). These providers are bound by data processing agreements.
  • Analytics providers — Google Analytics and/or Meta Pixel, with your consent. Data shared is anonymised and aggregated.
  • Legal or regulatory authorities — where required by South African law.

Where any provider processes your data outside of South Africa, we take reasonable steps to ensure they meet comparable privacy standards.

5. Cookies

Our website uses cookies to function properly and, with your consent, to understand how it is used. You can manage your preferences using the cookie banner on your first visit.

For full details on how we use cookies and how to change your preferences, please read our Cookie Policy.

6. Your rights under POPIA

As a data subject under POPIA, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to update or correct inaccurate information.
  • Deletion — request that we delete your personal information, subject to our legal retention obligations.
  • Objection — object to the processing of your information for direct marketing purposes.
  • Complaints — lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated.

To exercise any of these rights, contact us at [Business Email]. We will respond within a reasonable time, and no later than 30 days.

The Information Regulator can be contacted at: inforeg@justice.gov.za

7. How long we keep your information

We keep your personal information only for as long as necessary:

  • Client project records are retained for a minimum of 5 years for legal and accounting purposes.
  • Enquiries that did not result in a project are deleted within 12 months.
  • Analytics data is retained as per the provider's default settings (typically 26 months for Google Analytics).
  • Marketing consent records are kept for as long as you remain on our mailing list, plus 1 year after opting out.

8. How we protect your information

We take reasonable technical and organisational steps to protect your personal information against loss, theft, unauthorised access, disclosure, or misuse. These include secure hosting, encrypted communications, and access controls.

No system is completely secure. In the unlikely event of a data breach that poses a risk to you, we will notify you and the Information Regulator as required by POPIA.

Contact us about privacy

If you have any questions about this policy or how we handle your personal information, please get in touch.

This policy may be updated from time to time to reflect changes in our practices or applicable law. The effective date at the top of this page will be updated accordingly. We encourage you to review this policy periodically.