Privacy Policy
Last updated: [DATE]
At MaxHealth Pet Diet, we take your privacy as seriously as we take your dog's health. This policy explains, in plain language, what personal information we collect when you use maxhealth.co.za, why we collect it, who we share it with, and the rights you have under South Africa's Protection of Personal Information Act, 2013 (POPIA).
By using our website or buying from us, you agree to the practices described here.
Who we are (the responsible party). This website and store are operated by [MaxHealth Pet Diet (Pty) Ltd], registration number [company registration no.], [VAT no. if registered], a company based in South Africa. Under POPIA, we are the "responsible party" for the personal information we collect about you.
What personal information we collect
Depending on how you interact with us, we may collect:
- Identity and contact details — your name, email address and phone number.
- Delivery and billing addresses — so we can get your order to the right place and bill it correctly.
- Order history — what you've bought, when, and the subscriptions you've set up.
- Payment information — your payment is processed by our payment gateway. We receive confirmation that a payment succeeded and limited transaction details, but we never see or store your full card number, CVV or banking credentials.
- Account details — if you create an account, your login email and password (passwords are stored in encrypted form by our platform, not in plain text).
- Communications — messages you send us by email, phone or web form, and our replies.
- Device and usage data — your IP address, browser type, device information, the pages you view and how you move through the site.
- Cookies and analytics data — see the Cookies and analytics section below.
We only collect information that is adequate, relevant and not excessive for the purposes set out below, as POPIA requires.
Why we collect it, and our lawful basis
We process your personal information for the following purposes, each supported by a lawful basis recognised under POPIA:
| Purpose | Lawful basis |
|---|---|
| Processing and delivering your orders, and managing subscriptions | Necessary to perform our contract with you |
| Taking payment and preventing fraud | Performance of the contract and our legitimate interests |
| Sending order, delivery and account notifications | Performance of the contract |
| Responding to your queries and providing customer support | Performance of the contract and our legitimate interests |
| Keeping accounting, tax and transaction records | Compliance with our legal obligations |
| Improving our website, products and service | Our legitimate interests in running a good business |
| Sending marketing about products, offers and pet-care content | Your consent, which you can withdraw at any time |
Where we rely on your consent (mainly for direct marketing and certain cookies), you are free to refuse or withdraw it without affecting your ability to buy from us.
Who we share it with
We do not sell your personal information. We share it only with trusted parties who help us run the store, and only as far as needed to do their job. These "operators" (as POPIA calls them) are bound to keep your information secure and use it only on our instructions:
- Shopify — our e-commerce platform, which hosts the store and processes orders on our behalf.
- Payfast — our payment gateway, which securely processes your payment.
- Couriers and delivery partners — to deliver your order, we share your name, delivery address and phone number with our third-party courier.
- Google (Google Analytics 4) — to understand how the website is used, in aggregated and pseudonymised form.
- Professional advisors and authorities — accountants, auditors, or regulators and law enforcement where we are legally required to disclose information.
If our business is ever sold or restructured, your information may be transferred to the new owner under the same protections set out in this policy.
Information processed outside South Africa
Some of our service providers (including Shopify and Google) host or process data on servers located outside South Africa. Where personal information is transferred across borders, POPIA requires that it be protected by laws, binding agreements or rules that offer a level of protection comparable to POPIA. We take reasonable steps to ensure these providers meet that standard before we share your information with them.
How long we keep it
We keep your personal information only for as long as we need it for the purposes above:
- Order, payment and tax records — retained for the period required by South African tax and company law (generally at least 5 years).
- Account and order-history information — retained for as long as your account is active, and for a reasonable period afterwards.
- Marketing information — retained until you opt out, after which we keep a minimal record of your opt-out so we can honour it.
- Website and analytics data — retained for a limited period in line with our analytics settings.
When we no longer have a lawful reason to keep your information, we securely delete or de-identify it.
How we keep it safe
We take appropriate, reasonable technical and organisational measures to protect your personal information against loss, unauthorised access and misuse, as POPIA requires. These include encryption of data in transit (HTTPS), restricted staff access, and relying on reputable platforms (Shopify, Payfast) that maintain strong security standards.
No system is ever completely secure, so we cannot guarantee absolute security — but if a security compromise affecting your personal information occurs, we will notify you and the Information Regulator as required by law.
Cookies and analytics
Our website uses cookies — small text files stored on your device — to make the site work, remember your cart and preferences, and understand how the site is used.
- Essential cookies keep the store, your basket and checkout working. The site can't function properly without these.
- Analytics cookies, including those set by Google Analytics 4, help us see which pages are popular and how to improve the experience. This data is collected in aggregated, pseudonymised form.
You can control or delete cookies through your browser settings, and you can decline non-essential cookies. Blocking essential cookies may stop parts of the site from working. You can read more about how Google handles this data in Google's own privacy resources.
Direct marketing and how to opt out
We will only send you marketing emails (such as offers, new products and pet-care content) where you have agreed to receive them, or where the law otherwise allows us to contact an existing customer about similar products.
You can opt out at any time by:
- clicking "unsubscribe" at the bottom of any marketing email, or
- emailing us at [hello@maxhealth.co.za] and asking us to stop.
Opting out of marketing won't affect essential messages about your orders, deliveries or account, which we need to send to fulfil your purchase.
Your rights under POPIA
POPIA gives you the following rights over your personal information. You can exercise any of them by contacting our Information Officer (details below):
- Access — ask us what personal information we hold about you and request a copy.
- Correction — ask us to correct or update information that is inaccurate, misleading or out of date.
- Deletion — ask us to delete or destroy information we no longer have a lawful reason to keep.
- Objection — object, on reasonable grounds, to our processing of your information, including for direct marketing.
- Withdraw consent — withdraw any consent you've given, at any time, without affecting processing that already took place.
We will respond to your request within a reasonable time. We may need to verify your identity first, and in some cases we may be legally required to keep certain information even after a deletion request.
Complaints
If you are unhappy with how we have handled your personal information, please contact us first so we can try to put it right. You also have the right to lodge a complaint directly with the regulator:
The Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Email: complaints.IR@inforegulator.org.za / enquiries.IR@inforegulator.org.za Website: inforegulator.org.za
Our Information Officer
Requests and questions about your personal information should be directed to:
[Information Officer name] MaxHealth Pet Diet Email: [hello@maxhealth.co.za] Phone: [phone]
Children
Our products and website are intended for adults. We do not knowingly collect personal information from children under 18 without the consent of a parent or guardian. If you believe a child has given us their information, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or the law. When we do, we'll change the "Last updated" date above, and significant changes may be communicated to you directly. Please check back occasionally to stay informed.
Contact us
If you have any questions about this Privacy Policy or how we handle your personal information, please reach out:
MaxHealth Pet Diet [(Pty) Ltd] Email: [hello@maxhealth.co.za] Phone: [phone] Address: [physical/return address]