Privacy Policy

Green Pulse Permaculture
Version: 1.0
Effective Date: 28/07/2025
Last Reviewed: 28/07/2025
Website: www.greenpulsepermaculture.com
Information Officer: jenna@greenpulsepermaculture.com

 

Quick Summary (Plain Language)

We collect only the personal information we need to answer enquiries, deliver services, and send updates you’ve asked for. We keep it secure, don’t sell it, and delete it when it’s no longer needed. You can ask what we have, correct it, or tell us to delete it. If something goes wrong (like a data breach), we’ll tell you and the Information Regulator if required. Contact Jenna at jenna@greenpulsepermaculture.com for anything privacy-related.

​

1. Scope & Purpose of This Policy

This Privacy Policy explains how Green Pulse Permaculture ("Green Pulse", "we", "us", "our") collects, uses, stores, discloses, and protects personal information in South Africa in accordance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA). It applies to personal information collected through our website, direct communications, and related digital channels.

Note: This policy covers website visitors, prospective clients, and general enquiries. Personal information of employees, contractors, and job applicants is processed under separate internal employment privacy practices (see Section 18).

​

2. Key Definitions (POPIA-Aligned)

Personal Information: Any information relating to an identifiable, living, natural person, and where applicable, an identifiable juristic person. Examples: name, surname, email, phone number, IP address, correspondence.

Special Personal Information: Sensitive categories such as religious beliefs, health, biometric information, or union membership. We do not intentionally collect special personal information via the website (see Section 6.3).

Responsible Party: Green Pulse Permaculture – the party that determines the purpose and means of processing personal information.

Operator: A third party that processes personal information for or on behalf of the Responsible Party (e.g., hosting provider, email service).

Data Subject: The person (or juristic entity) whose personal information is being processed.

​

3. How We Collect Personal Information

We collect personal information in the following ways:

 

Collection Method: Contact Forms

Examples of Personal Information: Name, email, phone, message content

Purpose: Respond to enquiries; service follow-up

Mandatory?: Yes – to respond

​

Collection Method: Newsletter Signup / Mailing List

Examples of Personal Information: Name (optional), email

Purpose: Send news, updates, educational content

Mandatory?: No – opt-in

​

Collection Method: Direct Email / Phone

Examples of Personal Information: Name, contact details, service details

Purpose: Client communication; service provision

Mandatory?: Depends on enquiry

 

Collection Method: Direct Email / Phone

Examples of Personal Information: Name, contact details, service details

Purpose: Client communication; service provision

Mandatory?: Depends on enquiry

​

Collection Method: Website Analytics / Cookies

Examples of Personal Information: IP address, device type, pages viewed

Purpose: Improve website, measure traffic

Mandatory?: No – may be anonymised

 

We do not collect more information than is necessary for the stated purpose (POPIA principle of minimality).

 

4. Categories of Personal Information We Process

• Name and surname

• Email address

• Phone number (if provided)

• Location (if provided)

• Enquiry details or project-related information you share with us

• Website usage data (IP address, browser, device type, referring URL, pages visited)

We discourage submission of sensitive or confidential information through open forms. If needed, we will arrange a secure channel.

 

5. Purposes for Processing & Lawful Bases (POPIA)

POPIA requires that we process personal information lawfully and for specific, explicitly defined purposes. The table below maps what we process, why, and under which lawful ground.

​

Data Category: Contact form submissions

Primary Purpose: Respond to your enquiry or service request

Secondary Purpose: Follow-up on potential services

Lawful Basis (POPIA): Section 11(1)(a) – Consent (when form submitted) and/or 11(1)(b) – Contract / Pre-contractual steps

​

Data Category: Newsletter signup email

Primary Purpose: Send educational content & updates

Secondary Purpose: Marketing related to our services

Lawful Basis (POPIA): 11(1)(a) – Consent (opt-in; unsubscribe anytime)

​

Data Category: Direct client communications (email/phone)

Primary Purpose: Provide services requested

Secondary Purpose: Service records & invoicing

Lawful Basis (POPIA): 11(1)(b) – Contract and 11(1)(c) – Legal obligation (e.g., financial records)

​

Data Category: Website analytics data

Primary Purpose: Improve website performance & security

Secondary Purpose: Understand audience interests

Lawful Basis (POPIA): 11(1)(f) – Legitimate interests (balanced against privacy; mostly aggregated)

​

Data Category: Security logs / IP data

Primary Purpose: Detect abuse, fraud, or technical issues

Secondary Purpose: Protect systems and data

Lawful Basis (POPIA): 11(1)(f) – Legitimate interests; legal compliance where applicable

 

6. Consent & Preference Management

6.1 When We Rely on Consent

We rely on your consent when you:

• Subscribe to newsletters or updates.

• Tick a consent box on a form authorising communication.

6.2 Withdrawing Consent

You may withdraw consent at any time by:

• Clicking the unsubscribe link in emails (where available), or

• Emailing jenna@greenpulsepermaculture.com and requesting removal.

6.3 Special Personal Information

We do not request or intentionally process special personal information (e.g., health data, political opinions) via the website. If you submit it unintentionally, we will delete or restrict it unless legally required to retain it.

 

7. Your Rights Under POPIA

You have the following rights (subject to lawful limitations):

• Access: Request confirmation of whether we hold personal information about you and request a copy.

• Correction / Update: Ask us to correct inaccurate, irrelevant, excessive, or out-of-date information.

• Deletion / Destruction: Request deletion where we are no longer authorised to retain it.

• Objection: Object to processing for certain purposes (e.g., direct marketing).

• Restriction: Ask us to temporarily stop processing while a dispute is resolved.

• Complain: Lodge a complaint with the Information Regulator (see Section 20).

How to Submit a Rights Request

Email jenna@greenpulsepermaculture.com with the subject line: “POPIA Request – [Your Name]” and describe your request. We may need to verify your identity before acting.

 

8. Access to Information & PAIA Reference

The Promotion of Access to Information Act (PAIA) gives you the right to request access to records held by private bodies under certain conditions.

• If Green Pulse Permaculture becomes legally required to publish a PAIA Manual, a link will be made available here.

• Even if exempt, we will respond in good faith to reasonable information requests, subject to lawful grounds for refusal (confidentiality, third-party rights, legal privilege, etc.).

To request access to records under PAIA or POPIA, email jenna@greenpulsepermaculture.com. We will guide you through any required forms or fees.

 

9. Operators (Third-Party Service Providers)

We may share personal information with trusted third parties (“Operators”) who process data on our behalf for limited purposes, such as:

• Website hosting & backups

• Email delivery (transactional & newsletter)

• Form submission processing

• Website analytics & performance monitoring

We require Operators to:

1. Process information only on our documented instructions.

2. Use appropriate security safeguards.

3. Not subcontract without authorisation.

4. Notify us of security incidents involving personal information.

A current list of critical Operators can be provided on request.

 

10. Security Measures

We take reasonable, appropriate, and proportional technical and organisational measures to secure personal information against loss, unauthorised access, and misuse. These measures may include:

• SSL/TLS encrypted website connections

• Secure, access-controlled hosting environments

• Password / credential management best practices

• Regular software patching & updates

• Principle of least-access for staff/contractors

• Encrypted backups where feasible

No system is 100% secure; see Section 15 for breach response.

 

11. Retention & Destruction Policy

We keep personal information only as long as necessary for the purpose collected or as required by law (e.g., tax and financial record-keeping). Below are our standard retention guidelines:

​

Information type: General enquiries (no ongoing service)

Typical retention: 12 months

Rationale: Customer service follow-up

​

Information type: Client project records & correspondence

Typical retention: 5 years

Rationale: Contract reference & legal / financial compliance

 

Information type: Newsletter mailing list

Typical retention: Until unsubscribed or inactive >24 months

Rationale: Consent-based communication

 

Information type: Web analytics (aggregated)

Typical retention: Up to 26 months (tool dependent)

Rationale: Trend analysis; anonymised where possible

 

When retention periods expire, we will delete, archive, or de-identify records in a secure manner.

 

12. Cookies & Tracking Technologies

Our website may use cookies, pixel tags, log files, and analytics scripts to understand how visitors use the site and to improve performance. Cookies fall into the following categories:

• Strictly Necessary Cookies: Enable core site functionality (forms, session stability). Cannot be disabled in our systems.

• Performance / Analytics Cookies: Help us measure traffic, most-viewed content, and site errors (e.g., Google Analytics or similar tools).

• Functional Cookies: Remember your preferences (where applicable).

Managing Cookies

You can:

• Adjust browser settings to block or delete cookies.

• Use browser extensions to manage tracking.

• Opt out of analytics where the provider supports it.

Disabling some cookies may affect site functionality.

 

13. Automated Decision-Making or Profiling

We do not use automated decision-making that produces legal or similarly significant effects on individuals. Any analytics we perform are aggregate and used for site improvement.

 

14. Third-Party Links & Embedded Content

Our website may include links to third-party websites or embedded content (e.g., videos). Once you leave our site or interact with embedded services, their privacy policies apply. We encourage you to review those policies before providing personal information.

 

15. Cross-Border Transfers of Personal Information

Some of our Operators (e.g., hosting, email, analytics providers) may store or process personal information in data centres located outside South Africa.

Where cross-border transfers occur, we will take reasonable steps to ensure that the recipient is subject to a law, binding rules, or contract that provides an adequate level of protection substantially similar to POPIA (Section 72).

You may contact us to ask whether your data is stored locally or offshore and what safeguards are in place.

 

16. Data Breaches & Incident Response (POPIA Section 22)

Despite our safeguards, security incidents can happen. A data breach includes loss, theft, unauthorised access, disclosure, or alteration of personal information.

If we reasonably believe a data breach has occurred and that it may compromise your personal information, we will:

1. Investigate Immediately: Confirm scope, type of data involved, affected systems, and risk.

2. Contain & Mitigate: Secure systems, suspend access, reset credentials, and engage technical specialists if required.

3. Notify the Information Regulator: As required under Section 22 of POPIA.

4. Notify Affected Data Subjects (You): When there is a real or reasonable risk of harm. Notification will include:

   • What happened (in plain language)

   • What information was affected

   • What we are doing about it

   • Recommended steps you can take to protect yourself

   • Contact details for follow-up

5. Remediate & Prevent Recurrence: Review safeguards, update security, and document the incident.

 

17. Children & Minors

GreenPulse Permaculture offers educational and recreational services for children, including school Garden Clubs, workshops, and eco-parties and other educational and permaculture related activities. We recognise the importance of safeguarding children's personal information and comply with the Protection of Personal Information Act (POPIA).

 

Any personal information we collect about children is done so with verified consent from a parent, legal guardian, or authorised school representative. This may include names, allergies, age, or contact information, strictly for the purpose of programme administration and safety.

​

If you believe we have collected a child’s information without proper consent, please contact us immediately to request its deletion.

 

18. Employees, Contractors & Job Applicants

This Privacy Policy is written for website users, clients, and general enquiries. Personal information relating to employees, job applicants, and independent contractors is processed under internal employment/privacy policies and relevant labour and tax laws. Contact us if you need information about these practices.

 

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. The version number and effective date at the top of this page identify the current policy. Material changes may also be communicated via email (if we have your address) or a notice on the website.

 

20. Contact & Complaints

Contact the Information Officer

Name: Jenna
Email: jenna@greenpulsepermaculture.com
Preferred Subject Line: “Privacy / POPIA Enquiry”

Contact the Information Regulator (South Africa)

Website: https://www.justice.gov.za/inforeg/
Email (complaints): complaints.IR@justice.gov.za
Email (general): inforeg@justice.gov.za

 

21. Document History

Version

1.0

Date 

23/07/2025

Changes

Initial POPIA-compliant policy with PAIA reference, breach procedure, lawful basis mapping, retention table, and plain-language summary.​

​

​

​

​

​