shopping-image here

SHôPING uses traffic log cookies to identify which pages are being used. This helps SHôPING to analyse data about webpage traffic and improve the website in order to tailor it to customer needs. SHôPING only uses this information for statistical analysis purposes and then the data is removed from the system.


This Privacy Policy (“Policy”) adheres to the principles contained in the Electronic Communications and Transaction Act 25 of 2002 (“ECT”) as well as the Protection of Personal Information Act 4 of 2013 (“POPIA”). The Policy concerns the digital collection and processing of personal information (as defined in POPIA) by the Application (“Application”) which was developed by Dashpay (Pty) Ltd (“Dashpay”) on behalf of Attacq Management Services (Pty) Ltd (“Attacq”), hereinafter jointly referred to as the “Parties”.

When using the Application and/or any of its related services, the Parties are aware that the Data Subjects (as defined in POPIA) are entrusting them with their personal information. Personal information is in its simplest form any information that can identify the Data Subject. All personal information collected and processed by the Application is done so strictly for business purposes.

The Parties as joint or co-responsible parties both reside in and are registered in the Republic of South Africa. The Application complies with POPIA as Parties process the information of within the borders of the Republic. The Parties will take all reasonable measures in accordance with this Policy and POPIA, to safeguard any personal information, collected and processed by the Application in any jurisdiction.

By using the Application, the Data Subject understands and agrees to the terms of this Policy. The Data Subject will be required to provide explicit consent through a push notification on the Application for the processing of their personal information specifically for the purpose of the requested services. The provision of your consent is mandatory if you wish to use the Application and if you elect not to provide us with your consent we will not be able to provide you with access to the Application. The terms of this Policy may be amended from time to time and without notice to the Data Subject, at the sole discretion of the Parties.

If you are under the age of 18, then you may only use the Application if your parent or legal guardian provides their consent. Such person agrees to be bound to this Policy and is liable and responsible for you and your obligations and rights in terms of this Policy.

The Parties request the personal information of Data Subjects through the Application in their capacity as joint or co-responsible parties. In accordance with ECT and POPIA, the legal basis for collecting personal information will be disclosed without any consent if: required to do so by a law, legal process or court order; required for the performance of the Application; disclosure is necessary to protect and defend the legitimate interests of the Parties; or in order to protect the vital interests of the Data Subject or a legitimate third party.

Personal data may be processed in the following situations: Business Transfers. The information may be shared or transferred in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of either of the Parties to another company. Affiliates. Information may be shared with the affiliates of the Parties, in which case those Affiliates will be required to honour the Policy. Affiliates include any holding companies, subsidiaries, joint venture partners or other companies that are under the control of either businesses parent company or that is under common control of either of the Parties. Business Partners. If you provide your consent, then information may be shared with any of the Parties business partners to offer the Data Subject certain products, services, or promotions.

Personal information is processed for a number of different reasons, including but not limited to: the facilitation of account creation and logon process; the fulfilment and management of orders by the Data Subject and the conclusion and performance of such related agreement; assist the Data Subject or the Application user with customer support issues and addressing user enquiries; in accordance with your chosen preferences and settings, provide general marketing and promotional material on new services and products to Data Subjects; deliver targeted advertisement to Data Subjects derived from data trends and user needs; promotional giveaways from time to time; and communicate changes to services, policies, terms and conditions and other important information with the Data Subject.

The Parties collect personal information that is provided through the Application when a Data Subject expresses an interest in obtaining information about a product, service. In addition to the categories of personal information referred to below, the Application collects personal nformation to verify the identity of a Data Subject and facilitate the purchase of goods and services such as names, identity numbers, phone numbers, electronic mail addresses and physical addresses; and information to facilitate the payment process in the form of payment instrument numbers (such as a credit card numbers), the security code associated with your payment instrument and other account numbers and information about the Data Subject’s preferences. All information provided by the Data Subject must be factually correct at the time that it is submitted on the Application. All personal information collected and processed will be to enable the Parties to provide Data Subjects with the product and service requested and will not be used for any other purpose, except where explicitly defined..

Types of information collected through the Application:
Location Based Data
Location data such as information about the Data Subject’s device location is also collected, which can be either precise or imprecise. The amount of information collected depends on the type and settings of the device that is used to access the goods and services. For example, GPS and other technologies may be used to collect geolocation data that indicates the Data Subject’s current location through the location of their device (based on the IP address). The Data Subject can choose to not allow the Parties to receive this information either by refusing access to the information or by disabling their location setting on their device. However, if the Data Subject does so certain aspects of the Application may not work as intended.

Device Data
Device information (such as device identification, model and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, internet service provider and/or network carrier, and internet protocol address (or proxy server) is automatically collected. Furthermore, information about the network associated with the device, the operating system or platform, type of device used, device unique identity and information about the features accessed by the Data Subject can be collected if necessary.

Push Notifications
The Application may request to send the Data Subjects push notifications regarding their account or certain features of the Application. If a Data Subject wishes to not receive such communications, they may turn them off in the Application’s settings.

Information automatically collected:
Log and Usage Data
For improved performance and reporting purposes, the Data Subject agrees that log and usage information can be collected along with diagnostic, usage and performance information when any of the services are used through servers and which record in log files. Depending on the nature of the interaction this may include the browser type, language preferences, referring URLs, device name, country, location, settings and the date and time of each use. The purpose of this is to better understand the behaviour of Data Subjects in relation to the Application and at the discretion of Dashpay and Attacq produce non-personally identifiable information like aggregated statistics for reporting purposes, decision-making purposes and marketing material.

The Parties have implemented appropriate organisational and technical security measures designed to protect the security of personal information processed by the Application. Dashpay as a third party payment provider accepts money or the proceeds of payment instructions as a regular part of its business. Due to this classification, Dashpay is registered with the Payment Association of South Africa (PASA) and must adhere to certain industry codes and sector standards. The most important of these are Payment Card Industry Data Security Standards (PCI DSS) and to which Dashpay adheres to..

A Data Subject may at any time review, change, update or terminate their account. This can be done by logging in to the Application and selecting the relevant option in their account settings. Alternatively, a Data Subject can use the contact details provided herein below to assist. Once a request has been made to terminate an account the necessary identity checks will be performed and the account together with all related personal information will be deactivated, retained in line with the records management and legislative requirements, or deleted. However, some information may be retained for the prevention of fraud, problem troubleshooting, assisting with investigations, enforce the Application’s terms and conditions and complying with applicable legal requirements.

Opting Out of digital Marketing Campaigns
Data Subjects can unsubscribe from the marketing and promotional material electronic mailing list at any time by clicking on the unsubscribe link in the electronic mail that they receive or by making a request to Attacq by following the directions provided. The request will then be processed, and the Data Subject will be removed from the list, however, a Data Subject may still receive electronic mail related to service requests necessary for the administration and use of their account, to respond to service requests, or for other non-marketing related purposes. Alternatively, a Data Subject can unsubscribe from the list by changing the preferences in the account settings on the Application.

In accordance with POPIA the Data Subject has the following rights:
The right to request confirmation that personal information about you is being processed.
The right to be notified about what personal information about them is being collected or accessed or acquired by an unauthorised person.
The right to request access to their personal information and to establish whether a responsible party holds personal information of them.
The right to request the correction, destruction, or deletion of their personal information.
The right to object, on reasonable grounds relating to their particular situation to the processing of their personal information, as well as to object at any time to the processing of personal information for purposes of direct marketing.
The right not to be subject to a decision based solely based on the automated processing of their personal information intended to provide a profile of such person.
The right to submit a complaint to the regulator regarding the alleged interference with their protection of their personal information or to submit a complaint to the regulator in respect of a determination of an adjudicator.
The right to raise a dispute as per the [Terms and Conditions].
In order to exercise these rights, please refer to [●].

Data Subjects who have any questions regarding their privacy rights or would like to review, update, or delete their personal information can email after which the Parties have 30 days or such longer period as deemed reasonable in the circumstances, to respond to the request.

Information is only retained for as long as deemed necessary to fulfil the purposes outlined in the Policy unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in the Policy will require the Parties to keep the personal information of Data Subjects for longer than the period that they have an account on the Application.

When there are no longer any ongoing legitimate business needs to process the personal information of a Data Subject the information will be deleted or anonymized, If this is not possible because the information has been stored in backup archives, then the information will be securely stored and isolated to prevent further processing until deletion is possible.