Home Privacy Policy

Privacy Policy

The Body Shop (TBS) Privacy Policy

For purposed of this Privacy Policy, personal information is information as defined in the Protection of Personal Information Act 4 of 2013.

INTRODUCTION AND AUTHORITY

  • Clicks Group Limited is a health, beauty and wellness retailer which is operated through its subsidiaries ("CGL" or "we" or "us" or "our"). We operate in the Republic of South Africa, Namibia, Botswana, eSwatini and Lesotho. Our head office is located at Cnr Searle and Pontac Street, Woodstock, Cape Town, South Africa.
  • We are the Responsible Party over Personal Information which may relate to you. This Personal Information may include your healthcare information (given the type of retail business that we operate) as well as other information about you as a customer of CGL. We process this information to provide services to you.
  • We understand the importance of this information to you, and we are committed to only Processing Personal Information in a way that is lawful, reasonable, and relevant to our business activities, guided by the industry regulators.
  • Ultimate oversight of processing of Personal Information at CGL remains at board-level. For practical reasons, this function has been delegated to our Group Information Officer who is responsible for ensuring that your Personal Information is treated in accordance with the laws and regulations that apply to CGL. You may contact our Group Information Officer at [email protected] to discuss this Privacy Policy or your rights under data protection laws that are applicable to you.
  • This Privacy Policy sets out how we will treat your Personal Information whether provided by you to us or collected by us through other means in your ordinary use of our services, which includes access to our websites and application (“the Web Apps"). This Privacy Policy describes our approach and practices in respect of your Personal Information and our treatment thereof.
  • This Privacy Policy must be read together with terms and conditions that appear on our Web Apps and any other documents or agreements (for example our ClubCard terms and conditions) that describe the manner in which we, in specific circumstances, collect or process Personal Information about you. This will enable you to understand the manner in which CGL will process your Personal Information. This Privacy Policy supplements such other documents and agreements, however does not supersede them and in the event of a conflict, the terms of the particular document or agreement will prevail.

PERSONAL INFORMATION THAT IS PROCESSED BY CGL

  • CGL may collect, acquire, receive, record, organise, collate, store, update, change, retrieve, read, process, analyse, use and share your Personal Information in the manner as set out in this Privacy Policy. When we perform one or more of these actions, we are "Processing" your Personal Information.
  • "Personal Information" refers to private information about an identifiable natural or juristic person. Personal Information does not include information that does not identify a person (including in instances where that information has been anonymised), or information available to the public. The Personal Information that we collect about you may differ depending on the services and the goods that you procure from CGL.
  • In the course of engaging with us, you may share:
    • Identity Information, which includes information concerning your name, username or similar identifier, marital status, title, date of birth, gender, race and legal status, as well as copies of your identity documents, identity number, and registration number;
    • Contact Information, which includes your billing addresses, delivery addresses, e-mail addresses and telephone numbers;
    • Healthcare Information, which includes the history of medication dispensed to you and other information necessary to comply with CGL’s pharmacy regulatory obligations;
    • Information relating to a Child, which includes the Healthcare Information and Identity Information of a child, being a natural person under the age of 18;
    • Financial Information, which includes payment card details and health insurance information;
    • Transaction Information, which includes details about goods and services procured by you and payments received from you;
    • Technical Information, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Web Apps;
    • Usage Information, which includes information as to your access to and use of the Web Apps, products and services;
    • Loyalty Information, which includes your chosen CGL administered loyalty programmes, your participation in the loyalty programme, as well as the benefits which you have accumulated;
    • Marketing and Communications Information, which includes your preferences in respect of receiving marketing information from us and our third parties, your interaction with CGL and your communication preferences;
    • CCTV, some of our stores and facilities are monitored by CCTV cameras for security and quality control reasons.
  • CGL may also process, collect, store and/or use aggregated data, which may include historical or statistical data ("Aggregated Data") for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information, as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Information in a manner that has the result that it can directly or indirectly identify you, we will treat the combined data as Personal Information, which will be managed in accordance with this Privacy Policy.

HOW WE COLLECT YOUR PERSONAL INFORMATION

  • We collect your Personal Information in three ways, namely:
    • through direct or active interactions with you;
    • through automated or passive interactions with you; and
    • from third parties.
  • Direct or active collection from you
    • We may require that you submit certain Personal Information when you are –
      • procuring goods or services from CGL,
      • participating in the loyalty programmes facilitated by CGL;
      • accessing portions of the Web Apps;
      • contracting with CGL;
      • communicating directly with us, for example via e-mail, telephone calls, feedback forms, site comments or forums.
  • If you contact us, we reserve the right to retain a record of that correspondence or voice recording, which may include Personal Information.
  • The Personal Information that we actively collect from you may include any of types of Personal Information listed in paragraph 2 of this Privacy Policy.
Passive collection from your Access Device
  • We may passively collect your Personal Information from the devices that you use to access and navigate the Web Apps or to make use of our online services (each an "Access Device"), by way of various technological applications, for instance, using server logs to collect and maintain log information.
  • The Personal Information that we passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Usage Information, your Marketing and Communications Information, or any other Personal Information which you permit us, from time to time, to passively collect from your Access Device.
Personal Information collected from third parties
  • CGL may receive Personal Information about you from a third party where it is necessary in order to provide the services that you have procured from us, for instance where we receive your Personal Information from your healthcare provider.
  • CGL may also obtain your Contact Information from a third party where we are unable to contact you regarding your loyalty benefits, or other contractually obligated communications that we are obliged to send you.

HOW WE USE YOUR PERSONAL INFORMATION

  • We process your Personal Information to provide you with services you have requested, to provide you with your rewards from participating in our loyalty programmes, to fulfil our statutory and regulatory obligations and to maintain and improve your experience on the Web Apps.
  • We may use your Personal Information to:
    • comply with our regulatory reporting obligations, including submissions to the regulators that govern the operations of CGL (as a retailer, healthcare provider and processor of Personal information) in the jurisdictions that CGL operates;
    • comply with our statutory obligations, including submissions to the relevant government departments;
    • facilitate the provision of services to you, which may be provided by us or by third parties appointed by us, which includes the virtual healthcare services;
    • enable you to access third party software platforms or applications in order to participate in the services offered by CGL’s affinity partners;
    • conduct CGL’s recruitment and hiring processes, which includes the conducting of criminal record and credit checks, referrals, the capturing of a job applicant's details and the providing of status updates to job applicants;
    • retain and make information available to you on the Web Apps;
    • create your user account and allow use of the Web Apps, and to analyse and compare how you and other users make use of the Web Apps, including (without limitation) your habits, click-patterns, preferences, frequency and times of use, trends and demographic information;
    • establish and verify your identity on the Web Apps;
    • operate, administer, maintain, secure and develop the Web Apps and the performance and functionality of the Web Apps;
    • detect, prevent or manage actual or alleged fraud, security breaches or the abuse, misuse or unauthorised use of the Web Apps and contraventions of this Privacy Policy or any of terms and conditions that apply to your use of the Web Apps;
    • inform you about any changes to the Web Apps, this Privacy Policy or other changes that are relevant to you;
    • provide you with marketing material that is relevant to you;
    • diagnose and deal with technical issues and customer support queries and other user queries;
    • protect our rights in any litigation that may involve you;
    • communicate with you and retain a record of our communications with you and your communications with us;
    • enable your enjoyment of the benefits offered by CGL’s affinity partners;
    • analyse and compare the types of Access Devices that you make use of and your physical location; and
    • for other lawful purposes that are relevant to our business activities or regulatory functions.
CGL will restrict its processing of your Personal Information to the original purpose for which it was collected, unless CGL reasonably considers that it is necessary to process it for another purpose that is compatible with the original purpose or where CGL is required to process that information in compliance with its legal obligations.CGL may, where permitted or required to do so by applicable legislation, process your Personal Information without your knowledge or consent, and will do so in accordance with the further provisions of this Privacy Policy.

COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US

  • Where CGL is required to process certain Personal Information by law, or in terms of a contract that we have with you, and you fail to provide such Personal Information when requested to do so, CGL may be unable to perform in terms of the contract we have in place or provide the services that you have requested.
  • CGL may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation, should you fail to provide such Personal Information.

SHARING OF YOUR PERSONAL INFORMATION

  • We will not intentionally disclose your Personal Information, whether for commercial gain or otherwise, other than with your permission or in the manner as set out in this Privacy Policy.
  • We may share your Personal Information under the following circumstances:
    • with our agents, advisers, service providers and suppliers that have agreed to be bound by this Privacy Policy or similar terms, which offer the same level of protection as this Privacy Policy;
    • with our affinity partners to ensure that you are able to participate in our loyalty programmes;
    • with our employees, suppliers, service providers and agents to the extent that they require such Personal Information in the provision of services , which include hosting, development and administration, technical support and other support services relating to the Web Apps or the operations of CGL. We will authorise any Personal Information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
    • to enable us to enforce or apply any other contract between you and us;
    • to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents, brokers and any other third party;
    • to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents, brokers or any other third party;
    • with governmental agencies, and other regulatory or self-regulatory bodies, if required to do so by law or there is a reasonable belief that such is necessary for:
      • compliance with the law or with any legal process;
      • the protection and defence of the rights, property or safety of CGL, or our customers, employees, contractors, suppliers, service providers, agents, brokers or any third party;
      • the detection, prevention and management of actual or alleged fraud, security breaches, technical issues, or the abuse, misuse or unauthorised use of the Web Apps and contraventions of this Privacy Policy; and
      • the protection of the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).

STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION

  • We store your Personal Information on our infrastructure or those of our service providers.
  • We reserve the right to transfer to and/or store your Personal Information on infrastructure in a jurisdiction other than where it was collected, or outside of South Africa.
  • If the location to which Personal Information is transferred and/or is stored does not have substantially similar data protection laws to those of South Africa, we will take reasonably practicable steps, including the imposition of appropriate contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
  • Please contact us if you require further information as to the specific mechanisms used by us when transferring your Personal Information outside of South Africa or to a jurisdiction that is different to the one in which we collected your Personal Information.

SECURITY

  • We take reasonable technical and organisational measures to secure the confidentiality and integrity of retained information and protect it from misuse, loss, alteration and destruction though the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information. These measures are in line with the obligations imposed on us by legislation as a Responsible Party.
  • We review our information collection, storage and processing practices, including physical security measures periodically, to ensure that we keep abreast of good practice.
  • We are PCI DSS compliant.
  • CGL has implemented procedures to address actual and suspected data breaches.
  • We undertake to notify you and the relevant regulatory authorities of breaches in instances in which CGL is legally required to do so and within the period in which such notification is necessary.

RETENTION OF YOUR PERSONAL INFORMATION

  • We may retain and Process some, or all, of your Personal Information if and for as long as:
    • we are required or permitted by law, regulation or a contract with you to do so;
    • it is for lawful purposes that are related to the performance of our functions and activities;
    • we reasonably require it for evidentiary purposes; or
    • you agree to us retaining it for a specified further period.
  • To determine the appropriate retention period for Personal Information, CGL will consider, among other things, the retention obligations imposed on CGL by legalisation and regulation, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. CGL will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.

MAINTENANCE OF YOUR PERSONAL INFORMATION

  • In accordance with applicable legislation and CGL’s policies, we will take all necessary steps to ensure that the persons responsible for the maintenance of your Personal Information do so in a manner that ensures that it is accurate, complete, not misleading and is up to date.
  • CGL is committed to continuous educational initiatives aimed at all personnel on the treatment of Personal Information and more intensive training for those employees who deal directly with your Personal Information.
  • It is your responsibility to advise CGL or the persons responsible for the maintenance of your Personal Information should any of your Personal Information be incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in part 17 below. You may also update your Personal Information by accessing your “My Account” page on the Clicks website or mobile application and editing your details yourself.
  • CGL may use a third-party data source to update your contact information in situations where we are unable to contact you about loyalty benefits that have accrued to you.

YOUR RIGHTS

  • Data protection laws confer certain rights on you in respect of your Personal Information, which include the right to:
    • Request access to your Personal Information (commonly known as a “data subject access request”), thereby enabling you to receive a copy of the Personal Information retained about you.
    • Request the correction of your Personal Information in order to ensure that any incomplete or inaccurate Personal Information is corrected.
    • Request erasure of your Personal Information where there is no lawful basis for the retention or continued processing of it.
    • Object to the processing of your Personal Information for a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
    • Request restriction of processing of your Personal Information. This enables you to ask CGL to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.

Withdraw consent previously given in respect of the processing of your Personal Information at any time which withdrawal of consent will not affect the lawfulness of any processing carried out prior to your notice of withdrawal. Withdrawal of consent may limit the ability of CGL or a third party to provide certain products or services to you, but will not affect the continued processing of your Personal Information in instances in which your consent is not required.

CHANGES TO THIS PRIVACY POLICY

  • This Privacy Policy may be amended from time to time and we will take reasonably practicable steps to inform you when changes are made. Without limiting the manner in which we may inform you, it could be that such notification may be by way of e-mail (if you provide your e-mail address when you register to use the Web Apps), a "pop-up" notification on the Web Apps, or a notification when you access the Web Apps.

CHILDREN

  • CGL is obliged to Process Personal Information relating to children when providing our pharmacy services to you and when you have elected to participate in a loyalty programme administered by CGL that necessitates the processing of this type of Personal Information (for instance, BabyClub).
  • We will only collect Personal Information in respect of children with the express permission to do so from a competent person (any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child) or where we are obliged to by law.

DIRECT MARKETING

  • Your participation in the loyalty programmes run by CGL is enhanced by marketing material generated by us and sent to you. You would have agreed to receive marketing material when you signed up to the loyalty programme.
  • You may opt out of receiving marketing communication on certain topics, or all marketing material, by setting your preferences in your preference centre on the Web Apps. You can also request to be removed from receiving marketing communication from us at any time by contacting us at the contact details set out in part 17 and requesting that we desist from providing any direct marketing communication to you.
  • If you have chosen to opt out, we may send you written confirmation of receipt of your opt out request (which may be in electronic form), and will thereafter not send any further direct marketing communication to you.
  • There are certain service-related communications which we will still send to you in order to comply with our obligations to you. These will include communications to advise you of your loyalty rewards earned, or in respect of a transaction with you.

THIRD PARTY SITES

  • This Privacy Policy does not apply to the websites or applications of any other parties which may be linked to the Web Apps, or the applications, products or services advertised on these websites. This Privacy Policy equally does not apply to websites that link to or advertise the Web Apps. CGL is not responsible for the privacy practices of such third party websites.
  • We advise you to read the privacy policy of each third party website and determine whether you agree to the privacy practices and policies of such third party websites, as these third party websites may also be collecting or sharing your Personal Information.

GOVERNING LAW

  • This Privacy Policy is governed by South African law. Where, by operation of law, the data privacy legislation of another jurisdiction applies to the processing of your Personal Information, then that legislation will be followed to the extent that it differs from South African law.
  • If any provision of this Privacy Policy is determined to be illegal, void or unenforceable due to applicable law or by order of a court of a competent jurisdiction, it shall be deemed to be deleted and the continuation in full force and effect of the remainder of the provisions will not be prejudiced.

QUERIES AND CONTACT DETAILS

  • Should you feel that your rights in respect of your Personal Information have been infringed, or if you would like to request further information on this privacy policy, please address your concerns to CGL’s Group Information Officer at [email protected].
  • For general enquiries regarding our loyalty programmes, including the receipt of marketing materials from CGL, you may contact us telephonically via our Customer Service Centre on 0860 254 257 (if you are calling from within South Africa) or +27 (0)21 460 1009. You may also email your query to [email protected].