Privacy Policy

Effective Date: [01.10.2025]

XPN Nutrition (“we”, “our”, “us”) respects your privacy and is committed to safeguarding your personal information. This Privacy Policy sets out how we collect, use, store, share, and protect your information in line with the Protection of Personal Information Act, 4 of 2013 (POPIA) and other applicable South African laws.

By using our website (www.xpn-sa.co.za), purchasing our products, or interacting with our services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We may collect different types of personal and non-personal information depending on how you interact with us:

1.1 Personal Information

Full name and surname
Email address
Contact numbers (mobile, landline, WhatsApp)
Billing and delivery address
Identity or company registration number (if required for invoicing or verification)
Login credentials (if you create an account)

1.2 Payment Information

Payment details provided during checkout are processed securely through PayFast or other trusted payment partners.
We do not store your full credit card or banking details on our systems.

1.3 Order & Account Information

Purchase history and preferences
Account activity (logins, saved carts, wishlist items)
Delivery instructions and communication preferences

1.4 Technical Information

IP address and device identifiers
Browser type, operating system, and version
Date, time, and duration of visits
Cookies and similar tracking technologies (see section 4)

2. How We Use Your Information

Your information will only be used for purposes related to your interaction with XPN Nutrition, including but not limited to:

Processing and fulfilling orders: payment processing, delivery arrangements, returns, and refunds.
Customer communication: sending order confirmations, shipping updates, responding to queries, and handling complaints.
Marketing and promotions: sending you newsletters, offers, and product updates if you have consented (you can opt out anytime).
Improving our services: analyzing site usage, customer behavior, and feedback to optimize our website and product offerings.
Security and fraud prevention: protecting our site, accounts, and customers from fraud, misuse, or unauthorised access.
Legal compliance: meeting financial, tax, or regulatory obligations.

3. Sharing of Information

We respect your privacy and will never sell your information to third parties. However, we may share your data under these conditions:

Service providers: couriers, payment gateways, IT support, website hosting, and analytics providers who help us deliver services to you.
Business partners: if we collaborate on promotions, competitions, or campaigns, only with your consent.
Legal and regulatory authorities: where required by law, court order, or to protect our legal rights.

All third parties are contractually required to handle your information with the same level of care and compliance as we do under POPIA.

4. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience.

Essential cookies: required for basic site functionality (e.g., shopping cart, checkout).
Analytics cookies: help us understand how visitors use our site so we can improve performance.
Marketing cookies: used for personalized advertising and promotional campaigns.

You may choose to disable cookies in your browser. However, this may affect your ability to use certain features of our site (e.g., remembering items in your cart).

5. Data Security

We are committed to keeping your information secure and have implemented technical and organizational safeguards, including:

Secure Socket Layer (SSL) encryption for all website transactions.
PCI DSS compliance through trusted payment providers (e.g., PayFast).
Restricted access to personal information on a need-to-know basis.
Regular updates, backups, and monitoring of systems for vulnerabilities.

While we take all reasonable steps to protect your information, no system can be guaranteed 100% secure. We encourage you to also protect your account by using strong passwords and keeping them confidential.

6. Your Rights Under POPIA

You have the following rights regarding your personal information:

Access: request details of the information we hold about you.
Correction: update or correct your personal details.
Deletion: request deletion of your data where legally permitted.
Objection: object to the processing of your personal information (e.g., marketing).
Withdraw consent: unsubscribe from promotional communications at any time.
Portability: request your information in a usable format where applicable.
Lodge a complaint: with the Information Regulator if you believe your privacy rights have been violated.

7. Retention of Information

We only retain your personal information for as long as necessary to:

Fulfill the purposes outlined in this policy, or
Comply with legal, accounting, or tax requirements.

When data is no longer required, it will be securely deleted or anonymised.

8. Minors

Our website and services are not intended for children under the age of 18 without parental or guardian consent. We do not knowingly collect information from minors. If you believe we have unintentionally collected such information, please contact us so we can delete it.

9. Cross-Border Data Transfers

Some of our service providers (e.g., hosting, email, analytics) may be located outside South Africa. Where data is transferred internationally, we ensure that it is protected under equivalent data protection laws or contractual safeguards.

10. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in law, technology, or business practices. Updates will be posted on this page with the “Effective Date” updated accordingly.

11. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or how your personal information is handled, please contact us:

📧 Email: admin@xpn-sa.co.za