Weltevrede Wine Estate

– Privacy Policy (POPIA)

This Privacy Policy explains how Weltevrede Wine Estate (“we”, “us”) processes personal information when you visit our website and purchase our products online. We are a “responsible party” under the Protection of Personal Information Act, 2013 (“POPIA”).

1. Information Officer & Contact

Our Information Officer is responsible for POPIA compliance and may be contacted via the details provided on our website. The Information Officer will be registered with the Information Regulator via its e-services portal.

2. What We Collect

We may collect the following categories of personal information:

• Identity and contact information (name, email, mobile number, address)

• Date of birth / age-verification data (and, where required by law, proof of age on delivery)

• Order and delivery details; purchase history

• Payment data (tokenised by our payment provider; we do not store full card numbers)

• Account credentials (if you create an account)

• Marketing preferences and communications

• Technical data (device identifiers, IP address, cookies/analytics)

3. Why We Process Personal Information (POPIA s11)

We process your information in order to:
a) Perform a contract with you (accept, fulfil and deliver orders).
b) Comply with legal obligations (e.g., liquor and tax laws; verification of age and prevention of sales to minors).
c) Pursue our legitimate interests (running and improving our e-commerce store, fraud prevention, network security).
d) With your consent (e.g., electronic direct marketing).

You may withdraw consent at any time.

4. Direct Marketing (POPIA s69)

We only send electronic direct marketing with your prior consent or where permitted for existing customers. Every message includes a free and simple opt-out. We honour all opt-out requests promptly.

5. Cookies & Analytics

We use cookies and similar technologies for site functionality, analytics and, where consented, marketing. You can manage cookies via your browser or our cookie banner.

6. Sharing with Operators (Processors)

We share data with trusted service providers (operators) who process it on our instructions, such as:

• Payment gateways

• Couriers and logistics providers

• IT/hosting services

• Age-verification tools

• Customer support tools

We require all operators to protect your personal information in written agreements.

7. Cross-Border Transfers (POPIA s72)

If we transfer personal information outside South Africa (for example, to cloud hosting providers), we will ensure an adequate level of protection through appropriate agreements or safeguards permitted by POPIA, or we will obtain your consent where required.

8. Security Safeguards & Breach Notification (POPIA s19 & s22)

We implement appropriate technical and organisational measures to protect personal information. In the event of a security compromise that may affect you, we will notify you and the Information Regulator where required by law.

9. Data Retention

We retain personal information only as long as necessary for the purposes listed above and to comply with legal, tax, and accounting requirements. Order records may be kept for the statutory retention periods.

10. Your Rights

You may request:

• Access to, correction or deletion of your personal information.

• To object to processing.

• To withdraw consent.

• To lodge a complaint with the Information Regulator.

We will respond to verified requests within the timelines required by POPIA.

11. Children

We do not knowingly sell alcohol to, or collect personal information from, persons under 18 years of age.

12. Updates

We may amend this policy from time to time. The latest version will always be available on our website with the effective date.

Effective Date: 1 September 2025