Privacy policy

Privacy Policy for Kalyan Herbal

Effective Date: 17 February 2026 Information Officer: Peter van Schaik

1. Introduction

Kalyan Herbal ("we," "us," or "our") is committed to the protection of your personal information. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your information in accordance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA) and the Electronic Communications and Transactions Act, No. 25 of 2002 (ECTA) of South Africa.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the Website, express an interest in obtaining information about us or our products, or when you participate in activities on the Website.

  • Personal Data: Name, surname, shipping/billing address, email address, and telephone number.

  • Transaction Data: Details about payments to and from you and other details of products you have purchased from us.

  • Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting, and location.

  • Usage Data: Information about how you use our website, products, and services.

3. Legal Basis for Processing

Under POPIA, we only process your personal information when:

  • Consent: You have given us clear consent to process your personal data for a specific purpose (e.g., signing up for a newsletter).

  • Contractual Necessity: The processing is necessary for a contract we have with you (e.g., delivering your herbal products).

  • Legal Obligation: The processing is necessary for us to comply with the law (e.g., SARS tax records).

  • Legitimate Interests: The processing is necessary for our legitimate interests, provided those interests do not override your fundamental rights.

4. How We Use Your Information

We use the information we collect or receive:

  • To facilitate account creation and logon process.

  • To fulfill and manage your orders: To process payments, returns, and deliveries.

  • To send administrative information: Such as changes to our terms, conditions, and policies.

  • To protect our Services: As part of our efforts to keep our Website safe and secure (for example, for fraud monitoring and prevention).

  • For marketing purposes: With your explicit consent, we may send you emails about new products or updates.

5. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.

 

6. Sharing with Third Parties

We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. Examples include:

  • Payment Processing: (e.g., PayFast).

  • Delivery Services: (e.g., The Courier Guy).

  • Data Analytics: (e.g., Google Analytics).

We ensure these third parties are POPIA-compliant and have entered into operator agreements to protect your data.

7. Security of Your Information

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These include encrypted connections (SSL), firewalls, and secure access controls. However, please also remember that we cannot guarantee that the internet itself is 100% secure.

8. Your Legal Rights

Under POPIA, you have the following rights:

  • The right to be notified that personal information is being collected.

  • The right of access to the personal information we hold about you.

  • The right to rectification of inaccurate or outdated information.

  • The right to object to the processing of personal information (for example, for direct marketing).

  • The right to lodge a complaint with the South African Information Regulator.

9. International Data Transfers

Our servers are located in [Insert Country, e.g., South Africa or Germany]. If we transfer your information outside of South Africa, we will ensure that the country has adequate data protection laws or that we have entered into a contract with the recipient that ensures an equivalent level of protection.

10. Contacting the Information Regulator

If you are not satisfied with how we handle your data, you have the right to contact the Information Regulator of South Africa: