Version 3.0 | 23 June 2026
Customer Information Manual in terms of Regulation 4(1)(a) of the Protection of Personal Information Act 4 of 2013 (POPIA)
We are Cactus Craft (Pty) Ltd (Registration number 2018/374638/07) (“Cactus Craft”, “we”, “us” or “our”), and this is our plan of action when it comes to protecting your privacy. We respect your privacy, take the protection of personal information very seriously, and strive to be in full compliance with POPIA.
The purpose of this policy is to describe the way that we collect, store, use, and protect information that can be associated with you or another specific natural or juristic person and can be used to identify you or that person (personal information).
Our websites
This policy applies to both of our websites, which are operated by the same company:
- cactuscraft.co.za – our retail website, for customers buying goods and services for their own use; and
- wholesale.cactuscraft.co.za – our wholesale website, for trade, business, and reseller customers buying on a wholesale or account basis.
Where this policy refers to “the website”, it means whichever of these sites you are using, and where it refers to “the websites”, it means both. Except where we say otherwise, the terms below apply equally to both sites.
Audience
This policy applies to you if you are:
- a visitor to either of our websites;
- a retail customer who has ordered or requested the goods or services that we provide online;
- a wholesale, trade, or account customer who orders from us, applies for a credit or trade account with us, or otherwise transacts with our wholesale business; or
- a representative, employee, agent, or authorised buyer acting on behalf of a business customer.
If you deal with us on behalf of a business (a juristic person), you confirm that you are authorised to provide that business’s information to us, and that you have made the relevant individuals aware of how their personal information will be used as set out in this policy.
Personal information
Personal information includes:
- certain information that we collect automatically when you visit our websites;
- certain information collected on registration (see below);
- certain information collected on submission;
- certain information collected when you apply for or operate a wholesale or credit account with us; and
- optional information that you provide to us voluntarily (see below);
but excludes:
- information that has been made anonymous so that it does not identify a specific person;
- permanently de-identified information that does not relate or cannot be traced back to you specifically;
- non-personal statistical information collected and compiled by us; and
- information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy).
Common examples
Common examples of the types of personal information which we may collect and process include your:
- identifying information – such as your name, date of birth, or identification number of any kind;
- contact information – such as your phone number or email address;
- address information – such as your physical, postal, or delivery address;
- financial information – such as your bank account or card details; and
- business and trade information (for wholesale and account customers) – such as your trading name, company registration number, VAT registration number, business contact details, the names and contact details of your authorised buyers or representatives, trade references, and credit application and account information.
Personal information about businesses
POPIA protects the personal information of natural persons and, to the extent applicable, of juristic persons (such as companies, close corporations, and trusts). Even where a business itself has limited protection under POPIA, the personal information of the individuals who represent that business — for example your buyers, directors, or contact people — remains protected and is handled in accordance with this policy.
Acceptance
Acceptance required
You must accept all the terms of this policy when you order our goods or request our services. If you do not agree with anything in this policy, then you may not order our goods or request our services.
Legal capacity
You may not access our websites or order our goods or request our services if you are younger than 18 years old or do not have the legal capacity to conclude legally binding contracts. Where you transact on behalf of a business, you confirm that you are duly authorised to bind that business.
Deemed acceptance
By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.
Your obligations
You may only send us your own personal information, or the personal information of another data subject (including the representatives of a business) where you have their permission to do so, or are otherwise lawfully entitled to share it with us.
Changes
We may change the terms of this policy at any time by updating the relevant web page. We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated.
If you do not agree with the changes, then you must stop using the websites and our goods or services.
If you continue to use the websites or our goods or services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.
Collection
On registration
Once you register on either of our websites, you will no longer be anonymous to us. You will provide us with certain personal information when you register.
This personal information will include:
- your name and surname;
- your email address;
- your telephone number;
- your postal address or street address; and
- your username and password.
For wholesale or account registration, we may additionally collect your business or trading name, your role at the business, your business contact details, your company registration number, and your VAT registration number.
We will use this personal information to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.
On order or request
When you order our goods, or request our services from us, you will be asked to provide us with additional information on a voluntary basis (goods or services information), such as delivery instructions and the details of the goods or services you require.
On wholesale or credit account application
If you apply for a wholesale, trade, or credit account with us, we may collect and process additional information necessary to assess and operate that account. This may include:
- the names, ID numbers, and contact details of the business’s owners, directors, members, or authorised signatories;
- bank account and banking detail confirmation;
- trade and credit references;
- financial and credit standing information; and
- information obtained from credit bureaus where you have authorised us, or we are otherwise permitted by law, to obtain it.
We use this information to verify your business, assess your application, set and manage credit terms, and operate your account. Where we need to perform a credit check, we will do so only as permitted by law and, where required, with your consent.
From your browser
We automatically receive and record internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).
Please note that other websites visited before entering our website might place personal information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal information.
Cookies
We may place small text files called ‘cookies’ on your device when you visit our websites. These files do not contain personal information, but they do contain a personal identifier allowing us to associate your personal information with a certain device.
These files serve a number of useful purposes for you, including:
- granting you access to age-restricted content;
- tailoring our website’s functionality to you personally by letting us remember your preferences;
- improving how our website performs;
- allowing third parties to provide services to our website; and
- helping us deliver targeted advertising where appropriate in compliance with applicable laws.
Your internet browser generally accepts cookies automatically, but you can often change this setting to stop accepting them. You can also delete cookies manually. However, no longer accepting cookies or deleting them may prevent you from accessing certain aspects of our websites where cookies are necessary. Many websites use cookies, and you can find out more about them at www.allaboutcookies.org.
Third party cookies
Some of our business partners use their own cookies or widgets on our websites. We have no access to or control over them. Information collected by any of those cookies or widgets is governed by the privacy policy of the company that created it, and not by us.
Web beacons
Our websites may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. We use information collected from our sites and may share it with our advertising platforms to carry out marketing initiatives. All the information that we share is encrypted, and we make sure that our third party service providers comply with relevant data protection laws. We may provide this information, including identifiers that allow our advertising platforms to deliver targeted online advertising on social media and websites.
Optional details
You may also provide additional information to us on a voluntary basis (optional information). This includes content or products that you decide to upload or download from our websites, or when you enter competitions, take advantage of promotions, respond to surveys, order certain additional goods or services, or otherwise use the optional features and functionality of our websites.
Recording calls
We may monitor and record any telephone calls that you make to us, unless you specifically request us not to.
Purpose for collection
We may use or process any goods or services information, account information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal information, disclosing it, and combining it with other personal information.
We generally collect and process your personal information for various purposes, including:
- goods or services purposes – such as collecting orders or requests for, and providing, our goods or services;
- account purposes – such as opening, verifying, managing, and collecting on wholesale, trade, and credit accounts;
- marketing purposes – such as pursuing lawful related marketing activities;
- business purposes – such as internal audit, accounting, business planning, and joint ventures, disposals of business, or other proposed and actual transactions; and
- legal purposes – such as handling claims, complying with regulations, or pursuing good governance.
We may use your usage information for the purposes described above and to:
- remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
- monitor website usage metrics such as total number of visitors and pages accessed; and
- track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
Consent to collection
We will obtain your consent to collect personal information:
- in accordance with applicable law; and
- when you provide us with any registration information, account information, or optional information.
Use
Our obligations
We may use your personal information to fulfil our obligations to you.
Messages and updates
We may send administrative messages and email updates to you about the websites and your account. In some cases, we may also send you primarily promotional messages. You can choose to opt out of promotional messages at any time.
Direct marketing
We will only send you electronic direct marketing (such as marketing emails or SMSs) where the law allows us to do so. This generally means either that you are an existing customer and the marketing relates to similar goods or services, or that you have given your consent. Every electronic marketing message we send will give you a simple way to opt out, and we will stop sending you marketing messages if you ask us to.
Disclosure
Sharing
We may share your personal information with:
- other divisions or companies within the group of companies to which we belong, so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services);
- an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
- our goods or services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, or technology services (our contracts dictate that these providers only use your information in connection with the goods or services they supply or services they perform for us, and not for their own benefit);
- credit bureaus, to report and obtain account information, as permitted by law;
- banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you use the services to receive payments and you meet their criteria);
- our third party suppliers who provide us with their goods; and
- other third parties who provide us with relevant services where appropriate (for example, our couriers).
Regulators
We may disclose your personal information as required by law or governmental audit.
Law enforcement
We may disclose personal information if required:
- by a subpoena or court order;
- to comply with any law;
- to protect the safety of any individual or the general public; and
- to prevent violation of our customer relationship terms.
No selling
We will not sell personal information. No personal information will be disclosed to anyone except as provided in this privacy policy.
Marketing purposes
We may disclose aggregate statistics (information about the customer population in general terms) about the personal information to advertisers or business partners.
Employees
We may need to disclose personal information to our employees who require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.
Change of ownership
If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.
Security
We take the security of personal information very seriously and always do our best to comply with applicable data protection laws. Our hosting company hosts our websites in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. We authorise access to personal information only for those employees who require it to fulfil their job responsibilities. We implement disaster recovery procedures where appropriate.
Information security
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorised access to and use of personal information. We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- physical security;
- computer and network security;
- access to personal information;
- secure communications;
- security in contracting out activities or functions;
- retention and disposal of information;
- acceptable usage of personal information;
- governance and regulatory issues;
- monitoring access and usage of private information; and
- investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that personal information that we remain responsible for is kept secure. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Security compromises
If we have reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, we will notify you and the Information Regulator as soon as reasonably possible after we become aware of it, as required by POPIA.
Accurate and up to date
We will try to keep the personal information we collect as accurate, complete, and up to date as is necessary for the purposes defined in this policy. From time to time we may request you to update your personal information on the website. You are able to review or update any personal information that we hold on you by accessing your account online, emailing us, or phoning us. Please note that in order to better protect you and safeguard your personal information, we take steps to verify your identity before granting you access to your account or making any corrections to your personal information.
Retention
We will only retain your personal information for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:
- retention of the record is required or authorised by law; or
- you have consented to the retention of the record.
During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information.
We may retain your personal information in physical or electronic records at our discretion.
Transfer to another country
We will not transfer any personal information across a country border except where the transfer is permitted by POPIA — for example, where you have consented, where the transfer is necessary to perform our contract with you, or where the recipient is subject to laws or agreements that provide an adequate level of protection.
Your rights
Access to information
You have the right to request a copy of the personal information we hold about you. To do this, simply contact us at the details provided below and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Correction or deletion of your information
You have the right to ask us to update, correct, or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to the personal information we hold about you. We would appreciate it if you would keep your personal information accurate.
Objection and withdrawal of consent
You may object, on reasonable grounds, to the processing of your personal information, and you may withdraw any consent you have given us, subject to legal or contractual restrictions and reasonable notice. Where you withdraw consent, we may be unable to continue providing certain goods, services, or account facilities to you.
Complaints to the Information Regulator
If you believe that we have not handled your personal information in accordance with POPIA, you have the right to lodge a complaint with the Information Regulator. We would, however, appreciate the opportunity to address your concerns directly first, so please consider contacting our Information Officer (below) before lodging a complaint.
The Information Regulator (South Africa) Website: www.inforegulator.org.za POPIA complaints email: [email protected] General POPIA enquiries: [email protected]
(The Regulator’s current postal and physical address is published on its website.)
Limitation
We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.
Enquiries and our Information Officer
If you have any questions or concerns arising from this privacy policy or the way in which we handle personal information, please contact us via our contact form on the website, or send our Information Officer an email:
Information Officer: Willie Hamman Email: [email protected]
This policy was last updated on 23 June 2026.
