Website Privacy Policy

Every South African website that collects personal information even just an email address from a contact form, or IP addresses via Google Analytics must provide a compliant Privacy Policy under POPIA's openness condition (section 18). Many websites are either missing one entirely, using a free generic template from a foreign jurisdiction, or have a policy so vague it fails to disclose what is actually collected, why, or who it is shared with.

This Website Privacy Policy is drafted for South African law and is POPIA-compliant: it discloses the identity and contact details of the responsible party and Information Officer, the categories of personal information collected (name, contact details, IP address, device data, cookies, payment information), the purpose for which each category is processed, the lawful basis for processing, third-party sharing (analytics, advertising, payment gateways, cloud hosting), data subject rights under POPIA (access, correction, objection, deletion), retention periods, and the process for raising a complaint with the Information Regulator.

The policy includes a cookie disclosure section aligned with POPIA's purpose specification requirement and coordinates with your Cookie Policy (Document 22). It addresses South African law but includes GDPR cross-reference notes for businesses with European visitors or customers, noting where GDPR imposes additional consent requirements above POPIA's standard.

Customisation instructions are embedded in the document for business-specific details (industry, types of data collected, specific third parties used).