Last updated: 5 August 2025
Your privacy is important to us. This Privacy Policy explains how The Process Beauty Solutions (Pty) Ltd (“The Process,” “we,” “us,” or “our”) collects, uses, and shares personal information when you use our website at theprocess.co.za and related services (collectively, the “Service”). By using our Service, you agree to the practices described in this Policy. If you don’t agree, please do not use the Service.
We’ve designed our privacy practices to be clean, transparent, and respectful – just like our brand ethos. Here’s what you need to know:
We collect information in a few different ways:
a. Information You Provide Directly:
When you interact with our Service, you may provide us with personal information, such as:
– Account Sign-Up: Name, email address, password, and any profile details you choose to add (like skin type, birthday, etc.).
– Purchases: Billing and shipping address, phone number, payment details (note: we do not see full card numbers; those go straight to our payment processor).
– Communications: If you email us, fill out a contact form, or chat with support, you’ll provide whatever info is in those messages (e.g., questions, feedback, or additional contact info).
– Quizzes/Surveys: If you take a skincare quiz or survey on our site, you might give info like your skin concerns, routine habits, etc.
– Content: If you submit reviews, comments, or testimonials, or upload images (like before/after photos), that content may include personal info (like your skin condition or any personal data you reveal in a comment).
– Gift Orders: If you send a gift, we collect the recipient’s name and contact details that you provide.
It’s your choice whether to provide this info, but some features (like purchasing or certain promotions) may not work without it.
b. Information We Collect Automatically:
When you use our Service, we automatically collect some data about your visit via cookies and similar tracking tech. This includes:
– Device/Browser info: IP address, device type (mobile/desktop), browser type, operating system, and app or browser version.
– Usage data: Pages or products you view, how you navigate the site (e.g., entering via our homepage or a specific product link), time and duration of visits, search queries on our site, and actions like adding to cart or starting checkout.
– Cookies & Analytics: We use cookies to remember your preferences (like currency or cart contents), and analytics tools (like Google Analytics) to understand traffic and improve our design. These tools may log interactions such as clicks, scroll depth, and referring websites. We also use cookies for personalization and (with your consent) for advertising, to show you relevant content or offers. See “Cookies & Tracking” below for more detail and your choices.
This data helps us run our site smoothly, figure out what’s popular, and identify areas to improve. It’s mostly aggregated, but some (like IP) could be considered personal data under law, so we treat it carefully.
c. Information from Third Parties:
Sometimes, we receive info about you from others:
– Login via Social: If we offer social logins (like “Continue with Google/Apple/Facebook”) and you use them, those platforms may send us basic profile info (like your name, email, profile picture) to log you in. We only get what you consent to share via those services.
– Referrals: If someone refers you (via our referral program), we might get your email address to send you an invite or discount (and to credit the referrer if you purchase). We’ll tell you who referred you if we contact you, and you can always opt out.
– Shipping Partners: Our delivery providers might update us with delivery status info (so we know if a package was delayed or delivered).
– Payment and Fraud Prevention: Our payment processors or fraud detection services might provide fraud scores or alerts based on your payment details (to help us screen orders).
– Public Sources: If you tag us on social media, we might collect that content (e.g., a photo of you with our product) to possibly feature it – but we’ll contact you for permission before reposting if it’s more than just a simple retweet or share. We might also collect aggregated demographic or market info from third-party research services to understand our audience generally (e.g., % of population interested in sustainable beauty in SA) – this isn’t usually identifiable to you personally.
We do not buy bulk personal data lists from data brokers, and we don’t hunt down extra info about you beyond what’s described here.
We use personal information for the following purposes:
a. To Provide Services & Fulfill Orders:
The main reason we collect info is to process your transactions and provide you with what you asked for. This includes:
– Processing payments and fulfilling purchases (using your payment info, address to ship, etc.).
– Managing deliveries and logistics (sharing your address with our courier, printing shipping labels).
– Handling returns, exchanges, or warranty claims.
– Sending you order confirmations, invoices, shipping notifications, and any essential service emails about your purchase.
b. Account Management & Personalization:
We maintain your account and try to make your experience smoother and more personal:
– Remembering your login session (so you don’t have to log in every time) and preferences like currency or language.
– Showing you content that’s relevant, such as recommending products based on past browsing or purchases (e.g., “refill available” or “you might also like…”).
– Storing items in your cart or wishlist for later.
– Awarding and tracking your loyalty points and rewards, and tailoring offers for you (like “You have 200 points – redeem them for a discount!”).
– If you fill a quiz, using those answers to suggest a routine or products.
c. Communication:
We use contact info to communicate with you:
– Service communications: These are not promotional – e.g., emails about order status, password resets, important updates like changes to terms or product recalls (hopefully never needed). You can’t opt out of these essential ones because they’re part of using the Service.
– Newsletters & offers: If you subscribe or if it’s lawful as an existing customer, we’ll send tips, product launches, and exclusive deals via email or possibly SMS (if phone provided for that purpose). We keep it moderate and meaningful – no spammy barrage. You can opt out anytime by clicking “unsubscribe” in an email or texting STOP for SMS.
– Feedback requests: We might email to ask for a product review or to fill a survey about your experience. Totally voluntary.
– Responses: If you contact us with a question, we’ll use your info to respond. We might keep that correspondence to track any issues over time and train our team.
d. User Content & Community:
If you submit a testimonial or tag us on social, we might feature it (with credit to you, of course!). For example, publishing your product review on our site, or sharing your Instagram photo on our official feed, as a way of building trust with other customers. If you prefer we not re-share your social media tags, let us know; we respect that. Also, if you participate in our community forum or group, info you post there (including any personal data you share in a public post) may be visible to others – so think before you post!
e. Improvement & Analytics:
We continuously aim to improve our products and website:
– We analyze usage data to see things like which pages are visited most, where users drop off in the checkout process, or what search terms are popular. This helps us optimize the user experience (for example, if many people search for “sensitive skin,” we might write a blog post about it or make it easier to find relevant products).
– We track marketing campaign performance (like how many people opened a particular email or used a promo code) to learn what is helpful or interesting.
– We might use A/B testing (showing slightly different page versions to some users) to learn which layout or content is preferred.
– In doing all this, we try to aggregate or anonymize data where possible (e.g., overall traffic patterns rather than your individual click path) unless we need to troubleshoot something specific tied to your account.
f. Security & Fraud Prevention:
Your data helps us keep our platform safe:
– We use automated systems to screen for fraud (e.g., flagging if an order is high-value and the shipping and billing addresses are in different countries – just in case).
– We may use your IP to apply security rules (like rate-limiting login attempts from one IP if it looks like a bot).
– Logs are kept to investigate any breaches or performance issues.
– If we detect potential misuse of our Site (like someone using a bot to scrape data or someone attempting to log into many accounts), we might use relevant data to block or mitigate that.
– If necessary, we might use personal info to enforce our Terms of Use or to protect rights, property, or safety of ourselves, our users, or others (for example, in an investigation of fraudulent activity, or handling chargeback disputes).
g. Legal & Compliance:
We will use and retain your information as needed to comply with legal obligations (e.g., tax and accounting records of purchases, or checking against sanction lists if required for exports). If required by law enforcement or regulators (under proper process), we might disclose certain data as described in “Sharing” below. We also may use data to exercise or defend legal claims – hopefully it’s never needed, but for example, keeping records of transactions and communications could help us demonstrate compliance or address a complaint.
h. Other Purposes (with your consent):
If we want to use your data in a way not covered above, we’ll ask for your consent. For instance, if we ever wanted to use your testimonial with your full name and photo in a big ad campaign, we’d ask you first. Or if we plan to process sensitive personal data (like health info beyond general skin concerns) for a new feature, we’d make sure to get explicit consent and explain clearly what for.
We will not use your personal information for wholly new, unrelated purposes without updating this Policy and/or obtaining your permission as appropriate.
Cookies are small text files that websites store on your device to keep track of info about you. We use cookies and similar technologies (like pixel tags and local storage) to provide and improve our Service. Here’s a breakdown:
Your Choices:
When you first visit, you’ll see a cookie notice if required by law, allowing you to accept or adjust non-essential cookies. Even if not in your region’s law, we put a friendly note about cookies to be transparent. You can control cookies through your browser settings too – e.g., block third-party cookies or all cookies. You can also delete cookies at any time. Just know that doing so may log you out and make the site less personalized, and some features (like cart, checkout) may not function.
We also honour any specific “Do Not Track” signals where feasible, but note that not all tracking on our site is only for advertising – some is just for internal functionality and analytics.
For further info on managing cookies, each browser’s help section will guide you. There are also industry opt-outs for analytics and advertising cookies (e.g., Google’s own opt-out page, or the Network Advertising Initiative site for ad cookies).
We care about your privacy, so we only share information as necessary and with trusted partners, under safeguards. We do not sell your personal information to third parties for money (and we have no intention to). Here are the categories of recipients we might share with:
All these providers are bound by privacy obligations. In South African terms, they’d be “operators” under POPIA, processing data per our instructions.
For instance, if a government authority lawfully asks for records of fraudulent transactions, we might provide relevant info. Or if a customer initiates a chargeback claiming fraud, we might share order details with the payment processor or bank to contest it.
We require third parties that receive personal data to have appropriate safeguards in place, especially if they’re in jurisdictions with different privacy laws. We attempt to choose reputable partners with robust data protection. If we transfer personal info across borders (say to a US-based service provider), we’ll do so in compliance with applicable laws (like using standard contract clauses or ensuring the provider is certified under frameworks, etc.).
You have rights regarding your personal information and we respect those. Under South Africa’s POPIA and other laws (like GDPR if you’re in the EU), these rights may include:
To exercise any of these rights, please contact us at support@theprocess.co.za. We will verify your identity (for example, by asking you to confirm details we have on file or to log in). We aim to respond within a reasonable time (POPIA suggests as soon as reasonably practicable, GDPR mandates within 1 month etc., we’ll target within 30 days for safety).
No fee is charged for exercising rights, unless a request is manifestly unfounded or excessive (then we might charge a reasonable fee or refuse). Note for EU/EEA/UK: If applicable, our legal bases for processing data typically are: contract (fulfilling orders), consent (marketing, certain cookies), legal obligation (financial record-keeping, product safety), and legitimate interests (improving our service, preventing fraud, etc.). We balance any such interest with your rights.
We implement reasonable security measures to protect personal information. This includes technical measures (like encryption of sensitive data in transit, e.g., our site is HTTPS so your checkout info is encrypted) and organizational measures (like limiting access to personal data to employees/contractors who need it and training them on confidentiality).
Our payment processing is PCI-DSS compliant via our providers, meaning we don’t directly handle or store full card numbers on our servers. We tokenise or rely on the gateway for that.
We store data on secure servers (with firewalls, monitoring, etc.). We also encourage you to use a strong password and keep it secret. If you suspect any unauthorized access to your account, let us know immediately.
Despite all efforts, no system is 100% secure. We cannot guarantee absolute security of data (for example, hackers are ever-evolving). But we follow industry best practices and strive to stay updated on security protocols. In the unlikely event of a data breach that poses a risk to you, we will notify you and relevant authorities as required by law.
We retain personal information only as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.
For example: – We keep your account info while your account is active. If you deactivate your account, we’ll delete or anonymize personal data within a reasonable time, except as needed for legal reasons. – Order records are typically kept for at least 5-7 years for tax and financial record-keeping (that’s a legal requirement). – Email/chat communications might be retained for a couple of years (to refer back if you contact us again, and for training). – If you unsubscribe from marketing, we keep your email on a suppression list indefinitely to ensure we don’t accidentally message you again. – Web analytics data might be retained for a set period (like 26 months in Google Analytics by default) unless we configure differently. – Cookie data persists as per cookie type (session cookies expire when you close browser; persistent cookies have a set expiry, e.g., some 1 year or 2 years). – If law requires certain data be kept longer (for example, if a legal dispute arises), we’ll retain specific info as needed until resolution.
When data is no longer needed, we dispose of it securely. For digital data, that means deletion from active databases and, when possible, from backups (though backups may have some residual data for a time, which is kept secure). For physical records (if any), that means shredding or similar.
Our Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you are under 18, please do not use or provide any info on this website without a parent/guardian’s involvement. If we learn we have inadvertently collected personal data from a child under 18, we will delete it.
Parents or guardians: if you become aware that your minor child has provided us with personal info, please contact us and we will take steps to remove that information and (if applicable) terminate the child’s account.
(Why 18 and not 13 like some policies? Because our Terms of Use restrict purchases to 18+ or minors with supervision. Also, certain products like any containing actives might not be intended for young kids. So we align to adult supervision.)
Our Site may contain links to third-party websites or services that we don’t own or control (for example, a link to a skincare blog or a social media page). This Privacy Policy doesn’t apply to those external sites. If you click a third-party link, you will be directed to that third party’s site. We can’t take responsibility for their content or privacy practices. We encourage you to read the privacy policies of any site you visit.
For example, if you leave our site to pay via a payment gateway’s hosted page, or if you navigate to our Instagram page – those interactions are governed by the other services’ policies (like Stripe’s or Instagram’s privacy policy).
We are based in South Africa. If you are visiting from another country, please be aware that your information may be transferred to, stored, and processed in South Africa or other countries where our service providers are located (like the US or EU). These countries may have different (and possibly less stringent) data protection laws than your jurisdiction.
However, we will take all steps reasonably necessary to ensure personal data is treated securely and in accordance with this Policy and applicable law. For transfers from the EU/EEA (if any occur, for e.g., we get an EU customer), we rely on appropriate safeguards like the European Commission’s Standard Contractual Clauses or an equivalent mechanism, as South Africa is not currently deemed “adequate” by the EU (though POPIA shares many similarities with GDPR). By using our Service, you consent to your information being transferred to our facilities and those third parties with whom we share it as described in this policy. We conduct such transfers only for the reasons set out (to fulfill orders, etc.), and we ensure each recipient has obligations to protect the data per applicable standards.
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post any changes on this page with a new “Last updated” date. If changes are significant, we may provide a more prominent notice or email you (for example, if we start collecting additional personal data or using data in a new way that requires consent).
Please review this Policy periodically for any updates. Your continued use of the Service after any changes constitutes acceptance of those changes. If you do not agree with the updates, you should stop using our Service and can request we delete your data.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
Email: support@theprocess.co.za
We’re here to help and will gladly clarify any points or address any issues. Your trust is paramount to us, and we want you to feel comfortable with how your data is treated. Thank you for taking the time to read our Privacy Policy. We hope it shows that we take your privacy seriously and aim to be transparent. Welcome to The Process community, where your data (and your skin!) are treated with care and respect.
