The House of Cosmetix website at www.houseofcosmetics.co.za is owned and operated by Cosmetix Pty Ltd (“Cosmetix”), a company registered in the Republic of South Africa under company registration number 2002/017336/07, which has its head office at 29 Packer Avenue, Epping 2, Cape Town.
1.2. Cosmetix Pty Limited (“Cosmetix”, “We”, “Us” or “Our”) collects and processes the personal information of anyone who accesses Our Website and/or chooses to become Our customer as Well as from You day-to-day dealings with Us (“You” or “Your”).
1.3. By providing Us with Your Personal Information, You:
1.3.1. agree to this Policy and authorise Us to process such information as set out herein; and
1.3.2. authorise Cosmetix, Our Service Providers and other third parties to Process Your Personal Information for the purposes stated in this Policy.
1.4. Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and Use of Your personal information.
1.5. Because of the sensitivity of some personal information, We ensure that the way We process Your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.
- Collection of Personal Information
2.1. We may collect or obtain Personal Information about You in the following ways:
2.1.1. Through direct or active interactions with You;
2.1.2. In the course of Our relationship with You;
2.1.3. Through automated or passive interactions with You;
2.1.4. When You visit / or interact with Our Website or Our various social media platforms;
2.1.5. From third parties;
2.1.6. Public sources;
2.1.7. Employment applications;
220.127.116.11. Flash Cookies. Certain features of Our Service may Use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on Our Service. Flash Cookies are not managed by the same browser settings as those Used for Browser Cookies.
18.104.22.168. Cookies can be Persistent or & Session Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your Web browser. Learn more about cookies: We Use both Session and Persistent Cookies for the purposes set out below:
22.214.171.124. Necessary / Essential Cookies: Type: Session Cookies
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to Use some of its features. They help to authenticate Users and prevent fraudulent Use of User accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only Use these Cookies to provide You with those services.
126.96.36.199. Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
188.8.131.52. Functionality Cookies
Type: Persistent Cookies
Purpose: These Cookies allow Us to remember choices You make when You Use the Website, such as remembering Your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter Your preferences every time You Use the Website.
2.1.9. Web Beacons. Certain sections of Our Service and Our emails may contain small electronic files known as Web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count Users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
2.2. Types of Personal Information We may collect:
2.2.1. Identity information;
2.2.2. Contact information;
2.2.3. Financial information;
2.2.4. Transaction information;
2.2.5. Technical information;
2.2.6. Usage Information;
2.2.7. Location information; and
2.2.8. Marketing and communications information.
- Legal Basis for Processing
3.1. When We process Your personal information in connection with the purposes set out in this Privacy Statement, We may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of Our relationship with You:
3.1.1. Your consent to the processing of Your Personal Information;
3.1.2. Processing of the information is necessary for the performance of a contract or of a legal obligation;
3.1.3. Processing is necessary for the protection of Our and Your legitimate interests.
- Purposes of Processing
4.1. We will primarily Use Your Personal Information only for the purpose for which it was originally collected. We will Use Your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.
4.2. You agree that We may process Your Personal Information for the following, but not limited to, purposes, as relevant to Our relationship with You:
4.2.1. Operating Our business;
4.2.2. Complying with compulsory requirements under relevant laws;
4.2.3. to retain and make information available to You on Our Website;
4.2.4. to maintain and update Our supplier database;
4.2.5. to establish and verify Your identity on the Website;
4.2.6. fraud prevention;
4.2.8. complying with information requests from the Information Regulator;
4.2.9. transfer of information to an associated third party of supplier;
4.2.10. to conduct market research surveys and other marketing activities; and
4.2.11. for security, administrative and legal purposes.
4.3. We may also collect and process aggregated data, which may include historical or statistical data for any purpose, including for know-how and research purposes.
4.4. We will not intentionally collect and process the Personal Information of a child unless We have the permission of a guardian or competent person (as defined by POPIA). We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers.
- Sharing of Personal Information
5.2. We will ensure that Your Personal Information is processed in a lawful manner and that the third parties or We do not infringe Your privacy rights. In the event that We ever outsource the processing of Your Personal Information to a third party operator, We will ensure that the operator processes and protects Your Personal Information Using reasonable technical and organizational measures that are equal to or better than Ours.
5.3. We may also disclose Your Personal Information to third parties if We are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of Cosmetix, its customers and others.
- International Transfer of Personal Information
6.1. We will not ordinarily transfer any Personal Information collected from You outside the borders of South Africa.
6.2. In the event that We transfer or store Your Personal Information outside South Africa, We will take all steps reasonably necessary to ensure that the third party who receives Your Personal Information is subject to a law or binding agreement which provides an adequate level of protection.
- Data Security
7.1. We have implemented appropriate technical and organisational security measures to protect Your Personal Information that is in Our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
7.2. The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to Use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
- Payment Security
8.1. The transport of all data is encrypted by a SSL Thawte certificate which creates a secure https:// link between the cardholder and the payment pages.
8.2. Any credit card would be asked for 3D secure enrolment if not already enrolled with the issuer to process transactions with authentication from the cardholder issuing bank.
8.3. No card entry would be possible on the Cosmetix Web shopping cart as all card traffic will be securely posted to the payment pages.
8.4. No credit card data will be stored.
8.5. No unauthorized access to the payment pages site will be permitted. Only Cosmetix as a known entity will be allowed to direct encrypted payloads to the payment pages.
- Data Retention
9.1. We will retain Your personal information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless We have Your consent to process it indefinitely.
- Data Accuracy
10.1. The Personal Information provided to Us should be accurate, complete and up-to-date. Should Personal Information change, the onus is on the provider of such data to notify Us of the change and provide Us with the accurate data.
- Data Minimisation
11.1. We will restrict its processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.
12.1. You have the right to have Your personal information processed lawfully. Your rights include the right:
12.1.1. to be notified that Your Personal Information is being collected or that Your Personal Information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised Our computer system;
12.1.2. to find out whether We hold Your Personal Information and to request access to Your Personal Information;
12.1.3. to request Us, where necessary, to correct, destroy or delete Your Personal Information;
12.1.4. to object, on reasonable grounds, to the processing of Your Personal Information;
12.1.5. to object to the processing of Your Personal Information for purposes of direct marketing, including by way of unsolicited communications;
12.1.6. not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of Your Personal Information;
12.1.7. to submit a complaint to the Regulator if You believe that there has been interference with the protection of Your Personal Information; and
12.1.8. to institute civil proceedings against Us if You believe that We have interfered with the protection of Your Personal Information.
- Direct Marketing
13.1. We may process Personal Information for the purpose of direct marketing and providing You with information that may be of interest to You. We will only send You direct marketing materials if You have specifically opted-in to receive these materials, or if You are a customer of Ours, at all times in accordance with applicable laws
13.2. You may unsubscribe at any time.
13.3. If You opt out of receiving marketing related communications from Us, We may still send You administrative messages which is necessary as part of services
- Contact Details of the Information Regulator and Queries
14.1. You may contact Our Information Officer at: firstname.lastname@example.org
14.2. You may contact the Information Regulator at:
14.2.1. Information Regulator
Tel: 012 406 4818
Fax: 086 500 3351