Privacy Policy

Who we are

Welcome to the www.shopspa.co.za website (including all webpages, subdomains and subparts therein contained, the (“Platform”) of Add-On Digital (Pty) Ltd t/a Shopspa (“Shopspa”, “we”, “us” and/or “our”). The Platform has been created (i) to provide information about Shopspa (ii) to provide online services (“Shopspa Services”) for people (“Users”) to buy products and/or vouchers (“Vouchers”) and from vendors that make use of the Shopspa Services (“Partners”). Add-On Digital Pty Ltd t/a Shopspa is a registered company in South Africa. Our website address is: https://shopspa.co.za/.

Please read our Privacy Policy carefully as the use of our Platform is subject to Privacy Policy published on our Platform at the time of your use. We may change our Privacy Policy from time to time and such changes will take effect as and when published on this Platform. If you do not accept our Privacy Policy then please do not make use of our Platform or the Shopspa Services.

Email: info@shopspa.co.za

What personal data we collect and why we collect it

We collect Contact Information from users namely First Name, Surname, Email Address and Contact Numbers of users transacting on our Platform. We do this so we can offer support to users who require it and so that user’s contact information can be linked to Voucher/s purchased by the user.

We collect Transactional Data related to the user such as amount of money spent on our Platform, specifics on the Voucher/s purchased by the User and the number of Voucher/s purchased by the User. We do this so that Shopspa and it’s Partners can identify the specifics of your purchase/s

Our Platform allows Users the option to opt-in to our email marketing campaigns and we record the contact information of users who have opted-in to this service. We do this so that we can send promotional marketing emails to Users who have opted-in to this service.

While you visit our site, we’ll track: Products added to cart: these will be used to send you marketing messages and invite you to complete the order. Name, Last name, Email and Phone number: data used with the purpose to contact you. We’ll also use cookies to keep track of your cart ID.

We utilse cookies and analytics and we may share your your Contact Information and Transactional Data with our Partners and/or 3rd party suppliers if required. Details of this is covered in the ‘Cookies’ section below.

Shopspa Administrators have access to the information you provide in order to help you fulfill orders and provide support.

Users who visit our platform and choose to transact on it give Shopspa consent to store the above listed information.

We’ll use this information for purposes, such as, to:

Send you information about your account and order, Respond to your requests, including refunds and complaints, Process payments and prevent fraud, Comply with any legal obligations we have, Improve our store offerings,Send you marketing messages, if you choose to receive them.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 3 years for tax and accounting purposes as well as for proof of purchases. This includes your name, email address and phone number.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and our Partners can access: Order information like what was purchased, when it was purchased, and Customer information like your name, email address, and phone number. Our team members have access to this information to help fulfill orders, process refunds, redeem Vouchers and support you.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Contact forms

We use contact forms for Users to provide us with their information so that we can contact them. We also use contact forms for potential partners to send us information about their company and so we can contact them.

Information is stored indefinitely.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Cookies for marketing purposes

We use cookies for marketing purposes, in order to target our users with advertising which is tailored to their interests. In addition, we use cookies in order to restrict the likelihood that an advert will be displayed and in order to measure the effectiveness of our advertising measures. This information can also be shared with third parties, such as ad-networks. The legal basis for this is Article 6 Paragraph 1 Letter f) GDPR. The purposes pursued by the data processing come under the legitimate interest of direct marketing. At any time, you have the right to raise an objection to the processing of your data for the purpose of such advertising. For this purpose, we will provide you at the head of this website with the opt out options of the respective services. Alternatively, you can prevent the setting of cookies in your browser settings:

Edge: https://answers.microsoft.com/en-us/insider/forum/insider_internet-insider_spartan-insiderplat_pc/how-to-view-and-manage-cookies-in-microsoft-edge/67b3a495-554e-4f1d-995e-93d0ea6882a6

Google Chrome: https://support.google.com/chrome/answer/95647

Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/en-us/HT201265

Facebook Custom Audiences

Custom Audience Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA), is a small piece of Java script code which we have integrated into all of our websites. This piece of code provides a number of functions for the sending of application specific events and user defined data to Facebook. We use Custom Audience pixels in order to record information concerning the way in which visitors use our website. This pixel records and provides Facebook with information concerning the browser setting of the user, a hashed version of the Facebook ID and the URL which is being visited. Each Facebook user thus possesses a clear and device-independent Facebook ID, whereby it is possible to address the user via more than one device on the social network Facebook and to recognise him or her, so that we can target our visitors again for advertising purposes by means of Facebook adverts. After 180 days, the user information is deleted until the visitor accesses our website again. Therefore, no personal information is disclosed to Shopspa in relation to the individual website visitors and we can only solicit website customer target groups once the target customer group has reached a critical mass in terms of numbers. Further information concerning Facebook and its private sphere settings above and beyond the details set out can be found in the Data Policy and the Terms of Service of Facebook Inc.

Google AdWords and conversion tracking

In order to increase awareness of our services, we use Google AdWords adverts and use conversion tracking and the Google Tag Manager within the framework of this, for the purpose of personalised online advertising which is tailored to interests and location. The option of anonymising the IP address is m by an internal setting in Google Tag Manager, which cannot be viewed in the source of this website. This internal setting is placed in such a way that the anonymisation of the IP addresses is attained. The adverts are incorporated into websites of the Google advertising network in accordance with search queries. We have the option of combining our adverts with certain search terms. With the assistance of the cookie, we can display adverts based on the previous visits of a user to our website. When a user clicks on an advert, a cookie is set on the computer of the user by Google. Further information concerning the cookie technology which is used can also be found in the notices of Google relating to the website statistics and in the Google Privacy Policy. With the assistance of this technology, Google and we as the customer are informed that a user has clicked on an advert and was redirected to our websites. The information which is obtained during this process is only used for a statistical evaluation in order to optimise adverts. We do not receive any information which could personally identify users. The statistics provided to us by Google contain the total number of users who have clicked on one of our adverts and, if applicable, whether these were redirected to a page of our website which contains a conversion tag. On the basis of these statistics, we can find out which search terms led to the most clicks on our advert and which adverts lead to the user purchasing from our Platform. Should you not wish this to take place, you can prevent the saving of the cookie which is necessary for this technology, for example via your browser settings. In such a case, your visit is not recorded under the user statistics. You also have the option of selecting the types of Google adverts and de-activating interest-based adverts on Google via the advertising settings. Alternatively, you can de-activate the use of cookies by third party providers by accessing the de-activation assistant of the network advertising initiative.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

For the analysis and optimisation of our websites, we use various services which are set out below. For example, by means of these we can analyse how many users are visiting our website, what information is the most popular or how users find the service. Amongst other things, we record the website where a data subject came across a website (so-called referrer), which sub-pages of the website are accessed or how often and for how long a sub-page was viewed. This helps us make our services user friendly and helps us to improve them. The data which is gathered during this process is not used to personally identify individual users. Anonymous data or data with the highest level of pseudonymisation is gathered. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. We consider the optimisation of our website to be a legitimate interest. Your basic rights and basic freedoms do not outweigh our interests, as we comprehensively inform you of the data gathering in our data protection declaration and you have the opt out option at any time (via link or browser settings). We also only used pseudonymised tracking.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating type. By means of this, it is possible to assign data, sessions and interactions via more than one device to a pseudonymous user ID and thus to analyse the activities of a user across several devices. Google Analytics uses cookies, which enable an analysis of the use of the website by you. The information concerning your use of this website which is generated by the cookie is, as a rule, transferred to a Google server in the USA and saved there. In case of the activation of the IP anonymisation on this website, your IP address is, however shortened in advance by Google within Member States of the European Union or other Member States of the European Economic Area Treaty. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transferred by your browser within the framework of Google Analytics not combined with other data by Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about the website activities and to provide further services to the website operator connected to the use of the website and the use of the Internet. These purposes also represent our legitimate interest in the data processing. The legal basis for the use of Google Analytics is § 15 Paragraph 3 of the German Telemedia Act (TMG) and Article 6 Paragraph 1 f) GDPR. The data sent by us which is combined with cookies, user recognitions (for example user IDs) or advertising IDs is automatically deleted after 14 months. The deletion of the data whose retention period has expired takes place automatically once a month. You can find more detailed information concerning the terms and conditions of use and data protection at https://www.google.com/analytics/terms/gb.html and https://policies.google.com/?hl=en-GB. You can prevent the saving of cookies by setting your browser software accordingly. However, we wish to point out that in such a case, you may not be able to fully use all functions of this website. In addition, you can prevent the recording of the data which is generated by the cookie and which relates to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Opt out cookies prevent the future recording of your data when you visit this website. In order to prevent the recording by Universal Analytics via various devices, you need to carry out the opt out on all systems which you are using.

Who we share your data with

Peach Payments

We accept credit and/or debit card payments through Peach Payments. When processing payments, some of your data will be passed to Peach Payments, including information required to process or support the payment, such as the purchase total and billing information. Peach Payments protect personal information by using secure (PCI Level 1 Compliant) networks and servers to store and encrypt personal information. Peach Payments ensures that its personnel when using an automated data processing system may access only data that are within their competence.
Peach Payments shall take commercially reasonable steps to prevent any unauthorized person from accessing the facilities used for data processing and to prevent any unauthorized amendment or deletion of the recorded data.Read their compliance with The Protection of Personal Information Act here.

Payfast

We accept payments through Payfast. When processing payments, some of your data will be passed to Payfast, including information required to process or support the payment, such as the purchase total and billing information. Payfast’s has a number of accepted methods of payment including credit/debit cards.

PayFast collects information from the User at several different points on the Site. PayFast is the sole owner of the information collected on PayFast‘s web site. They will not sell, share, or rent this information to others in ways different from what is disclosed in their Privacy Policy.

Mailgun

Mailgun are an email service provider and we use their software/service to ensure better delivery of our transactional emails. When you purchase a Voucher/s off of our Platform, Mailgun may deliver your email to your email inbox. The email will contain your order information and/or your Voucher and/or your Voucher information. Mailgun keeps a copy of your email for 5 days before it is deleted.

Mailgun are, under European Union (“EU”) data protection laws, qualified as “data controller”. You can read their Privacy Policy here.

Mailchimp

We use Mailchimp to send out our promotional emails to users who have opt-ed in to receive them. Mailchimp stores First Name, Surname and Email Addresses of users who have subscribed to Shopspa’s marketing email service. To unsubscribe from Shopspa’s marketing email service you can email info@shopspa.co.za or use the unsubscribe link found at the bottom of any one of our marketing emails.

Mailchimp takes data privacy seriously. You can read their Privacy Policy here

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We keep customer purchase records for a minimum of 3 years from point of purchase so that we can track performance of sales year on year and so we can provide the user and or our partners with it’s information if required.

Our analytics data is stored indefinitely so we can track the performance of our Platform over time and use the insights to improve the user experience of our Platform.

Marketing email database data is stored indefinitely so we can continue send out marketing emails to users who wish to receive them

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your transactional data and contact information is stored on severs based in South Africa. The servers are managed by Elitehost and you can view their Privacy Policy here

How we protect your data

We have implemented SSL certificates on our Platform which is an encrypted method which encrypts any data between the server and the client. We utilise wordpress to manage the content of our Platform and upgrade the WordPress versions, plugins and themes on a regular basis. We also use a security plugin called Wordfence to help prevent malicious use of our platform.

What data breach procedures we have in place

If we are made aware of a data breach our procedure is to first and foremost to attempt to prevent any further loss of data by taking our platform offline and instructing our server hosts to place our platform into quarantine. We will then assess the scope of the data breach and inform the affected Users, Partners and/or third party suppliers and instruct them of any recommendations we know of that may assist them in further protecting their privacy.

We will then work to secure the data once more and make our platform live when Shopspa and our hosts Elitehost are confident that the Platform is secure.

Finally we’ll inform our Users, Partners and 3rd party suppliers of the actions we took and will be taking to prevent such incidents in future.

Your contact information

info@shopspa.co.za