Privacy Policy

1. Introduction

Cartisan (“we,” “us,” or “our”) operates www.cartisanco.online. We respect your privacy and comply with South Africa’s Protection of Personal Information Act (POPIA). This policy explains how we collect, use, and protect your personal data when you use our website or purchase our products (wall hooks, vases, wooden wall art, and cutting boards).

By using our site, you consent to the practices described below.

2. Data We Collect

Personal Information

  • Identifiers: Name, email, phone number, shipping/billing address.

  • Payment Details: Card number, expiry date, CVV (processed securely via third-party gateways like PayPal/Stripe).

  • Order History: Products purchased, dates, prices.

Automated Data

  • Device/Usage Data: IP address, browser type, pages visited, cookies (see Section 5).

  • Location Data: Generalized region (e.g., city) derived from IP.

3. How We Use Your Data

PurposeLegal Basis
Process orders & paymentsContractual necessity
Deliver products (share with couriers)Legitimate business interest
Send transactional emails (e.g., order updates)POPIA compliance
Respond to customer service requestsConsent/legitimate interest
Improve website experienceLegitimate interest
Send marketing emails (only if you opt-in)Consent

4. Data Sharing & Disclosure

We never sell your data. Limited sharing occurs only with:

  • Payment Processors (e.g., PayPal, Peach Payments): To complete transactions.

  • Couriers (e.g., The Courier Guy): For delivery.

  • Legal Authorities: If required by South African law.

All third parties must comply with POPIA and GDPR (if applicable).

5. Cookies & Tracking

  • Essential Cookies: Enable checkout and account functions (always active).

  • Analytics Cookies: Track site usage via tools like Google Analytics (you may opt-out).

  • Marketing Cookies: Used only if you consent to promotions.

Manage preferences via our Cookie Banner or browser settings.

6. Data Retention

We retain your data only as long as necessary:

  • Order Data: 5 years (for tax/warranty compliance).

  • Marketing Data: Until you unsubscribe or request deletion.

  • Inactive Accounts: Deleted after 2 years of inactivity.

7. Your Rights (Under POPIA)

You may request to:

  • Access your personal data.

  • Correct inaccurate information.

  • Delete data (unless legally required for retention).

  • Opt-out of marketing communications (via the “unsubscribe” link in emails).

Submit requests to support@cartisanco.online. We respond within 14 business days.

8. Data Security

We implement:

  • SSL encryption on all data transmissions.

  • Secure payment gateways (PCI DSS compliant).

  • Restricted staff access to sensitive data.

  • Regular security audits.

Note: No internet transmission is 100% secure. We cannot guarantee absolute security.

9. International Transfers

Data is primarily stored in South Africa. If transferred globally (e.g., via cloud services), we ensure equivalent protection via POPIA/GDPR safeguards.

10. Children’s Privacy

Our site is not directed at children under 18. We do not knowingly collect their data.

11. Policy Updates

We may update this policy. Changes take effect upon posting to www.cartisanco.online.

12. Contact Us

For privacy concerns or data requests:

  • Email: support@cartisanco.online

  • Phone: +27 725 5465

  • Postal Address: 187 Beyers Naudé Drive, Northcliff, Johannesburg, 2195, South Africa