Privacy policy

1. Definitions

“Afritrail” means Afritrail (Pty) Ltd, a private company incorporated in South Africa, trading under the domain afritrailshop.co.za.

“Biometrics” means techniques of personal identification based on physical, physiological or behavioural characteristics (e.g. fingerprinting, DNA analysis, voice recognition).

“Child” means a natural person under the age of 18 years.

“Competent person” means any person legally able to consent on behalf of a child.

“Data subject” means any individual whose personal information Afritrail collects or processes (e.g. website visitors, customers, employees, suppliers).

Direct marketing” means approaching a data subject, in person or electronically, for the direct or indirect purpose of promoting Afritrail’s products or services.

“Electronic communication” means any text, voice, sound or image message sent over an electronic network and stored until collected by the recipient.

“Filing system” means any structured set of personal information, whether electronic or paper‐based.

“Operator” means a person who processes personal information for Afritrail under contract or mandate.

“Personal information” means information relating to an identifiable, living natural person (and, where applicable, juristic person), including contact details, identifiers, biometric data, preferences, opinions and any other data that can identify an individual.

“Processing” means any operation or activity concerning personal information, including collection, storage, retrieval, use, disclosure, erasure or destruction.

“Responsible party” means Afritrail when it determines the purpose of and means for processing personal information.

“Special personal information” means sensitive personal data (e.g. race, religion, health, sexual orientation, criminal record).

“Unique identifier” means any identifier assigned to a data subject for the purposes of uniquely identifying them within Afritrail’s systems.

2. Introduction

Afritrail operates an e-commerce platform allowing customers to purchase goods, pay online, and arrange delivery. In doing so, we collect and process personal information from customers, suppliers and other stakeholders. Afritrail is committed to safeguarding the constitutional right to privacy of our South African data subjects and to respecting applicable privacy regulations in all jurisdictions we serve, including the Protection of Personal Information Act (POPIA).

3. Objective

While absolute protection against data breaches cannot be guaranteed, this policy aims to:

  • Ensure Afritrail’s compliance with POPIA and related regulations.
  • Protect data subjects from harm by securing their personal information.
  • Obtain and manage consent in accordance with POPIA.
  • Prevent unauthorized sharing of personal information.
  • Educate data subjects about their privacy rights.

4. POPIA Core Principles

Afritrail commits to:

  • Lawful, fair and transparent processing.
  • Purpose limitation: Collect only data necessary for specified, legitimate purposes.
  • Data minimization: Retain personal information only as long as required.
  • Accuracy: Keep personal information complete, accurate and up to date.
  • Security safeguards: Implement appropriate technical and organizational measures to protect personal information from loss, unauthorized access, alteration or destruction.
  • Accountability: Maintain records to demonstrate POPIA compliance.

5. Consent

  • We will explain why we collect personal information and obtain explicit consent where required.
  • If we wish to use personal information for new purposes, we will seek fresh consent.
  • Special personal information will only be collected or processed with explicit consent, unless otherwise permitted by law.

6. Collection, Processing & Sharing

  • Source of data: We collect personal information directly from data subjects unless it is publicly available or another lawful basis applies.
  • Purpose: We use personal information to process orders, manage accounts, provide support, and improve our services.
  • Third-party sharing: We share personal data with logistics providers, payment gateways and other service partners under strict contractual obligations to respect privacy and security.

7. Storage of Information

  • All electronic data is stored on secured servers with firewalls and access controls. 
  • We regularly review and update our security measures and conduct vulnerability assessments.

8. Disposal of Information

  • Personal data is retained only as long as necessary.
  • When records are no longer required, we securely delete or destroy them (e.g. shredding paper, securely wiping electronic media).
  • If litigation or regulatory actions are pending, destruction may be suspended until resolved.

9. Internet & Cyber-Security

  • All users of Afritrail’s systems are trained in acceptable use and anti-virus procedures.
  • Passwords protect all systems, and multi-factor authentication is used where feasible.
  • Email use is governed by our internal IT and security policies to prevent spam, phishing and data leakage.

10. Usage Data & Cookies

  • We automatically collect Usage Data (e.g. IP address, browser type, pages visited).
  • We use cookies and similar technologies (beacons, tags, scripts) to improve site performance and analyze usage.
  • Users may disable cookies in their browser—however, some site features may not function correctly.

11. Third-Party Operators

  • We enter into data-processing agreements with all third-party operators to ensure they comply with POPIA standards.
  • We do not share personal information with marketers without explicit consent.

12. Payment & Banking Details

  • Payment processing is handled by reputable gateways (e.g. PeachPayments, PayFast, PayU).
  • Afritrail is not liable for data breaches that occur on third-party payment platforms.

13. Direct Marketing

  • We will not share your contact details with unaffiliated marketers.
  • Promotional emails include a clear unsubscribe link for easy opt-out.

14. Data Classification

Classification Description
Public Information freely available (e.g. marketing materials).
Internal Company-internal data (e.g. policies, procedures).
Confidential Sensitive business or customer data requiring strict access controls.


15. Data Subject Rights

Data subjects may, in the prescribed manner:

  • Withdraw consent at any time (without affecting prior processing legality).
  • Object to processing on reasonable grounds or for direct marketing.
  • Request access to confirm whether Afritrail holds their personal information and obtain a copy.
  • Request correction or deletion of inaccurate, excessive or unlawfully obtained data.
  • Request restriction of processing where full deletion is not possible.
  • Requests should be sent to our Information Officer (see below).

16. Information Officer

For POPIA-related queries or to exercise your data rights, please contact:

Information Officer
Email: support@afritrailshop.co.za
Phone: +27 10 020 8813

Thank you for trusting Afritrail with your personal information.
We regularly review this policy and will notify you of any material changes.