PRIVACY POLICY

CR & Co. (Pty) Ltd
Last updated: 24 June 2025

CR & Co. (“we”, “us”, “our”) is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your data when you access our websites, purchase our products, or engage with our services.

By using our websites or purchasing from us, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

1. Information We Collect

We collect personal information in accordance with South Africa’s Protection of Personal Information Act (POPIA), the General Data Protection Regulation (GDPR) for EU/UK users, and the California Consumer Privacy Act (CCPA) for U.S. California residents.

1.1 Information You Provide Voluntarily

  • Name and surname

  • Email address

  • Phone number

  • Physical or billing address

  • Account login details (if applicable)

  • Payment information (processed securely by third-party gateways)

  • Messages, questions, or communication submitted through our websites

  • Information shared during coaching, mentoring, consulting, or service delivery

  • Brand assets or materials uploaded for design services

  • Social media profiles voluntarily provided

  • Content uploaded in forms, applications, or surveys

1.2 Automatically Collected Information

When you visit our websites, we may automatically collect:

  • IP address

  • Browser type and version

  • Device type, operating system, and screen resolution

  • Pages viewed, time spent, click behaviour

  • Referral URLs

  • General geographical location (non-identifiable)

  • Session data and browsing preferences

1.3 Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Improve website performance

  • Personalize user experience

  • Analyze traffic and usage

  • Support advertising (Meta Pixel, Google Analytics)

  • Remember preferences

  • Identify returning visitors

You may disable cookies in your browser, but some features may not work correctly.

2. How We Use Your Information

We process your personal information for the following purposes:

2.1 Service Delivery

  • Creating and managing accounts

  • Processing purchases and delivering digital downloads

  • Providing coaching, mentoring, consulting, design, branding, or copywriting services

  • Sending program access links, course materials, or community invitations

2.2 Communication

  • Responding to enquiries

  • Sending confirmations, updates, receipts, or reminders

  • Providing customer support

  • Sending newsletters, promotions, or content (opt-out available at any time)

2.3 Business & Website Improvements

  • Analyzing trends and usage patterns

  • Improving site performance and user experience

  • Developing new products, templates, and services

2.4 Legal & Security

  • Detecting and preventing fraud or misuse

  • Enforcing contractual obligations

  • Complying with regulatory requirements

  • Protecting CR & Co. and its users

We do not sell personal information.

3. Legal Bases for Processing (GDPR Compliance)

For users in the EU/UK, we process data under the following lawful bases:

  • Consent — when you subscribe, accept cookies, or voluntarily provide information

  • Contractual necessity — to fulfill purchases or deliver services

  • Legitimate interest — improving services, maintaining website security

  • Legal obligation — tax, accounting, or regulatory requirements

You may withdraw consent at any time.

4. How We Protect Your Information

We use industry-standard measures to secure your data, including:

  • SSL encryption

  • Firewalls and secure servers

  • Password protection

  • Restricted access to authorised team members only

  • Regular security audits

While we take reasonable precautions, no system is 100% secure. You use our website at your own risk.

5. Sharing & Disclosure of Information

We may share your data with:

5.1 Third-Party Service Providers

Such as:

  • Payment processors (PayPal, Paystack, Stripe)

  • Website hosts (Showit, WordPress, cloud providers)

  • Email marketing platforms (FloDesk, ConvertKit, etc.)

  • Analytics tools (Google Analytics, Meta Pixel)

  • Course and membership platforms

  • Virtual assistants, contractors, or designers assisting with service delivery

All partners are required to keep your information confidential and use it only for agreed purposes.

5.2 Legal Requirements

We may disclose personal information to government authorities or law enforcement where:

  • Required by law

  • Necessary to protect rights, property, or safety

  • Needed to comply with legal processes or investigations

6. Your Rights

Depending on your location, you may have the following rights:

6.1 POPIA Rights (South Africa)

  • Access your personal information

  • Request correction

  • Request deletion

  • Object to processing

  • Withdraw consent

6.2 GDPR Rights (EU/UK Users)

  • Right to be informed

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restrict processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making

6.3 CCPA Rights (California Residents)

Right to Know

Request categories and specific details of personal information collected.

Right to Delete

Request deletion of personal information subject to lawful exceptions.

Right to Opt-Out of “Sale”

CR & Co. does NOT sell personal information.
Advertising cookies may be considered “sale” under CCPA — you may disable cookies or request opt-out.

Right to Non-Discrimination

Exercising privacy rights will not affect pricing, access, or service quality.

7. Data Retention

We keep personal information only for as long as needed to:

  • Provide purchased products or services

  • Meet legal, financial, or tax obligations

  • Maintain accurate business records

Digital purchase history may be retained indefinitely to provide ongoing product access.

You may request deletion at any time.

8. International Data Transfers

Your information may be stored or processed outside of South Africa through trusted service providers.

We ensure all international data transfers:

  • Meet POPIA safeguarding requirements

  • Comply with GDPR adequacy standards

  • Use secure, encrypted systems

9. Children’s Privacy

CR & Co. does not knowingly collect information from children under 16.
Minors are restricted from using our services or making purchases.

Any data unintentionally collected will be deleted immediately upon discovery.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically.
The latest version will always be available on our website.

Continued use of our website after updates indicates acceptance of the revised policy.

11. Contact Information

For questions about this Privacy Policy or to exercise your rights:

CR & Co. (Pty) Ltd
Email: chantell@chantellroberts.co
Address: 25 Stanley Road, Irene, South Africa