POPI Act Compliance
Pranacolore — operated by MADE IN AFRICA INVESTMENTS PTY LTD
Registered in South Africa, with its principal place of business at 266, Oak Avenue – Ferndale 2194, Johannesburg.
This notice outlines how we comply with the Protection of Personal Information Act, 2013 (Act 4 of 2013) — commonly known as POPIA.
1. Our Commitment
Made in Africa Investments Pty Ltd, trading as Pranacolore, is committed to protecting the personal information of all individuals who interact with our business. We process personal information lawfully, responsibly, and transparently in accordance with the conditions set out in POPIA.
2. Information Officer
In terms of Section 55 of POPIA, the designated Information Officer for our organisation is:
Information Officer
Name: The Director, Made in Africa Investments Pty Ltd
Email: info@pranacolore.com Phone: +27 76 129 7140
The Information Officer is responsible for:
- Encouraging compliance with the conditions of lawful processing
- Dealing with requests made in terms of POPIA
- Working with the Information Regulator in relation to investigations
3. Categories of Data Subjects
We process personal information relating to the following categories of data subjects:
- Customers — Individuals who purchase products through our website
- Website Visitors — Individuals who browse our website
- Enquirers — Individuals who contact us via our contact form or other communication channels
- Service Providers — Third-party vendors and partners who support our operations
4. Purpose of Processing
We process personal information solely for the following purposes:
- Fulfilling and delivering product orders
- Processing payments securely via our payment gateway
- Communicating with customers regarding their orders and enquiries
- Ensuring the security and integrity of our website
- Complying with legal and regulatory obligations
- Maintaining accurate business records
We do not process personal information for unsolicited marketing, automated profiling, or behavioural advertising.
5. Conditions for Lawful Processing
We adhere to the eight conditions for lawful processing as outlined in POPIA:
5.1 Accountability
We take responsibility for complying with all POPIA conditions and have implemented appropriate policies and procedures.
5.2 Processing Limitation
We collect personal information only when it is necessary, adequate, and relevant to a specific, defined purpose. We obtain information by lawful means and, where required, with the consent of the data subject.
5.3 Purpose Specification
Personal information is collected for specific, explicitly defined, and lawful purposes. We do not retain information longer than necessary to achieve its stated purpose.
5.4 Further Processing Limitation
We do not process personal information for purposes incompatible with the original purpose of collection, unless required by law or with the data subject’s consent.
5.5 Information Quality
We take reasonable steps to ensure that personal information in our possession is complete, accurate, and not misleading.
5.6 Openness
We are transparent about what personal information we collect and how it is used. Our Privacy Policy provides detailed information about our data processing activities.
5.7 Security Safeguards
We implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing. These include:
- Encrypted data transmission (HTTPS)
- PCI-DSS compliant payment processing via Paystack
- Bot protection on forms via Cloudflare Turnstile
- Minimal data collection practices
- No storage of payment card details
5.8 Data Subject Participation
Data subjects have the right to access, correct, and request deletion of their personal information. We facilitate the exercise of these rights promptly and transparently.
6. Your Rights Under POPIA
As a data subject, you are entitled to the following rights:
- Right of Access — Request confirmation of whether we hold your personal information, and obtain a description and copy of such information
- Right to Correction — Request the correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, or misleading
- Right to Deletion — Request the destruction or deletion of personal information that is no longer necessary for the purpose for which it was collected
- Right to Object — Object, on reasonable grounds, to the processing of your personal information
- Right to Submit a Complaint — Lodge a complaint with the Information Regulator if you believe your personal information has been processed in violation of POPIA
- Right to Not Be Subject to Automated Decision-Making — Not be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects you
7. How to Exercise Your Rights
To exercise any of the rights described above, you may submit a request to our Information Officer:
Email: info@pranacolore.com Phone: +27 76 129 7140
When submitting a request, please provide:
- Your full name and contact details
- A clear description of the information or action you are requesting
- Any reference numbers or details that may help us locate your records
We will acknowledge your request within 7 days and respond substantively within 30 days, as required by POPIA. We may request proof of identity before processing your request.
8. Direct Marketing
We do not engage in direct marketing communications unless you have provided explicit, informed, and voluntary consent. You may withdraw consent for marketing communications at any time by contacting us at info@pranacolore.com.
9. Cross-Border Data Transfers
Certain third-party service providers we use may process data outside of South Africa. Where this occurs, we ensure that appropriate safeguards are in place and that the recipient is subject to a law, binding corporate rules, or binding agreement that provides an adequate level of protection, as required by Section 72 of POPIA.
For a detailed list of our third-party service providers, please refer to our Privacy Policy.
10. Data Breach Notification
In the event of a data breach that compromises the confidentiality or integrity of personal information, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects in accordance with Section 22 of POPIA
- Take immediate steps to mitigate the impact of the breach and prevent further unauthorised access
11. Retention and Destruction
Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable laws. Once the retention period has expired, personal information is securely deleted or destroyed in a manner that prevents reconstruction.
For specific retention periods, please refer to our Privacy Policy.
12. Lodging a Complaint
If you believe that your personal information has been processed in a manner that infringes your rights under POPIA, you may lodge a complaint with:
The Information Regulator (South Africa)
Website: inforegulator.org.za Email: enquiries@inforegulator.org.za Phone: 010 023 5207
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
13. Updates to This Notice
This POPI Act compliance notice may be updated from time to time to reflect changes in legislation, our practices, or the guidance of the Information Regulator. The most current version will always be available on this page.
14. Related Policies
For further information about how we handle your personal data, please refer to: