Privacy policy

PRIVACY POLICY

De Grendel Wines (Pty) (DGW) values any person’s privacy and take the protection of personal information very seriously. It will not share personal information with anyone unless it has been authorised to do so. A person can access his/her personal data at any time via the My Personal Data page on the website www.degrendel.co.za (NOTE: A person will need to be logged into his/her online profile in order to view the data on this page).

PERSONAL INFORMATION

Includes

  • certain information collected on registration; and
  • optional information that a person provide to DGW voluntarily.

Excludes

  • information that has been made anonymous so that it does not identify a specific person;
  • permanently de-identified information that does not relate or cannot be traced back to you specifically; and
  • non-personal statistical information collected and compiled by DGW and information that has been provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds or discussion board. When the information was disclosed in a public forum, it is not confidential and does not constitute personal information entitled to protection under this policy.

SECTION 1 – HOW DO DGW COLLECT INFORMATION

  • Once a person registered on the website, he/she will no longer be anonymous as he/she provided DGW with personal information.
  • When a person ordered the products, he/she will be asked to provide additional information on a voluntary basis (“services information”).
  • A person may also provide additional information on a voluntary basis (“optional information”). This includes content that a person chooses to upload or download from the website or when he/she enters competitions, takes advantage of promotions, or otherwise use the features and functionality of the website.
  • DGW automatically receives and records internet usage information on its server logs from the browser, such as the user’s Internet Protocol address (“IP address”), and the dates and times that the website was visited, paths taken, and time spent on sites and pages within the website (this is called “usage information”).
  • The website may contain electronic image requests (called a “single-pixel gif” or “web beacon” request) that allow DGW to count page views and to access cookies. Any electronic image viewed can act as a web beacon. The web beacons however do not collect, monitor or share any personal information. It is used purely to compile anonymous information about our website.

DGW will not collect or process any information that may be considered “high risk” information as described in section 26 of the Protection of Personal Information Act, 2013, or any information concerning a person younger than 18 years.

SECTION 2 - WHAT IS DONE WITH PERSONAL INFORMATION?

When a person purchases something from the online store, as part of the buying and selling process, personal information given by the individual is collected, information such as an individual’s  name, address and email address.

When an individual browses the online store, DGW also automatically receives the individual’s computer’s internet protocol (IP) address in order to provide information that helps DGW learn about the browser and operating system.

DGW may use any information provided for the purposes indicated by the individual when it agreed to provide same to DGW. With the individual’s permission, DGW may then send such individual  emails about its store, new products and other updates.

SECTION 3 - CONSENT

How does DGW obtain consent?

When an individual provides DGW  with-

  • personal information when it registers onto the website
  • personal information to complete a transaction, verify credit card details, place an order, arrange for a delivery or return a purchase, DGW implies that the individual consents to DGW collecting it and using it for that specific reason only.

If asked for personal information for a secondary reason, like marketing, DGW will either ask the individual directly for its expressed consent, or provide the individual with an opportunity to decline.

How is consent withdrawn?

If after an individual opted-in, it changes its mind, it may withdraw its consent for DGW to contact it, for the continued collection, use or disclosure of its information, at any time, by emailing DGW at support@degrendel.co.za. An individual therefore always have the choice to adjust its settings or to unsubscribe at any time.

SECTION 4 - DISCLOSURE

DGW will not disclose any personal information to anyone unless it is compelled or required by law to do so or if and individual violated DGW’s Terms of Service.

DGW will not sell personal information. No personal information will be disclosed to anyone except as provided for in this privacy policy.

DGW may need to disclose personal information to its employees that require the personal information to do their jobs. All employees are however also bound by the terms of this policy.

SECTION 5 – SHOPIFY

DGW’s store is hosted on Shopify Inc. They provide DGW with the online e-commerce platform that allows it to sell products and services to the individual.

An individual’s personal data is stored through Shopify’s data storage, databases and the general Shopify application. They store this data on a secure server behind a firewall.

Payment:

If an individual chose a direct payment gateway to complete its purchase, then Shopify temporarily stores credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). The purchase transaction data is stored only as long as is necessary to complete the particular purchase transaction. After that is complete, the purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discovery.

PCI-DSS requirements help ensure the secure handling of credit card information by the online store and its service providers.

For insight, Shopify’s Terms of Service can be read at http://www.shopify.com/legal/terms or its Privacy Statement at http://www.shopify.com/legal/privacy.

De Grendel makes use of PayFast for payment processing. PayFast adheres to security protocols including:

  • PCI-DSS Level 1 Compliant: All customers' credit card payments are done in PayFast’s secure environment.
  • Secure servers: PayFast’s website, payments page and help site are hosted on secure servers, safeguarding against phishing attacks.
  • 3D Secure: This extra layer of security is used for all online transactions using a credit card.
  • GEO IP Tracking: By monitoring where transactions originate from PayFast can look for mismatches with the card’s issuing country.
  • BIN/IIN Validation: Checks the card-issuing bank locations and merchants can choose to enable/disable payments from certain countries.
  • Fraud Reviews: All suspicious transactions are manually reviewed by PayFast’s support team.
  • Extended Validation SSL: PayFast use Extended Validation SSL with 2048-bit encryption, the highest level encryption available.
  • ASV Scans on a weekly basis: PayFast run weekly network scans to look for new possible vulnerabilities and certify quarterly.
  • Two-factor authentication: This extra layer of security is available to restrict access to your PayFast account.
  • Validation checks: Payments and card details are automatically checked against large online databases of blacklisted details.
  • Web application firewall: PayFast utilises WAF technologies to detect and stop malicious activity before it reaches our servers.

SECTION 6 - THIRD-PARTY SERVICES

In general, the third-party providers used by DGW will only collect, use and disclose personal information to the extent necessary to allow them to perform the services they provide to DGW.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information DGW is required to provide to them for an individual’s purchase-related transactions.

For these providers, it is recommend that their privacy policies be read to understand the manner in which personal information will be handled by these providers.

Once you leave DGW’s website or are redirected to a third-party website or application, an individual is no longer governed by this Privacy Policy or the website’s Terms of Service.

Links:

When an individual clicks on links on DGW’s online store, they may direct a person away from DGW’s site. DGW is not responsible for the privacy practices of other sites and encourage individuals to read their specific privacy statements.

Google analytics:

DGW’s store uses Google Analytics to help it learn about who visits the site and what pages are being looked at.

SECTION 7 - SECURITY

To protect personal information, DGW take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If an individual provides DGW with credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, DGW follows all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 8 – COOKIES

Small text files known as ‘cookies’ may be placed on an individual’s  device when visiting the website. These files do not contain personal information, but they do contain a personal identifier allowing DGW to associate personal information with a certain device. These files are useful for, amongst others, the following purposes:

  • tailoring the website's functionality to an individual personally by letting DGW remember that individual’s preferences;
  • improving how the website performs;
  • allowing third parties to provide services to the website; and
  • helping DGW delivers targeted advertising where appropriate in compliance with applicable laws.

The internet browser in general accepts cookies automatically, but an individual can alter this setting to stop accepting them. A user can also delete cookies manually. If the browser no longer accepts cookies or by deleting them will prevent the user from accessing certain aspects of the website where cookies are necessary. 

SECTION 9 - ACCEPTANCE REQUIRED AND AGE OF CONSENT

To use DGW’s  website or order any of its products an individual must accept all the terms of this policy. If an individual does not agree with anything in this policy, then it may not use the website or order any of DGW’s goods.

By using this site, an individual represents that he/she is at least 18 years of age, the legal drinking age in South Africa.

SECTION 10-YOUR RIGHTS

An individual shall always have the right to ask DGW not to contact him/her for marketing purposes, and can do this at any time by using any of the various “opt out” or “unsubscribe” options that DGW always provide you with when we send marketing or other information to an individual.

An individual shall also have the right to request access to the information DGW has collected and processed about an individual and requests that DGW corrects or updates any incorrect or incomplete information. An individual may at any time lodge an objection with DGW regarding the collection, use and processing of personal information.

SECTION 11- COMMITMENT TO SECURITY

DGW has put in place safeguards to protect personal information and to prevent loss, damage or unauthorised access to or disclosure of personal information. These security safeguards are based on generally accepted information security practices and procedures which apply to the platforms, products and services DGW provides. DGW regularly checks that these safeguards are correctly implemented and continually updated in response to new risks or any identified deficiencies.

SECTION 12 - CHANGES TO PRIVACY POLICY

DGW reserves the right to modify this privacy policy at any time. Changes and clarifications will take effect immediately upon their posting on DGW’s website. If material changes are made to this policy, DGW will notify everyone on its database that it has been updated, so that all are aware of what information is collected, how it is used, and under what circumstances, if any, DGW uses and/or discloses it.

QUESTIONS

If an individual would like to access; correct; amend or delete any personal information DGW has about him/her, registers a complaint or simply wants more information then the Privacy Compliance Officer can be contacted at support@degrendel.co.za

Disclosures required by the ECT Act

In as far as certain transactions on the website are classified as “electronic transactions” in terms of the Electronic Communications and Transactions Act, 2002, DGW discloses the following information in terms of Chapter VII of the ECT Act:

Full name and legal status

De Grendel Wines (Pty.) Ltd., a public company incorporated under the laws of the Republic of South Africa. Registration number: 2004/016126/07

Street address

112 Plattekloof Road, Plattekloof, Cape Town, Western Cape, South Africa.

Postal address

PO Box 15282, Panorama, 7506

--------------------------------------

PROTECTION OF PERSONAL INFORMATION ACT, 2013 

AGREEMENT AND CONSENT DECLARATION

  1. INTERPRETATION
    • In this Agreement, unless inconsistent with or otherwise indicated by the context
      • “This Agreement” means the Agreement contained in this document;
      • “Client” means any person, individual, entity that voluntary engages with DGW for purposes of acquiring its services, products, marketing material and other relevant material;
      • “The Company/Service provider” means De Grendel Wines (Pty) Ltd (DGW), a company registered under the laws of South Africa with Registration Number 2004/016126/07, and includes its directors and employees;
      • “personal information” means personal information as defined in the Protection of Personal Information Act, 2013;
      • ‘processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal or any information, including but not limited to :the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of personal information;
      • “POPIAmeans the Protection of Personal Information Act, 2013.

WHEREAS IT IS AGREED THAT

  1. All parties agree that they will comply with POPI regulations and process all the information and/or personal data in respect of the services being rendered in accordance with the said regulations and only for the purpose of providing the Services that constitutes DGW’s primary business as a service provider.
  1. The Parties confirm as follows
    • One or more of the parties to this agreement, will possess and will continue to possess information that may be classified or maybe deemed as private, confidential or as personal information.
    • Such information may be deemed as the private, confidential or as personal information in so far as it relates to any party to this agreement.
    • Such information may also be deemed as or considered as private, confidential or as personal information of any third person who may be directly or indirectly associated with this agreement.
    • Further it is acknowledged and agreed by all parties to this agreement, that such private, confidential or as personal information may have value and such information may or may not be in the public domain.
  1. All parties irrevocably agree to abide by the terms and conditions asset out in this agreement as well as irrevocably agree and acknowledge that all information provided, whether personal or otherwise, may be used and processed by DGW for the purposes intended and for no other purposes whatsoever unless consented thereto by the Client or by order of a Court or a legal instrument.
  1. Further it is specifically agreed that DGW will use its best endeavours and take all reasonable precautions to ensure that any information provided, is only used for the purposes it has been provided.
  1. It is confirmed that by submitting information to DGW, irrespective as to how such information is submitted, the Client consents to the collection, collation, processing, and storing of such information and the use and disclosure of such information in accordance with this policy.

 Declaration by Client

  1. It is hereby declared and confirmed by the Client that he/she do hereby irrevocably consents to and understand that any/all information supplied or given to DGW, is done so in terms of the terms and conditions of this Agreement and consent declaration.
  1. The Client has the right to at any time inform DGW in writing that it revokes its consent in terms of this Agreement and DGW will then destroy any and all personal information of the Client in its database whereafter such person will cease to be a client of DGW.