Lunatree

1. Introduction

This Privacy Policy explains how Lunatree collects, uses, shares, and protects your Personal Information when you visit the Lunatree website at lunatree.co.za (the "Website") or purchase Goods from us. Lunatree is the "responsible party" in respect of your Personal Information under the Protection of Personal Information Act, 2013 ("POPIA").

The Website is operated by [PLACEHOLDER: registered legal entity name, e.g. Lunatree (Pty) Ltd] ("Lunatree", "we", "us" or "our"). We are committed to processing your Personal Information lawfully, fairly, and transparently. International visitors' Personal Information is handled in accordance with POPIA.

2. Who We Are & How to Contact Us

The following information is provided in accordance with POPIA and section 43 of ECTA:

Registered legal name: [PLACEHOLDER: registered legal entity name, e.g. Lunatree (Pty) Ltd]
Company registration number: [PLACEHOLDER: CIPC company registration number]
Website: lunatree.co.za
Information Officer: [PLACEHOLDER: Information Officer full name and contact details]

3. Personal Information We Collect

Depending on how you use the Website, we may collect the following categories of Personal Information:

Account details: your name, email address, phone number, and password.
Order & delivery information: billing and delivery addresses, the Goods you order, and order history.
Payment information: details needed to process your payment. Full card details are processed by our payment service providers and are not stored by us.
Browsing & analytics data: your IP address, device and browser information, pages visited, and how you interact with the Website, collected through cookies and similar technologies.
Information stored on your device: to keep the Website working as you use it, we store some information directly in your browser's local storage rather than on our servers. This includes the contents of your cart and the delivery and billing details you enter at checkout, so they are not lost if you refresh the page or return later. This information stays on your device until your Order is placed or you clear your browser storage.

4. How We Collect Personal Information

Directly from you — when you create an account, place an Order, contact us, or otherwise communicate with us.
Automatically — through cookies, browser local storage, and similar technologies as you use the Website (see the Cookies & Similar Technologies section below).
From third parties — such as our payment processors, couriers, and analytics or advertising partners, including Google Maps API and Facebook (for custom audience targeting).

5. Purpose of Processing & Lawful Basis

We process your Personal Information for the following purposes, relying on the lawful bases set out in POPIA:

To perform our contract with you — processing and fulfilling Orders, arranging delivery, and handling returns and refunds.
To comply with a legal obligation — meeting tax, accounting, and consumer-protection requirements.
For our legitimate interests — improving the Website, preventing fraud, and understanding how customers use our services.
With your consent — sending marketing communications and using non-essential cookies for analytics and marketing.

6. Consent & Withdrawal

Where we rely on your consent — for example, to send you marketing communications or to use non-essential cookies — we obtain it at the point of collection. You may withdraw your consent at any time by adjusting your cookie preferences, using the unsubscribe link in our marketing emails, or contacting us. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

7. Sharing & Disclosure

We may share your Personal Information with the following categories of recipients, only to the extent necessary:

Payment processors: [PLACEHOLDER: name(s) of payment processor(s), e.g. PayFast, Yoco] to process your payments securely.
Couriers: [PLACEHOLDER: name(s) of delivery courier(s)] to deliver your Order.
Service providers: hosting, analytics, and marketing partners who process Personal Information on our behalf, including Google Maps API and Facebook.

Some of these recipients are located outside South Africa, and your Personal Information may be transferred to third parties located throughout the world. Where we transfer Personal Information across borders, we take steps to ensure the recipient is subject to laws, binding agreements, or rules that provide an adequate level of protection, as required by section 72 of POPIA.

8. Security Safeguards

In line with section 19 of POPIA, we take reasonable technical and organisational measures to protect your Personal Information against loss, damage, unauthorised access, and unlawful processing. These include secure transmission of payment data through our payment service providers and restricting access to Personal Information to those who need it. While we take security seriously, no method of transmission or storage is completely secure.

9. Retention

We keep your Personal Information only for as long as necessary to fulfil the purposes for which it was collected, including to meet our legal, accounting, and reporting obligations. Order and transaction records are typically retained for the period required by South African tax and company law. When Personal Information is no longer needed, we securely delete or anonymise it.

10. Your Rights Under POPIA

Subject to POPIA, you have the right to:

request access to the Personal Information we hold about you;
request that we correct or update inaccurate or incomplete Personal Information;
request that we delete or destroy Personal Information we are no longer entitled to keep;
object, on reasonable grounds, to the processing of your Personal Information.

To exercise any of these rights, please contact us using the details above. You also have the right to lodge a complaint with the Information Regulator (South Africa) at complaints.IR@justice.gov.za or via its website.

11. Cookies & Similar Technologies

Cookies are small text files placed on your device when you visit the Website. We also use browser local storage, a related technology that allows the Website to store information directly in your browser. Together these help the Website function and allow us to understand how it is used. We use the following types of cookies:

Essential cookies — required for the Website to work, such as maintaining your session.
Analytics cookies — help us understand how visitors use the Website so we can improve it.
Preference cookies — remember your preferences to give you a better experience.
Marketing cookies — used to deliver relevant advertising, including through Facebook custom audience targeting.

We use browser local storage for essential functionality, including keeping items in your cart and saving the delivery and billing details you enter at checkout so they are not lost if you refresh the page or return later. We clear your saved checkout details from local storage once your Order is placed.

You can control or disable cookies through your browser settings, and you can clear information held in local storage by clearing your browser's site data. Disabling or clearing essential cookies or local storage may affect how the Website functions.

12. Children

The Website is not aimed at children under the age of 18. We do not knowingly collect the Personal Information of a child without the consent of a parent or guardian. If you believe we have collected such information, please contact us so that we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The version published on the Website is the version that applies. We encourage you to review this policy periodically to stay informed about how we process your Personal Information.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us or reach us directly:

Information Officer: [PLACEHOLDER: Information Officer full name and contact details]