Privacy Policy

Pranacolore — operated by MADE IN AFRICA INVESTMENTS PTY LTD

Registered in South Africa, with its principal place of business at 266, Oak Avenue – Ferndale 2194, Johannesburg.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit pranacolore.com or purchase our products. We are committed to safeguarding your privacy in accordance with the Protection of Personal Information Act (POPIA) and other applicable South African legislation.

1. Responsible Party

In terms of POPIA, the responsible party for the processing of your personal information is:

Made in Africa Investments Pty Ltd

Email: info@pranacolore.com Phone: +27 76 129 7140

All data protection enquiries, access requests, and complaints should be directed to the contact details above.

2. Information We Collect

We collect personal information only when it is necessary to fulfil your orders, respond to your enquiries, and improve your experience on our website. The types of information we may collect include:

Information You Provide Directly

Checkout: Full name, email address, phone number, and shipping address
Contact Form: First name, last name, email address, phone number, and message content
Payment: Payment is processed securely by Paystack — we do not store your card details

Information Collected Automatically

Shopping Cart: Your cart contents are stored in your browser’s local storage and are not transmitted to our servers
Session Data: Temporary order information is stored in your browser’s session storage during checkout and automatically cleared when you close the tab
Technical Data: Our hosting provider (Netlify) may collect standard server logs including IP address, browser type, and pages visited for security and performance purposes

3. How We Use Your Information

We use your personal information for the following purposes:

Order Fulfilment — Processing and delivering your purchases
Payment Processing — Facilitating secure transactions via Paystack
Communication — Sending order confirmations and responding to enquiries via EmailJS
Security — Protecting our website against fraud and abuse via Cloudflare Turnstile
Legal Compliance — Meeting our obligations under applicable laws

We do not use your personal information for marketing, profiling, automated decision-making, or behavioural advertising unless you have given explicit consent.

4. Legal Basis for Processing

Under POPIA, we process your personal information based on the following lawful grounds:

Contractual Necessity — Processing required to fulfil a purchase or respond to a pre-contractual enquiry
Legitimate Interest — Security measures, fraud prevention, and website functionality
Legal Obligation — Compliance with tax, accounting, and consumer protection requirements
Consent — Where applicable, for optional communications or services

5. Third-Party Service Providers

We share personal information only with trusted third-party service providers who assist in operating our website and fulfilling orders. These providers process data solely on our behalf and in accordance with their own privacy policies:

CookieScript (Consent Management Platform) — Manages cookie consent preferences and stores your choices. Privacy Policy
Paystack (Payment Gateway) — Processes payment transactions securely. Privacy Policy
EmailJS (Email Notifications) — Sends order confirmations and store notifications. Privacy Policy
Cloudflare Turnstile (Bot Protection) — Verifies human visitors on our contact form. Privacy Policy
Netlify (Hosting & Form Processing) — Hosts our website and processes contact form submissions. Privacy Policy
Cloudinary (Image Delivery) — Delivers product images via CDN. Privacy Policy
Google Fonts (Typography) — Provides web fonts. Google may collect technical data such as IP addresses. Privacy Policy

We do not sell, rent, or trade your personal information to any third party.

6. Cookies and Similar Technologies

Our website uses a minimal set of cookies, local storage, and session storage technologies. We do not use analytics tracking, advertising cookies, or social media tracking pixels.

For detailed information about the specific technologies we use, please refer to our Cookie Policy.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy:

Order Records — Retained for the period required by South African tax and consumer protection legislation (typically 5 years)
Contact Form Submissions — Retained for as long as necessary to address your enquiry, then deleted
Session Data — Automatically deleted when you close your browser tab
Shopping Cart Data — Stored locally in your browser until you clear it manually

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These measures include:

Secure payment processing via Paystack (PCI-DSS compliant)
Encrypted data transmission (HTTPS) across the website
Bot protection via Cloudflare Turnstile on forms
No storage of payment card details on our systems
Minimal data collection — we only collect what is necessary

While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. We encourage you to take precautions when sharing personal information online.

9. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

Access — Request confirmation of whether we hold your personal information and obtain a copy
Correction — Request the correction or updating of inaccurate personal information
Deletion — Request the deletion of your personal information where it is no longer necessary
Objection — Object to the processing of your personal information on reasonable grounds
Restriction — Request the restriction of processing in certain circumstances
Complaint — Lodge a complaint with the Information Regulator if you believe your rights have been infringed

To exercise any of these rights, please contact us using the details in Section 1. We will respond to your request within a reasonable timeframe, and no later than 30 days as required by POPIA.

10. Children’s Privacy

Our website and products are not intended for children under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it promptly.

11. International Data Transfers

Some of our third-party service providers may process data outside of South Africa. Where this occurs, we ensure that adequate safeguards are in place as required by POPIA, including contractual commitments to protect your data to an equivalent standard.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable legislation. The updated version will be posted on this page. We encourage you to review this policy periodically.

13. Contact Information

For questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data, contact:

Made in Africa Investments Pty Ltd

Email: info@pranacolore.com Phone: +27 76 129 7140

You also have the right to lodge a complaint with the Information Regulator (South Africa):

Website: inforegulator.org.za Email: enquiries@inforegulator.org.za