Privacy Policy

We respect your privacy and take the protection of your Personal Information seriously. We strive for a superior experience whenever you engage or shop on our website, and to do this, we use some of your Personal Information. This Privacy Policy describes how your Personal Information is collected, used, shared, processed and protected when you browse, use or purchase from pandylane.com

1. Introduction

     1.1. Pandylane (Pty) Ltd (“Pandylane”, “we”, “us” or “our”) collects and processes Personal Information of anyone who accesses our website and/or makes a purchase as well as from your emails or communications with us.

     1.2. By providing us with your Personal Information, you:

        1.2.1. agree to this policy and authorise us to process such information as set out in this policy; and

        1.2.2. authorise Pandylane, our service providers and other third parties to process your Personal Information for the purposes stated in this policy.

     1.3. Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information.

     1.4. “Process” or “processing” of information means the collection, use, storage, sharing, destroying, updating, disclosing or otherwise dealing with your Personal Information. As a general rule, we only process Personal Information that is required in order for us to provide you with the goods and/or services that you have requested.

     1.5. Because of the sensitivity of some personal information, we ensure that the way we process your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.

     1.6. We may periodically update or change the Privacy Policy without giving you prior notice, in accordance with applicable law. You should check them regularly, as your continued use of our website means that you accept and agree to any updates or changes to this Policy.


2. The Personal Information We Collect

     2.1. We may collect or obtain Personal Information about you in the following ways:

        2.1.1. Through direct or active interactions with you;

        2.1.2. In the course of our relationship with you;

        2.1.3. Through automated or passive interactions with you;

        2.1.4. When you visit or interact with our website, social media or emails;

        2.1.5. From third parties;

        2.1.6. From public sources;

        2.1.7. From employment or other applications;

     2.2 Types of Personal Information we collect:

        2.2.1. Identity Information

            2.2.1.1. Name and surname;

            2.2.1.2. Birthday;

        2.2.2. Contact Information

            2.2.2.1. Email address;

            2.2.2.2. Physical and postal addresses;

            2.2.2.3. Cellphone or other phone numbers;

        2.2.3. Demographic Information

            2.2.3.1. Sex or gender;

            2.2.3.2. Age

        2.2.4. Health Information

            2.2.4.1. Estimated due date or baby’s birth date;

            2.2.4.2. Pregnancy information

        2.2.5. Transaction Information

            2.2.5.1. Orders;

            2.2.5.2. Gift registries or wish lists;

            2.2.5.3. Payment information (we do not store credit card information);

            2.2.5.4. Banking information in the case of a refund

        2.2.6. Technical Information

            2.2.6.1. Device and browser information;

            2.2.6.2. Online identifiers – cookies, log files and tags;

            2.2.6.3. Website usage information

        2.2.7. Medical Aid Information

            2.2.7.1. Membership details only

        2.2.8. Marketing Information

            2.2.8.1 Interests and preferences


3. Cookies & Usage Tracking

      3.1. Cookies are data files that are placed on your device that may include an anonymous unique identifier – in other words, they do not contain your personal information but allow us to associate you with a particular device.

      3.2. We use cookies to:

        3.2.1. understand your usage of our website so that we can improve our website and make it more user friendly; and

        3.2.2. personalise our interactions with you and tailor our services to your interest and needs; and

        3.2.3. ensure our website works optimally on your device; and

        3.2.4. provide marketing that is relevant to you, and to limit the number of times you see the same marketing content, as well as measure the effectiveness of our marketing based on your online usage; and

        3.2.5. send opt-in marketing communications if you are not yet subscribed.

      3.3. When you access our website, we collect data about your IP address, browser type, device type, internet service provider, referring or exit pages, and date and time stamps. This information is anonymous.


4. How We Use Your Personal Information

     4.1. The information we collect is primarily used to

        4.1.1. identify you; and

        4.1.2. communicate with you; and

        4.1.3. fulfil your orders; and

        4.1.4. provide you with services; and

        4.1.5. enter into a contract with you;

        4.1.6. comply with any legal or regulatory obligations; and

        4.1.7. conduct research for statistical purposes (this information is anonymous and cannot be linked to you)

        4.1.8. provide you with information or marketing relating to our products and services (when in line with the preferences you share with us).

     4.2. We may also use the information that you provide for other legitimate business interests in accordance with the relevant laws. We do not sell your data to any third party.

     4.3. We retain your Personal Information for as long as

        4.3.1. we need it to provide our products and/or services to you; or

        4.3.2. it is required or allowed by law; or

        4.3.3. it is necessary to uphold the contract between us; or

        4.3.4. you have consented to us keeping your Personal Information, subject to your request for us to stop processing your Personal Information.


5. How Your Information Is Shared

     5.1. We do not sell your information to any third party for their marketing or any other purpose.

     5.2. We may provide or make your Personal Information available to:

        5.2.1. our employees

        5.2.2. law enforcement, government officials, fraud detection agencies or any third party where the disclosure of Personal Information is a legal obligation and appropriate in connection with an investigation of fraud or any other illegal activity, or any activity that may expose us to legal liability or financial loss;

        5.2.3. third parties in the event of any reorganisation, merger, sale, joint venture or other disposition of any of our assets

        5.2.4. contracted third parties and their employees who render services to us. These contracts stipulate that these third party providers may only use your Personal Information in connection with the services they provide us and not for their own benefit or any other purpose, and that they are to treat your information as confidential, in accordance with the POPIA.

        5.2.5. our suppliers or sellers in order for them to liaise directly with you regarding any products or services that you have purchased, or for any other purpose which may require their involvement.

     5.3. We may transfer your Personal Information beyond the borders of the Republic of South Africa to service providers for the purposes set out above, including for data storage and back-up purposes. However, any transfer of your Personal Information outside the country is done so in accordance with the requirements set out in the POPIA. 


6. How We Protect Your Personal Information

     6.1. We secure the confidentiality of your Personal Information in our possession or under our control by taking reasonable technical and organisation measures to prevent loss of, damage to, or unauthorised access or processing of your Personal Information.

    6.2. Our policies and procedures include, among other measures,:

        6.2.1. physical, technical and network security

        6.2.2. monitoring and control of access

        6.2.3. secure storage, destruction and encryption of records

        6.2.4. breach reporting and remediation


7. Your Privacy Rights

     7.1. Having provided adequate proof of your identity, you have the right to:

        7.1.1 be notified that your Personal Information is being collected;

        7.1.2. view, correct and/or amend the Personal Information we process;

        7.1.3. request a record or description of your Personal Information, but please note that:

            7.1.3.1. there may be a fee charged to provide you with this record;

            7.1.3.2. if the request is manifestly unfounded, excessive or repetitive, we may charge an additional administrative fee or refuse the request.

        7.1.4. object, on reasonable grounds, to the processing of your Personal Information

        7.1.5. request that your Personal Information be corrected, destroyed or deleted. We may need to retain some of your Personal Information subject to any legislative requirement

        7.1.6. us complying with your request upon receipt, unless we have a credible reason to not comply (such as a legal obligation)

        7.1.7. us indicating where, if we cannot agree whether to correct or delete your Personal Information as requested, that a correct or deletion was requested but not made.

        7.1.8. be informed, if reasonably practicable, of any changes to your Personal Information that has an impact on decisions about you.

        7.1.9. be informed of the action taken by us because of your request.

        7.1.10. be notified by us if there is any unauthorised access to your Personal Information

        7.1.11. request reasonable evidence of our compliance with the obligations of this privacy policy on reasonable notice and request

        7.1.12. submit a complaint to the Information Regulator


8. Direct Marketing

      8.1. You may opt-out or unsubscribe from any direct marketing that we may send to you.

      8.2. If you opt-out, you may still receive administrative or other transactional communications as part of our business operations (such as order confirmation emails).


9. Lodging a Complaint with the Information Regulator

      9.1. If you have any complaints about this Policy, or our compliance with this Policy or South African privacy laws, you are entitled to lodge a complaint with the Information Regulator.

      9.2. The contact details for the Information Regulator are available on its website at https://justice.gov.za/inforeg/