HAND-POURED & HAND-PAINTED EACH CONCRETE CANDLE IS UNIQUE 🇿🇦 PROUDLY SOUTH AFRICAN — MADE WITH LOVE 10+ FRAGRANCES AVAILABLE CHERRY WOOD WICKS THAT CRACKLE LIKE A FIREPLACE WHEN THEY BURN THEY LOOK AMAZING, SOUND AMAZING, SMELL AMAZING 🇿🇦 DELIVERED ACROSS SOUTH AFRICA FULLY CUSTOMISABLE — YOUR COLOURS, YOUR SCENT THE PERFECT GIFT FOR SOMEONE SPECIAL REFILLS AVAILABLE — COURIERED TO YOUR DOOR SECURE CHECKOUT HAND-POURED & HAND-PAINTED EACH CONCRETE CANDLE IS UNIQUE 🇿🇦 PROUDLY SOUTH AFRICAN — MADE WITH LOVE 10+ FRAGRANCES AVAILABLE CHERRY WOOD WICKS THAT CRACKLE LIKE A FIREPLACE WHEN THEY BURN THEY LOOK AMAZING, SOUND AMAZING, SMELL AMAZING 🇿🇦 DELIVERED ACROSS SOUTH AFRICA FULLY CUSTOMISABLE — YOUR COLOURS, YOUR SCENT THE PERFECT GIFT FOR SOMEONE SPECIAL REFILLS AVAILABLE — COURIERED TO YOUR DOOR SECURE CHECKOUT
Handpoured website mobile logo

Privacy Policy

Effective Date: February 18, 2025
Last Updated: February 18, 2025

At Hand Poured Crafted Candles, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website at https://handpoured.co.za.

Your Rights Under South African Law

This Privacy Policy complies with:

  • Protection of Personal Information Act, 2013 (POPIA) - Act 4 of 2013
  • Consumer Protection Act, 2008 (CPA) - Act 68 of 2008
  • Electronic Communications and Transactions Act, 2002 (ECTA) - Act 25 of 2002

Nothing in this policy limits your statutory rights under these laws.

POPIA Compliance

This Privacy Policy complies with the Protection of Personal Information Act, 2013 (POPIA). We process your personal information in accordance with the following principles:

  • Accountability: We take responsibility for all personal information under our control
  • Processing Limitation: We only collect information for specific, lawful purposes
  • Purpose Specification: We're transparent about why we collect your data
  • Further Processing Limitation: We won't use your data for purposes incompatible with the original purpose
  • Information Quality: We ensure your data is complete, accurate, and up-to-date
  • Openness: We're transparent about how we process your information
  • Security Safeguards: We protect your data with appropriate technical and organizational measures
  • Data Subject Participation: You have rights over your personal information

Information Officer

Under Section 56 of POPIA, we have appointed an Information Officer responsible for ensuring compliance with data protection laws.

Information Officer

Name: Shawn Cranko

Email: info@handpoured.co.za

Phone: +27 12 345 6789

Address: Hand Poured Crafted Candles, Johannesburg, Gauteng, South Africa

Alternatively, you may contact the Information Regulator of South Africa:

Information Regulator (South Africa)

Website: www.justice.gov.za/inforeg

Email: inforeg@justice.gov.za

Phone: 010 023 5200

1. Information We Collect

Personal Information You Provide

When you place an order, create an account, or contact us, we may collect:

  • Contact Details: Name, email address, phone number, shipping and billing address
  • Payment Information: Credit card details, payment method (processed securely through our payment providers - we do not store full card details)
  • Order Information: Products purchased, order history, preferences, delivery instructions
  • Communication: Messages sent through contact forms, customer service inquiries, product reviews, custom candle specifications
  • Account Information: Username, password (encrypted), saved addresses, wishlist items

Information Collected Automatically

When you visit our website, we automatically collect:

  • Technical Data: IP address, browser type and version, device information, operating system, screen resolution
  • Usage Data: Pages visited, time spent on site, referring website, click patterns, search queries, products viewed
  • Location Data: General location derived from IP address (city/region level only)
  • Cookies and Similar Technologies: See our Cookies section below for detailed information

Information from Third Parties

We may receive information about you from:

  • Payment Processors: Transaction confirmation and fraud prevention data
  • Social Media: If you interact with us on Facebook or Instagram, we may receive basic profile information you've made public
  • Delivery Partners: Delivery status updates and confirmation of receipt

Legal Basis for Processing Your Information

We process your personal information based on the following lawful grounds under POPIA:

  1. Consent: When you place an order, create an account, subscribe to marketing, or accept cookies (Section 11(1)(a) of POPIA)
  2. Contract Performance: To fulfill your orders, process payments, and provide services you've requested (Section 11(1)(b))
  3. Legal Obligation: To comply with tax laws, accounting requirements, consumer protection laws, and other legal obligations (Section 11(1)(c))
  4. Legitimate Interest: To improve our services, prevent fraud, protect our business interests, and conduct analytics (Section 11(1)(f))
Withdrawing Consent: You have the right to withdraw consent at any time for marketing communications without affecting the lawfulness of processing based on consent before withdrawal.

2. How We Use Your Information

We use your personal information for the following specific purposes:

Order Processing and Fulfillment

  • Process and fulfill your orders
  • Arrange shipping and delivery
  • Send order confirmations, shipping notifications, and delivery updates
  • Handle returns, exchanges, and refunds
  • Process payments securely

Customer Service

  • Respond to your inquiries and support requests
  • Resolve issues and complaints
  • Provide product information and candle care advice
  • Process custom candle orders and confirm personalization details

Marketing Communications (With Your Consent)

  • Send promotional emails about new products, seasonal collections, and special offers
  • Share candle care tips and usage ideas
  • Provide exclusive discounts and early access to sales
  • Conduct customer satisfaction surveys

Website Improvement and Analytics

  • Analyze website usage to improve user experience
  • Understand which products are most popular
  • Test new features and designs
  • Optimize website performance and loading times

Legal Compliance and Protection

  • Comply with tax, accounting, and legal requirements
  • Prevent fraud and abuse
  • Protect our rights and property
  • Enforce our Terms and Conditions
  • Respond to legal requests from authorities

3. Marketing Communications

Under Section 69 of POPIA, we require your explicit consent for direct marketing.

With your explicit consent, we may send you:

  • Promotional emails about new products and special offers
  • Candle care tips and seasonal collections
  • Exclusive discounts and early access to sales
  • Customer satisfaction surveys

Your Marketing Rights:

  • We will only send marketing emails if you have opted in (provided consent)
  • You can unsubscribe at any time using the link in every email or by contacting info@handpoured.co.za
  • Withdrawing consent does not affect essential communications (order confirmations, shipping updates, customer service)
  • We will not share your information with third parties for their marketing purposes
  • You have the right to object to direct marketing at any time under Section 69 of POPIA

How We Obtain Consent:

  • Opt-in checkbox during account creation or checkout
  • Newsletter signup form on our website
  • Verbal consent at markets or events (recorded in writing)

4. Cookies and Tracking Technologies

Under POPIA and the Electronic Communications and Transactions Act (ECTA), we must obtain your consent for certain cookies.

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better browsing experience.

Types of Cookies We Use:

1. Strictly Necessary Cookies (No Consent Required)

  • Shopping cart functionality
  • Session management and login authentication
  • Security features and fraud prevention
  • Load balancing

2. Functional Cookies (Requires Consent)

  • Remember your preferences (language, currency)
  • Save your delivery address for faster checkout
  • Improve website performance

3. Analytics Cookies (Requires Consent)

  • Google Analytics to understand visitor behavior
  • Track which pages are most popular
  • Measure website performance
  • Help us improve user experience

4. Marketing Cookies (Requires Consent)

  • Facebook Pixel for retargeting ads
  • Track effectiveness of advertising campaigns
  • Show you relevant ads on social media
  • Measure conversion rates

Your Cookie Rights:

  • Accept or reject cookies through our cookie banner when you first visit
  • Change cookie preferences at any time through your browser settings
  • Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout
  • Opt out of Facebook tracking: Visit your Facebook ad preferences
  • Delete cookies: Clear your browser's cookie storage at any time
Important Note: Disabling cookies may affect website functionality, particularly the shopping cart and checkout process.

5. Sharing Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We only share your data with the following categories of recipients, and only to the extent necessary:

Service Providers (Data Processors)

  • Payment Processors: PayPal, Stripe, Ozow, and other payment gateways to process transactions securely
  • Shipping Partners: Courier services (e.g., Aramex, PostNet, The Courier Guy) to deliver your orders
  • Email Service Providers: Mailchimp or similar platforms to send marketing emails (if you've consented)
  • Web Hosting: Cloud hosting providers to maintain our website
  • Analytics Providers: Google Analytics to analyze website traffic
  • Customer Support Tools: Help desk software to manage customer inquiries
Service Provider Obligations: All service providers are contractually bound to process data only on our instructions, implement appropriate security measures, comply with POPIA requirements, and not use your data for their own purposes.

Legal and Regulatory Authorities

We may disclose your information when required by law:

  • South African Revenue Service (SARS) for tax compliance
  • Law enforcement agencies in response to valid legal requests
  • Courts and tribunals if we're involved in legal proceedings
  • Regulatory bodies (e.g., Consumer Commission, Information Regulator)

Business Transfers

If Hand Poured Crafted Candles is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Some of our service providers are located outside South Africa, which means your personal information may be transferred to and processed in other countries.

Current International Transfers:

Your data may be transferred to:

  • United States: Google (Analytics, Cloud Services), Facebook (Marketing Pixels), Mailchimp (Email Marketing), Stripe/PayPal (Payment Processing)
  • European Union: Some cloud hosting and backup services
  • Other regions: As required by our service providers' global infrastructure

Safeguards for International Transfers:

When we transfer data internationally, we ensure compliance with Chapter 9 of POPIA by:

  • Verifying that the recipient country has substantially similar data protection laws to POPIA (Section 72), OR
  • Ensuring the recipient is bound by legally enforceable data protection obligations, OR
  • Obtaining your explicit consent for the specific transfer, OR
  • Using standard contractual clauses approved by the Information Regulator

7. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards:

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted
  • Secure Payment Processing: We use PCI-DSS compliant payment processors - we do not store full credit card details
  • Firewalls: Network-level protection against unauthorized access
  • Regular Security Updates: Software and systems are kept up-to-date with security patches
  • Access Controls: Restricted access to personal information on a need-to-know basis
  • Password Protection: Encrypted password storage using industry-standard hashing

Organizational Safeguards:

  • Staff Training: Employees are trained on data protection and confidentiality
  • Confidentiality Agreements: All staff and contractors sign confidentiality agreements
  • Data Minimization: We only collect and retain data that's necessary
  • Regular Audits: Periodic reviews of our data protection practices
  • Incident Response Plan: Procedures for responding to data breaches
Important Disclaimer: While we take all reasonable precautions, no online transmission or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

8. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will comply with Section 22 of POPIA:

Our Response Procedures:

  1. Notify the Information Regulator without unreasonable delay after becoming aware of the breach
  2. Notify you directly if the breach is likely to cause you harm (identity theft, financial loss, reputational damage)
  3. Provide details of what information was compromised, when the breach occurred, how it happened, and what we're doing to address it
  4. Recommend protective measures you can take (e.g., changing passwords, monitoring accounts)
  5. Establish a helpline for affected individuals if the breach is significant

9. Your Rights Under POPIA

Under the Protection of Personal Information Act, you have the following rights regarding your personal information:

Right to Access (Section 23)

You can request:

  • Confirmation of whether we hold your personal information
  • A copy of all personal information we hold about you
  • Details of how we've used and shared your information

How to exercise: Email info@handpoured.co.za with subject "POPIA Access Request"
Response time: Within 30 days
Fee: Free for the first request; reasonable fee may apply for subsequent requests

Right to Correction (Section 24)

You can request that we correct inaccurate or outdated information, update incomplete information, or amend misleading information.

How to exercise: Log into your account or email info@handpoured.co.za
Response time: Within 30 days

Right to Deletion/Destruction (Section 24)

You can request deletion of your personal information if:

  • We no longer need it for the original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing
  • It was collected unlawfully
  • Deletion is required by law
Important: We may refuse deletion if we're legally required to retain the information (e.g., tax records for 7 years) or if it's necessary for legal proceedings.

Right to Object (Section 11(3))

You can object to processing based on legitimate interests or direct marketing at any time.

For marketing: Click unsubscribe in any email or email info@handpoured.co.za
For other processing: Explain your objection and we'll assess whether we have compelling legitimate grounds to continue

Right to Data Portability

You can request a copy of your personal information in a commonly used, machine-readable format (e.g., CSV, JSON) to transfer to another service provider.

How to exercise: Email info@handpoured.co.za with subject "Data Portability Request"
What you'll receive: Order history, account details, preferences (excludes payment data held by processors)

Right to Lodge a Complaint

If you're not satisfied with how we handle your personal information, you can lodge a complaint with:

Information Regulator (South Africa)

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Phone: 010 023 5200

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

You may lodge a complaint at any time, even while we're still addressing your concern.

10. Data Retention

Under Section 14 of POPIA, we only retain your personal information for as long as necessary for the purposes stated or as required by law.

Retention Periods:

Data Type Retention Period Legal Basis
Customer account data While active + 1 year after closure Legitimate interest
Order and transaction records 7 years from transaction date Tax and accounting laws (Income Tax Act)
Marketing consent records Until you unsubscribe + 2 years POPIA compliance (proof of consent)
Website analytics data 26 months Google Analytics default
Customer service communications 3 years from last contact Legitimate interest, dispute resolution
Payment card data Not stored Handled by PCI-DSS compliant processors
Custom candle design files 2 years from order Legitimate interest (re-orders)

After Retention Periods:

Once data is no longer needed, we will:

  • Securely delete electronic data using secure deletion methods
  • Destroy physical records through secure shredding
  • Anonymize data for statistical purposes where appropriate

11. Automated Decision-Making and Profiling

Under Section 71 of POPIA, you have rights regarding automated processing of your personal information.

Where We Use Automated Systems:

1. Fraud Detection

  • Purpose: Analyze orders for suspicious patterns (e.g., mismatched billing/shipping, unusual order volumes)
  • Impact: May flag orders for manual review or decline high-risk transactions
  • Logic: Machine learning models trained on known fraud patterns

2. Product Recommendations

  • Purpose: Suggest candles you might like based on browsing and purchase history
  • Impact: Personalized shopping experience
  • Logic: Collaborative filtering (what similar customers bought)

3. Marketing Personalization

  • Purpose: Tailor email content to your preferences
  • Impact: More relevant marketing communications
  • Logic: Behavior-based segmentation

Your Rights Under Section 71:

  • Right to object to automated decision-making
  • Right to request human review of automated decisions affecting you
  • Right to understand the logic involved in automated processing
  • Right to challenge decisions made without human intervention

How to Exercise These Rights: Email Shawn Cranko at info@handpoured.co.za. We'll explain the automated processing and, where possible, provide human review.

12. Children's Privacy

Under Section 35 of POPIA, we have special obligations regarding children's personal information.

Our Policy:

  • Our website is not directed at children under 18 years of age
  • We do not knowingly collect personal information from anyone under 18 without verifiable parental consent
  • If you are under 18, please ask your parent or guardian to place orders on your behalf

Parental Rights:

  • Parents can contact us to request access to their child's information
  • Parents can request deletion of their child's information
  • Parents can refuse further collection or use of their child's information
If We Discover Underage Collection: If we learn we've inadvertently collected information from a child under 18 without parental consent, we will delete it immediately and notify the parent/guardian if we have contact details.

13. Third-Party Links

Our website may contain links to third-party websites, social media platforms, and payment providers. Examples include:

  • Facebook and Instagram (social media)
  • PayPal, Stripe, Ozow (payment processors)
  • Google Maps (delivery address lookup)
  • YouTube (embedded candle care videos)
Important: We are not responsible for the privacy practices of third-party websites. Third-party sites have their own privacy policies that govern how they collect and use your information. When you click a link to a third-party site, you leave our website and are subject to their policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data processing practices
  • New legal requirements
  • New features or services
  • Feedback from the Information Regulator

How We Notify You:

  • Post the updated policy on this page with a new "Last Updated" date
  • Send email notification for significant changes (if we have your consent for such emails)
  • Display a prominent notice on our website for 30 days

Continued Use: By continuing to use our website and services after changes take effect, you accept the updated Privacy Policy.

15. Contact Us and Complaints

General Privacy Inquiries:

Hand Poured Crafted Candles

Email: info@handpoured.co.za

Phone: +27 12 345 6789

Address: Johannesburg, Gauteng, South Africa

Business Hours: Monday - Friday, 9:00 AM - 5:00 PM SAST

Information Officer (POPIA Compliance):

Information Officer

Name: Shawn Cranko

Email: info@handpoured.co.za

Phone: +27 12 345 6789

Complaint Process:

Step 1: Contact Us

  • Email Shawn Cranko at info@handpoured.co.za
  • Subject: "Privacy Complaint" or "POPIA Complaint"
  • Describe your concern in detail
  • We'll acknowledge receipt within 48 hours
  • We aim to resolve complaints within 30 days

Step 2: Escalate to Information Regulator

If you're not satisfied with our response, lodge a complaint with:

Information Regulator (South Africa)

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, 2017

Phone: 010 023 5200

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

Complaint Form: Available on their website

16. Compliance Statement

This Privacy Policy complies with:

  • Protection of Personal Information Act, 2013 (POPIA) - Act 4 of 2013
  • Consumer Protection Act, 2008 (CPA) - Act 68 of 2008
  • Electronic Communications and Transactions Act, 2002 (ECTA) - Act 25 of 2002
  • Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (RICA)

Where there is any conflict between this policy and applicable South African data protection and privacy laws, the law will prevail. Your statutory rights are not affected by this policy.

Last Review Date: February 18, 2025
Next Scheduled Review: February 18, 2026

Please Note: This policy applies to all personal information processed by Hand Poured Crafted Candles through our website (handpoured.co.za), email communications, phone interactions, and in-person transactions at markets and events.

Quick Reference: Your POPIA Rights Summary

Right What It Means How to Exercise
Access Get a copy of your data Email info@handpoured.co.za
Correction Fix inaccurate information Update in account or email us
Deletion Request we delete your data Email deletion request
Object Stop certain processing Unsubscribe or email objection
Portability Get data in transferable format Email portability request
Complain Report privacy concerns Contact Information Regulator

Response Time: 30 days for all requests | Cost: Free (reasonable fee may apply for excessive requests)

Your cart is currently empty.

Return to shop