Privacy Policy for Karoo Taxidermy

Privacy Policy for Karoo Taxidermy

Effective Date: October 2024

At Karoo Taxidermy, we are committed to protecting the privacy and security of our clients’, staff's & stakeholders personal data. This privacy policy outlines how we collect, use, store, and protect your personal information in compliance with South African law (POPIA), the European Union General Data Protection Regulation (GDPR), and relevant US data protection laws (such as the California Consumer Privacy Act - CCPA).

1. Information We Collect

We may collect the following types of personal data:

• Contact Information (name, email address, phone number, etc.)
• Billing Information (credit card details, bank information)
• Shipping Information (physical address)
• Communication Records (emails, calls, etc.)
• Client Preferences and Interests
• IP Address and Device Information (collected automatically for website analytics)

2. How We Use Your Information

We collect and use your data for the following purposes:

• To fulfill your orders and manage your account
• To respond to inquiries and provide customer support
• For billing and payment processing
• To improve our products and services
• For marketing purposes (with your consent)
• To comply with legal obligations and resolve disputes

3. Legal Basis for Processing Your Data

For EU clients, our legal basis for collecting and processing your personal data under GDPR includes:

• Contractual necessity: Processing data to fulfill our obligations to you (e.g., processing orders).
• Consent: Where required, we will obtain your explicit consent (e.g., for marketing communications).
• Legitimate interest: For purposes like fraud prevention, ensuring IT security, or improving services.

For South African individuals (not excluding personnel and staffs personal information), we ensure that all data processing is done lawfully and reasonably as required under POPIA.

4. Sharing of Information

We may share your personal data with third parties under the following circumstances:

• With service providers (such as payment processors, shipping companies, etc.)
• To comply with legal requirements (e.g., court orders, legal investigations)
• With your consent, when applicable

We will not sell or share your personal data with third parties for their own marketing purposes.

5. Data Transfers

We are based in South Africa but work with international clients. If your data is transferred outside of South Africa, the EU, or the US, we will ensure appropriate safeguards are in place, such as:

• Standard contractual clauses in agreements with third parties
• Binding corporate rules for secure data handling
• Any other mechanism that ensures data protection equivalent to POPIA, GDPR, or CCPA.

6. Your Rights

You have the following rights regarding your personal data:

•  Access:                       You can request access to your personal information at any time.
• Correction:                  You can request that we correct any inaccurate or outdated information.
• Deletion:                     You can request the deletion of your personal data where it is no longer necessary for us to retain it (subject to legal obligations).
• Object to processing:   You can object to how we process your data, especially regarding marketing and financial information.
• Portability:                   You can request a copy of your data in a structured, machine-readable format (this may only be provided by the authorised individual and       consent of the affected individual by means of a signed confirmation letter thereto.)

For EU clients, you also have the right to lodge a complaint with your local data protection authority if you believe your data is being handled unlawfully.

7. Security of Your Information

We take data security seriously and implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes secure servers, encryption, and regular security audits.

8. Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Once your data is no longer needed, we will securely delete or anonymize it.

9. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your experience on our website and analyze usage patterns. You can choose to disable cookies in your browser settings, though this may impact your experience on our site.

10. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. We will notify you of significant changes by updating the date at the top of this document.

11. Contact Information

If you have any questions or concerns regarding this privacy policy or wish to exercise your rights, please contact us at:

Karoo Taxidermy cc
15 Van der Bijl Street, Graaff-Reinet, Eastern Cape, South Africa, 6280

info@karootaxidermy.com
+27 49 892 6151

 

Data Deletion Policy


1. Introduction:

This policy defines the procedures for securely and promptly deleting customer data in compliance with the General Data Protection Regulation (GDPR). It ensures that data is only retained for as long as necessary and deleted when no longer required for its original purpose.


2. Scope:

This policy applies to all employees, contractors, and third-party vendors with access to customer data at Karoo Taxidermy.

3. Definitions:

• Personal Data: Information relating to an identified or identifiable individual.

• Data Subject: The individual to whom the personal data pertains.


4. Data Classification:

Customer data is classified according to its sensitivity, with particular attention to personal data as defined by GDPR.


5. Data Retention Periods:

Customer data will be retained for three months following the formal end of a customer contract with Karoo Taxidermy. Refer to Attachment A for detailed retention periods per data category.


6. Data Deletion Procedures:

Customer data will be securely and permanently deleted from all systems and databases within three months of contract termination. Deletion will be performed using industry-standard methods to ensure that it is irreversible.


7. Data Subject Rights:

Data subjects may request the deletion of their personal data at any time.

Additionally:
Upon request, Karoo Taxidermy will provide data subjects with their data in a commonly used, machine-readable format to ensure compliance with other regulations.

If exporting the data is not feasible, Karoo Taxidermy may grant access through a lookup license for a limited period, subject to a customer contract and a data processing agreement.


8. Review and Audit:

Regular reviews and audits will be conducted to ensure compliance with this policy. The Data Protection Officer will oversee these processes.


9. Employee Training:

All employees will receive training on data deletion procedures and GDPR compliance.


10. Legal and Regulatory Compliance:

This policy adheres to GDPR and all relevant data protection regulations.


11. Communication:

This policy will be communicated to all stakeholders, with updates promptly shared.


12. Updates and Revisions:

This policy will be reviewed regularly and updated to maintain compliance with applicable laws and regulations.


13. External Resources:

For more information on our data protection practices, contact us on info@karootaxidermy.com.
picture1.png

 

© Karoo Taxidermy - 2025 | Links | Privacy Policy for Karoo Taxidermy

Website Development by ZaWeb Designs