Deals and More

Privacy Policy

Prepared in terms of the Protection of Personal Information Act, No 4 of 2013 (POPIA)

1. Introduction and Purpose

This Manual is prepared for Deals and More (Pty) Ltd (hereafter “Deals and More,” “the Company,” or “Responsible Party”) in compliance with the Protection of Personal Information Act (POPIA).

The purpose of this Manual is to:

  • Set out the framework for the lawful processing of Personal Information (PI) by Deals and More.
  • Inform data subjects (customers, suppliers, employees, etc.) about the types of PI collected, the purpose of collection, and how they can exercise their rights under POPIA.
  • Comply with the constitutional right to privacy and the free flow of information, subject to reasonable and justifiable limitations.

2. Company Details (Responsible Party)

FieldDetails
Full Company NameDeals and More
Physical AddressWynberg, Cape Town, Western Cape, South Africa
Head of Company/CEOAshek Allie
Information OfficerAshek Allie
General Enquiries Emailsupport@dealsandmore.co.za
POPIA/Access Request Emailsupport@dealsandmore.co.za

3. The Information Officer

The Information Officer is responsible for ensuring the Company’s compliance with POPIA. The duties include, but are not limited to:

  • Encouraging and ensuring compliance with the Eight Conditions for the Lawful Processing of Personal Information.
  • Handling all requests made by Data Subjects (including access, objection, or correction).
  • Working with the Information Regulator in relation to any investigations.

4. Categories of Data Subjects and Personal Information

Deals and More processes Personal Information (PI) primarily in its capacity as an e-commerce retailer and employer.

Data Subject CategoryCategories of Personal Information Processed
Customers (Data Subjects)Name, Surname, Email address, Physical/Delivery address, Contact telephone number, Transaction/Order history, Payment records (not banking details, only transaction status), IP Address, Cookie data.
Employees/ContractorsFull names, ID numbers, Employment contracts, Contact details, Bank account details (for salary), Tax information (SARS), Education/CV details, Health information (if required for employment).
International Suppliers (Juristic Persons)Company name, Company registration number, Contact person’s name, business email and telephone number, Business bank account details (for payment).
Website VisitorsIP address, Geolocation data, Browser history, Operating system (via cookies/analytics).

5. Purpose and Justification for Processing Personal Information

Deals and More processes PI for specific, explicit, and legitimate reasons.

Purpose for ProcessingLegal Justification (Condition for Processing)
Processing and fulfilling customer orders (e.g., shipping)Performance of a contract (the sale agreement) and Legitimate interest (to deliver the goods).
Transmitting customer delivery details to external international suppliers and couriers.Performance of a contract (mandatory step for order fulfilment) and Consent (implied or explicit when purchasing).
Internal employee management, payroll, and SARS compliance.Compliance with a legal obligation (e.g., labour law, tax law) and Performance of a contract (employment).
Direct Marketing (e.g., newsletters, promotions).Consent (Data Subject must explicitly opt-in).
Customer Service and Handling Queries (via email and phone).Legitimate interest (to provide service) and Consent (when initiating contact).
Website maintenance, analytics, and security.Legitimate interest (to ensure the website functions securely and efficiently).

6. Transborder Flows of Personal Information

As an e-commerce company that uses external international suppliers, Deals and More must transfer customer PI outside of South Africa.

  1. Nature of Transfer: The PI of customers (specifically Name, Surname, Shipping Address, and Contact Number) is transferred to the relevant international supplier and/or international courier service.
  2. Recipient Countries: This transfer occurs to the country where the supplier or their distribution warehouse is located, most often in East Asia (e.g., China) or other international locations depending on the product.
  3. POPIA Justification: The transfer is necessary for the performance of the contract (the sale agreement) between the Data Subject (customer) and Deals and More. Customers are explicitly made aware of this in the privacy policy and terms and conditions. Deals and More takes reasonable steps to ensure the international recipient is subject to a law, binding corporate rules, or a contract that provides a sufficient level of protection.

7. Security Safeguards (Technical and Organisational Measures)

Deals and More is committed to ensuring the integrity and confidentiality of all PI under its control.

Technical Measures:

  • Website Security: Use of SSL/TLS encryption for all data transmission and payment processing.
  • Access Control: Strong password policies, multi-factor authentication for administrative access, and role-based access to customer data.
  • Data Storage: PI is stored on secure servers with appropriate firewall and intrusion detection systems.
  • Third-Party Vetting: Contractual agreements (Operator Agreements) are in place with all service providers who process PI on our behalf (e.g., payment gateways, hosting providers) to ensure they meet POPIA-equivalent security standards.

Organisational Measures:

  • Policy: Regular staff training on POPIA compliance, data handling procedures, and breach response protocols.
  • Minimisation: PI is only retained for the period necessary to fulfil the stated purpose (e.g., completing the order, meeting legal/tax requirements) and is securely destroyed thereafter.
  • Data Breach: A formal Incident Response Plan is in place to quickly identify, contain, assess, and notify the Information Regulator and affected Data Subjects as soon as reasonably possible following a confirmed security compromise.

8. Data Subject Rights (Chapter 5 of POPIA)

Data Subjects have the right to:

  1. Request Access: Request a record of their PI held by Deals and More (subject to a formal PAIA request process, if necessary).
  2. Request Correction/Deletion: Request the correction or deletion of PI that is inaccurate, irrelevant, excessive, or misleading.
  3. Object to Processing: Object to the processing of their PI on reasonable grounds relating to their particular situation.
  4. Object to Direct Marketing: Object to the processing of PI for the purpose of direct marketing by means of unsolicited electronic communications (an easy-to-use ‘opt-out’ or ‘unsubscribe’ mechanism is provided).

Requests must be submitted in writing to the Information Officer via the designated POPIA email address listed in Section 2.

9. Availability and Maintenance

This POPIA Manual is reviewed annually by the Information Officer and updated as necessary to reflect changes in our data processing activities, business model, or legal requirements.

A copy of this Manual is available:

  • On the Deals and More website.
  • Upon request to the Information Officer.

Date of last review: 22/10/2025

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by