Login

Cart

Your cart is empty

Privacy Policy

Privacy Policy

  1. Introduction


The Company acknowledges and supports consumer rights and the right to privacy. Accordingly, our customers’ privacy and trust are extremely important to us! We will ensure that personal information (“information”) is collected and handled in a transparent and lawful manner in

alignment with the Protection of Personal Information Act, 2013 (“POPIA”).




We respect privacy, we promise:


  • To implement reasonable computer (logical), physical and procedural (process) safeguards to protect the security and confidentiality of the information we collect.

  • To limit the information collected to the minimum required to provide a better service and/or product or meet our other goals.

  • To permit only properly trained, authorised employees to access information.

  • Not to disclose your information to external parties unless consent has been provided or we are required or permitted by law to do so.


  1. Purpose

The Company offers a wide range of products and services, including but not limited to in-store services, digital offerings, a loyalty programme, and value-added services. This policy explains how we use the information we collect from you when you use our products and/or services and by using our products and/or services and/or by providing information to us you agree to the information being processed as set out in this policy. This policy also:


  • sets out the types of information that we collect;

  • explains how and why we collect and use your information;

  • explains whom we share your information with; and

  • explains the rights and choices you have when it comes to your information

  • explains how to contact us or the relevant authorities.


Some parts of our business may need to collect and use personal information to provide you with their products and services. In most cases they will refer to this policy, but you must also read their specific terms and conditions. Company websites or mobile apps may contain links to websites operated by other organisations that have their own privacy policies. Please make sure you read their terms and conditions and privacy policies carefully before providing any personal information on other websites as we do not accept any responsibility or liability for other organisations.

  1. Scope

In this policy, “us”, “our” or “we” refers to:


  • The Hub Pty Ltd (Registration number: 2004/033029/07)


  • HTC Stores Pty Ltd (Registration number: 1991/004010/07


  • CB Stores Pty Ltd (Registration number: 1999/012663/07)


  1. Legislation and Regulations

This policy is subject to the laws of the Republic of South Africa in particular POPIA and the Consumer Protection Act, 2008 (“CPA”) as well as other relevant data protection legislation. Any dispute arising will, to the extent permitted by law, first attempted to be settled internally and if this is not possible be referred to arbitration in Durban at a venue to be determined by us applying the Uniform Rules of the High Court of South Africa.


In the interests of compliance with the Promotion of Access to Information Act, 2000 the Company offers you the opportunity to view our PAIA manual on our website: www.hub.co.za and www.CBstores.co.za.


  1. Roles and Responsibilities

Based on POPIA, the following role players are relevant to this policy:


ROLE

RESPONSIBILITY

Information Regulator

  • The Information Regulator Office duties includes providing education, monitor and enforce compliance, handle complaints and facilitate cross-border cooperation in the enforcement of privacy laws

  • In the context of this policy this is the office of individuals appointed by the President of South Africa in terms of POPIA

Information Officer

•The individual who is the head of or CEO of the Company who is registered with the Information Regulator in terms of the PAIA and POPIA and is responsible for ensuring that the Company complies with the Acts

Deputy Information Officer/s

  • The individuals who are registered with the Information Regulator in terms of the PAIA and POPIA and have been delegated responsibilities in driving required activities on behalf of the Information Officer

  • In the context of this policy these are the participates of the Privacy and Security Committee

Data subject

  • Any natural or juristic person who is identifiable by means fovea an identifier such as a name, an ID number, location data, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity

  • In the context of this policy this is the person (aka consumer or customer) whose information is being processed by the Company




Responsible Party

  • The party who determines the purpose of and means for processing personal information and is also responsible for protecting (safeguarding) the information of the data subject

  • In the context of this policy this is either the Company or a business partner (depending on the context)

Operator or Processing Party

  • The party who processes (collect, receive, record, collate, store, anonymise, retrieve, alter, use, distribute, erase or delete) information for a responsible party in terms of a contractual agreement or mandate on behalf of a Responsible Party

  • In the context of this policy this is either the Company or a business partner


  1. Information Collection


To register or make use of the Company’s programmes and services such as our loyalty, rewards , laybye programmes, etc you are required to provide us with your personal information including but not limited to your South African ID number or passport number (for non-South African citizens), name, surname, contact information and other personal details.


You may provide personal information to us either directly or indirectly (through a person acting on your behalf), by completing an application form for our products and services or requesting further information about our products and services, whether in writing, through our website, over the telephone or any other means.


Unless you consent, we usually only collect information that is reasonably necessary for our business functions and activities and related purposes. The type of information we collect and hold, will depend on the purpose for which it is collected and used. Where possible, we will inform you what information you are required to provide to us and what information is optional. The information we process is typically to provide you with the goods and services you want to buy and or laybye and help you with any orders and refunds you may ask for, to manage and improve our day-to-day operations, to manage and improve our loyalty and rewards programmes, websites and mobile platforms with the aim of improving your customer experience.


We may also collect your personal information from a person acting on your behalf, any regulator, or other third party that may hold such information.


You agree to give accurate and current information about yourself to the Company and to maintain and update such information when necessary. To improve the accuracy of our data and get to know our customers better, we may enrich it from other third parties, including credit bureaus.


  1. Services in Collaboration with business partners

The Company has various partnerships and we also provide various goods and services. To deliver these goods and services, varying levels of information are required to be processed, including obtained from or shared with relevant external business partners (local and/or abroad) to verify against, or facilitate the goods or services offered by the business partner. When you agree to the company’s and/or business partner’s terms and conditions, it allows us to share the relevant information to facilitate the product or service being rendered to you.

Note that for some of our products may require you to provide additional information directly to a business partner of ours. In such instance, we process this information on the business partner’s behalf and as such the relevant business partner remains responsible for protecting this information, not the Company. When signing up with one of our business partners, it is important for you to recognise that you are establishing a direct, binding relationship with such a partner under their terms & conditions and related privacy policies and that they would be the responsible party under POPIA.


  1. Persons under 18 years

We do try our best not collect any information of persons (minors) under the age of 18 years without the consent of their parents or guardians. If you are under the age of 18 years, you must NOT provide any information to the Company without the consent of your parent or legal guardian.


  1. Your Account

When signing up for certain Company services, you are required to create a user account. You agree that you will provide accurate information to us and keep it updated, and that you will not create a false identity or an account for anyone other than yourself. It is your responsibility to

safeguard your profile’s username and password. This includes that you make use of a strong password and that you do not intentionally or unintentionally divulge it to anybody else. In the event of someone else using your username and password to make changes to your or transact on your behalf, you will be held responsible for the changes and the outcome thereof.


If you suspect its misuse or compromise, you must report this to our Customer Care Line on 0861 888 899 or email: popia@decofurn.co.za as soon as possible.


  1. Cookies


A cookie is a piece of information that is deposited in your computer’s hard drive by your web browser when you use our computer server. Most web browsers accept cookies automatically, but you can alter your settings to prevent automatic acceptance. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience. If you choose not to accept cookies, this may disable some features of our website.

Our website also uses push notifications.


  1. Embedded Scripts

An embedded script is a programming code that is designed to collect information about your

interactions with the Company’s website. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to our website and is deactivated or deleted thereafter.


  1. Mobile Device Identifiers


Certain mobile service providers uniquely identify mobile devices. The Company or our third-party service providers may receive such device information if you access our website or mobile applications through your mobile device when allowing cookies or push notifications.

  1. Closed-Circuit Television (CCTV)


Closed-Circuit Television (CCTV) images are processed, monitored and recorded for the purposes of crime prevention and detection as well as public safety in our stores and regional support offices.


  1. Transborder Flows

Should the Company need to transfer a data subject's information to service providers in countries outside South Africa, the Company will ensure that these countries have data-protection laws which are similar to those of South Africa. The Company will adhere to applicable laws.


  1. Purpose and Use of Information


The Company may use your information for the purposes for which it was collected or agreed with you to facilitate the provision of our products and services to you, and for purposes which are within reasonable expectations and where permitted by law.


Examples of information collected from you or other sources and processed by the Company are detailed below (which is not an exhaustive list) and linked to the purpose thereof.


  • ID number / passport number (which you consent we may collect from credit bureaus and/or other aggregators) - to identify you as a unique person on our database as for us to validate who you are when you want to change your profile details or resolve queries related to your Loyalty card, transactions or points. We also use this to inform segmentation analytics to provide benefits including targeted birthday, pensioner or other life stage- relevant offers.

  • Contact information - to facilitate essential support via communications as well as better customise our offering to you, where you have opted in for such communications, including:

    • In support of facilitating required activities for services and programmes i.e.: OTPs, invoices, statements, deliveries, etc;

    • Send information regarding services and programmes via direct marketing i.e. new benefits, clubs or partners as well as inform you of promotions or deals;

    • Send or serve you targeted advertising across social media, other digital media platforms and physical post;

    • Contact you where you may have won a competition / draw that you have entered;

    • Request your feedback and opinion in the form of surveys, opinion polls or focus groups, should you wish to participate;

    • Contact you in relation to Customer Careline feedback, custom complaints or other feedback you wish to give us where you agree to us contacting you.

  • Inform segmentation or analysis based on your transaction history for use by our internal commercial team as well as vendors / suppliers and business partners to serve relevant content or offers. We may do this for use and disclosure of the de-identified information to determine preferences and shopping patterns.

  • We may also disclose detailed information with our business partners to assist them in marketing products and services as governed by this policy and the related service’s specific terms and conditions as well as the business partner’s privacy policy.

  • Share information with 3rd (third) parties as an outsourced function, with the purpose of communicating to you.


SOURCE

PURPOSE

DATA SUBJECT INFORMATION

Emailers / SMS’s

  • Facilitate required communications such as one-time passwords, invoices, statements and personalised discounts linked to the Company associated programmes and services you are using.

  • Send you communications for the Company’s associated programmes and services you are using where you have opted into direct marketing communications via your preferences.

  • First Name and Surname

  • Email address

  • Contact Numbers (Telephone and

Mobile)

  • Loyalty Card Number

  • Other account number

Products and services (in store or online) rendered by either the Company and/or business partners

  • Process your application

  • Create a uniquely identifiable

customer record

  • Provision the relevant services as set out in the respective terms and conditions for the relevant products and/or services subscribed to by the Data Subject

  • Process payments

  • Regular communications

  • Provide individually customised

promotions and discounts

  • First Name and Surname

  • Email address

  • Contact Numbers (Telephone and

Mobile)

  • ID or Passport Number

  • Gender

  • Date of Birth

  • Physical Address

  • Communication Preferences

  • Language Preferences

  • Card Number

  • Payment Card and CCV Number

Customer Care Complaints or Compliments

  • Assist the Company to categorise the Data Subject’s complaint or compliment

  • Provide feedback to the Data Subject

regarding the complaint or compliment

  • First Name and Surname

  • Email address

  • Contact Numbers (Telephone and

Mobile)

  • Account Number (if needed)

Competitions and/or business partners

  • Validate the Data Subject’s entry and whether he/she is eligible to partake in the competition

  • Contact the Data Subject if he/she is

the prize winner

  • First Name and Surname

  • Email address

  • Contact Numbers (Telephone and Mobile)

  • Account Number (if needed)

Customer Surveys and/or business partners

Request Data Subject to voluntary participate relating to their shopping experience and/or how customer service can be improved

  • First Name and Surname

  • Email address

  • Contact Numbers (Telephone and

Mobile)

  • Opinions

CCTV Surveillance

Stores and Office buildings may use CCTV camera surveillance for public safety, crime prevention and quality control

Data Subjects’ physical features such as face, gender, race, height, clothing worn at the time and actions at the time.




Social Media

Social Media adverts for products and services which you may be interested in.

Content of Data Subjects’ posts.

Websites of Company and/or business partners

  • Information is collected using cookies and/or embedded scripts within the website

  • When information is shared with our advertisers, it is anonymous and not personally identifiable i.e. it does not contain your name, address, telephone number or email address

Computer device information (whether you are a registered and unregistered user) such as:

  • type of Internet browser software,

  • the operating system on your device,

  • the website that referred you,

  • your Internet Protocol address,

  • the country and telephone code

where your device is located,

  • the web pages viewed during your visit,

  • the advertisements you clicked on,

and

  • any search terms you entered on our

website (user information)

Website of the Company

  • Information is collected when

enabling push notifications

  • When information is shared with third parties, it is anonymous and not personally identifiable i.e. it does not contain your name, address, telephone number or email address

  • platform

  • creation date

  • os version

  • device brand

  • device model

  • language

  • country

  • time zone

  • currency

  • carrier

  • screen width, height and density

  • last open date & time

  • is online

  • geolocation data


We may also use your information for the following reasons:


  • complying with statutory and regulatory requirements in respect of the storage and maintenance of documents and information;

  • complying with valid requests for information, including subject access requests and requests in terms of PAIA;

  • complying with information requests by regulators or bodies lawfully requesting the information (e.g. tax authorities);

  • providing customer service and assessing customer complaints;

  • assisting in law enforcement, fraud investigations, anti-money laundering and counter- terrorist financing initiatives;

  • providing you with the services, products or offerings you have requested, and notifying you about important changes to these services, products or offerings;

  • managing your account or relationship and complying with your instructions or requests;

  • detecting and preventing fraud and money laundering and/or in the interest of security and crime prevention;

  • operational, marketing, auditing, legal and record keeping requirements;

  • transferring or processing your personal information outside of the Republic of South Africa to such countries that may not offer the same level of data protection as the Republic of South Africa, including for cloud storage purposes and the use of any of our websites;

  • complying with applicable laws;

  • recording and/or monitoring your telephone calls and electronic communications to/with the Company in order to accurately carry out your instructions and requests, to use as evidence and in the interests of crime prevention;

  • conducting market research and providing you with information about the Company products or services from time to time via email, telephone or other means (for example, events);

  • where you have unsubscribed from certain direct marketing communications, ensuring that we do not send such direct marketing to you again;

  • disclosing your personal information to third parties for reasons set out in this policy or where it is not unlawful to do so;

  • monitoring, keeping record of and having access to all forms of correspondence or communications received by or sent from the Company or any of its employees, agents or contractors, including monitoring, recording and using as evidence all telephone communications between you and the Company;

  • improving or evaluating the effectiveness of the Company’s business or products, services or offerings;

  • conducting internal investigations.


  1. Direct Marketing and Opting Out


If you are an existing customer, we may communicate with you based on the preferences as selected by you in relation to the relevant product or services you have signed up for. This may include making contact via telephone, email, SMS, Whatsapp, social media and other channels about products and or services which may be if interest to you.


You may opt-out (free of charge) from receiving future promotional information or direct marketing from the Company by either contacting the Customer Care Line on ??? as soon as possible or updating your preferences via the Company’s website if you have an online profile.

In the event you wish to discontinue receiving Loyalty programme communications or direct marketing, please contact the Company’s Customer Care Line, at 061 888 899 or change your communication preferences on the Company’ digital channels.


  1. Retention and Destruction of Information


Information that the Company collects is kept in a form which permits your identification for no longer than is necessary for the purposes for which it was collected and processed in each specific case, and in any case not longer than as specified by the relevant applicable laws unless we have your consent to process it indefinitely.


The Company and/or business partner/s will retain your information after you have closed your account where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security,

prevent fraud and abuse, enforce our agreement, or fulfil your request to “unsubscribe” from

further messages from us.


We may retain de-identified or anonymised information after your account has been closed using techniques that do not permit your re-identification. If none of the afore-mentioned scenarios are required, the Company will permanently delete (electronic) and shred (paper) after the purpose of collection the information has expired.


  1. Information Preservation and Protection


The Company will take reasonable steps to protect the information we collect, hold and process from misuse, loss and from unauthorised access, modification or disclosure. We hold information both at our own premises and with the assistance of our service providers.


This is based on the information security principles of Confidentiality, Integrity, Availability and Privacy (CIAP) as governed by our Information Security Policy. This sets out the Company’s objectives and general approach to information security, which aims to protect the Company’s business information and safeguard any personally identifiable information within our custody. We seek to achieve the following 5 key objectives as it relates to Information Security:


CULTURE

RISK-BASED PROTECTION

COMPLIANCE

DETECT AND RESPOND

CULTURE

Improve the security culture through continuous education and awareness

Comply to the legal and regulatory requirements (local and international)

Integrate security into business decisions through ownership and leadership

A focused, risk-based approach to protect assets and information

Balance the need for protection with effective detection and response

Because no data transmission over the internet is completely secure, and no IT system of physical or electronic security is impenetrable, we cannot guarantee the security of the information you send to us or the security of our servers or databases. Having noted that, we do take every reasonable step within our control, to protect your information and preserve the accuracy thereof. Quality of information means that the information we use must be appropriate, complete and reliable. The higher data quality we maintain, the better service we can render.


  1. Information Disclosure


Notwithstanding anything to the contrary in this policy, the Company reserves the right to disclose any information about you if we are required to do so by law, and if we believe that such action is necessary to: (a) fulfil a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our website, or other users; or (d) in an emergency to protect the health and safety of our website’s users or the general public.


Authorised Company employees or agents will have access to some or all your information. We may also disclose your information within our group of companies. Such data sharing is governed by our CIAP information security principles and associated practices.


We do use service providers to provide our services and maintain our systems, including but not limited to maintenance, security, analysis, audit, payments, customer service, marketing and system development. These parties will have access to your information as reasonably necessary

to perform these tasks on our behalf (namely role-based access). Where we contract with service providers, and wherever possible, we impose contractual obligations on them to ensure that your information is handled and secured in accordance with law and industry good practise.


Some of our service providers may be located in other countries that may not have the same levels of protection of information as South Africa. Wherever possible, we try to only use service providers that are located in countries with similar levels of protection of information as South Africa. Where not possible, you consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be less stringent.


Unless you have explicitly consented to this, we will never sell your personal information.


  1. Your Right to Access Information


Depending on which product or service you (as the Data Subject) have signed up for, you can update some of your information via our digital channels. Alternatively, your information can be updated via our Customer Care Line.


You have the right:


  • free of charge, to confirm with us whether we hold any information about you;

  • at a prescribed fee, which we will give you a written estimate of,

    • to request a record of information held by us

    • to request a description of the information held by us, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information

  • to update and correct any out-of-date or incorrect information we hold about you;

  • destroy or delete a record of information of you which we are no longer authorised to retain; and

  • update your communication preferences and / or unsubscribe from communications we may send you.

Before we provide you with access to your information, we will require proof of identity. We may require up to 30 (thirty) days to respond to any requests for information. We may refuse to disclose some information in accordance with PAIA.


If you require the Company to correct or delete any information that we have about you, please refer to the Company’s PAIA and POPIA Manual (published on our website) for the forms and process to follow. Note that should you want to delete all information the Company has about you, you will probably have to terminate all agreements you have with us, including loyalty, as we cannot maintain our relationship with you without at least having some of your information. We may also refuse to delete some of your information, if we are required by law to retain it or if we need it to protect our rights.

  1. Information Breach Notification


A security compromise or information breach can be described as a threat to the Confidentiality, Integrity, Availability or Privacy of IT systems and/or information. Such incidents are governed by the Company’s Security Incident Response process which allows us to deal with the compromise/breach and/or loss in an efficient and effective manner. One of the key pillars of this process is keeping all impacted stakeholders informed and updated.


When there are reasonable grounds to believe that your information has been accessed, altered, deleted or acquired by any unauthorised person, we will notify the Information Regulator and yourself in cases where your identity can be established. This notification will be done in accordance with the provisions of POPIA and as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of our systems.


  1. Limitations

We are not responsible for, give no warranties, nor make any representations in respect of the privacy or practices of linked or any third-party websites.


  1. Amendment of this Policy


We may amend this policy from time to time for any of the following reasons:


  • to provide for the introduction of new systems, methods of operation, services, products, property offerings or facilities;

  • to comply with changes to any legal or regulatory requirement;

  • to ensure that this policy is clearer and more favourable to you;

  • to rectify any mistake that may be discovered from time to time; and/or

  • for any other reason which the Company, in its sole discretion, may deem reasonable or necessary.

Any such amendment will come into effect and become part of any agreement you have with the Company when it is published on our website. It is your responsibility to check the website often.


  1. Contact Us

    1. Information Officer

If you have questions about this Privacy Policy or wish to exercise your rights in terms of access to, objection, correction, or deletion of your information, please contact us via our Customer Care Line (080????) who will attempt to resolve your query.


If unable to, and depending on your situation, our Customer Care Line will explain the process to follow and potentially refer your query to internal subject matter experts.


Our Information Officer contact details are:

Gregory Veale (Group CEO)

Address: 20 Marshall Drive, Mount Edgecombe, 4302 KwaZulu Natal Tel: +27 (31) 582 1100

Email: popia@decofurn.co.za

  1. Information Regulator (South Africa)

Should you believe that the Company has utilised information contrary to applicable law, you undertake to first attempt to resolve any concerns with the Company. If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator of South Africa.


The Information Regulator’s contact details are:

Address: JD House, 27 Siemens Street, Braamfontein, Johannesburg, 2001 Tel: +27 (0) 10 023 5200

Email: inforeg@justice.gov.za

Website: http://www.justice.gov.za/inforeg/