Privacy Policy

Last updated: 20 Sept 2023
Effective date: 5 July 2010

Welcome to AquaCat (“we”, “us”, “our”). We respect your privacy and are committed to protecting it through our compliance with this policy. We operate the website www.aquacat.co.za. Our company is registered in South Africa, and our registered address is 28 Perch Road, Ramsgate, KwaZulu Natal, 4285. You can contact us at info@aquacat.co.za.

This policy describes the types of information we may collect from you or that you may provide when you visit our website www.aquacat.co.za (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • On this Website.
  • In email, text, and other electronic messages between you and this Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy.

1. Information we collect about you

We collect several types of information from and about users of our Website, including information:

  • By which you may be personally identified, such as name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information”).
  • About your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
  • Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order
  • We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

  • Send you information about your account and order
  • Respond to your requests, including refunds and complaints
  • Process payments and prevent fraud
  • Set up your account for our store
  • Comply with any legal obligations we have, such as calculating taxes
  • Improve our store offerings
  • Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

2. How we use your information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our Website and its contents to you.
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provide it.
  •  To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  •  To notify you about changes to our Website or any products or services we offer or provide though it.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact Forms

We use contact forms on our website. When you submit a contact form, we collect the data shown in the form, and also the visitor’s IP address and browser user agent string to help spam detection. We keep contact form submissions for a certain period for customer service purposes, but we do not use the information submitted through them for marketing purposes.

Carousel

Image view tracking uses the following information: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Cookies

Our website uses cookies to store user preferences, record user-specific information on what pages users access or visit, ensure that visitors are not repeatedly sent the same banner ads, customize website content based on visitors’ browser type or other information that the visitor sends. Cookies may also be used by third-party services, such as Google Analytics, as described herein.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

To learn more about how we use cookies and your choice in relation to these tracking technologies, please refer to our Cookie Policy.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use third-party browser and mobile analytics services including but not limited to Google Analytics, Hubspot, WooCommerce, Stripe, and Facebook Pixel on the Service. These services use Data Collection Tools to help us analyze your use of the Service, including information like the third-party website you arrive from, how often you visit, events within the Service, usage and performance data, purchasing behavior, products you’ve viewed, location, IP address, and browser type, and shipping address. We use this data to improve the Service and provide information, products, and services that may be of interest to you.

Here are the links to the privacy policies of our core analytics providers:

Visitors can opt out of analytics tracking by selecting the appropriate option in the cookies notice pop-up.

Brute force attack protection

In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user. Failed login attempts which contain the user’s IP address, attempted username or email address, and user agent information are synced.

Payments Block

To facilitate new signup and renewals, the following is sent to Stripe (governed by Stripe TOS): Name, Credit Card number, CVV, Expiry date. Note – the credit card details are not stored by us – this data is collected and stored by Stripe. WordPress.com systems are fully PCI compliant.

We plan to store anonymized analytics about which step in the purchase process was reached for the purpose of improving the user experience. Cookies may be stored to implement content blocking in the future.

We create a new WordPress.com account for the user, or use the account associated with the email customer gives us. An explanation of WordPress.com data used can be found here. History of signups and billing facilitated via this feature is stored on WordPress.com servers for accounting and subsequent renewal purposes. For the purpose of renewing subscription, on our servers we store: Safely encrypted Stripe ID of the credit card connected to subscription, User id that initiated the purchase, Details about the product, Payment history for the subscription, Last 4 digits of the credit card and the brand – what is known in the industry as “safe details”. Also, we connect the ID of the credit card to the WordPress.com user id, which allows for one-click payments on other subscription products sold on WordPress.com network.

Repeat visitor block

The Repeat Visitor block records page views by setting a cookie named `jp-visit-counter` in the visitor’s browser, which is incremented on each visit. This cookie is stored only in the browser and not recorded in our databases.

WooCommerce Shipping & Tax

For payments made with Stripe the following data is used:

  • purchase total,
  • currency,
  • billing information.

WooCommerce Tax uses the following data:

  • value of goods in the cart,
  • value of shipping,
  • destination address.

WooCommerce Checkout Rates uses the following data:

  • destination address,
  • purchased product IDs,
  • dimensions,
  • weight,
  • quantities

The following data is used for shipping labels:

  • customer’s name,
  • address
  • dimensions, weight, and quantities of purchased products

WordPress.com Secure Sign On

The following data is used:

  • User ID (local site and WordPress.com),
  • role (e.g. administrator),
  • email address,
  • username and display name.

Additionally, for activity tracking the following data is used:

  • IP address,
  • WordPress.com user ID,
  • WordPress.com username,
  • WordPress.com-connected site ID and URL,
  • Jetpack version,
  • user agent,
  • visiting URL,
  • referring URL,
  • timestamp of event,
  • browser language,
  • country code.

The following usage events are recorded:

  • starting the login process,
  • completing the login process,
  • failing the login process,
  • successfully being redirected after login,
  • failing to be redirected after login.

Several functionality cookies are also set by Jetpack, and these are detailed explicitly in their Cookie documentation.

Jetpack Stats

The following activity is tracked:

  • Post and page views,
  • outbound link clicks,
  • referring URLs and search engine terms,
  • country.

Jetpack also tracks performance on each page load that includes the JavaScript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that their plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, JavaScript files, CSS files, etc.).

3. Disclosure of your information

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

As a global company, we may transfer your data to countries outside of South Africa. We ensure that these transfers are legal and that your data is secure. We use various measures to ensure that your data is treated securely and in accordance with this privacy policy and applicable law, including Privacy Shield, model clauses in our contracts, and binding corporate rules.

Contact Forms

Visitor comments and contact form submission data — IP address, user agent, name, email address, website, and message — is submitted to the Akismet service (also owned by Automattic) for the sole purpose of spam checking. The actual submission data is stored in the database of the site on which it was submitted and is emailed directly to the owner of the form (i.e. the site author who published the page on which the contact form resides). This email will include the submitter’s IP address, timestamp, name, email address, website, and message.

Google Analytics

The following purchase events will be sent from WooCommerce to Google Analytics:

  • shopping cart additions and removals
  • product listing views and clicks
  • product detail views
  • purchases
  • order number
  • product id and name
  • product category
  • total cost
  • quantity of items purchased

Notifications

Visitor-related information such as sending notifications (i.e. when we send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface will be sent to the site owner.

Social sharing

When official sharing buttons are active on the site, each button loads content directly from its service in order to display the button as well as information and tools for the sharing party. As a result, each service can in turn collect information about the sharing party. When a non-official Facebook or a Pinterest sharing button is active on the site, information such as the sharing party’s IP address as well as the page URL will be available for each service, so sharing counts can be displayed next to the button. When sharing content via email (this option is only available if Akismet is active on the site), the following information is used: sharing party’s name and email address (if the user is logged in, this information will be pulled directly from their account), IP address (for spam checking), user agent (for spam checking), and email body/content. This content will be sent to Akismet (also owned by Automattic) so that a spam check can be performed. Additionally, if reCAPTCHA (by Google) is enabled by the site owner, the sharing party’s IP address will be shared with that service. You can find Google’s privacy policy here.

WooCommerce Shipping & Tax

For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. Please see the respective third party’s privacy policy (Stripe’s Privacy Policy) for more details. For automated taxes we send the value of goods in the cart, the value of shipping, and the destination address to TaxJar. Please see TaxJar’s Privacy Policy for details about how they handle this information. For checkout rates we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to the carrier directly or via EasyPost, depending on the service used. For shipping labels we send the customer’s name, address as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

  • Order information like what was purchased, when it was purchased and where it should be sent, and
  • Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfill orders, process refunds and support you.

Password reset

If you request a password reset, your IP address will be included in the reset email.

4. Data security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

We take various measures to protect your data, including technical measures such as encryption, security measures such as two-factor authentication, and organizational measures such as staff training in data protection.

We have procedures in place to deal with any suspected data breach. If we are aware of a breach, we will notify you and any applicable regulators where we are legally required to do so.

The safety and security of your information also depends on you. We urge you to protect your user information and password and to be careful about giving out information in public areas of the Website.

5. Changes to our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page.

6. Contact information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: info@aquacat.co.za

7. Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information.
  • Request correction of the personal information that we hold about you.
  • Request erasure of your personal information.
  • Object to processing of your personal information.
  • Request the restriction of processing of your personal information.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.

8. Data retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention period for personal data may vary depending on the nature of the data and the purposes for which it is used.

Comments

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

User registration

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Mobile theme

A cookie is stored for 3.5 days to remember whether or not a visitor of the site wishes to view its mobile version.

Jetpack Stats

Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.

Brute force attack protection

Jetpack sets a cookie for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

9. Third-party links

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

10. Children under the age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features.

11. Jurisdiction-specific provisions

Residents of the European Economic Area (EEA), the United States, Australia, South Africa, and the United Arab Emirates have additional rights under their respective laws. Please see the relevant section below for more information.

European Economic Area (EEA)

In accordance with the General Data Protection Regulation (GDPR), residents of the EEA have the following additional rights:

  • The right to lodge a complaint with a supervisory authority.
  • The right to withdraw consent at any time.

United States

In accordance with the California Consumer Privacy Act (CCPA), residents of California have the right to request disclosure of the categories and specific pieces of personal information we have collected about them, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom we share personal information.

Australia

In accordance with the Australian Privacy Act 1988, residents of Australia have the right to request access to their personal information and correction of their personal information. They also have the right to make a complaint about a breach of the Australian Privacy Principles.

South Africa

In accordance with the Protection of Personal Information Act (POPIA), residents of South Africa have the right to access their personal information, correct their personal information, and object to the processing of their personal information.

United Arab Emirates

In accordance with UAE’s Data Protection Law, residents of UAE have the right to request access to their personal information, correct their personal information, and object to the processing of their personal information. legislation.

12. Grievance / Data Protection Officer

If you have any queries or concerns about the processing of your information that is available with us, you may email our Grievance Officer at Aquacat, 28 Perch Road, email: info@aquacat.co.za. We will address your concerns in accordance with applicable law.