Privacy Policy

1. Introduction

PRESTIGE ("we", "us", or "our") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African laws.

By using our website and services, you consent to the collection and use of your personal information as described in this policy.

2. Responsible Party

In terms of POPIA, the responsible party for your personal information is listed below. The following also constitutes our disclosure under Section 51 of the Electronic Communications and Transactions Act 25 of 2002 (ECTA). Our PAIA Section 51 manual is available on request by emailing info@prestigeweb.co.za.

3. Lawful Basis for Processing (POPIA s.11)

We process your personal information only where we have a lawful basis to do so. The following legal grounds apply to our processing activities:

• ●
  Consent: You have given clear, voluntary, and informed consent for us to process your personal information for a specific purpose (e.g. marketing communications, newsletter subscriptions).
• ●
  Contract: Processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract (e.g. processing purchases, delivering digital products, managing your account).
• ●
  Legal Obligation: Processing is necessary to comply with a legal obligation to which we are subject (e.g. tax record-keeping, responding to lawful requests from authorities).
• ●
  Legitimate Interest: Processing is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests (e.g. fraud prevention, service improvement, security monitoring).

4. Eight Conditions for Lawful Processing (POPIA Chapter 3)

We adhere to the eight conditions for lawful processing of personal information as set out in Chapter 3 of POPIA:

• ✓
  Accountability: We take responsibility for ensuring compliance with all POPIA conditions and have designated appropriate oversight for data protection matters.
• ✓
  Processing Limitation: We process personal information lawfully, minimally, and only with your consent or another lawful basis. We collect only what is necessary.
• ✓
  Purpose Specification: We collect personal information for specific, explicitly defined, and lawful purposes, and we do not retain it longer than necessary.
• ✓
  Further Processing Limitation: We do not process personal information for purposes incompatible with the original purpose of collection, unless permitted by law or with your consent.
• ✓
  Information Quality: We take reasonable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary.
• ✓
  Openness: We are transparent about our processing activities, maintain documentation, and notify you when we collect your personal information.
• ✓
  Security Safeguards: We implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing.
• ✓
  Data Subject Participation: We enable you to access, correct, and delete your personal information, and to participate in decisions about how your data is used.

5. Information We Collect

We collect the following categories of personal information:

5.1 Information You Provide Directly

• Name and surname (when you register an account)
• Email address (for account creation and communication)
• Password (encrypted and stored securely)
• Payment information (processed securely through Payfast; we do not store card details)
• Contact form submissions and correspondence

5.2 Information Collected Automatically

• IP address and approximate location
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Cookies and similar technologies (see Section 11)

5.3 Transaction Information

• Purchase history and order details
• Product downloads and access logs
• Subscription status and billing history

6. Purpose of Collection

We collect and process your personal information for the following purposes:

• Account Management: To create and manage your user account
• Order Processing: To process your purchases and deliver digital products
• Customer Support: To respond to your enquiries and provide assistance
• Communication: To send transactional emails (order confirmations, download links, password resets)
• Marketing: To send promotional communications (only with your explicit consent)
• Security: To protect against fraud and unauthorised access
• Legal Compliance: To comply with applicable laws and regulations
• Service Improvement: To analyse usage patterns and improve our services

7. Voluntary vs Mandatory Information

In accordance with POPIA Section 18, we inform you that:

8. Third-Party Service Providers

We share your personal information with the following third-party service providers who assist us in operating our business:

9. Cross-Border Transfers (POPIA s.72)

Some of our third-party service providers store and process data outside the Republic of South Africa. In accordance with POPIA Section 72, we ensure that your personal information is only transferred to a third party in another country where:

• (a)The recipient country has an adequate level of protection for personal information that is substantially similar to the protections afforded under POPIA;
• (b)The recipient is subject to binding corporate rules, contractual safeguards, or a code of conduct that provides adequate protection; or
• (c)You have provided your explicit consent to the transfer, where neither (a) nor (b) apply.

The following table details our service providers and their jurisdictions:

10. Your Rights Under POPIA

As a data subject, you have the following rights:

• ✓
  Right to Access: Request confirmation of what personal information we hold about you and obtain a copy.
• ✓
  Right to Correction: Request correction of inaccurate or incomplete personal information.
• ✓
  Right to Deletion: Request deletion of your personal information, subject to legal retention requirements.
• ✓
  Right to Object: Object to the processing of your personal information for direct marketing purposes.
• ✓
  Right to Withdraw Consent: Withdraw previously given consent at any time.
• ✓
  Right to Data Portability: Request your personal information in a structured, commonly used, machine-readable format so that it can be transferred to another responsible party.
• ✓
  Right Not to Be Subject to Automated Decision-Making (s.71): You have the right not to be subject to a decision based solely on automated processing of your personal information that significantly affects you, including profiling, unless appropriate measures are in place.
• ✓
  Right to Complain: Lodge a complaint with the Information Regulator if you believe your rights have been violated.

To exercise any of these rights, please contact us at info@prestigeweb.co.za. We will acknowledge your request within 7 days and provide a substantive response within 30 days of receipt.

11. Cookies and Tracking Technologies

Our website uses cookies to enhance your experience:

• Essential Cookies: Required for website functionality (session management, authentication)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• SSL/TLS encryption for all data transmission
• Encrypted password storage using industry-standard hashing
• Secure payment processing through PCI-DSS compliant provider (Payfast)
• Access controls limiting data access to authorised personnel
• Regular security assessments and updates

13. Breach Notification (POPIA s.22)

In the event of a security compromise where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and affected data subjects within 72 hours of becoming aware of the breach.

Our breach response process includes the following steps:

• 1
  Containment: Immediately isolate the affected systems to prevent further unauthorised access and limit the scope of the breach.
• 2
  Investigation: Conduct a thorough investigation to determine the nature, extent, and impact of the breach, including what information was compromised.
• 3
  Notification: Notify the Information Regulator and all affected data subjects with details of the breach, the information involved, and recommended protective measures.
• 4
  Remediation: Implement corrective measures to prevent recurrence, including updating security protocols, patching vulnerabilities, and revising access controls as needed.

14. Data Retention

We retain your personal information only for as long as necessary:

• Account Data: Until you delete your account, plus any legal retention period
• Closed Accounts: Retained for 5 years after closure, as required for legal and compliance purposes
• Financial/Transaction Records: 7 years (as required by the Tax Administration Act 28 of 2011)
• Audit & Access Logs: 12 months for security monitoring, incident investigation, and compliance
• Marketing Preferences: Until you unsubscribe or withdraw consent
• Technical Logs: 90 days for security and troubleshooting

15. Children's Privacy

Our services are intended for users aged 18 and older. We do not knowingly collect, process, or store personal information from children under the age of 18.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our systems. If you believe a child has provided us with their personal information, please contact us at info@prestigeweb.co.za so we can take appropriate action.

16. Information Regulator

If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

We will provide at least 30 days' notice before material changes take effect. Continued use of our services after the notice period constitutes acceptance of the updated Privacy Policy.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at info@prestigeweb.co.za.