Privacy Policy for Joel Graham CC T/A Cape Diamonds

Effective Date: October 16, 2025

Cape Diamonds (“we,” “us,” or “our”) is committed to protecting your privacy and handling your personal information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our websitecapediamonds.co.za, make purchases, or interact with our services. By using the Website or providing us with your personal information, you consent to the practices described in this policy.

We are a responsible party under POPIA, meaning we determine the purpose and means of processing your personal information. Our Information Officer is contactable at privacy@capediamonds.co.za or Unit 6, Victoria Junction, Green Point, Cape Town, 8005, South Africa

1. Information We Collect

We collect personal information to provide our ecommerce services, process orders, and comply with legal obligations. Personal information includes any details relating to an identifiable person, such as your name, contact details, or identification documents.

Information you provide directly:

  • During registration or checkout: Name, email address, phone number, delivery/billing address, and payment details (e.g., card number, processed securely via third-party gateways like PayFast or Stripe).
  • For high-value transactions (orders of R100,000 or more): To comply with the Financial Intelligence Centre Act, 2001 (“FICA”), we require additional verification documents, including:
  • Proof of identity (e.g., South African ID, passport).
  • Proof of address (e.g., utility bill or bank statement not older than 3 months).
  • Source of Funds: You will be asked to complete a short questionnaire about the origin of your funds (e.g., salary, savings, property sale, or inheritance). In some cases, we may request additional documents, such as payslips, bank statements, or sale agreements, to verify the information provided.
  • These are only requested for transactions meeting or exceeding the FICA high-value threshold for high-value goods dealers (jewellery qualifies as such) and are retained securely for compliance purposes.

Information collected automatically:

  • Device and browsing data: IP address, browser type, pages visited, and cookies (for analytics and functionality).
  • Payment-related: Transaction timestamps and amounts (never full card details, as these are handled by compliant processors).

We do not collect sensitive personal information (e.g., health or biometric data) unless it is inadvertently provided.

2. How We Use Your Information

We process your personal information only for lawful purposes under POPIA, such as contract fulfillment, legal compliance, or legitimate interests (e.g., fraud prevention). Specific uses include:

  • Fulfilling orders: Processing payments, shipping jewellery, and handling returns.
  • Communications: Sending order confirmations, updates, or marketing emails (with opt-out options).
  • Security and fraud prevention: Verifying identities and monitoring for suspicious activity.
  • FICA compliance: For transactions ≥ R100,000, verifying identity, address, and funds source to prevent money laundering. This is a legal obligation, and refusal may result in order cancellation.
  • Analytics: Improving our Website and services via aggregated, anonymized data.
  • Legal: Responding to regulatory requests or enforcing terms.

Processing is done with your consent (where required), for contract performance, or to comply with laws like FICA. For FICA-related data, the purpose is strictly regulatory compliance, and it is not used for marketing.

3. Legal Basis for Processing

Under POPIA:

  • Consent: For marketing or non-essential cookies.
  • Contract: To process your purchases.
  • Legal obligation: For FICA verifications and payment processing.
  • Legitimate interests: Site security and analytics, balanced against your rights.

You can withdraw consent at any time (though this may affect service delivery) by contacting us.

4. Sharing Your Information

We share personal information only as necessary and with safeguards:

  • Service providers: Payment processors (e.g., compliant with PCI DSS), shipping couriers (e.g., The Courier Guy), and hosting providers (e.g., AWS or local servers).
  • Legal requirements: With authorities like the Financial Intelligence Centre (FIC) for FICA reports or the Information Regulator for POPIA audits.
  • Business transfers: In case of merger or acquisition.

We do not sell your data. International transfers (if any) use standard contractual clauses to ensure POPIA-equivalent protection.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encryption for payments and data in transit.
  • Secure storage for FICA documents (access limited to authorized staff).
  • Regular audits and firewalls.

No system is impenetrable; in case of a breach, we will notify affected individuals and the Information Regulator as required by POPIA Section 22.

6. Data Retention

  • Order data: Retained for 5 years post-transaction for tax and dispute purposes.
  • FICA documents: Retained for 5 years after the transaction, as mandated by FICA, then securely deleted.
  • Marketing data: Until you opt out.

We securely delete or anonymize data when no longer needed.

7. Your Rights Under POPIA

As a data subject, you have rights including:

  • Access: Request confirmation of what data we hold and a description (free once per year; provide ID proof).
  • Correction: Update inaccurate information.
  • Deletion: Request erasure (subject to legal retention, e.g., FICA).
  • Objection: Oppose processing for marketing or legitimate interests.
  • Restriction: Limit processing during disputes.
  • Portability: Receive data in a structured format.
  • Complaint: Lodge with our Information Officer or the Information Regulator (inforeg@justice.gov.za).

Requests should be emailed to [privacy@yourwebsite.co.za]. We respond within 30 days.

8. Cookies and Tracking

Our Website uses cookies for functionality, analytics (e.g., Google Analytics), and preferences. You can manage them via browser settings. We obtain consent for non-essential cookies via a banner. See our Cookie Policy [link if separate] for details.

9. Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect their data without parental consent. If discovered, we delete it promptly.

10. Changes to This Policy

We may update this policy to reflect legal changes or business needs. Posted changes take effect immediately; we notify via email or Website notice for material updates.

11. Contact Us

For questions, contact:

  • Information Officer: Manager
  • Email: [privacy@yourwebsite.co.za]
  • Phone: +27 21 421 5364
  • Address: Unit 6, Victoria Junction, Green Point, Cape Town, 8005, South Africa
  • This policy complies with POPIA Sections 18 (notification) and 23 (access rights). For FICA specifics, refer to the Financial Intelligence Centre guidelines.
Chat with us on WhatsApp