Privacy Policy

1. About This Policy

This Privacy Policy explains how Designer Pool Covers (Pty) Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you visit https://capetownpoolcover.co.za or interact with us.

We comply with the Protection of Personal Information Act, 2013 (POPIA) and the Promotion of Access to Information Act, 2000 (PAIA). This policy meets the disclosure requirements of POPIA Section 18.

2. Who We Are (Responsible Party)

• Legal name: Designer Pool Covers (Pty) Ltd
• Company registration: 2012/132656/07
• VAT number: 4540262849
• Physical address: Sunnyrock Park 3, Unit 2, 2 North Reef Road, Germiston, 1401
• Telephone: +27 (10) 824-8631 / +27 (82) 461-8330
• Information Officer: Willem de Wet

This site's role: Cape Town and Western Cape pool cover specialists. We service Atlantic Seaboard, Southern Suburbs, Northern Suburbs, City Bowl, Somerset West and surrounding suburbs.

3. What Personal Information We Collect and Why

We only collect personal information that is necessary, lawful and proportionate to the purpose for which it is collected.

Information you give us directly:

• Full name — to address you correctly in correspondence and on quotes/invoices.
• Physical address — to provide on-site assessment, delivery, and installation services.
• Telephone number — to coordinate site visits and provide service updates.
• Email address — to send quotes, invoices, warranty documents, and (if you opt in) maintenance reminders.
• Pool details (size, shape, photos you submit) — to design and manufacture your cover.
• WhatsApp number — if you contact us via WhatsApp, the conversation is processed by Meta (WhatsApp) under their own privacy policy.

Information we collect automatically:

• IP address and browser data — for security, fraud prevention and website optimisation.
• Cookie data — see Section 5.
• Pages visited and clicks — only if you have consented to analytics cookies.

Voluntary vs mandatory disclosure: Most fields on our quote forms are mandatory because we cannot quote without them. Marketing consent is entirely voluntary. Failure to provide mandatory information means we cannot deliver the service you requested.

4. Lawful Basis for Processing

Under POPIA, every data process must have a lawful basis. We rely on:

• Contractual necessity for installations, warranties, deliveries and after-sales service.
• Legitimate interest for quote generation, security and direct one-to-one customer communication.
• Consent for marketing communications and non-essential cookies (only if you explicitly opt in).
• Legal obligation for tax records (SARS requires 7-year retention) and for SANS 10134 compliance certificates.

5. Cookies and Tracking

We use cookies and similar technologies to make our website work and to improve your experience. You can manage cookies via the cookie banner that appears on your first visit, or by changing your browser settings.

• Strictly necessary cookies (no consent required): session management, security, form submission. The website cannot function without these.
• Analytics cookies (consent required): Used to understand visitor behaviour in aggregate.
• Marketing cookies (consent required): Used to show relevant ads. We do not sell your data to advertisers.

You can withdraw cookie consent at any time via the cookie settings link in our footer or by clearing your browser cookies.

6. Who Has Access to Your Information

Internal access: Limited to authorised Designer Pool Covers staff (currently fewer than 10 people). All staff have signed POPIA-aligned confidentiality agreements.

External operators (third-party service providers we use) include cloud hosting, email service, CRM systems, payment processors, and analytics tools. Each operator has a written data processing agreement.

We do not sell, rent or trade your personal information to third parties.

7. Cross-Border Transfers

Some of our cloud and analytics operators store data outside South Africa (typically in the European Union or United States). Under POPIA Section 72, we ensure cross-border transfers only happen where the recipient country provides an adequate level of protection, or the operator has signed a data processing agreement that imposes equivalent protections.

8. Your POPIA Rights

You are a Data Subject under POPIA. You have the right to:

• Be notified when your personal information is collected and when there is a security breach.
• Access your personal information that we hold.
• Correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
• Object to processing on reasonable grounds, including direct marketing.
• Withdraw consent for any processing based on consent.
• Submit a complaint to the Information Regulator (see Section 9).
• Data portability — receive your data in a machine-readable format where technically feasible.

How to exercise your rights: Email our Information Officer (Willem de Wet) at the contact details above. We will acknowledge within 5 working days and resolve within 30 calendar days.

9. Complaints to the Information Regulator

If you believe we have not handled your personal information correctly and we have not resolved your concern, you can lodge a complaint with:

10. Data Retention

We retain your personal information only for as long as necessary:

• Active customer data — retained for the duration of your warranty (typically 10–15 years).
• Tax records — retained 7 years per SARS requirements.
• Quote-only enquiries that did not convert — deleted after 24 months.
• Marketing data — deleted on opt-out, with backups purged within 90 days.

11. Security Measures

• Encryption — TLS 1.2+ for data in transit; AES-256 for data at rest.
• Access controls — role-based access, multi-factor authentication for staff.
• Backups — encrypted, geographically redundant.
• Staff training — annual POPIA training for all staff with data access.
• Incident response plan — documented breach response procedure.

12. Data Breach Notification

If we become aware of a security breach that has compromised your personal information, we will notify you and the Information Regulator as soon as reasonably possible (and within 72 hours where feasible), in line with POPIA Section 22.

13. Children's Information

Our services are aimed at adult homeowners. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact our Information Officer and we will delete it.

14. Changes to This Policy

We may update this policy from time to time. We will indicate the date of the most recent update at the top of this policy. Material changes will be communicated via email (where we have your email address) or via a prominent notice on our website.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact: