About Us Blog
N
0

Privacy Policy

Last updated: 29 May 2026

1. Introduction

Noswele Express ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and services.

This policy is governed by and compliant with the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA") of the Republic of South Africa. We recognise your right to privacy and commit to processing your personal information lawfully and responsibly.

2. POPIA Compliance

The Protection of Personal Information Act (POPIA) is South Africa's comprehensive data protection legislation that came into full effect on 1 July 2021. It governs how organisations collect, process, store, and share personal information.

Key Definitions Under POPIA

  • Responsible Party: Noswele Express — the entity that determines the purpose and means of processing personal information.
  • Data Subject: You — the individual whose personal information is being processed.
  • Operator: Any third party that processes personal information on our behalf (e.g. payment gateways, couriers).
  • Personal Information: Any information relating to an identifiable, living natural person or existing juristic person, including but not limited to name, ID number, email, phone number, address, and online identifiers.
  • Processing: Any operation performed on personal information, including collection, storage, modification, retrieval, dissemination, and destruction.

POPIA Conditions for Lawful Processing

We adhere to all eight conditions for lawful processing as outlined in POPIA:

  1. Accountability: We take responsibility for complying with POPIA's conditions and have appointed an Information Officer to oversee compliance.
  2. Processing Limitation: We only process personal information that is adequate, relevant, and not excessive for the specific purpose.
  3. Purpose Specification: We collect personal information for specific, explicitly defined, and lawful purposes related to our business functions.
  4. Further Processing Limitation: We do not process personal information for purposes incompatible with the original collection purpose.
  5. Information Quality: We take reasonable steps to ensure personal information is complete, accurate, and up to date.
  6. Openness: We are transparent about how we process personal information, as documented in this policy.
  7. Security Safeguards: We implement appropriate technical and organisational measures to protect personal information (see Section 6).
  8. Data Subject Participation: You have the right to access, correct, and delete your personal information (see Section 8).

Lawful Basis for Processing

We process your personal information on one or more of the following lawful bases:

  • Consent: You have given voluntary, specific, and informed consent (e.g. subscribing to our newsletter).
  • Contract: Processing is necessary to fulfill a contract with you (e.g. processing your order).
  • Legal Obligation: Processing is necessary to comply with a legal obligation (e.g. tax records, SARS requirements).
  • Legitimate Interest: Processing is necessary for our legitimate interests, provided it does not override your rights (e.g. fraud prevention, website security).

3. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, phone number, delivery address, and billing details provided when you register, place an order, or contact us.
  • Account Information: Login credentials and profile preferences.
  • Transaction Data: Order history, payment references, and delivery tracking.
  • Technical Data: IP address, browser type, device information, and pages visited.
  • Cookie Data: Information collected through cookies and similar technologies (see Section 6).

4. How We Use Your Information

We use your information to:

  • Process and fulfill your orders
  • Communicate with you about your account and orders
  • Improve our website, products, and services
  • Send marketing communications (with your consent)
  • Comply with legal obligations
  • Prevent fraud and ensure security

5. Data Sharing

We do not sell your personal information. We may share your data with:

  • Service Providers (Operators): Payment processors (e.g. Ozow), courier services, and hosting providers who assist in delivering our services. All operators are contractually bound to process your information in accordance with POPIA.
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

5A. Cross-Border Data Transfers

Some of our service providers may be located outside South Africa. In such cases, we ensure that any cross-border transfer of personal information complies with Section 72 of POPIA by confirming that:

  • The recipient country has adequate data protection laws, or
  • The recipient is bound by a binding agreement that provides adequate protection, or
  • You have provided consent for the transfer, or
  • The transfer is necessary for the performance of a contract between you and us.

6. Data Security

In accordance with Section 19 of POPIA, we implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Regular security assessments and vulnerability testing
  • Access controls limiting data access to authorised personnel only
  • Secure password hashing using modern algorithms

Security Breach Notification

In the event of a data breach that compromises your personal information, we will notify you and the Information Regulator as soon as reasonably possible, as required by Section 22 of POPIA. The notification will include:

  • A description of the possible consequences of the breach
  • The measures we have taken or propose to take to address the breach
  • Recommendations on what you can do to mitigate potential harm

7. Cookies

Our website uses cookies — small text files stored on your device — to:

  • Essential Cookies: Enable core functionality such as authentication, shopping cart, and security.
  • Analytical Cookies: Help us understand how visitors interact with our website so we can improve user experience.
  • Preference Cookies: Remember your choices and settings.

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

8. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

  • Right to Access (Section 23): You may request confirmation of whether we hold personal information about you and request access to that information.
  • Right to Correction (Section 24): You may request that we correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, or misleading.
  • Right to Deletion (Section 24): You may request the destruction or deletion of personal information that we are no longer authorised to retain.
  • Right to Object (Section 11(3)): You may object to the processing of your personal information on reasonable grounds, unless legislation permits such processing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right Not to be Subject to Automated Decision-Making (Section 71): You may object to a decision made solely on the basis of automated processing that significantly affects you.
  • Right to Lodge a Complaint: You may lodge a complaint with the Information Regulator if you believe your rights have been infringed (see Section 12).

How to Exercise Your Rights

To exercise any of these rights, please submit a written request to our Information Officer using the contact details provided in Section 13. We will respond to your request within 30 days, as required by POPIA. We may request verification of your identity before processing your request.

9. Data Retention

In accordance with Section 14 of POPIA, we retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:

  • Account Data: Retained for the duration of your account and deleted upon request (subject to legal obligations).
  • Order & Transaction Records: Retained for a minimum of five years as required by SARS and the Companies Act.
  • Marketing Consent Records: Retained until consent is withdrawn.
  • Technical/Log Data: Retained for up to 12 months for security and analytical purposes.

Once the retention period expires, personal information is securely destroyed or de-identified so that it can no longer be associated with you.

10. Direct Marketing

In terms of Section 69 of POPIA:

  • We will only send you marketing communications where you have provided opt-in consent, or where you are an existing customer and the communication relates to similar products or services.
  • Every marketing communication includes a clear and easy mechanism to opt out (unsubscribe).
  • We maintain a suppression list of individuals who have opted out to ensure they are not contacted again.

11. Children's Privacy

In accordance with Section 35 of POPIA, we do not knowingly collect or process personal information from children under the age of 18 without the consent of a competent person (parent or guardian). Our services are not directed at children. If we become aware that we have inadvertently collected information from a child without appropriate consent, we will take steps to delete that information promptly.

12. Complaints & the Information Regulator

If you are unsatisfied with how we have handled your personal information or believe that we have not complied with POPIA, you have the right to lodge a complaint with the Information Regulator (South Africa):

  • Phone: 010 023 5207
  • Email: complaints.IR@justice.gov.za
  • Website: inforegulator.org.za
  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

We encourage you to contact us first so that we can try to resolve any concerns directly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. Where changes are significant, we will notify you via email or a prominent notice on our website. We encourage you to review this policy periodically.

14. Contact Us & Information Officer

For any privacy-related queries, requests, or to exercise your rights under POPIA, please contact our designated Information Officer:

  • Information Officer: Noswele Express Management
  • Email: info@nosweleexpress.co.za
  • Website: nosweleexpress.co.za

We will acknowledge your request within 5 business days and provide a substantive response within 30 days, as required by POPIA.

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. Privacy Policy