Rytual Wellness is committed to protecting the privacy and personal information of our customers, website visitors, and all individuals who interact with us. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and all applicable South African data protection legislation.

By using our website (www.rytualwellness.co.za) or purchasing our products, you acknowledge that you have read and understood this Privacy Policy.

In terms of POPIA, Rytual Wellness is the "Responsible Party" — the entity that determines the purpose and means of processing your personal information.

Business Name:  Rytual Wellness

—     Business Name: Rytual Wellness

—     Website: www.rytualwellness.co.za

—     Email: info@rytualwellness.co.za

Our designated Information Officer is responsible for overseeing POPIA compliance and can be contacted for any privacy-related queries or requests.

We only collect personal information that is adequate, relevant, and not excessive for the purposes for which it is collected. The types of personal information we may collect include:

2.1 Information You Provide Directly

—     Full name

—     Email address

—     Phone number

—     Delivery and billing address

—     Payment information (processed securely through third-party payment providers — we do not store your full card details)

—     Account login credentials (if you create an account)

—     Communications and correspondence you send us

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

—     IP address and device information

—     Browser type and operating system

—     Pages visited and time spent on site

—     Referring URLs

—     Cookie and tracking data (see our Cookie Policy for more detail)

2.3 Information from Third Parties

We may receive personal information about you from third parties such as payment processors, courier and logistics providers, or social media platforms if you interact with us through those channels.

We collect and process your personal information only for specific, explicitly defined, and lawful purposes. These include:

—     Processing and fulfilling your orders, including delivery and returns

—     Sending order confirmations, invoices, and shipping updates

—     Responding to your enquiries, complaints, or feedback

—     Creating and managing your customer account

—     Sending marketing communications (only with your consent, which you may withdraw at any time)

—     Improving our website, products, and services through analytics

—     Complying with our legal and regulatory obligations

—     Detecting and preventing fraud or other unlawful activities

—     Contacting you in the event of a data breach affecting your personal information

Under POPIA, we are required to have a lawful basis for processing your personal information. We rely on the following grounds:

—     Consent: Where you have given us clear permission to process your information for a specific purpose (e.g. marketing emails).

—     Contract: Where processing is necessary to perform a contract with you (e.g. fulfilling an order).

—     Legal obligation: Where processing is required to comply with South African law.

—     Legitimate interest: Where processing is necessary for our legitimate business interests, provided these do not override your privacy rights.

We do not sell, rent, or trade your personal information. We may share it with trusted third parties only where necessary, and only to the extent required for the purposes described in this policy:

—     Payment processors (e.g. PayFast, Peach Payments, or similar), to process transactions securely

—     Courier and logistics providers, to fulfil and deliver your orders

—     Email and marketing platform providers, to send communications on our behalf

—     Website hosting and analytics providers (e.g. Google Analytics)

—     Legal and regulatory authorities, where required by law or court order

All third parties who process personal information on our behalf are required to handle your data securely and in accordance with POPIA and our data processing agreements.

5.1 Cross-Border Transfers

Some of our third-party service providers may be based outside of South Africa. In such cases, we will only transfer your personal information to countries or organisations that provide an adequate level of protection as required by Section 72 of POPIA, or where you have provided your consent to the transfer.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or destruction. These measures include:

—     SSL (Secure Socket Layer) encryption on our website

—     Restricted access to personal information on a need-to-know basis

—     Secure, password-protected systems and databases

—     Regular security assessments and staff training

—     Data breach response procedures

While we take every reasonable precaution, no method of electronic transmission or storage is completely secure. In the unlikely event of a data breach that affects your personal information, we will notify you and the South African Information Regulator as required by POPIA.

In terms of POPIA, you have the following rights regarding your personal information:

Right to be notified: You have the right to be informed when we collect your personal information and how we intend to use it.

Right of access: You may request a copy of the personal information we hold about you.

Right to correction: You may request that we correct or update any inaccurate or incomplete personal information.

Right to deletion: You may request that we delete your personal information, subject to any legal obligations requiring us to retain it.

Right to object: You have the right to object to the processing of your personal information, including for direct marketing purposes.

Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Right to lodge a complaint: You have the right to lodge a complaint with the South African Information Regulator if you believe we have violated your privacy rights.

To exercise any of these rights, please contact our Information Officer at privacy@rytualwellness.com. We will respond to your request within a reasonable time, and no later than 30 days.

We will only send you marketing communications (such as newsletters, promotions, and product updates) if you have explicitly opted in to receive them. Each marketing communication will include a clear and easy way for you to unsubscribe or opt out at any time.

In accordance with Section 69 of POPIA, we will not send unsolicited electronic marketing communications without your prior consent.

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and personalise content. In accordance with POPIA, we will request your consent before placing non-essential cookies on your browser.

You can manage or withdraw your cookie preferences at any time through your browser settings or our cookie consent banner. Certain functional cookies are necessary for the website to operate and cannot be disabled.

For full details on the cookies we use, please refer to our Cookie Policy, available on our website.

We will retain your personal information only for as long as is necessary for the purposes for which it was collected, or as required by law. Retention periods are determined by:

—     The nature of the personal information and the purposes for which it was collected

—     Our legal and regulatory obligations (e.g. tax and financial records)

—     Whether you have an active customer account with us

When personal information is no longer required, we will securely delete or anonymise it in line with our data retention procedures.

Our website and products are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a child without appropriate parental consent, we will take steps to delete that information promptly.

The South African Information Regulator oversees the enforcement of POPIA. If you believe your privacy rights have been violated and we have not resolved your concern satisfactorily, you have the right to lodge a complaint with the Regulator:

—     Website: www.justice.gov.za/inforeg

—     Email: complaints.IR@justice.gov.za

—     Telephone: 010 023 5207

—     Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Where material changes are made, we will notify you via email or a prominent notice on our website.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Information Officer:

—     Email: info@rytualwellness.co.za

—     Website: www.rytualwellness.co.za/contact

—     Address: [Lone Hill, Johannesburg], South Africa