Privacy Policy

Effective date: 23 April 2026
Last updated:23 April 2026

This Privacy Policy explains how Villa Fragrances ("we", "us", "our") collects, uses, and protects your personal information when you visit our website at villafragrances.co.za, use our mobile application, or make a purchase from us.

We are committed to protecting your privacy and complying with the Protection of Personal Information Act, 2013 (POPIA) of South Africa, as well as international privacy standards including the European Union’s General Data Protection Regulation (GDPR) where applicable.

1. Who we are

Villa Fragrances
43 Biccard Street, Braamfontien, Johannesburg, 2001
South Africa
Email: privacy@villafragrances.co.za
Website: villafragrances.co.za

Villa Fragrances is the "responsible party" (data controller) for the personal information collected through our website and mobile application.

2. What information we collect

2.1 Information you provide directly

When you create an account, place an order, or contact us, we collect:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping addresses
  • Account username and password (passwords are stored encrypted)
  • Order history and purchase preferences
  • Any messages or enquiries you send us

2.2 Payment information

When you make a purchase, payment details (card number, CVV, expiry date) are collected and processed directly by our payment provider, PayFast (Pty) Ltd. We do not store your full card details on our servers. We receive only a transaction reference and payment status confirmation from PayFast.

2.3 Information collected automatically

When you visit our website or use our app, we automatically collect:

  • IP address and approximate location (country/city level)
  • Device type, operating system, and browser version
  • Pages viewed, products browsed, and time spent on each page
  • Referring website or app
  • Cookies and similar technologies (see Section 7)

2.4 Information from our mobile application

Our Android mobile application is a wrapper for our website and collects the same information as the website. Additionally, the app may access:

  • Network connection status (to detect offline state)
  • Push notification permission (if you opt in to notifications)
  • Device identifier for notification delivery (only if you enable push notifications)

The app does not access your contacts, photos, camera, microphone, location (beyond what the website collects), or any other device features unless you explicitly grant permission for a specific feature.

3. How we use your information

We use your personal information for the following purposes:

  • To process and fulfil your orders — including payment, delivery, and order communication
  • To manage your account — authentication, password resets, order history
  • To provide customer support — responding to your enquiries and complaints
  • To send transactional emails — order confirmations, shipping notifications, invoices
  • To send marketing communications — only if you have specifically opted in; you can unsubscribe at any time
  • To improve our website and app — understanding how customers use our site to enhance the shopping experience
  • To comply with legal obligations — including tax records, consumer protection laws, and POPIA requirements
  • To prevent fraud — detecting and preventing fraudulent transactions

4. Legal basis for processing (POPIA and GDPR)

We process your personal information under the following legal bases:

  • Contract performance — to fulfil your order and provide the services you’ve requested
  • Legal obligation — to comply with tax, accounting, and consumer protection laws
  • Legitimate interest — to improve our services, prevent fraud, and protect our business
  • Consent — for marketing communications, cookies (other than strictly necessary cookies), and any optional features you enable

5. Who we share your information with

We share your information only with parties who help us operate our business. We do not sell your personal information to third parties.

5.1 Service providers

Service provider Purpose Data shared
PayFast (Pty) Ltd Payment processing Name, email, billing address, order amount
Afrihost Website hosting All data stored on our website
Shipping providers (couriers) Order delivery Name, shipping address, phone number
Google (Firebase/FCM) Push notification delivery (app only) Device token (no personal information)
[Email service, e.g. MailPoet / Mailchimp] Sending marketing emails (if you opt in) Name, email address
[Analytics, e.g. Google Analytics] Website usage analysis Anonymised usage data, IP address (truncated)

5.2 Legal disclosures

We may disclose your personal information when required by law, including:

  • To comply with a court order, subpoena, or legal process
  • To respond to a request from the Information Regulator of South Africa
  • To protect our rights, property, or safety, or that of others
  • To investigate potential fraud or illegal activity

5.3 Cross-border data transfers

Some of our service providers (for example, Google’s Firebase Cloud Messaging and email marketing services) may process data outside of South Africa. We ensure these transfers comply with POPIA by working only with providers who offer adequate data protection guarantees through contractual or regulatory frameworks.

6. How long we keep your information

We retain your personal information only as long as necessary:

  • Active account information — for as long as your account is active
  • Order records and invoices — retained for 5 years as required by the South African Revenue Service (SARS) for tax purposes
  • Inactive accounts — accounts with no activity for 24 months may be anonymised or deleted
  • Marketing consents — until you withdraw consent
  • Pending and failed orders — 30 days after the order date
  • Analytics data — 26 months (Google Analytics default)

When personal information is no longer required, we delete or anonymise it in accordance with our retention policies.

7. Cookies and tracking technologies

We use cookies and similar technologies to operate our website and improve your experience. The categories we use:

  • Strictly necessary cookies — required for the site to function (login sessions, shopping cart). Cannot be disabled.
  • Functional cookies — remember your preferences (language, recent products).
  • Analytics cookies — help us understand how visitors use the site (set only with your consent).
  • Marketing cookies — used for personalised advertising (set only with your consent).

You can manage cookie preferences via our cookie banner, or by adjusting your browser settings. Disabling certain cookies may affect website functionality.

8. Your rights under POPIA and GDPR

You have the following rights regarding your personal information:

  • Right of access — you can request a copy of the personal information we hold about you
  • Right to correction — you can ask us to correct inaccurate or incomplete information
  • Right to deletion (right to be forgotten) — you can request deletion of your personal information (see Section 9)
  • Right to object — you can object to processing based on legitimate interest or for direct marketing
  • Right to data portability — you can request your data in a machine-readable format
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time
  • Right to lodge a complaint — with the Information Regulator of South Africa (contact details in Section 12)

To exercise any of these rights, email us at privacy@villafragrances.co.za. We will respond within 30 days. We may ask you to verify your identity before processing your request.

9. Account and data deletion

You can request deletion of your account and personal information at any time.

To request deletion:

  1. Via your account: Log in to your account, go to "My Account", and submit an account deletion request.
  2. Via email: Send a request from the email address associated with your account to privacy@villafragrances.co.za with the subject "Account Deletion Request". Include your full name and any order numbers (if known).
  3. Via our dedicated page: Visit villafragrances.co.za/delete-my-account/ for detailed instructions.

What we delete: Your customer account, saved addresses, payment tokens, marketing preferences, and browsing history.

What we retain (and why): Order records and invoices are retained for 5 years to comply with South African tax law (SARS requirements). Personal details in these retained records are anonymised where possible so you cannot be individually identified.

We will complete your deletion request within 30 days of verification. You will receive an email confirmation when deletion is complete.

10. How we protect your information

We take appropriate technical and organisational measures to protect your personal information:

  • All data transmitted between your device and our website is encrypted using HTTPS (TLS)
  • Passwords are stored using industry-standard hashing (bcrypt)
  • Payment data is handled entirely by PCI-DSS-compliant payment provider PayFast; we do not store card details
  • Access to customer data is restricted to authorised personnel only
  • Regular software updates and security patches are applied to our website and servers
  • Database backups are encrypted

No system is completely secure. If a data breach occurs that affects your personal information, we will notify you and the Information Regulator as required by POPIA, without unreasonable delay.

11. Children’s privacy

Our website and app are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last updated" date at the top of this page
  • Notify registered customers via email if the changes are significant
  • Post a notice on our website homepage for material changes

Continued use of our services after changes are posted constitutes acceptance of the updated policy.

13. Contact us

For privacy-related questions, requests, or complaints:

Villa Fragrances — Privacy Officer
Email: privacy@villafragrances.co.za
Website: villafragrances.co.za/contact/

If you are not satisfied with our response, you may lodge a complaint with the South African regulator:

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg
Email: POPIAComplaints@inforegulator.org.za
Website: inforegulator.org.za

This Privacy Policy was last updated on 23 April 2026. Version 1.0.

Shopping Cart