Who we are
Welcome to the www.shopspa.co.za website (including all webpages, subdomains and subparts therein contained, the (“Platform”) of Add-On Digital (Pty) Ltd t/a Shopspa (“Shopspa”, “we”, “us” and/or “our”). The Platform has been created (i) to provide information about Shopspa (ii) to provide online services (“Shopspa Services”) for people (“Users”) to buy products and/or vouchers (“Vouchers”) and from vendors that make use of the Shopspa Services (“Partners”). Add-On Digital Pty Ltd t/a Shopspa is a registered company in South Africa. Our website address is: https://shopspa.co.za/.
What personal data we collect and why we collect it
We collect Contact Information from users namely First Name, Surname, Email Address and Contact Numbers of users transacting on our Platform. We do this so we can offer support to users who require it and so that user’s contact information can be linked to Voucher/s purchased by the user.
We collect Transactional Data related to the user such as amount of money spent on our Platform, specifics on the Voucher/s purchased by the User and the number of Voucher/s purchased by the User. We do this so that Shopspa and it’s Partners can identify the specifics of your purchase/s
Our Platform allows Users the option to opt-in to our email marketing campaigns and we record the contact information of users who have opted-in to this service. We do this so that we can send promotional marketing emails to Users who have opted-in to this service.
We utilse cookies and analytics and we may share your your Contact Information and Transactional Data with our Partners and/or 3rd party suppliers if required. Details of this is covered in the ‘Cookies’ section below.
Shopspa Administrators have access to the information you provide in order to help you fulfill orders and provide support.
Users who visit our platform and choose to transact on it give Shopspa consent to store the above listed information.
We’ll use this information for purposes, such as, to:
Send you information about your account and order, Respond to your requests, including refunds and complaints, Process payments and prevent fraud, Comply with any legal obligations we have, Improve our store offerings,Send you marketing messages, if you choose to receive them.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 3 years for tax and accounting purposes as well as for proof of purchases. This includes your name, email address and phone number.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and our Partners can access: Order information like what was purchased, when it was purchased, and Customer information like your name, email address, and phone number. Our team members have access to this information to help fulfill orders, process refunds, redeem Vouchers and support you.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
We use contact forms for Users to provide us with their information so that we can contact them. We also use contact forms for potential partners to send us information about their company and so we can contact them.
Information is stored indefinitely.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Cookies for marketing purposes
Google Chrome: https://support.google.com/chrome/answer/95647
Facebook Custom Audiences
Custom Audience Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA), is a small piece of Java script code which we have integrated into all of our websites. This piece of code provides a number of functions for the sending of application specific events and user defined data to Facebook. We use Custom Audience pixels in order to record information concerning the way in which visitors use our website. This pixel records and provides Facebook with information concerning the browser setting of the user, a hashed version of the Facebook ID and the URL which is being visited. Each Facebook user thus possesses a clear and device-independent Facebook ID, whereby it is possible to address the user via more than one device on the social network Facebook and to recognise him or her, so that we can target our visitors again for advertising purposes by means of Facebook adverts. After 180 days, the user information is deleted until the visitor accesses our website again. Therefore, no personal information is disclosed to Shopspa in relation to the individual website visitors and we can only solicit website customer target groups once the target customer group has reached a critical mass in terms of numbers. Further information concerning Facebook and its private sphere settings above and beyond the details set out can be found in the Data Policy and the Terms of Service of Facebook Inc.
Google AdWords and conversion tracking
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
For the analysis and optimisation of our websites, we use various services which are set out below. For example, by means of these we can analyse how many users are visiting our website, what information is the most popular or how users find the service. Amongst other things, we record the website where a data subject came across a website (so-called referrer), which sub-pages of the website are accessed or how often and for how long a sub-page was viewed. This helps us make our services user friendly and helps us to improve them. The data which is gathered during this process is not used to personally identify individual users. Anonymous data or data with the highest level of pseudonymisation is gathered. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. We consider the optimisation of our website to be a legitimate interest. Your basic rights and basic freedoms do not outweigh our interests, as we comprehensively inform you of the data gathering in our data protection declaration and you have the opt out option at any time (via link or browser settings). We also only used pseudonymised tracking.
Who we share your data with
We accept credit and/or debit card payments through Peach Payments. When processing payments, some of your data will be passed to Peach Payments, including information required to process or support the payment, such as the purchase total and billing information. Peach Payments protect personal information by using secure (PCI Level 1 Compliant) networks and servers to store and encrypt personal information. Peach Payments ensures that its personnel when using an automated data processing system may access only data that are within their competence.
Peach Payments shall take commercially reasonable steps to prevent any unauthorized person from accessing the facilities used for data processing and to prevent any unauthorized amendment or deletion of the recorded data.Read their compliance with The Protection of Personal Information Act here.
We accept payments through Payfast. When processing payments, some of your data will be passed to Payfast, including information required to process or support the payment, such as the purchase total and billing information. Payfast’s has a number of accepted methods of payment including credit/debit cards.
Mailgun are an email service provider and we use their software/service to ensure better delivery of our transactional emails. When you purchase a Voucher/s off of our Platform, Mailgun may deliver your email to your email inbox. The email will contain your order information and/or your Voucher and/or your Voucher information. Mailgun keeps a copy of your email for 5 days before it is deleted.
We use Mailchimp to send out our promotional emails to users who have opt-ed in to receive them. Mailchimp stores First Name, Surname and Email Addresses of users who have subscribed to Shopspa’s marketing email service. To unsubscribe from Shopspa’s marketing email service you can email firstname.lastname@example.org or use the unsubscribe link found at the bottom of any one of our marketing emails.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
We keep customer purchase records for a minimum of 3 years from point of purchase so that we can track performance of sales year on year and so we can provide the user and or our partners with it’s information if required.
Our analytics data is stored indefinitely so we can track the performance of our Platform over time and use the insights to improve the user experience of our Platform.
Marketing email database data is stored indefinitely so we can continue send out marketing emails to users who wish to receive them
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
How we protect your data
We have implemented SSL certificates on our Platform which is an encrypted method which encrypts any data between the server and the client. We utilise wordpress to manage the content of our Platform and upgrade the WordPress versions, plugins and themes on a regular basis. We also use a security plugin called Wordfence to help prevent malicious use of our platform.
What data breach procedures we have in place
If we are made aware of a data breach our procedure is to first and foremost to attempt to prevent any further loss of data by taking our platform offline and instructing our server hosts to place our platform into quarantine. We will then assess the scope of the data breach and inform the affected Users, Partners and/or third party suppliers and instruct them of any recommendations we know of that may assist them in further protecting their privacy.
We will then work to secure the data once more and make our platform live when Shopspa and our hosts Elitehost are confident that the Platform is secure.
Finally we’ll inform our Users, Partners and 3rd party suppliers of the actions we took and will be taking to prevent such incidents in future.
Your contact information