What this notice is for
The Protection of Personal Information Act, 2013 (POPIA) requires us to tell you, in clear language, how we collect and use your personal information — and to do this before or at the time we collect it. This is that notice.
This page is a summary. For the complete detail, please read our Privacy Policy. Where the two documents differ, the Privacy Policy is the authoritative version.
1. Who is collecting your information
Responsible Party: Bras By MaMloo
Information Officer: The owner of Bras By MaMloo (designated under POPIA section 55)
Contact: brasbymamloo.hb@gmail.com · +27 73 484 9746
Address: Ladysmith, KwaZulu-Natal, South Africa
2. What we collect, why, and on what legal basis
This is the section 18(1) disclosure — the heart of the notice:
| Information | Why we collect it | Lawful basis (POPIA §11) |
|---|---|---|
| Name, email, phone, address | To take and deliver your order | Contract performance |
| Sizing measurements | To recommend the correct fit | Service you requested |
| Order history | Tax records, returns, support | Contract + legal obligation |
| WhatsApp messages and any photos you send | To answer your questions and give fitting advice | Service you requested |
| Email address (newsletter) | Marketing communications | Your consent |
| Cookie data (analytics, marketing) | Improve site, show relevant ads | Your consent |
| IP address, browser, device info | Site security, fraud prevention | Legitimate interest |
| Payment information | Process the transaction | Contract performance (handled by Yoco) |
3. Whether providing your information is mandatory
Most of what we collect is voluntary — but some of it is needed for us to do business with you:
- Required to place an order: name, delivery address, contact phone, email, and payment information. Without these we can't deliver your order.
- Required for legal compliance: tax records (kept for 5 years per SARS rules) regardless of whether you'd prefer we delete them sooner.
- Optional: newsletter subscription, optional cookies, photos for fitting advice.
If you don't provide the required information, we may not be able to process your order.
4. Where your information goes
We share information only with parties that need it to do their job. Specifically:
- Couriers — name, address, phone for delivery
- Yoco — payment processing (PCI-DSS compliant)
- Email marketing platform — your email if you've subscribed
- Hosting and analytics providers — Cloudflare, Vercel, Google Analytics
- SARS, courts, or the Information Regulator — when legally required
For the full list and links to each provider's privacy policy, see our Privacy Policy section 4.
5. Your rights as a data subject
POPIA gives you the following rights, exercisable at any time, free of charge:
Right to access
Ask for a copy of the data we hold about you.
Right to correction
Fix anything that's wrong or incomplete.
Right to deletion
Have your data deleted (subject to legal retention duties).
Right to object
Object to processing on legitimate-interest grounds.
Right to withdraw consent
Where we rely on consent — e.g. for marketing.
Right to opt out of marketing
Unsubscribe at any time, no questions asked.
Right to data portability
Receive your data in a portable format.
Right to complain
To us first, then to the Information Regulator.
To exercise these rights, email brasbymamloo.hb@gmail.com with subject line "POPIA Request". We will respond within 30 days.
6. How long we keep your information
- Order and tax records: 5 years (SARS requirement)
- Active customer accounts: until closed + 2 years inactivity
- Newsletter subscribers: until you unsubscribe
- WhatsApp fitting photos: 30 days (unless you ask us to keep them on file)
- Marketing analytics: 24 months, anonymised
- Cookie consent records: 12 months
7. International transfers
Some of our service providers are based outside South Africa (e.g. Google, Meta). Where this applies, those providers offer protection equivalent to POPIA, either through GDPR-compliance frameworks or contractual safeguards as required by POPIA section 72.
8. Information security
We protect your information with reasonable, appropriate, and ongoing technical and organisational measures, including HTTPS encryption, access controls, secure backups, and PCI-DSS-compliant payment processing.
If we ever suffer a security breach that puts your data at risk, we will notify you and the Information Regulator as soon as reasonably possible (POPIA section 22).
9. How to complain
Please tell us first — most issues are resolved quickly via email or WhatsApp. If you're still not satisfied, you can lodge a complaint with the Information Regulator:
The Information Regulator (South Africa)
Website: inforegulator.org.za
Complaints email: complaints.IR@justice.gov.za
General enquiries: enquiries@inforegulator.org.za
Postal: P.O. Box 31533, Braamfontein, Johannesburg, 2017
10. Changes to this notice
If we make significant changes to how we handle your data, we'll update this notice and bring it to your attention — through the website, email (if you're a subscriber), or a notice on your next visit.
Contact us
Bras By MaMloo — Information Officer
Email: brasbymamloo.hb@gmail.com
WhatsApp: +27 73 484 9746 | +27 65 183 5416
Address: Ladysmith, KwaZulu-Natal, South Africa
For POPIA requests, please use the subject line "POPIA Request".