Privacy policy

Haan’s responsible party is [insert full legal entity name], registration number [insert registration number], with its principal place of business at [insert physical address].

Signed-in customers can submit POPIA access or erasure requests from Privacy preferences. Haan’s Information Officer remains available at [insert privacy / Information Officer email].

Depending on how you use the marketplace, Haan may collect:

• identity and account details such as name, email, mobile number, and login data,
• order, payment, refund, and basket history,
• delivery and billing addresses,
• communications with Haan or sellers through marketplace features,
• seller onboarding and operational information,
• device, browser, IP, cookie, analytics, and session data, and
• content you upload or submit, such as reviews, questions, or profile details.

Haan may use personal information to:

• create and manage accounts,
• process orders, payments, fulfilment, refunds, and customer service,
• share order information with relevant sellers and fulfilment partners,
• moderate listings, reviews, and marketplace conduct,
• detect fraud, abuse, or security incidents,
• improve the marketplace, analytics, and user experience,
• send service communications, and
• send marketing where Haan has a lawful basis to do so.

Haan processes personal information on one or more lawful POPIA grounds, including where processing is necessary to conclude or perform a contract, comply with law, protect a legitimate interest of the data subject, pursue Haan’s legitimate interests in operating the marketplace, or where consent is required and obtained.

Haan may share personal information with:

• the relevant seller for fulfilment, customer support, or lawful compliance,
• payment processors, banks, fraud tools, and PSP partners,
• courier, logistics, address validation, and fulfilment partners,
• hosting, analytics, messaging, identity, and other service providers acting for Haan,
• professional advisers, insurers, auditors, and regulators, and
• law-enforcement or competent authorities where Haan is legally required to do so.

Sellers must use customer personal information only for permitted order-related or lawful purposes and not for unrelated marketing or independent reuse without an appropriate legal basis.

Haan may use essential cookies or local storage for session management, basket continuity, sign-in, security, and checkout. Optional marketing attribution and Plausible analytics stay off until marketing and analytics consent is granted.

When `NEXT_PUBLIC_PLAUSIBLE_DOMAIN` is configured, Plausible may load on the Storefront and Shop Manager only after the current consent state allows marketing and analytics.

Haan may send service messages that are necessary for your account, order, delivery, returns, or security. Marketing messages are handled separately and must comply with POPIA, including the rules on unsolicited electronic communications where applicable.

You can opt out of marketing at any time using the unsubscribe route in the message or by contacting Haan.

Some of Haan’s operators or systems may process personal information outside South Africa. Where Haan transfers personal information across borders, it will do so only where permitted by POPIA and with appropriate contractual, security, or legal safeguards in place.

Haan keeps personal information only for as long as it is reasonably needed for the purpose for which it was collected, or for longer where required by law, tax, audit, fraud, accounting, or dispute-resolution obligations.

Haan uses reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, or destruction. No method of transmission or storage is completely secure, but Haan should maintain safeguards appropriate to the risk.

Subject to POPIA and other applicable law, you may request to:

• know what personal information Haan holds about you,
• access, correct, update, or delete information where appropriate,
• object to certain processing, including direct marketing,
• withdraw consent where processing depends on consent, and
• complain to Haan or the Information Regulator.

Account holders can start data-export and erasure requests from Privacy preferences; if self-service is unavailable, contact the Information Officer.

If you believe Haan has processed your personal information unlawfully, please contact Haan first so the issue can be investigated. You may also lodge a complaint with the Information Regulator of South Africa.