HSE PROMPTS SA

Privacy Policy

In accordance with the Protection of Personal Information Act 4 of 2013 (POPIA)

 

HSE Prompts SA (trading as hseprompts.co.za) is the Responsible Party as defined in section 1 of the Protection of Personal Information Act 4 of 2013 (POPIA). We are responsible for determining the purpose and means of processing your personal information.

 

Contact details of the Responsible Party:

•       Trading name: HSE Prompts SA

•       Website: hseprompts.co.za

•       Email: monique@safetyark.co.za

•       Address: 4 Sousa Street, Vanderbijlpark, Gauteng, 1900, South Africa

•       Powered by: Shopify Inc. (as Operator / sub-processor)

 

Information Officer: As required by section 55 of POPIA, our Information Officer is responsible for encouraging compliance with POPIA, dealing with requests made in terms of POPIA, and working with the Information Regulator. Contact our Information Officer at monique@safetyark.co.za.

This Privacy Policy is governed by the Protection of Personal Information Act 4 of 2013 (POPIA), which commenced fully on 1 July 2021, and read together with:

•       The Electronic Communications and Transactions Act 25 of 2002 (ECT Act);

•       The Consumer Protection Act 68 of 2008 (CPA);

•       The Cybercrimes Act 19 of 2020.

 

We process personal information in accordance with the eight Conditions for Lawful Processing set out in Chapter 3 of POPIA, namely: Accountability, Processing Limitation, Purpose Specification, Further Processing Limitation, Information Quality, Openness, Security Safeguards, and Data Subject Participation.

We collect and process the following categories of personal information, as defined in section 1 of POPIA:

 

3.1 Information you provide directly

•       Identity information: your full name;

•       Contact information: email address, telephone number, physical address and billing address;

•       Financial information: payment card details, bank account information and transaction records (processed securely via PayFast and Shopify Payments — we do not store card numbers on our servers);

•       Account information: username, password and account preferences;

•       Communications: the content of any enquiry, support request or other communication you send us.

 

3.2 Information collected automatically

•       Device and technical information: IP address, browser type and version, operating system, and unique device identifiers;

•       Usage information: pages visited, products viewed, items added to cart, time spent on pages, and click-through behaviour, collected via cookies and similar technologies;

•       Transaction information: purchase history, download activity, and order status.

 

3.3 Information from third parties

We may receive personal information from Shopify Inc. (our e-commerce platform operator), payment processors, and advertising partners such as Meta Platforms and TikTok, in accordance with their own privacy notices and applicable law.

We process your personal information only for specific, explicitly defined and legitimate purposes as required by section 13 of POPIA. These purposes are:

 

4.1 Fulfilling our contract with you (section 11(1)(b) of POPIA)

•       Processing your order and delivering your digital download;

•       Sending order confirmation, download links, and receipts;

•       Managing your account and purchase history;

•       Processing refund or support requests.

 

4.2 Legitimate interests (section 11(1)(f) of POPIA)

•       Improving our products, website and services;

•       Detecting, investigating and preventing fraud, security incidents and abuse;

•       Maintaining the security of our systems and your data.

 

4.3 With your consent (section 11(1)(a) of POPIA)

•       Sending you marketing emails, promotional offers and product updates. You may withdraw this consent at any time (see section 9 of this Policy);

•       Displaying personalised online advertisements via Meta, TikTok and Google, based on your browsing and purchase activity.

 

4.4 Legal compliance (section 11(1)(c) of POPIA)

•       Complying with applicable South African legislation including POPIA, the ECT Act and the CPA;

•       Responding to lawful requests from the South African Police Service, courts, or other competent authorities;

•       Enforcing our Terms of Service and protecting our legal rights.

We do not sell your personal information. We may share your personal information with the following categories of third parties (Operators) for the purposes described in section 4 above:

 

•       Shopify Inc.: our e-commerce platform provider, which hosts our store, processes payments and delivers digital products. Shopify processes personal information in accordance with their own privacy policy and is bound by POPIA as our Operator;

•       PayFast (DPO PayGate (Pty) Ltd): our South African payment gateway, used to process card payments and EFT transactions securely;

•       Meta Platforms (Facebook and Instagram): for advertising, analytics and retargeting purposes, subject to your consent and your preferences in Meta's privacy settings;

•       TikTok: for advertising and campaign analytics, subject to your consent;

•       Klaviyo or similar email service providers: to send transactional and marketing emails;

•       Professional advisers: accountants, attorneys and auditors, under confidentiality obligations;

•       Law enforcement and regulatory authorities: where required by law or court order.

 

Where we share personal information with third parties, we ensure that appropriate data processing agreements are in place in accordance with section 21 of POPIA.

Shopify Inc. is headquartered in Canada. Some of our service providers, including Shopify, Meta and Klaviyo, may store or process your personal information outside South Africa.

 

In accordance with section 72 of POPIA, we will only transfer personal information outside South Africa where:

•       The recipient country has been identified as providing an adequate level of protection (Canada has been recognised as adequate for this purpose);

•       We have entered into binding contractual arrangements with the recipient that impose obligations equivalent to POPIA; or

•       You have consented to the transfer.

We implement appropriate technical and organisational measures to protect your personal information against accidental loss, unlawful destruction, access, alteration or disclosure, as required by section 19 of POPIA. These measures include:

•       SSL/TLS encryption for all data transmitted to and from our website;

•       Secure payment processing via PCI-DSS compliant providers (PayFast and Shopify Payments);

•       Access controls limiting who within our organisation can access personal information;

•       Regular review of our security measures.

 

No security measures are infallible. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and, where required, affected data subjects, in accordance with section 22 of POPIA.

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. In accordance with section 14 of POPIA:

•       Transaction records and purchase history: 5 years, in accordance with the Companies Act 71 of 2008 and the South African Revenue Service requirements;

•       Account information: for as long as your account remains active, plus 1 year after closure;

•       Marketing contact lists: until you withdraw consent or opt out;

•       Security logs: 12 months.

 

Once the retention period has expired, we will destroy, delete or de-identify your personal information in a secure manner.

As a data subject under POPIA, you have the following rights, which you may exercise free of charge by contacting us at monique@safetyark.co.za:

 

•       Right to access: you may request a description of the personal information we hold about you and a record of how it is processed (section 23 of POPIA);

•       Right to correction or deletion: you may request that we correct inaccurate, irrelevant, excessive, outdated, incomplete or misleading information, or delete it where we are no longer authorised to process it (section 24 of POPIA);

•       Right to object: you may object to the processing of your personal information for purposes of direct marketing at any time (section 11(3) of POPIA);

•       Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal;

•       Right to opt out of direct marketing: you may unsubscribe from marketing emails at any time using the unsubscribe link in any email we send, or by contacting us directly;

•       Right to lodge a complaint: if you believe we have processed your personal information unlawfully, you have the right to lodge a complaint with the Information Regulator of South Africa (see contact details below).

 

We will respond to all requests within a reasonable time and in accordance with our obligations under POPIA. We may need to verify your identity before processing your request.

Our website uses cookies and similar tracking technologies as permitted under the ECT Act and POPIA. Cookies are small text files placed on your device that help us:

•       Remember your preferences and items in your cart;

•       Understand how visitors use our website;

•       Display relevant advertising on third-party platforms.

 

You may control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of our store. Where cookies involve the processing of personal information, we obtain your consent in accordance with POPIA before placing non-essential cookies.

Our Services are not directed at children under the age of 18. We do not knowingly collect personal information from persons under 18. The processing of personal information of children requires special conditions under section 35 of POPIA, and we will only do so where a competent person (as defined in POPIA) has provided consent.

 

If you believe we have inadvertently collected personal information from a child under 18, please contact us immediately at monique@safetyark.co.za so that we may delete it.

We may send you marketing communications about our products and services by email or SMS, subject to the following:

•       We will only send marketing communications with your consent, or where permitted under section 69 of POPIA (for example, to existing customers regarding similar products);

•       Every marketing communication will include a clear and easy way to opt out;

•       We will immediately stop marketing communications upon receipt of an opt-out request;

•       We will not sell or share your contact details with third parties for their direct marketing purposes without your explicit consent.

If you are not satisfied with our response to a complaint, or believe we are processing your personal information unlawfully, you have the right to lodge a complaint with the Information Regulator of South Africa:

 

•       Website: inforegulator.org.za

•       Email: inforeg@justice.gov.za

•       Telephone: +27 10 023 5207

•       Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Where we make material changes, we will notify you by email (if you have an account with us) or by posting a prominent notice on our website prior to the change taking effect. The date at the top of this Policy indicates when it was last updated.

For any questions, concerns or requests regarding this Privacy Policy or the processing of your personal information, please contact our Information Officer:

 

•       Email: monique@safetyark.co.za

•       Address: 4 Sousa Street, Vanderbijlpark, Gauteng, 1900, South Africa

•       Website: hseprompts.co.za

 

We will acknowledge your request within 3 business days and aim to resolve it within 30 days, in accordance with our obligations under POPIA.

 

This Privacy Policy is governed by the laws of the Republic of South Africa. Last reviewed: 6 April 2026.