POPIA Policy

POPIA Compliance

Unlimited Fragrances (Pty) Ltd is committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and the Promotion of Access to Information Act 2 of 2000 (PAIA). We respect your right to privacy and are dedicated to processing your personal information lawfully, responsibly, and transparently.

Last Updated: 26 March 2026

1. Our Commitment to Data Protection

Unlimited Fragrances (Pty) Ltd recognises that the right to privacy is a fundamental right enshrined in Section 14 of the Constitution of the Republic of South Africa. POPIA gives effect to this right by regulating how personal information is collected, processed, stored, and shared.

We have implemented appropriate technical, organisational, and administrative safeguards to protect the personal information of our customers, suppliers, employees, and all other data subjects who interact with our business.

2. Information Officer

In terms of Section 55 of POPIA, every private body is required to appoint an Information Officer. The designated Information Officer for Unlimited Fragrances (Pty) Ltd is the Director of the company.

Information Officer

Entity: Unlimited Fragrances (Pty) Ltd

Registration Number: 2026/050284/07

Address: 7 Klipkraal Crescent, Louwlardia, Centurion, Gauteng, 0157, South Africa

Email: online@unlimitedfragrances.co.za

Phone: 087 821 3578

3. The Eight Conditions for Lawful Processing

POPIA sets out eight conditions that must be met for the lawful processing of personal information:

1

Accountability

We take full responsibility for complying with POPIA. Our Information Officer oversees our compliance framework.

2

Processing Limitation

We only process personal information with a lawful basis — typically consent or contractual necessity.

3

Purpose Specification

We collect personal information for specific, clearly defined, and lawful purposes such as order fulfilment and delivery.

4

Further Processing Limitation

We do not use your information for any purpose other than the purpose for which it was originally collected.

5

Information Quality

We take reasonable steps to ensure personal information we hold is complete, accurate, and up to date.

6

Openness

We are transparent about what we collect, why we collect it, how we use it, and with whom we share it.

7

Security Safeguards

We implement SSL encryption, access controls, and secure payment processing via PayFast to protect your data.

8

Data Subject Participation

You have the right to access, correct, and delete your personal information through our request process.

4. Your Rights as a Data Subject

Right of Access

Request confirmation and a copy of your personal information. (Section 23)

Right to Correction

Request correction of inaccurate or incomplete information. (Section 24)

Right to Deletion

Request destruction of personal information no longer needed. (Section 24)

Right to Object

Object to processing on reasonable grounds or for direct marketing. (Section 11(3)(a))

Right to Withdraw Consent

Withdraw consent at any time without affecting prior lawful processing.

Right to Complain

Lodge a complaint with the Information Regulator. (Section 74)

5. How to Submit a Data Subject Request

1
Submit Your Request: Email online@unlimitedfragrances.co.za with the subject line "POPIA Data Subject Request". Include your full name, email address, and the right you wish to exercise.
2
Identity Verification: We may request a copy of your South African ID document or passport to verify your identity before processing.
3
Acknowledgement: We will acknowledge receipt within 5 business days and inform you of any applicable fees.
4
Processing: Your request will be processed within 30 days from receipt, in accordance with PAIA and POPIA timeframes.

6. Categories of Personal Information We Process

Customers: Name, surname, email address, phone number, delivery address, billing address, order history, transaction records, IP address, browser and device information, cookie data.

Website Visitors: IP address, browser type, device information, pages visited, cookies and analytics data.

Suppliers and Service Providers: Contact person name, business name, email address, phone number, bank account details (for payment purposes), contractual records.

Payment Information: Unlimited Fragrances does not collect, store, or process any payment card numbers, CVV codes, or banking credentials. All payments are handled by PayFast, a PCI-DSS compliant gateway.

7. Third-Party Operators

  • PayFast (Pty) Ltd — secure payment processing
  • Shopify Inc. — e-commerce platform hosting and order management
  • The Courier Guy — parcel delivery (name, phone, delivery address)
  • PUDO SA — parcel collection points (name, phone, notification details)
  • Google Analytics — anonymised website traffic analysis (with consent)

We do not sell, rent, or trade personal information to any third party for their own marketing purposes.

8. Security Measures

In compliance with Section 19 of POPIA, our security measures include:

  • SSL/TLS encryption across our entire website (HTTPS)
  • Secure, PCI-DSS compliant payment processing via PayFast
  • Password-protected access to customer data, limited to authorised personnel only
  • Regular review and updating of security practices
  • Staff awareness and training on data protection obligations

9. Data Breach Notification

In the event of a security compromise, we will, in accordance with Section 22 of POPIA, notify the Information Regulator and all affected data subjects as soon as reasonably possible after becoming aware of the breach.

10. Direct Marketing Compliance

In accordance with Section 69 of POPIA, we will only send unsolicited electronic marketing with your prior explicit consent. Every communication will identify Unlimited Fragrances as the sender and include a mechanism to unsubscribe or opt out.

11. Children's Personal Information

In terms of Section 35 of POPIA, we do not knowingly collect personal information of children under 18 without the consent of a parent or legal guardian.

12. Cross-Border Transfers

Where personal information is transferred outside South Africa (e.g., via Shopify), we ensure the recipient is subject to a law or binding agreement upholding principles substantially similar to POPIA, as required by Section 72.

13. PAIA Manual

In terms of Section 51 of PAIA, a copy of our PAIA Manual is available upon request. Contact the Information Officer at online@unlimitedfragrances.co.za.

SAHRC Guide: The South African Human Rights Commission guide on how to use PAIA is available at www.sahrc.org.za and from the Information Regulator at www.inforegulator.org.za.

14. Information Regulator

The Information Regulator (South Africa)

Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

General Enquiries: enquiries@inforegulator.org.za

POPIA Complaints: POPIAComplaints@inforegulator.org.za

PAIA Complaints: PAIAComplaints@inforegulator.org.za

Website: www.inforegulator.org.za

15. Updates to This Page

This POPIA compliance page may be updated from time to time to reflect changes in legislation or business practices. The date of the most recent update is displayed at the top of this page.

Unlimited Fragrances (Pty) Ltd • Reg. 2026/050284/07 • online@unlimitedfragrances.co.za • 087 821 3578