Privacy Policy

1. Who We Are

Vitaderm (Pty) Ltd operates the website vitaderm.co.za from South Africa.

2. Contact for Privacy Matters

For any privacy-related requests, questions, or to exercise your POPIA rights:

  • Customer Care Line: +27 86 999 0757
  • Email: info@vitaderm.co.za


We will respond within 30 days.

3. Information We Collect

  • Personal data: Name, email, phone number, billing and shipping addresses (from orders, accounts, or contact forms).
  • Payment data: Processed securely via third-party gateways (e.g., PayFast, Ozow)—never stored on our servers.
  • Automated data: IP address, device type, browser, pages visited, session duration, and referral source.
  • Voluntary data: Product reviews, survey responses, or support messages.


4. How We Use Your Data

We process your data to:

  • Fulfil product orders and manage deliveries.
  • Prevent fraud and ensure transaction security.
  • Provide customer support.
    Analyse site performance and user behaviour.
  • Deliver targeted advertising only if you consent.

5. Legal Basis (POPIA Section 11)

  • Contract: To process and deliver your orders.
  • Consent: For marketing communications, remarketing, and non-essential cookies.
  • Legitimate interest: Site security, fraud detection, and service improvement.

6. Cookies & Tracking Technologies

We use the following:

  • Essential cookies: Enable cart, checkout, and site security (active by default, no consent required).
  • Google Analytics 4 (GA4): Measures user behaviour—pages viewed, session length, traffic sources, conversion paths. IP addresses are anonymised.
  • Google Ads Tag: Enables remarketing across Google’s network to users who previously visited our site.
  • Meta Pixel (Facebook/Instagram): Tracks conversions and builds custom audiences for social media ads.
  • TikTok Pixel: Tracks ad performance and retargets website visitors on TikTok.
  • Google Tag Manager: A container that deploys and manages all tracking tags—it does not collect data itself.



7. Data Sharing

We only share data with:

  • Payment processors: PayFast, Ozow, or other PCI-compliant South African gateways.
  • Shipping providers: e.g., The Courier Guy, Dawn Wing.
  • Advertising & analytics partners: Google (Ads, GA4, Tag Manager), Meta, and TikTok – strictly for ad delivery, measurement, and audience segmentation under data processing agreements.

We do not sell, rent, or trade your personal information.

8. Data Retention

  • Order records: 5 years (as required by South African Revenue Service).
  • Marketing consent: Until you unsubscribe.
  • GA4 user-level data: Automatically deleted after 2 months (default setting).

 

9. Your POPIA Rights

You have the right to:

  • Request access to or correction of your personal data.
  • Request deletion (subject to legal retention obligations).
  • Withdraw consent for marketing or tracking.
  • Object to processing based on legitimate interest.
  • Contact us via the details in Section 2 to exercise these rights.

10. Security Measures

  • All data transmitted via HTTPS (SSL encryption).
  • Payment data handled exclusively by PCI-DSS certified third parties.
  • Regular review of third-party tags for compliance and minimal data collection.

11. Policy Changes

Updates will be posted here with a new effective date. Continued use of the site constitutes acceptance.