Privacy
Policy
How we collect, use, share and protect your personal information — and the rights you have.
1. Introduction
Santi Universe (“Santi U”, “we”, “us”) respects your privacy and is committed to protecting your personal information. This policy explains what we collect, why, how we use and protect it, and the rights you have. It is designed to comply with the South African Protection of Personal Information Act 4 of 2013 (POPIA); the EU General Data Protection Regulation (GDPR) and UK GDPR where they apply; the Kenya Data Protection Act, 2019; and, where relevant, the California Consumer Privacy Act (CCPA/CPRA).
For POPIA and GDPR purposes, the responsible party / data controller is Santi U, Zeiss Road, Wilgespruit, Roodepoort, 1724, South Africa. Our Information Officer can be reached at santi@santi.co.za.
2. Information we collect
Information you give us — when you use our contact or newsletter forms, request a quote, or email us: your name, email address, phone number, company, and the contents of your message.
Information we collect automatically — basic technical and usage data such as your IP address, approximate location (country/city derived from your IP), browser and device type, pages viewed, and referring pages, collected via cookies and similar technologies (see our Cookie Policy).
Information from third parties — for example IP-geolocation providers used to show location-relevant content, and analytics or advertising platforms where enabled.
3. How and why we use your information (lawful bases)
We process personal information for the following purposes, relying on these lawful bases under GDPR Article 6 and the corresponding POPIA conditions:
- To respond to enquiries and provide our Services — performance of a contract, or steps taken at your request before entering a contract.
- To send updates and newsletters you have asked for — your consent (which you can withdraw at any time).
- To operate, secure and improve our website, including approximate-location personalisation and analytics — our legitimate interests, balanced against your rights.
- To comply with legal obligations — legal obligation.
4. Who we share it with
We do not sell your personal information. We share it only with trusted operators / processors who help us run our business, under appropriate agreements, including: hosting and infrastructure providers; email and form/automation tools (for example workflow automation such as n8n that routes form submissions to us); analytics providers; and IP-geolocation providers. We may also disclose information where required by law or to protect our rights.
5. International transfers
Some of our service providers may process data outside South Africa, Kenya or the EU/UK. Where we transfer personal information across borders, we take reasonable steps to ensure it is protected by an adequate level of protection or appropriate safeguards (such as standard contractual clauses), as required by POPIA, the GDPR and the Kenya Data Protection Act.
6. How long we keep it
We keep personal information only for as long as necessary for the purposes set out above, to provide our Services, and to meet legal, accounting or reporting requirements, after which it is securely deleted or anonymised.
7. How we protect it
We use appropriate technical and organisational measures — such as encryption in transit (HTTPS), access controls and reputable service providers — to safeguard your information. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant regulator of any breach as required by law.
8. Your rights
Subject to applicable law, you have the right to:
- access the personal information we hold about you, and request a copy;
- correct or update inaccurate or incomplete information;
- request deletion of your information (“right to be forgotten”);
- object to or restrict certain processing, including direct marketing;
- withdraw consent at any time, where processing is based on consent;
- data portability, where applicable (GDPR);
- not be subject to decisions based solely on automated processing that have legal or similarly significant effects;
- lodge a complaint with a supervisory authority (see below).
To exercise any of these rights, contact our Information Officer at santi@santi.co.za. We may need to verify your identity before acting on a request.
9. Direct marketing
We only send marketing communications where you have opted in or where otherwise permitted by law. Every marketing message includes an easy way to unsubscribe, and you can opt out at any time by contacting us.
10. Cookies & analytics
We use cookies and similar technologies as described in our Cookie Policy. Where required, we ask for your consent to non-essential cookies.
11. Children’s privacy
Our website and Services are not directed at children, and we do not knowingly collect personal information from children without appropriate consent. If you believe a child has provided us information, please contact us so we can delete it.
12. Complaints & supervisory authorities
- South Africa — Information Regulator (South Africa): inforegulator.org.za.
- Kenya — Office of the Data Protection Commissioner (ODPC): odpc.go.ke.
- EU / UK — your local data protection authority (e.g. the UK ICO).
13. Changes to this policy
We may update this Privacy Policy from time to time. The latest version is always published here with its “last updated” date.
Questions or requests? Contact our Information Officer at santi@santi.co.za, call +27 71 591 4495, or write to Santi U, Zeiss Road, Wilgespruit, Roodepoort, 1724, South Africa.