Shop Loka

Seller Privacy policy

Introduction

Welcome to the The Collective Concept (“shoploka.co.za”) (also referred to as, “we”, “us” or “our” in this Privacy Policy) Privacy Policy (also referred to as, “we”, “us” or “our” in this Privacy Policy).Shop Loka respects your privacy and is committed to protecting your personal data. This Privacy Policy will tell you how we look after your personal data when you visit our website and/or use our iOS or Android app (together referred to as the “website” or “site”) and inform you of your privacy rights and how the law protects you.While we take all reasonable steps to protect your privacy, by visiting our site you acknowledge that the Internet is not a completely secure medium for communication and, accordingly, we cannot guarantee the security of any information you send to us (or we send to you) via the Internet. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information.

Please also refer to our (i) Seller Cookies Policy; (ii) List of Third Party Providers for Sellers who may process your personal data.

1. Important Information and Who We Are

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how Shop Loka collects and processes your personal data through your use of this website as a Seller including any data you may provide through the website when you sign up to be a Seller. If you are using our website as a customer including any data you may provide through the website when you sign up to receive our marketing material, purchase a product or service or take part in a competition then please note that our Customer Privacy Policy applies.

This website is not intended for children and we do not knowingly collect data relating to children.

Limited Collection from Children Under 18 (POPIA)

This website may collect limited personal information from children under 18 (such as name, email, or profile details). In terms of South Africa’s Protection of Personal Information Act (POPIA), we require parent or guardian consent before doing so.

By clicking “I Consent”, you confirm that you are the parent/legal guardian of the child and that you agree to the collection and use of their information only for the purposes described below. You may withdraw consent at any time by contacting us at info@shoploka.co.za.

It is important that you read this Privacy Policy together with any other privacy notice on our website from time to time so that you are fully aware of how and why we are using your data.

Controller

Shop Loka is the controller and responsible for your personal data. You are an independent controller when it comes to processing customer data and this is described further in the Seller Terms & Conditions and the Customer Privacy Policy.

Contact Details

Full name of legal entity: The Collective Concept (Pty) Ltd, a limited company with registered number 2025/118790/07. Shop Loka is registered, and operates, in South Africa.

Our DPO

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions, including any requests to exercise your legal rights, please contact our DPO on the email address below.

Email address: info@shoploka.co.za

Get in Touch

If you'd like to ask us a question or otherwise exercise your legal rights in respect of your personal data, the easiest way is to contact us through our customer contact page. This page is monitored by our customer service team who will pass on your enquiry to the relevant teams.

Complaints

You have the right to make a complaint at any time to the Information Regulator (South Africa), the supervisory authority for data protection issues (eServices.inforegulator.org.za). We would, however, appreciate the chance to deal with your concerns before you approach the POPIA or any other supervisory authority so please do contact us in the first instance.

Changes to the Privacy Policy and Your Duty to Inform Us of Changes

This version of the Privacy Policy replaces any preceding privacy policy provisions on our website. We may update this Policy at any time. When you use our website the version of the Privacy Policy posted on this page applies to you.

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us and periodically review the details in your account settings on our website.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the Privacy Policy of the websites you visit. Should you disclose your personal information to any third party, or if a third party unlawfully acquires your personal information, we shall not be liable for any loss or damage arising from or suffered by you as a result of such disclosure or unlawful acquisition.

2. The Data We Collect About You and Sharing That Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Types of Data

  • Identity Data (first and last name; may include gender and identity number?).
  • Contact Data (billing address, delivery address, email address, telephone and mobile number).
  • Transaction Data (details about transactions on our website including photos or other order details; payments to and from you; product/service details).
  • Technical Data (IP address, browser type/version, location, plug-ins, OS, platform, device details).
  • Profile Data (username/email, login data, purchases/orders, interests, preferences, feedback, survey responses).
  • Usage Data (how you use the site, browsing patterns, referring page, click stream, response times, interaction data).
  • Marketing & Communications Data (preferences for receiving marketing and communication choices).

How We Receive Data

Direct interactions: via website use, forms, post, phone, email (e.g., purchases, account creation, marketing requests, competitions, feedback).

Automated technologies: cookies, server logs and similar tech. See our Seller Cookies Policy.

Essential Service Providers: data from payment providers and contracted technical/delivery services (Contact/Transaction/Financial data as needed).

Professional Advisers & Investors: limited sharing with lawyers/insurers/investors for risk, claims and governance.

Group / Corporate Activity: potential sharing in the event of sale, reorganisation or insolvency; internal sharing within a group for efficiency.

Law Enforcement / Legal Compliance: disclosures when required by law or necessary to protect rights, prevent fraud, or comply with legal processes.

Legal Bases

  • Performance of a contract.
  • Legitimate interests (balanced against your rights).
  • Compliance with legal or regulatory obligations.
  • Use of cookies (see Seller Cookies Policy).

International Transfers

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the South African Government.

Aggregated / Anonymised Data

We collect and use Aggregated Data (statistical/demographic). If combined with personal data so it can identify you, we treat it as personal data.

If You Fail to Provide Personal Data

Where required by law or contract, failure to provide data may prevent us from performing a contract (e.g., onboarding you as a Seller).

3. How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through the methods described above.

4. Third Party Sources of Data / Data Sharing

We collect from and share data with providers listed in the List of Third Party Providers for Sellers. Lawful bases are set out below and in that list.

5. How We Use Your Personal Data

We will only use your personal data when the law allows us to, most commonly for:

  • Registering you as a new customer or Seller (Identity, Contact, Profile) — contract performance.
  • Processing and delivering orders, managing payments/fees/charges, connecting you with fulfilment suppliers, handling customer service interactions (Identity, Contact, Financial, Transaction, Marketing & Communications) — contract performance and legitimate interests.
  • Collecting and recovering money owed (Identity, Contact, Financial, Transaction) — legitimate interests.
  • Fraud assessments (Identity, Contact, Financial, Transaction, Technical) — legitimate interests.
  • Gift voucher purchases — contract performance.
  • Legal notices and policy updates — legitimate interests.
  • Improving our offerings (reviews, surveys, insights) — legitimate interests or consent (for Seller/user research).
  • Prize draws/competitions — contract performance and legitimate interests.
  • Administering and protecting the business and website (troubleshooting, analysis, testing, maintenance, support, reporting, hosting) — legitimate interests.
  • Delivering relevant content/ads and measuring effectiveness — legitimate interests (cookies covered separately).
  • Analytics to improve site, services, marketing, relationships, experiences — legitimate interests (cookies covered separately).
  • Suggestions/recommendations for goods/services that may interest you — legitimate interests.

Automated Decision-Making and Profiling

We do not conduct automated decision-making. We may profile potential customers to target marketing on a legitimate interest basis.

Marketing

We may use Identity, Contact, Technical, Usage and Profile Data to determine relevant offers. We generally send electronic marketing to previous purchasers of similar products (legitimate interests) and always provide an opt-out. Where you registered but did not purchase, we send marketing only if you opted in (consent). Push notifications for the Shop Loka: Shop Gifts app are opt-in and can be disabled in your device.

Opting Out

You can stop marketing messages at any time via your account marketing preferences, the unsubscribe links in emails, or by contacting us. Opt-outs do not affect service communications related to purchases.

Cookies

You can configure your browser to refuse cookies or alert you to them. Some site parts may not function without cookies. See our Seller Cookies Policy for details.

Change of Purpose

We will use your personal data only for the purposes collected unless we reasonably consider another compatible purpose. For unrelated purposes we will notify you and explain the legal basis. We may process your data without your knowledge/consent where permitted by law.

Third Parties

We use third parties to process personal data; these may change. See the List of Third Party Providers for Sellers for current processors.

6. Disclosures of Your Personal Data

We require third parties to respect security and law, and to use data only for contracted purposes. We work with them to protect your privacy.

7. International Transfers

See “International Transfers” above; we transfer only to jurisdictions deemed adequate by the South African Government.

8. Data Security

We implement appropriate security measures and limit access to those with a business need. We maintain procedures for suspected breaches and will notify you and regulators where legally required. The Internet is not fully secure; we cannot guarantee transmission security.

9. Data Retention

How Long Will You Use My Personal Data For?

We retain personal data only as long as necessary for the purposes collected, including legal, accounting and reporting requirements. Order details are generally kept for 6 years unless law prescribes longer.

You may ask us to delete your data in certain circumstances (see Your Legal Rights). We may anonymise data for research/statistics and use it indefinitely.

10. Your Legal Rights

  • Access: receive a copy of your personal data and verify lawful processing.
  • Correction: rectify incomplete/incorrect data.
  • Erasure: request deletion where there is no good reason to continue processing (subject to legal exceptions).
  • Object: where processing relies on legitimate interests or for direct marketing.
  • Restriction: suspend processing in certain scenarios.
  • Portability: receive data in a structured, commonly used, machine-readable format where applicable.
  • Withdraw consent: where processing is based on consent.

If you wish to exercise these rights, please contact us and mark your query for the attention of the Data Protection Lead.

No Fee Usually Required

Accessing your data and exercising rights is free. We may charge a reasonable fee or refuse requests that are unfounded, repetitive or excessive.

What We May Need From You

We may request information to confirm your identity and your right to access your data. We may also ask for further information to help us respond.

Time Limit to Respond

We try to respond within one month. Complex or multiple requests may take longer; we will notify you and keep you updated.