Privacy Policy — The Tuscan Touch
Last updated: 26 September 2025
Who we are
Website: https://thetuscantouch.co.za
Business/Responsible Party: The Tuscan Touch (sole proprietorship, South Africa)
Primary Contact: Via our Contact page (“Privacy Request” in the subject).
Information Officer (POPIA): Website Owner, The Tuscan Touch (contact via the form above)
This Privacy Policy explains how we collect, use, share, and protect personal information when you use our website and services. We comply with South Africa’s POPIA and, where applicable, the GDPR for visitors from the EU/UK.
Information we collect
You provide directly:
Contact details (name, email, phone) when you enquire or request a quote.
Service details (project brief, location, property or design preferences).
Billing details when invoices are issued (name, billing address, VAT where applicable).
Messages and attachments you send us.
Collected automatically:
Usage data (pages visited, time on page, referring site).
Technical data (IP address, browser, device, OS).
Cookies and similar technologies (see Cookies).
From third parties (if you use them to reach us):
Booking/scheduling tools, analytics platforms, payment processors (only if enabled).
We do not intentionally collect special-category data or children’s data. If you believe we have, contact us to remove it.
Why we process your information (lawful basis)
To respond to enquiries, provide quotes, perform services, and manage projects (Contract/Performance).
To operate, secure, and improve our website and services (Legitimate Interests).
To meet legal/financial obligations such as tax and accounting (Legal Obligation).
With your consent for marketing emails or non-essential cookies/analytics (Consent). You can withdraw consent at any time.
How we use your information
Communicating with you about enquiries, quotes, bookings, and services.
Preparing proposals, invoices, and service documentation.
Securing and maintaining our website (e.g., firewall/WAF) and preventing abuse.
Improving content, UX, and service quality.
Sending service notices and, with consent, marketing updates.
Complying with legal and regulatory requirements.
Sharing your information
We share information only with necessary service providers (operators) who act on our instructions, such as:
Hosting/CDN & security (e.g., web host, LiteSpeed/QUIC.cloud, firewall/WAF).
Email delivery (SMTP or transactional email provider).
Analytics (e.g., Google Analytics 4) if enabled.
Booking or payment tools (if used in future).
Professional advisors (accounting/legal) under confidentiality.
Regulators/law enforcement when required by law.
We do not sell your personal information.
International transfers
Some providers may process data outside South Africa/EU. Where they do, we rely on appropriate safeguards (e.g., Standard Contractual Clauses or equivalent protections).
Retention
Enquiries/quotes: up to 24 months after last contact (unless you become a client).
Client/project & invoice records: 5–7 years for tax/accounting.
Security logs: typically 30–180 days unless needed for investigations.
Analytics/cookies: per their expiry or until you clear cookies/withdraw consent.
We delete or anonymise data when it’s no longer required.
Your rights
Subject to POPIA/GDPR, you may:
Access your personal information.
Correct or update it.
Request deletion (where not required by law).
Object to or restrict processing.
Withdraw consent for consent-based processing.
Lodge a complaint with the Information Regulator (South Africa) or your local data authority.
How to exercise your rights: Submit a request via our Contact page using “Privacy Request” in the subject.
Information Regulator (South Africa): https://inforegulator.org.za
Cookies & tracking
We use necessary cookies to run the site (security, performance, caching). We may use analytics (e.g., GA4) and, if enabled in future, marketing cookies. You can manage cookies in your browser. Where required, we’ll show a cookie banner to obtain consent for non-essential cookies.
Security
We use reasonable technical and organisational measures (HTTPS, firewalls/WAF, least-privilege access, updates). No system is perfectly secure; if a data incident affects you, we’ll notify you and the regulator where required.
Third-party links
Our site may link to other websites. Their privacy practices are their own; please review their policies.
Children
Our services are not directed to children. If you believe a child provided information, contact us to remove it.
Changes to this policy
We may update this policy from time to time. The “Last updated” date will change, and material updates will be communicated prominently on the site.
Contact
For privacy questions or requests, please use our Contact page and select “Privacy Request”.