Privacy Policy
Responsible party: Tanglez Petz SA (Pty) Ltd t/a Pampered Paws
Effective date: 1 January 2026 · Last updated: 8 July 2026 · Version 3.0
1. Responsible party and Information Officer
Responsible party (POPIA Section 1):
Tanglez Petz SA (Pty) Ltd, trading as Pampered Paws
20 Imam Haron Road, Claremont, Cape Town, 7708, South Africa
Information Officer (POPIA Sections 55 and 56):
Privacy Team / Information Officer
Email: privacy@pamperedpaws.co.za
General enquiries: hello@pamperedpaws.co.za
This Policy applies to pamperedpaws.co.za, our booking system, WhatsApp business channels, in-store interactions, the Pampered Paws Academy platform, and related services.
2. Personal information we collect
We may collect and process the following categories of personal information:
- Identity and contact: name, surname, email, phone, WhatsApp number, physical address, emergency contact.
- Booking and account: login credentials (encrypted), booking history, preferences, store location, package purchases, payment references (we do not store full card numbers on our servers; payment processors handle card data).
- Pet information: pet name, breed, age, weight, temperament notes, grooming notes, vaccination status, vet card details, allergies, medications, bite/aggression history.
- Communications: emails, WhatsApp messages, contact form submissions, call records where logged, feedback and complaints.
- Images and video: photos/videos of pets during services, CCTV at our premises, Academy assessment uploads.
- Technical: IP address, browser type, device identifiers, cookies and similar technologies (see our Cookie Policy), server logs.
- Academy-specific: enrolment applications, aptitude test results, course progress, assessment scores, employment background where volunteered, certificates issued.
- Marketing preferences: opt-in/opt-out status, campaign interaction data.
We do not intentionally collect special personal information as defined in POPIA Section 26 (e.g. religious beliefs, trade union membership) unless you voluntarily provide it and we have a lawful basis. We do not knowingly collect information from children under 18 without parental consent.
3. Lawful basis for processing (POPIA Section 11)
We process personal information only where a lawful ground exists, including:
- Contractual necessity: to perform bookings, deliver grooming/daycare/nightcare/walking, process payments, and manage your account.
- Legal obligation: tax, accounting, consumer law, health and safety records, responding to lawful requests from authorities.
- Legitimate interest: fraud prevention, security, improving services, internal reporting, CCTV for safety, and direct communication about your active bookings, balanced against your rights.
- Consent: marketing emails/SMS, non-essential cookies, optional photography for marketing, Academy interest registration, and certain AI features where consent is required. You may withdraw consent at any time without affecting lawfulness of prior processing.
4. How we use your information
- Confirming, managing, and fulfilling bookings and service delivery
- Verifying vaccination and vet card requirements for daycare and nightcare
- Communicating service updates, reminders, and safety notices
- Processing payments and managing accounts in arrears
- Operating shuttle/pickup services
- Quality assurance, staff training, and dispute resolution
- Marketing (only with consent or where permitted by law)
- Operating the Academy platform, reviewing enrolments, and issuing certificates
- Complying with legal and regulatory obligations
5. Artificial intelligence and automated processing
5.1 We may use AI and automated tools to: assist with customer enquiries (including chatbots on web or WhatsApp), suggest booking slots, generate internal summaries of communications, help draft responses (always subject to human review for important matters), analyse operational trends, and support Academy content delivery or assessment workflows.
5.2 AI outputs may be inaccurate. Do not rely on AI-generated content for veterinary diagnoses or emergency decisions. Contact a veterinarian or our staff directly for health concerns.
5.3 Automated decision-making (POPIA Section 71): We do not make decisions based solely on automated processing that produce legal effects or similarly significantly affect you (such as permanent service bans or Academy rejection) without meaningful human review. You may request human intervention, express your point of view, and contest decisions where applicable.
5.4 Third-party AI processors: We may transmit prompts, messages, or de-identified data to cloud AI providers (which may process data outside South Africa) under written agreements requiring confidentiality, security, and purpose limitation. Cross-border transfers are addressed in Section 8.
5.5 We do not use your personal information to train public-facing AI models unless you give explicit opt-in consent.
6. Operators and sharing (POPIA Sections 20 and 21)
We may share personal information with trusted operators who process data on our instructions, including:
- Website and hosting providers (e.g. WordPress hosting)
- Online booking and payment processors
- Email and SMS/WhatsApp delivery services
- Cloud storage and backup providers
- Analytics providers (only if you consent to analytics cookies)
- AI service providers (as described above)
- Professional advisers (lawyers, accountants, insurers) under confidentiality
- Law enforcement or regulators when required by law
We require operators to implement appropriate security and to process data only for specified purposes. We do not sell or rent personal information to data brokers or advertisers.
7. Direct marketing (POPIA Section 69)
We will only send direct marketing communications (promotional email, SMS, or WhatsApp marketing) if you have opted in or where an existing customer relationship exception applies and you have not opted out. Every marketing message includes an unsubscribe or opt-out mechanism. To opt out, use the link in the message or email privacy@pamperedpaws.co.za.
8. Cross-border transfers (POPIA Section 72)
Some operators (including cloud hosting, email, payment, and AI providers) may store or process data in countries outside South Africa. Where we transfer personal information cross-border, we take reasonable steps to ensure the recipient is subject to a law, binding corporate rules, or agreement providing adequate protection, or you have consented to the transfer.
9. Security (POPIA Section 19)
We implement reasonable technical and organisational safeguards, including HTTPS encryption, access controls, password hashing, secure backup practices, and staff confidentiality training. No system is completely secure. If we become aware of a compromise likely to cause harm, we will notify you and the Information Regulator as required by POPIA Section 22.
10. Retention
| Data type | Typical retention |
|---|---|
| Active client accounts and booking history | While account is active, then up to 5 years for legal/tax purposes |
| Vet cards and vaccination records | Duration of service relationship plus 2 years |
| Marketing consent records | Until consent withdrawn plus 3 years for proof |
| CCTV footage | Up to 30 days unless incident investigation requires longer |
| Academy learner records and certificates | Active account period; certificates retained for verification |
| Academy evidence uploads | 12 months after course completion, then deleted unless dispute |
| Server and security logs | Up to 90 days |
| Cookie consent preferences | 12 months, then re-prompted |
11. Your rights as a data subject (POPIA Sections 23 to 25)
You have the right to:
- Access personal information we hold about you
- Correct inaccurate or incomplete information
- Delete information where we no longer have a lawful reason to retain it (subject to legal retention duties)
- Object to processing based on legitimate interest
- Restrict processing in certain circumstances
- Withdraw consent where processing is consent-based
- Lodge a complaint with the Information Regulator
To exercise your rights, email privacy@pamperedpaws.co.za with subject line "POPIA Request" and proof of identity. We respond within 30 days, or inform you if an extension is required under POPIA.
Information Regulator (South Africa): www.inforegulator.org.za
12. Cookies and similar technologies
We use cookies, local storage, and similar technologies as described in our Cookie Policy. Non-essential cookies are placed only after you consent via our cookie banner.
13. Third-party links and social media
Our website may link to Facebook, Instagram, TikTok, Google Maps, and other third parties. Their privacy practices are governed by their own policies. We are not responsible for third-party sites.
14. Changes to this Policy
We may update this Policy from time to time. The latest version will always be published at this URL with an updated "Last updated" date. Material changes will be communicated where appropriate.
15. Contact
Information Officer / Privacy Team
privacy@pamperedpaws.co.za
Tanglez Petz SA (Pty) Ltd t/a Pampered Paws
20 Imam Haron Road, Claremont, Cape Town, 7708