In Plain Language
Before the legal detail, here's what this means for you in everyday words:
What we collect: Your name, contact details, sizing, order history, and how you use our site.
Why: To take your orders, fit you properly, deliver your bras, and (only with your permission) send you news about new arrivals.
Who we share with: Couriers (Pargo, Courier Guy, PUDO, PAXI), our payment provider (Yoco), and our email tools — only what they need to do their job.
Your rights: You can ask to see what we have, correct it, delete it, or stop us using it — at any time, free of charge.
1. Who We Are
This Privacy Policy explains how Bras By MaMloo ("we", "us", "our") collects, uses, shares, and protects your personal information when you visit our website at brasbymamloo.co.za, place an order, book a fitting, or interact with us on WhatsApp, Instagram, or Facebook.
For the purposes of the Protection of Personal Information Act, 2013 (POPIA), Bras By MaMloo is the responsible party for your personal information.
- Trading name: Bras By MaMloo
- Location: Ladysmith, KwaZulu-Natal, South Africa
- Email: brasbymamloo.hb@gmail.com
- WhatsApp: +27 73 484 9746
- Information Officer: The owner of Bras By MaMloo serves as the designated Information Officer under POPIA section 55. Contact via the email above.
2. What Information We Collect
We only collect what we genuinely need to serve you. Here's the full list:
Information you give us directly
- When you order: name, surname, delivery address, phone number, email, and order details (sizes, styles, quantities).
- When you book a fitting: name, contact number, city, preferred date, and any sizing notes you share with us.
- When you message us on WhatsApp/Instagram: your phone number or handle, and the contents of your messages — including any photos you choose to send (e.g. for fitting advice).
- When you subscribe to our newsletter: your email address.
- When you make payment: we do not store your card details. Yoco (our payment provider) handles all card data on PCI-DSS-compliant systems. We only see the order amount and a transaction reference.
Information we collect automatically
- Cookies and similar technologies — see our Cookie Policy for full detail. Briefly: essential cookies (always on, keep the site working), analytics cookies (only if you accept), and marketing cookies (only if you accept).
- Device and browsing info: IP address, browser type, device type, pages you viewed, how long you stayed, what you clicked. This is mostly anonymous and helps us improve the site.
Special-category information
Bra sizing involves measurements relating to your body. While South African law doesn't classify these as "special personal information" (that category covers things like health records, religion, biometric data), we still treat them with extra care because they're personal to you.
Photos you send for fitting advice: If you send us photos via WhatsApp to help us recommend a fit, we treat these as confidential. We do not share, repost, or use them for marketing without explicit written permission from you. We delete them within 30 days unless you ask us to keep them on file for future fittings.
3. Why We Use Your Information
Under POPIA section 11, we may only process your personal information if we have a lawful basis. Here's what we do with your data and why we're allowed to:
- To take and fulfil your orders — including sending you order confirmations, payment instructions, and tracking. (Lawful basis: necessary for the contract between us.)
- To deliver to you — sharing your name, address, and phone number with our courier partners. (Lawful basis: necessary for the contract.)
- To process refunds and exchanges when needed. (Lawful basis: necessary for the contract.)
- To book and manage fittings. (Lawful basis: necessary for the service you requested.)
- To answer your questions when you contact us. (Lawful basis: legitimate interest in customer service.)
- To send you marketing (newsletter, special offers, new arrivals) — only if you have opted in. You can unsubscribe any time. (Lawful basis: your consent.)
- To improve our website through anonymous analytics — only if you've accepted analytics cookies. (Lawful basis: your consent.)
- To meet legal obligations — for example, keeping tax invoices for SARS for 5 years. (Lawful basis: compliance with law.)
- To prevent fraud and protect our business. (Lawful basis: legitimate interest.)
We will never: sell your data to third parties, use your photos for advertising without written permission, or share your information with anyone outside the list below.
4. Who We Share Your Information With
We share only what's necessary, only with parties listed below, and only for the purposes described. Each of these parties is contractually required (where applicable) to protect your data.
Service providers
- Yoco (payment processing) — privacy policy
- Courier Guy / Pargo / PUDO / PAXI (delivery) — your name, address, and phone number for delivery purposes only
- WhatsApp Business / Meta (when you message us) — subject to WhatsApp's privacy policy
- Google Analytics (if you accept analytics cookies) — anonymised usage data only
- Email marketing platform (newsletter delivery, only if you've subscribed) — your email address only
- Hosting and infrastructure providers (Cloudflare, Vercel) — to keep our website online
Legal authorities
We may disclose information if required by South African law, a court order, or a lawful request from the South African Police Service, SARS, or the Information Regulator.
Business changes
If Bras By MaMloo is ever sold, merged, or restructured, your information may be transferred to the new owner — but they will be bound by this Privacy Policy or one no less protective.
Cross-border transfers
Some of our service providers (e.g. Google, Meta) operate from outside South Africa. Where this happens, we ensure they offer adequate data protection equivalent to POPIA, either through their own legal frameworks (e.g. EU GDPR) or contractual safeguards, in line with POPIA section 72.
5. Your Rights Under POPIA
POPIA gives you strong rights over your personal information. Here's what you can ask us to do, free of charge, at any time:
- Access — ask for a copy of the personal information we hold about you.
- Correct — fix anything that's inaccurate or incomplete.
- Delete — ask us to remove your information (subject to any legal duty to retain it, e.g. tax records).
- Object — object to processing on legitimate-interest grounds, or to direct marketing at any time.
- Withdraw consent — where we rely on your consent, you can withdraw it any time. This won't affect anything we did lawfully before you withdrew it.
- Restrict — ask us to limit how we use your information while you check accuracy or consider an objection.
- Data portability — receive your data in a portable format (where technically feasible).
- Complain — to us first, then to the Information Regulator if you're not satisfied.
To exercise any of these rights, email brasbymamloo.hb@gmail.com with the subject line "POPIA Request". We'll respond within 30 days. We may need to verify your identity first to make sure we're not handing your data to someone else.
Information Regulator (South Africa)
If you're unhappy with how we've handled your data, you can lodge a complaint with the Information Regulator:
Website: inforegulator.org.za
Email: complaints.IR@justice.gov.za
6. How We Keep Your Information Safe
We take reasonable, appropriate, and ongoing technical and organisational measures to protect your information, including:
- HTTPS encryption on every page of our website
- Strong passwords and two-factor authentication on our admin systems
- Limited staff access — only the people who need your data to do their job have access to it
- Payment processing on PCI-DSS-compliant infrastructure (Yoco) — we never store card details ourselves
- Regular security reviews and updates
- Encrypted backups
If we ever suffer a security breach that puts your information at risk, we will notify you and the Information Regulator as soon as reasonably possible, in line with POPIA section 22.
7. How Long We Keep Your Information
We don't keep your data longer than we need to. Specifically:
- Order and tax records: 5 years (SARS requirement)
- Customer account information: while your account is active, plus 2 years of inactivity
- Newsletter subscribers: until you unsubscribe
- WhatsApp fitting photos: 30 days, unless you ask us to keep them
- Marketing analytics: 24 months (anonymised)
- Cookie consent records: 12 months
8. Children
Our website and products are intended for adults. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not provide us with personal information. If we discover we've collected information from a minor, we'll delete it.
9. Changes to This Policy
We may update this policy from time to time — for example, when we add new features, when laws change, or when we improve our practices. When we make significant changes, we'll:
- Update the "Effective" date at the top of this page
- Email subscribers (if you're on our list)
- Display a notice on our website for at least 30 days
The version history is available on request.
10. Contact Us
Bras By MaMloo — Information Officer
Email: brasbymamloo.hb@gmail.com
WhatsApp: +27 73 484 9746 | +27 65 183 5416
Address: Ladysmith, KwaZulu-Natal, South Africa
For POPIA requests, please use the subject line "POPIA Request" so we can route your message correctly.