PRIVACY POLICY FOR BLOOMS AND BALLOONS
Last updated: 04 March 2026
1. INTRODUCTION
Welcome to Blooms and Balloons (www.bloomsandballoons.co.za). We are committed to protecting your privacy and ensuring your personal information is processed lawfully, in accordance with the Protection of Personal Information Act, 2013 (POPIA).
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website and purchase our flowers and balloons.
2. WHO WE ARE (THE RESPONSIBLE PARTY)
Blooms and Balloons is the “Responsible Party” under POPIA, meaning we determine the purpose and means for processing your personal information.
Website: www.bloomsandballoons.co.za
Phone: +27 82 293 0432
Physical Address: 19 Lucille str, Risiville, Meyerton, 1929, Gauteng
3. OUR INFORMATION OFFICER
POPIA requires us to designate an Information Officer responsible for overseeing data protection compliance. You may contact our Information Officer for any privacy-related queries or to exercise your rights.
Information Officer: Sonja van Staden – Owner
Phone: +27 82 293 0432
4. WHAT PERSONAL INFORMATION WE COLLECT
We only collect information necessary to process your orders, provide customer service, and improve your shopping experience. The table below outlines the types of data we collect and why:
| Type of Data | What We Collect | Purpose of Collection | When Collected |
|---|---|---|---|
| Identity Data | Full name, surname | To identify you and process your orders | Account registration, checkout |
| Contact Data | Email address, phone number, delivery address | To communicate order updates and deliver products | Checkout, contact forms |
| Financial Data | Payment card details (processed securely by third parties), transaction records | To process payments and refunds. We do not store full payment card numbers on our servers | Checkout |
| Technical Data | IP address, device information, browser type, operating system | For fraud prevention, website analytics, and improving site performance | Automatically when browsing |
| Communication Data | Records of correspondence via email or contact forms | To provide customer support and resolve queries | When you contact us |
| Account Data | Login credentials, order history, wishlist items | To manage your account and remember your preferences | Account registration and use |
5. HOW WE COLLECT YOUR INFORMATION
We collect personal information in the following ways:
Direct interactions: When you place an order, create an account, subscribe to our newsletter, or contact us.
Automated technologies: As you browse our website, we automatically collect Technical Data using cookies and similar technologies.
Third parties: We may receive information from payment processors or delivery services to fulfil your order.
6. HOW WE USE YOUR PERSONAL INFORMATION (PURPOSE SPECIFICATION)
We use your personal information only for the specific purposes listed below:
| Purpose | What We Do | Legal Basis |
|---|---|---|
| Order Fulfilment | Process, confirm, ship, and deliver your purchases | Performance of a contract with you |
| Account Management | Manage your registration, provide order history, maintain shopping cart | Performance of a contract; Legitimate interests |
| Customer Service | Respond to your inquiries, complaints, or return requests | Performance of a contract; Legitimate interests |
| Fraud Prevention | Detect and prevent fraudulent transactions; maintain website security | Legitimate interests; Legal obligation |
| Marketing Communications | Send newsletters, promotions, or special offers only if you have explicitly opted-in | Your consent (which you may withdraw at any time) |
| Website Improvement | Analyse how customers use our site to enhance user experience | Legitimate interests |
| Legal Compliance | Comply with legal obligations (tax, record-keeping, court orders) | Legal obligation |
7. MARKETING COMMUNICATIONS AND CONSENT
We will only send you marketing emails, SMS, or WhatsApp messages if you have given us your explicit consent.
How we obtain consent: During account registration or checkout, we will ask you to tick a box confirming you wish to receive marketing communications. Pre-ticked boxes do not constitute valid consent.
Your right to withdraw: You may withdraw your consent or object to direct marketing at any time, free of charge, by:
Clicking the “unsubscribe” link in any marketing email
Replying “STOP” to any SMS
Contacting us at privacy@bloomsandballoons.co.za
If you object to direct marketing, we will stop processing your information for this purpose immediately.
8. SHARING AND DISCLOSURE (THIRD PARTIES)
We will only share your personal information with third parties where necessary to fulfil the purposes listed above. We have contracts in place to ensure these third parties are also compliant with POPIA.
| Recipient / Service Provider | Purpose of Sharing |
|---|---|
| Payment Processors (e.g., PayFast, Yoco, Stripe) | To securely process credit card payments and refunds. These providers do not share your full payment details with us |
| Courier Services (e.g., The Courier Guy, PostNet, Aramex) | To generate shipping labels and deliver your order to your specified address |
| Google Analytics / Google Services | To analyze website traffic, understand customer behaviour, and measure advertising performance |
| Social Media Platforms (Facebook/Instagram Pixel) | To show you relevant advertisements and measure campaign effectiveness (only with your consent) |
| Legal/Regulatory Authorities | When required by law (e.g., tax authorities, fraud investigation, or in response to a court order) |
Important: Once you leave our website or are redirected to a third-party website (e.g., a payment gateway), you are no longer governed by this Privacy Policy. We encourage you to read their privacy statements.
We will never sell your personal information to third parties.
9. COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies—small text files placed on your device—to enhance your browsing experience.
9.1 Types of Cookies We Use
Essential Cookies: Necessary for website functionality (e.g., keeping items in your shopping cart). You cannot opt out of these.
Statistics Cookies: Help us understand how visitors use our site (e.g., Google Analytics). We only place these with your consent.
Marketing Cookies: Track your browsing habits to show relevant advertisements. We only place these with your consent.
9.2 Your Cookie Choices
When you first visit our website, you will see a cookie consent banner where you can:
Accept all cookies
Reject non-essential cookies
Customize your preferences
You can change your cookie preferences at any time by clicking the “Cookie Settings” link in our website footer, or by adjusting your browser settings. Disabling certain cookies may affect website functionality.
For detailed information, please see our separate Cookie Policy.
10. DATA SECURITY SAFEGUARDS
We take reasonable technical and organizational measures to protect your personal information from loss, misuse, unauthorized access, disclosure, or alteration. These measures include:
SSL Encryption: All data transmitted between your browser and our website is encrypted using Secure Socket Layer (SSL) technology.
Secure Payment Processing: Payment data is processed directly by POPIA-compliant payment gateways; we do not store full payment card numbers.
Access Restrictions: Internal access to personal information is limited to employees who need it to perform their jobs.
Regular Security Reviews: We continually review and improve our security frameworks.
In the event of a security compromise or data breach, we will notify you and the Information Regulator in accordance with Section 22 of POPIA.
11. DATA RETENTION
We will retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including:
As required by law (e.g., retaining transaction records for tax purposes)
To facilitate an ongoing customer relationship
Until the information is no longer relevant to the purpose for which it was processed
After this period, your personal information will be securely deleted or destroyed.
12. YOUR RIGHTS UNDER POPIA
As a data subject, you have the following rights regarding your personal information:
| Right | What It Means |
|---|---|
| Right to be Informed | You have the right to know that we are collecting your information and how we will use it (this Privacy Policy fulfils this right) |
| Right of Access | You may request a copy of the personal information we hold about you |
| Right to Correction | You may request that we correct or update personal information that is inaccurate, irrelevant, or incomplete |
| Right to Deletion | You may request that we delete or destroy your personal information, subject to legal retention requirements |
| Right to Object | You may object, on reasonable grounds, to the processing of your personal information |
| Right to Object to Direct Marketing | You may object, free of charge, to your information being used for direct marketing |
| Right to Withdraw Consent | You may withdraw your consent for us to process your information at any time (this may affect our ability to provide certain services) |
| Right to Lodge a Complaint | You have the right to lodge a complaint with the Information Regulator if you believe we have violated your privacy rights |
12.1 How to Exercise Your Rights
To exercise any of these rights, please contact our Information Officer using the details in Section 3.
You may submit your request using the prescribed forms issued by the Information Regulator (Forms 1 and 2)
We will respond to your request within 30 days
These requests are free of charge
If you are not satisfied with our response, you have the right to lodge a complaint with:
The Information Regulator of South Africa
Website: www.inforegulator.org.za
Email (Complaints): complaints.IR@justice.gov.za
Email (General): inforeg@justice.gov.za
13. CHILDREN’S PRIVACY
We do not knowingly collect personal information from children under the age of 18 without parental consent. If you are under 18, you may only use our website with the involvement of a parent or guardian. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information.
14. THIRD-PARTY LINKS
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in technology, legislation (including POPIA amendments), or our business practices. Any changes will be posted on this page with an updated revision date.
If we make material changes, we will notify you via email or by placing a prominent notice on our website. We encourage you to review this Privacy Policy periodically.
16. PAIA MANUAL
In accordance with the Promotion of Access to Information Act (PAIA) , we have a manual available that describes the procedures for requesting access to information held by Blooms and Balloons. If you wish to request access to information under PAIA, please contact our Information Officer.
17. CONTACT US
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal information, please contact us:
Blooms and Balloons
Phone: +27 82 293 0432
Address: 19 Lucille str, Risiville, Meyerton, 1929, Gauteng]
Information Officer
- Sonja van Staden – Owner
Phone: +27 82 293 0432