Privacy Policy Baby Roo (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and related South African laws. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, register an account, place an order, or interact with our services.

By using our website or providing us with your personal information, you agree to the practices described in this policy. If you do not agree, please do not use our website or submit personal information to us.

Responsible Party and Information Officer Baby Roo is the Responsible Party under POPIA for the personal information we collect and process through our website and services.

Our details:

• Business Name: Baby Roo 

• Email: sales@babyroo.co.za

• Website: https://www.babyroo.co.za

​

We collect and process the following types of personal information:

Information You Provide Directly

• Full name

• Email address

• Phone number

• Billing and delivery address

• Account login details (username and encrypted password)

• Payment information (we do not store full card details; this is processed securely by third-party payment providers)

• Any other information you voluntarily provide (e.g., in customer support messages or order notes)

​

Automatically Collected Information

• Device and browser information

• IP address

• Usage data (e.g., pages visited, time spent) via cookies and similar technologies

​

We do not collect special personal information (e.g., health, race, religion) unless strictly necessary and with your explicit consent or as permitted by POPIA.

Notification – Your Awareness Under Section 18 of POPIA When we collect personal information from you (or from other sources where applicable), we ensure you are aware of:

• The personal information being collected (as listed above).

• The name and address of the Responsible Party (Baby Roo, details above).

• The purpose(s) for collection and processing (detailed below).

• Whether providing the information is voluntary or mandatory: Providing most information is voluntary, but certain details (e.g., name, email, delivery address, payment info) are mandatory to process and fulfill your order or register an account.

• Consequences of not providing the information: We may be unable to complete your registration, process your order, deliver products, provide support, or respond to inquiries.

• Recipients or categories of recipients: Payment processors, courier/delivery services, IT/service providers (e.g., hosting, analytics), and regulatory authorities if required by law.

• Cross-border transfers: Some third-party providers (e.g., payment gateways, cloud services) may be located outside South Africa. Where applicable, we ensure adequate protections (e.g., binding agreements or approved transfers) as required by section 72 of POPIA.

• Your rights (detailed below) and how to contact us or lodge a complaint with the Information Regulator.

​

Lawful Basis for Processing We process personal information lawfully under POPIA based on:

• Your consent (where required, e.g., for certain marketing).

• Performance of a contract (e.g., to fulfill orders, manage accounts).

• Compliance with legal obligations (e.g., tax, accounting, fraud prevention).

• Legitimate interests (e.g., website security, fraud detection), provided they do not override your rights.

​

Purposes of Processing We collect and process your personal information to:

• Register and manage your account

• Process orders, payments, and deliveries

• Provide customer support and service-related communications (e.g., order updates)

• Prevent fraud and ensure website security

• Improve our website and services (e.g., via analytics)

• Comply with legal, tax, accounting, and regulatory requirements

• Send direct marketing (only with consent – see below)

​

We limit processing to what is adequate, relevant, and not excessive for these purposes. You can withdraw consent or object at any time by contacting us.

Sharing of Personal Information We do not sell your personal information. We may share it with:

• Third-party payment processors (they handle card details securely)

• Courier and delivery services (for order fulfillment)

• IT, hosting, analytics, or other service providers acting as operators under contract

• Regulatory authorities or law enforcement where required by law

​

All third parties (operators) are bound by agreements to protect your information in line with POPIA.

Information Security We implement reasonable technical and organisational measures, including:

• SSL/TLS encryption for data in transit

• Secure payment gateways

• Encrypted storage of passwords

• Access controls and regular security monitoring

​

While we take reasonable steps to protect your data, no internet transmission or storage is 100% secure. We will notify you and the Information Regulator of any security compromise that may pose a high risk to your rights, as required by POPIA.

Data Retention We retain personal information only as long as necessary to fulfill the purposes in this policy, resolve disputes, or meet legal/tax/accounting obligations (e.g., up to 7 years for financial records). After that, it is securely deleted, destroyed, or anonymised.

Your Rights Under POPIA You have the right to:

• Access your personal information we hold

• Request correction or updating of inaccurate/incomplete information

• Request deletion/destruction (subject to legal retention requirements)

• Object to processing (including for direct marketing)

• Withdraw consent (where processing is consent-based; this does not affect prior lawful processing)

• Not be subject to automated decisions with legal effects without safeguards

• Lodge a complaint with the Information Regulator

​

To exercise these rights, contact our Information Officer (details above). We will respond within reasonable timeframes as per POPIA. Cookies and Similar Technologies We use cookies to maintain sessions, remember preferences, analyse traffic, and improve functionality. Essential cookies are necessary for the site to work; others may require consent. You can manage/disable cookies via browser settings, but this may affect site features.

Changes to This Privacy Policy We may update this policy from time to time. Changes will be posted here with a revised effective date. Significant changes may be notified via email or website notice.

Complaints If you believe we have not handled your personal information in line with POPIA, contact our Information Officer first. You may also complain to: Information Regulator (South Africa)

• Toll Free: 0800 017 160

• Landline: 010 023 5200

• Email: enquiries@inforegulator.org.za (general) or POPIAComplaints@inforegulator.org.za (complaints)

• Website: https://inforegulator.org.za/

• Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191

​

Thank you for trusting Baby Roo with your information.