Privacy Policy

Effective date: 28 April 2026 · Last reviewed: 28 April 2026

1. About This Policy

This Privacy Policy explains how Designer Pool Covers (Pty) Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you visit https://automatedpoolcovers.co.za or interact with us.

We comply with the Protection of Personal Information Act, 2013 (POPIA) and the Promotion of Access to Information Act, 2000 (PAIA). This policy meets the disclosure requirements of POPIA Section 18.

2. Who We Are (Responsible Party)

This site's role: Automatic, motorised, slatted and hydraulic pool cover specialists. Nationwide service with regional offices in Johannesburg, Cape Town, Durban and Pretoria.

3. What Personal Information We Collect and Why

We only collect personal information that is necessary, lawful and proportionate to the purpose for which it is collected.

Information you give us directly:

• Full name — to address you correctly in correspondence and on quotes/invoices.
• Physical address — to provide on-site assessment, delivery, and installation services.
• Telephone number — to coordinate site visits and provide service updates.
• Email address — to send quotes, invoices, warranty documents, and (if you opt in) maintenance reminders.
• Pool details (size, shape, photos you submit) — to design and manufacture your cover.
• Technical specifications — if you are an architect, pool builder, or commercial buyer, you may submit detailed pool drawings, specifications, or commercial project details. These are stored under additional confidentiality and used only for the project quoted.

Information we collect automatically:

• IP address and browser data — for security, fraud prevention and website optimisation.
• Cookie data — see Section 5.
• Pages visited and clicks — only if you have consented to analytics cookies.

Voluntary vs mandatory disclosure: Most fields on our quote forms are mandatory because we cannot quote without them. Newsletter sign-ups and marketing consent are entirely voluntary. Failure to provide mandatory information means we cannot deliver the service you requested.

4. Lawful Basis for Processing

Under POPIA, every data process must have a lawful basis. We rely on:

• Contractual necessity for installations, warranties, deliveries and after-sales service.
• Legitimate interest for quote generation, security and direct one-to-one customer communication.
• Consent for marketing communications, newsletters, and non-essential cookies (only if you explicitly opt in).
• Legal obligation for tax records (SARS requires 7-year retention) and for SANS 10134 compliance certificates.

5. Cookies and Tracking

We use cookies and similar technologies to make our website work and to improve your experience. You can manage cookies via the cookie banner that appears on your first visit, or by changing your browser settings.

You can withdraw cookie consent at any time via the cookie banner footer link or by clearing your browser cookies.

6. Who Has Access to Your Information

Internal access: Limited to authorised Designer Pool Covers staff (currently fewer than 10 people). All staff have signed POPIA-aligned confidentiality agreements.

External operators (third-party service providers we use):

• Cloud hosting — stores website and database files.
• Email service — handles email correspondence.
• Payment processor — handles deposits and final payments. We never store full card details.
• Analytics — Google Analytics 4 (only if consented).

Each operator has a written data processing agreement that requires them to apply at least the same level of protection as we do, and to use your information only for the purpose we instruct.

We do not sell, rent or trade your personal information to third parties.

7. Cross-Border Transfers

Some of our cloud and analytics operators store data outside South Africa (typically in the European Union or United States).

Under POPIA Section 72, we ensure cross-border transfers only happen where the recipient country provides an adequate level of protection, OR the operator has signed a data processing agreement that imposes equivalent protections, OR you have consented.

If you would prefer your data not to be transferred outside South Africa, please contact our Information Officer.

8. Your POPIA Rights

You are a Data Subject under POPIA. You have the right to:

• ✓ Be notified when your personal information is collected and when there is a security breach affecting your data.
• ✓ Access your personal information that we hold.
• ✓ Correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
• ✓ Object to processing on reasonable grounds, including direct marketing.
• ✓ Withdraw consent for any processing based on consent.
• ✓ Submit a complaint to the Information Regulator (see Section 9).
• ✓ Data portability — receive your data in a machine-readable format where technically feasible.

How to exercise your rights: Email our Information Officer (Willem de Wet) at [email protected]. We will acknowledge within 5 working days and resolve within 30 calendar days.

9. Complaints to the Information Regulator

If you believe we have not handled your personal information correctly and we have not resolved your concern, you can lodge a complaint with the Information Regulator (South Africa):

10. Data Retention

We retain your personal information only for as long as necessary for the purposes for which it was collected, and as required by law:

• Active customer data — retained for the duration of your warranty (typically 10–15 years).
• Tax records (invoices, payment records) — retained 7 years per SARS requirements.
• Quote-only enquiries that did not convert — deleted after 24 months.
• Marketing data (where you opted in) — deleted on opt-out, with backups purged within 90 days.
• CCTV / on-site visit records — deleted after 90 days unless required for warranty claim or legal proceeding.

After the retention period, data is permanently deleted from active systems and purged from backups within 90 days.

11. Security Measures

We use reasonable, appropriate technical and organisational measures to protect your personal information:

• Encryption — TLS 1.2+ for data in transit; AES-256 for data at rest.
• Access controls — role-based access, multi-factor authentication for staff.
• Backups — encrypted, geographically redundant.
• Staff training — annual POPIA training for all staff with data access.
• Incident response plan — documented breach response procedure (see Section 12).

12. Data Breach Notification

If we become aware of a security breach that has compromised your personal information, we will notify you and the Information Regulator as soon as reasonably possible (and within 72 hours where feasible), in line with POPIA Section 22.

Notifications will include the nature of the breach, the data affected, the measures we are taking, and what you can do to protect yourself.

13. Children's Information

Our services are aimed at adult homeowners. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact our Information Officer and we will delete it.

14. Changes to This Policy

We may update this policy from time to time. We will indicate the date of the most recent update at the top of this policy. Material changes will be communicated via email (where we have your email address) or via a prominent notice on our website.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact: