Skip to main content

BH Design Co. Privacy Policy

Privacy Policy (POPIA)

Last Updated: 27 March 2026
Compliance: Protection of Personal Information Act 4 of 2013 (POPIA)

Table of Contents

  1. Introduction
  2. Info We Collect
  3. Purpose of Collection
  4. Lawful Basis
  5. Sharing Info
  6.  International Transfers
  7. Data Retention
  8. Data Subject Rights
  9. Security
  10. Cookies
  11. Direct Marketing
  12. Children's Privacy
  13. Third-Party Links
  14. Policy Changes
  15. Contact & Complaints

1INTRODUCTION

BH Design Co. ("we", "us", "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA). This Privacy Policy explains how we collect, use, share, and protect your personal information. By using our website and services, you acknowledge that you have read and understood this Policy.

2
PERSONAL INFORMATION WE COLLECT

We collect the following categories of personal information:

  • CONTACT INFORMATION: Full name, email address, telephone number, delivery address, billing address.
  • ORDER INFORMATION: Products ordered, personalisation details (names, dates, messages), artwork/images submitted, order history.
  • PAYMENT INFORMATION: Payment confirmation details (we do not store full card details — payments are processed by secure third-party gateways).
  • WEBSITE USAGE DATA: IP address, browser type, pages visited, cookies (see Section 11).
  • COMMUNICATIONS: Records of correspondence between you and us (emails, WhatsApp messages).
  • IDENTITY INFORMATION: Where required by law or for account verification purposes.

3
PURPOSE OF COLLECTION & LEGAL BASIS

We process your personal information for the following purposes:

  • Processing and fulfilling your orders (contractual necessity)
  • Communicating with you about your order, including sending proofs and confirmations
  • Processing payments and managing accounts (contractual necessity)
  • Sending you marketing communications (only with your consent — you may opt out at any time)
  • Improving our website and services (legitimate interest)
  • Complying with legal obligations under POPIA, ECTA, and the CPA
  • Resolving disputes and enforcing our agreements (legitimate interest/legal obligation)

4
LAWFUL BASIS FOR PROCESSING

In terms of Section 11 of POPIA, we process your personal information on the following lawful grounds:

  • Your consent (e.g., for marketing communications)
  • Performance of a contract with you (e.g., to fulfil your order)
  • Compliance with a legal obligation
  • Our legitimate business interests, provided these do not override your rights and freedoms

5
SHARING YOUR PERSONAL INFORMATION

We may share your personal information with the following third parties:

  • COURIER/DELIVERY PARTNERS: To deliver your order (name, address, phone number shared).
  • PAYMENT PROCESSORS: Such as PayFast, PayGate, or other secure payment gateways (processed under their own privacy policies).
  • MARKETING PLATFORMS: Email marketing services (only if you have consented to marketing).
  • PRINTING/PRODUCTION SUPPLIERS: Where we use third-party printers or production houses (limited to what is necessary).
  • LEGAL/REGULATORY AUTHORITIES: Where required by law or court order.

We do not sell your personal information to third parties.

6
INTERNATIONAL TRANSFERS

We primarily process your personal information within South Africa. Where personal information is transferred to third parties outside South Africa (e.g., international marketing platforms or cloud services), we ensure adequate protections are in place as required by Section 72 of POPIA. Such transfers only occur to countries with equivalent data protection standards or under appropriate contractual safeguards.

7
DATA RETENTION

  • We retain your personal information only for as long as necessary for the purposes set out in this Policy.
  • Order records are retained for a minimum of 5 years for accounting and legal purposes.
  • Marketing data is retained until you withdraw consent.
  • Website usage data (logs) are retained for up to 12 months.
  • Upon expiry of the retention period, your personal information will be securely deleted or anonymised.

8
YOUR RIGHTS AS A DATA SUBJECT

Your POPIA Rights

In terms of Section 5 of POPIA, you have the following rights:

  • RIGHT TO BE NOTIFIED: You have the right to be notified that your personal information is being collected and the purpose thereof.
  • RIGHT TO ACCESS: You may request access to the personal information we hold about you (submit a PAIA request using the prescribed Form C).
  • RIGHT TO CORRECTION: You may request that we correct, update, or delete inaccurate or incomplete personal information.
  • RIGHT TO OBJECT: You may object to the processing of your personal information on reasonable grounds.
  • RIGHT TO OPT OUT OF MARKETING: You may withdraw consent for marketing communications at any time.
  • RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING: You have the right not to be subject to decisions made solely on automated processing.
  • RIGHT TO LODGE A COMPLAINT: You have the right to submit a complaint to the Information Regulator if you believe your rights have been violated.


9
SECURITY OF YOUR PERSONAL INFORMATION

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, loss, alteration, or destruction. Measures include SSL encryption on our website, secure password-protected systems, and restricted access to personal data on a need-to-know basis. Payment information is processed through PCI-DSS compliant payment gateways.

In the event of a data breach that poses a risk to your rights, we will notify the Information Regulator and affected data subjects in accordance with Section 22 of POPIA within 72 hours of becoming aware of the breach.

10COOKIES & WEBSITE TRACKING

Our website uses cookies and similar technologies to enhance your browsing experience:

  • ESSENTIAL COOKIES: Necessary for the website to function (e.g., shopping cart, session management).
  • ANALYTICS COOKIES: Help us understand how visitors use our site (e.g., Google Analytics).
  • MARKETING COOKIES: Used to display relevant advertisements (only with your consent).

You may manage or disable cookies through your browser settings, although this may affect website functionality. In terms of POPIA, we obtain your consent before placing non-essential cookies on your device.

11DIRECT MARKETING

We will only send you marketing communications if you have given us explicit consent or if you are an existing customer and the marketing relates to similar products/services (as permitted by POPIA Section 69). You may opt out of marketing communications at any time by: clicking "unsubscribe" in any marketing email, contacting us at info@bhdesignco.co.za, or replying "STOP" to any marketing SMS/WhatsApp. We will action your opt-out request within 5 business days.

12CHILDREN'S PRIVACY

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from children without verifiable parental consent. If you believe we have inadvertently collected information about a child, please contact us immediately and we will delete it.

13LINKS TO THIRD-PARTY WEBSITES

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

14CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of significant changes by posting a notice on our website or via email. The date of the latest update is shown at the top of this document.

15HOW TO LODGE A COMPLAINT 

Information Regulator of South Africa:

  • Website: www.inforegulator.org.za
  • Email: inforeg@justice.gov.za
  • Phone: 010 023 5207
  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001