top of page

PRIVACY POLICY

Lume Salon (Pty) Ltd — POPIA Privacy Policy

Last updated: [Date]

1. Introduction & Purpose

Lume Salon (Pty) Ltd (“Lume Salon”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal information in compliance with the Protection of Personal Information Act, 2013 (“POPIA”). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information, your rights in relation to that information, and how you can contact us.

This policy applies to all personal information processed by us, whether via our website, in our salons, by telephone, via social media, or other means.

2. Definitions

In this Policy:

  • Personal Information / Personal Data means information about an identifiable, living, natural person, and where applicable, an identifiable juristic person, as defined in POPIA.

  • Processing means any operation or activity (automated or not) concerning personal information, including collection, receipt, recording, organization, storage, updating, retrieval, alteration, use, dissemination, deletion, or destruction.

  • Responsible Party means Lume Salon (Pty) Ltd (i.e. the entity that determines the purpose and means of processing).

  • Operator / Service Provider / Third Party means any person or entity who processes personal information on our behalf under a contract or agreement.

  • Data Subject means the person whose personal information is processed (e.g. customer, employee, supplier, website visitor).

3. What Personal Information We Collect

Depending on the interaction and services, we may collect:

  • Contact details: name, surname, email address, telephone number, address

  • Identification / verifying information: identity number, date of birth

  • Appointment & transaction details: booking history, services used, preferences

  • Payment information: bank account or card details (or tokens thereof)

  • Health / skin / hair data: in some cases, for treatment purposes (e.g. allergies, medical conditions)

  • Communications data: correspondence, feedback, complaints

  • Device & technical data: IP address, browser type, device identifiers, usage logs (for website/app)

  • Marketing / consent preferences

We will only request or process personal information that is reasonably necessary for our purposes, and we will indicate if providing certain information is optional or mandatory.

4. How We Collect Personal Information

We collect information:

  • Directly from you (e.g. when you fill a form, make a booking, purchase services, contact us)

  • From third parties or publicly available sources (where permitted by law)

  • Through our website, apps, cookies, analytics, and automated technologies

5. Purposes and Legal Basis for Processing

We will only process personal information for lawful and specific purposes, which may include:

Purpose

Legal Basis / Justification

To provide salon services, treatments, products

Performance of contract / fulfilment of your requests

To manage bookings, schedule & client records

Legitimate interest / performance of contract

To process payments and billing

Contractual necessity

To communicate with you (confirmation, reminders, responses)

Legitimate interest / consent

To send marketing, offers, newsletters (if consent given)

Consent

To comply with legal, regulatory, or tax requirements

Legal obligation

To improve our services, analytics, feedback

Legitimate interest (provided your rights are respected)

To maintain security, fraud prevention, investigations

Legitimate interest / legal obligation

If you have given consent for a particular processing, you may withdraw it later (subject to legal or contractual constraints), without affecting past lawful processing.

6. Disclosure & Sharing of Personal Information

We may share your personal information with:

  • Our employees, staff, contractors or service providers (e.g. IT, payment processors, marketing, maintenance) under confidentiality obligations

  • Regulatory or governmental authorities, when required by law

  • Third parties for marketing or promotions only with your consent

  • In the event of a business sale, merger, or reorganization (subject to appropriate protections)

We will ensure that any third party or operator we share your information with provides adequate protection, and is contractually obligated to comply with POPIA.

7. International Transfers

If we transfer personal information outside South Africa, we will ensure such cross-border transfers comply with the requirements of POPIA (e.g. adequate safeguards, agreements, consent) to protect your information.

8. Data Security

We take appropriate technical, organizational, and physical security measures to protect personal information from unauthorized access, loss, alteration, or destruction. Measures may include encryption, firewalls, secure backups, access controls, staff training, and audit trails.

9. Data Retention & Deletion

We will only retain your personal information for as long as necessary to achieve the purpose for which it was collected or as required by law. After that, we will securely delete, anonymize, or destroy it in a manner that prevents reconstruction.

10. Your Rights as Data Subject

Under POPIA, you have the following rights:

  • Right to access your personal information held by us

  • Right to request correction, updating, erasure or deletion of your personal information

  • Right to object to or restrict processing in certain circumstances

  • Right to withdraw consent (where processing depends on consent)

  • Right to receive your data in a structured, portable form (where applicable)

  • Right to lodge a complaint with the Information Regulator

To exercise any right, you may contact our Information Officer (see contact details below). We may require proof of identity before releasing personal information.

11. Information Officer & Contact Details

We have designated an Information Officer in terms of POPIA who is responsible for our compliance and your data subject requests:

Name: [Name of Information Officer]
Email: [email address]
Telephone: [phone number]
Postal address: [Lume Salon address]

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version with a new “Last updated” date and, where appropriate, notify you of significant changes.

13. Queries, Complaints & Enforcement

If you have questions, concerns, or complaints about our processing of your personal information, please contact our Information Officer. If you remain unsatisfied, you have the right to lodge a complaint with the Information Regulator in South Africa.

bottom of page