Privacy Policy

How we collect, use, and protect your personal information

Effective from 1 January 2026

1. Introduction

Harrow Vale ("Designer", "We", "Us", "Our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with us through our website, email, forms, or services.

This Privacy Policy complies with the Protection of Personal Information Act (POPIA), 2013 (Act No. 4 of 2013) of South Africa and applies to all personal information we process, whether online or offline.

2. Information We Collect

We collect the following types of personal information:

Direct Information:

  • Contact Information: Name, email address, phone number, business name, company address
  • Project Information: Project details, brief, timeline, budget, deliverables, and any information you provide in inquiry forms or proposals
  • Payment Information: Invoice details, payment method, transaction records (processed securely via third-party payment providers)
  • Communication Records: Email conversations, meeting notes, feedback, and project communications
  • Business Information: Business registration details, tax identification numbers, and other business-related information you provide

Website Information:

  • Analytics Data: IP address, browser type, pages visited, time spent on site, referrer pages (collected via Google Analytics)
  • Cookies: Non-identifying cookie data to improve website functionality and user experience
  • Usage Data: How you interact with our website, forms, and links

Sensitive Personal Information:

We do not intentionally collect sensitive personal information (race, ethnicity, religious beliefs, political opinions, trade union membership, genetic data, health data, or criminal history) unless explicitly required for a specific purpose and with your informed consent.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To provide design services and complete projects you've requested
  • To communicate with you regarding your project, timelines, and deliverables
  • To send invoices, payment reminders, and financial communications
  • To respond to inquiries and provide customer support
  • To improve our website, services, and user experience through analytics
  • To comply with legal obligations and tax requirements
  • To maintain records for business and accounting purposes
  • To send marketing communications (only if you've opted in)
  • To detect and prevent fraud, abuse, or security incidents
  • To establish and maintain professional relationships

4. Legal Basis for Processing

Under POPIA, we process your personal information based on the following lawful grounds:

  • Contractual Performance: Processing necessary to execute design agreements and deliver services
  • Legal Compliance: Processing required to comply with South African tax, financial, and business laws
  • Consent: Processing done with your explicit consent (e.g., marketing emails, portfolio display)
  • Legitimate Interests: Processing for business purposes such as fraud prevention and service improvement

5. Who We Share Your Information With

We do not sell or trade your personal information. However, we may share information with:

  • Service Providers: Third-party tools for payment processing, website hosting, analytics, and email communication (all with data processing agreements in place)
  • Accountants and Tax Advisors: To fulfill financial and tax compliance obligations
  • Legal Representatives: When required to comply with legal orders or protect our rights
  • Sub-Contractors: Freelance designers or specialist contractors assisting with projects (under confidentiality agreements)

International Data Transfers:

Some of our service providers (e.g., cloud hosting, analytics) may process data outside South Africa. We ensure these transfers comply with POPIA through data processing agreements and appropriate safeguards.

6. Data Security

We take data security seriously and implement reasonable technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure password-protected accounts and encrypted communications
  • Limited access to personal information (only authorized staff members)
  • Regular security reviews and vulnerability assessments
  • Secure file storage and backup systems
  • Confidentiality agreements with all staff and contractors

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by South African law. Retention periods include:

  • Project Data: Retained during the project and for 7 years after completion for tax and legal compliance
  • Financial Records: Retained for 7 years in accordance with South African tax law
  • Communications: Retained for the duration of the relationship and 3 years after
  • Marketing Data: Retained until you opt out of communications
  • Analytics Data: Aggregated data retained indefinitely; identifiable data deleted after 26 months

Upon request and after the retention period, we will securely delete or anonymize your personal information unless legally required to retain it.

8. Your Rights Under POPIA

Under the Protection of Personal Information Act, 2013, you have the following rights:

  • Right to Access: Request access to personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal information
  • Right to Deletion: Request deletion of personal information (subject to legal obligations)
  • Right to Object: Object to the processing of your personal information for marketing or other purposes
  • Right to Restrict Processing: Request restriction of personal information processing in certain circumstances
  • Right to Lodge a Complaint: Lodge a complaint with the Information Regulator if you believe your rights have been violated

To exercise any of these rights, contact us using the information provided in the Contact section below.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and gather analytics. We use:

  • Essential Cookies: Required for website functionality (login, form submission)
  • Analytics Cookies: Google Analytics to understand how users interact with the website (anonymized)
  • Marketing Pixels: Meta Pixel for conversion tracking and retargeting

You can disable cookies in your browser settings, though this may affect website functionality. By using our website, you consent to cookie usage in accordance with this Privacy Policy.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party sites before providing personal information.

11. Marketing Communications

We may send you marketing communications (email newsletters, design tips, service updates) if you've opted in. You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in the email or contacting us directly.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we've collected information from a child, we will take steps to delete such information immediately.

13. Data Breach Notification

In the event of a data breach affecting personal information, we will notify affected individuals and the Information Regulator as required by POPIA. We will provide details of the breach, potential impact, and recommended precautions.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Changes will be effective upon posting to the website. Continued use of our services following changes indicates your acceptance of the updated policy.

15. Contact and Complaints

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices:

  • Contact us via the inquiry form on our website
  • Email us directly with your data request or complaint

Information Regulator Contact:

If you believe your rights under POPIA have been violated and we cannot resolve the issue, you may lodge a complaint with the Information Regulator of South Africa (IRSA).

Website: www.justice.gov.za/inforeg
Email: complaint@inforeg.org.za

We Respect Your Privacy

Have questions about how we handle your data? Let's talk.

Start a Project