Privacy Policy

PRIVACY POLICY Last Updated: October 17, 2025 Version 1.0 ================================================================================ 1. INTRODUCTION Automotive Spares ("we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website automotivespares.co.za and use our services. This Privacy Policy complies with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African data protection laws. By using our website and services, you consent to the collection and use of your information as described in this Privacy Policy. ================================================================================ 2. INFORMATION WE COLLECT Personal Information: We collect personal information that you voluntarily provide to us when you: • Register for an account • Place an order • Subscribe to our newsletter • Contact us for customer support • Participate in surveys or promotions This information may include: • Full name • Email address • Phone number • Physical address (for shipping) • Payment information (processed securely through PayFast) Order and Transaction Data: When you make a purchase, we collect: • Order details and history • Products purchased • Shipping information • Payment method (card type, last 4 digits) • Transaction amounts and dates Technical Information: We automatically collect certain information when you visit our website: • IP address • Browser type and version • Device information • Operating system • Pages viewed and time spent on pages • Cookies and similar tracking technologies Communications: We collect information from your communications with us, including: • Customer support inquiries • Contact form submissions • Email correspondence • Newsletter interactions ================================================================================ 3. HOW WE USE YOUR INFORMATION We use your personal information for the following purposes: • Order Processing and Fulfillment: Process your orders, arrange shipping, provide order updates, and handle returns • Payment Processing: Securely process payments through PayFast and maintain transaction records • Customer Service: Respond to inquiries, provide support, and resolve issues • Marketing Communications: Send newsletters, promotional offers, and product updates (only with your consent) • Account Management: Create and manage your account, remember your preferences • Website Improvement: Analyze usage patterns, improve functionality, and enhance user experience • Legal Compliance: Comply with legal obligations, enforce our terms, and protect our rights • Fraud Prevention: Detect and prevent fraudulent transactions and protect against security threats ================================================================================ 4. LEGAL BASIS FOR PROCESSING (POPIA) Under POPIA, we process your personal information based on: • Your Consent: You have given clear consent for us to process your personal information for specific purposes (e.g., marketing communications) • Contract Performance: Processing is necessary to fulfill our contract with you (e.g., processing and delivering your order) • Legal Obligations: Processing is necessary to comply with legal requirements (e.g., tax and accounting regulations) • Legitimate Business Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, improving our services) ================================================================================ 5. INFORMATION SHARING AND THIRD PARTIES We do not sell, rent, or trade your personal information to third parties. We only share your information with trusted service providers who help us operate our business: • PayFast (Payment Processing): Securely processes all payment transactions • The Courier Guy (Shipping & Delivery): Receives your shipping address and contact information to deliver your orders • Supabase (Database Hosting): Hosts our secure database infrastructure where your account and order information is stored • Resend (Email Services): Sends transactional emails (order confirmations, shipping updates) and marketing emails (with your consent) All third-party service providers are required to protect your personal information and only use it for the specific purposes we authorize. We may also disclose your information if required by law, court order, or to protect our legal rights and safety. ================================================================================ 6. DATA SECURITY We implement appropriate technical and organizational security measures to protect your personal information: • SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted • Secure Authentication: Passwords are hashed and encrypted • Secure Database: Access controls and encryption for stored data • Access Restrictions: Only authorized personnel can access personal information • Regular Security Updates: Systems are regularly updated and monitored • PCI Compliance: Payment processing meets Payment Card Industry standards through PayFast While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. ================================================================================ 7. YOUR RIGHTS UNDER POPIA Under the Protection of Personal Information Act (POPIA), you have the following rights: • Right to Access: You can request a copy of the personal information we hold about you • Right to Correction: You can request that we correct any inaccurate or incomplete information • Right to Deletion: You can request that we delete your personal information (subject to legal retention requirements) • Right to Object: You can object to the processing of your personal information for direct marketing purposes • Right to Data Portability: You can request your data in a structured, commonly used format to transfer to another service • Right to Lodge a Complaint: You can lodge a complaint with the Information Regulator if you believe your rights have been violated To exercise any of these rights, please contact us at info@automotivespares.co.za. We will respond to your request within 30 days. ================================================================================ 8. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar tracking technologies to enhance your experience on our website: • Essential Cookies: Required for website functionality, including authentication and shopping cart features • Local Storage: Used to store your shopping cart data and PWA (Progressive Web App) functionality • Session Management: Keeps you logged in and maintains your browsing session You can control cookies through your browser settings. However, disabling cookies may affect website functionality. ================================================================================ 9. DATA RETENTION We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy: • Account Information: Retained while your account is active or as needed to provide services • Transaction Records: Retained for 7 years as required by South African tax law • Marketing Data: Retained until you unsubscribe or withdraw consent • Technical Data: Retained for security and operational purposes (typically 12 months) When personal information is no longer needed, we securely delete or anonymize it in accordance with POPIA requirements. ================================================================================ 10. CHILDREN'S PRIVACY Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years old. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to remove such information from our systems. ================================================================================ 11. INTERNATIONAL DATA TRANSFERS Your personal information may be stored and processed in servers located outside of South Africa, including through our service providers. We ensure that: • Adequate safeguards are in place to protect your data • Service providers comply with applicable data protection laws • Your data receives the same level of protection as required by POPIA ================================================================================ 12. YOUR CONSENT By using our website and services, you consent to the collection and use of your personal information as described in this Privacy Policy. How We Obtain Consent: • Account registration with checkbox consent • Placing an order (implied consent for order processing) • Subscribing to our newsletter • Contacting us through our forms Withdrawing Consent: You can withdraw your consent at any time by: • Unsubscribing from marketing emails (click the unsubscribe link) • Contacting us to request deletion of your account • Emailing us at info@automotivespares.co.za ================================================================================ 13. DATA BREACH NOTIFICATION In the unlikely event of a data breach that compromises your personal information: • We will notify you as soon as reasonably possible • We will notify the Information Regulator as required by POPIA • We will provide information about steps we're taking to address the breach • We will advise you on steps you can take to protect yourself ================================================================================ 14. CONTACT US If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Automotive Spares Responsible Person / Information Officer: Automotive Spares Management Email: info@automotivespares.co.za Website: automotivespares.co.za ================================================================================ 15. INFORMATION REGULATOR If you believe we have not handled your personal information properly, or if you wish to lodge a complaint about a possible breach of POPIA, you may contact the Information Regulator: Information Regulator (South Africa) Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 P.O. Box: P.O Box 31533, Braamfontein, Johannesburg, 2017 Email: inforeg@justice.gov.za Website: www.justice.gov.za/inforeg ================================================================================ 16. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes: • We will update the "Last Updated" date at the top of this policy • For material changes, we will notify you by email or prominent notice on our website • Your continued use of our services after changes indicates acceptance of the updated policy We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. ================================================================================ 17. POPIA COMPLIANCE STATEMENT Automotive Spares is committed to full compliance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) and all applicable South African data protection legislation. We process personal information in accordance with the eight conditions for lawful processing as set out in POPIA: 1. Accountability 2. Processing limitation 3. Purpose specification 4. Further processing limitation 5. Information quality 6. Openness 7. Security safeguards 8. Data subject participation This Privacy Policy, along with our business practices, demonstrates our commitment to protecting your personal information and upholding your rights under POPIA. ================================================================================ © 2025 Automotive Spares. All rights reserved. Last Updated: October 17, 2025