1. About this Privacy Policy
This Privacy Policy explains how CWS Poetic Artistry (Pty) Ltd (“CWS”, “we”, “us”) collects, uses, shares, stores, and protects personal information when you interact with us. This includes when you visit our websites, request a quote, become a client, attend or engage with an event activation we support, or communicate with us via email, phone, or messaging platforms such as WhatsApp.
We aim to comply with the Protection of Personal Information Act, 4 of 2013 (“POPIA”).
2. Who we are
Responsible party: CWS Poetic Artistry (Pty) Ltd.
Information Officer: The Director of CWS Poetic Artistry (unless another Information Officer is appointed).
Website: https://cwspa.co.za
Email: info@cwspa.co.za (primary) | cwspoeticartistry@gmail.com (alternative)
Phone: +27 64 543 9376
If you have questions about this policy or want to exercise your privacy rights, contact us using the details above.
3. Services this policy covers
CWS Poetic Artistry provides creative and digital services, including:
- Branding and visual identity (logos, brand guidelines, packaging, design assets)
- Website design and development (Wix, WordPress, Shopify) and related hosting/domain setup support
- Motion graphics, video editing, lyric videos, and media production support
- Presentation and pitch deck design
- Event creative, signage, and activation mockups
- Augmented reality (AR) experiences triggered by QR codes for posters/packaging/events
- Social media content design and digital marketing support
- Product sourcing and order facilitation as an agent between suppliers and customers (including fulfilment coordination)
- Customer support, bookings, and order communication via WhatsApp (manual and automated)
Depending on the project, we may also manage third-party tools or accounts on your instruction (e.g., website platforms, email services, analytics tools).
4. Personal information we collect
We may collect personal information directly from you, from your organisation, or automatically when you use our websites.
4.1 Information you provide to us
Examples include:
- Contact details (name, surname, email address, phone number, company name, job title)
- Project information (briefs, preferences, brand requirements, creative feedback)
- Billing and admin information (invoices, VAT details if applicable, purchase order info, payment references)
- Content and media you share with us (photos, videos, logos, copy, brand assets, event footage)
- Communications (emails, messages, call notes, meeting notes)
- Order and delivery information (product(s) ordered, delivery address, contact number for delivery, order notes)
- WhatsApp communications (message content, attachments you send, and related metadata such as timestamps)
4.2 Information we collect automatically
When you visit our websites or landing pages, we may collect:
- Device and browser information, IP address, approximate location (city/region), and language
- Website usage data (pages viewed, links clicked, time spent, referring/exit pages)
- Cookie and similar tracking data (see section 11)
4.3 Special personal information and children
We do not intentionally collect special personal information (such as health data, religious beliefs, or biometrics) unless it is necessary for a specific project and you have a lawful basis to provide it to us. We also do not intentionally collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take reasonable steps to delete it.
5. How we use personal information
We use personal information for the following purposes:
- To respond to enquiries, provide quotes, and manage client relationships
- To plan, deliver, and improve our services and creative work
- To communicate about projects, approvals, changes, timelines, and deliverables
- To create, test, and maintain websites, digital assets, and AR experiences
- To process payments, keep financial records, and meet legal and tax obligations
- To facilitate product orders and deliveries (as an agent between suppliers and customers), including support and returns where applicable
- To provide customer support via WhatsApp for bookings, orders, and enquiries (manual and automated)
- To market our services where permitted. We do not currently run newsletters or bulk email marketing; if we introduce them in future, we will follow opt-in/opt-out rules
- To showcase our work (e.g., portfolio/case studies) where you have approved this or we have another lawful basis
- To secure our systems, prevent fraud, and protect our business and clients
6. Lawful basis for processing (POPIA)
We process personal information only where we have a lawful reason under POPIA. Depending on the context, this may include:
- Your consent (for example, when you opt in to receive marketing messages)
- Performance of a contract or taking steps to enter into a contract (for example, delivering a website or design project)
- Compliance with a legal obligation (for example, tax or accounting rules)
- Our legitimate interests (for example, running our business, improving services, and preventing fraud), balanced against your rights
7. How we share personal information
We may share personal information with trusted third parties only when necessary for the purposes described in this policy, including:
- Hosting and infrastructure providers (e.g., EliteHost) used to run our website, servers, and backups
- Analytics and advertising platforms (e.g., Google Analytics, Meta Pixel, TikTok Pixel) where enabled on our sites or client sites at your instruction
- Suppliers and delivery partners where needed to fulfil product orders (only the minimum required, such as delivery address and contact number)
- Website platforms and tools you choose for your project (e.g., WordPress hosting, Wix, Shopify)
- Payment providers, banks, and accounting tools (where applicable)
- Professional advisers (e.g., accountants, lawyers) and regulators/authorities where required by law
We do not routinely use freelancers or subcontractors who access client personal information. Where a supplier or courier must deliver an order, we share only what is needed to fulfil that delivery.
In many client projects (for example, building a client website or running a campaign for a client), we process personal information on the client’s instructions. In those cases, the client remains the responsible party and we act as an operator as defined in POPIA.
When we use service providers, we take reasonable steps to ensure they only process personal information on our instructions and keep it secure.
8. International transfers
Some of the tools and platforms we use may process personal information outside South Africa (for example, hosting providers, cloud services, Google Analytics, Meta/WhatsApp services, and TikTok services). Where we transfer information internationally, we take reasonable steps to ensure appropriate safeguards are in place or that the recipients have adequate security practices.
9. Security
We take reasonable technical and organisational measures to protect personal information from loss, misuse, unauthorised access, or disclosure. These measures may include access controls, secure passwords and multi-factor authentication where available, role-based access to project files, encryption where appropriate, and secure storage on our internal servers hosted with EliteHost.
No method of transmission or storage is 100% secure. If we become aware of a security compromise that may affect your personal information, we will take reasonable steps to investigate and notify affected parties where required.
10. Retention
We generally retain personal information for up to 3 years from the last interaction or completion of a project/order. We may keep certain records for longer where required or permitted by law (for example, tax, accounting, or dispute resolution), after which we will securely delete or anonymise them where practicable.
11. Cookies and tracking
Our websites use cookies and similar technologies to improve site performance, remember preferences, understand website usage, and measure marketing effectiveness. This includes analytics tools such as Google Analytics and marketing/measurement trackers such as Meta Pixel and TikTok Pixel.
Common examples include:
- Essential cookies needed for site features to work
- Analytics cookies (e.g., Google Analytics) to understand site traffic and usage patterns
- Marketing cookies/pixels (e.g., Meta Pixel and TikTok Pixel) to measure ad performance, attribute conversions, or build audiences
You can control cookies through your browser settings. If you disable cookies, some site features may not function properly.
12. Direct marketing
We do not currently send newsletters or bulk marketing emails. If we start sending marketing communications in future, we will do so only where permitted and, where required, with your consent. You can opt out at any time by using an unsubscribe option (where available) or by contacting us.
13. Your privacy rights
Subject to POPIA and other applicable laws, you may have the right to:
- Ask what personal information we hold about you
- Request access to your personal information
- Request correction, update, or deletion of personal information where appropriate
- Object to certain processing (including direct marketing)
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Information Regulator
To exercise these rights, contact us using the details in section 2. We may need to verify your identity before responding.
14. Third-party links and platforms
Our websites or campaigns may link to third-party sites or platforms (for example, social media platforms, ticketing platforms, or payment services). Their privacy practices are governed by their own policies. We recommend reviewing the privacy policy of any third-party service you use.
15. Changes to this policy
We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this document.
16. Contact and complaints
If you have questions or concerns, contact:
CWS Poetic Artistry (Pty) Ltd
Email: info@cwspa.co.za
Phone: +27 64 543 9376
You may also lodge a complaint with South Africa’s Information Regulator.
Information Regulator complaint emails (as published by the Regulator):
- POPIA complaints: POPIAComplaints@inforegulator.org.za
- PAIA complaints: PAIAComplaints@inforegulator.org.za
Appendix A: Service-specific notes (practical examples)
This appendix explains how personal information may appear in specific types of CWS work:
A1. Website builds and hosting support
We may have access to admin accounts, domain controls, hosting dashboards, and website analytics on your instruction (including Google Analytics, Meta Pixel, and TikTok Pixel where enabled).
We recommend you:
- Use unique passwords and enable multi-factor authentication where available
- Limit admin access to people who need it
- Review analytics and marketing tracker settings (e.g., pixels) before launch
A2. Social media content and marketing support
When we help with social content, we may process audience messages, comments, or contact details you share with us for the purpose of responding or reporting.
A3. Event creative and activations
Event-related work may include processing guest lists, RSVP forms, competition entries, or on-site lead capture (e.g., sign-up forms or QR code scans). Where we build the forms, we can include consent checkboxes and clear notices on request.
A4. AR experiences (QR-triggered)
AR experiences may collect basic technical data required to deliver the experience (for example, device type, session data, and usage metrics). If you want to collect names, emails, phone numbers, or location data through the AR experience, we recommend explicit notice and consent.
A5. Product orders and fulfilment (agent sales)
When we facilitate the sale of products as an agent between a supplier and a customer, we may process order details, proof of payment or payment references, and delivery information. We may share the minimum information required with the supplier and/or delivery partner so they can fulfil the order (for example, delivery address and contact number).
A6. WhatsApp support and automation
We use WhatsApp for bookings, orders, and support. Conversations may be handled manually and, in some cases, through automation tools. Please do not share sensitive personal information over WhatsApp unless it is necessary. WhatsApp is a Meta service and may process data outside South Africa.
Appendix B: Operational configuration (as of effective date)
This appendix records the current operating setup that this policy is written for:
- Business model: Creative/digital services plus product order facilitation as an agent between suppliers and customers
- Website platform: WordPress (https://cwspa.co.za)
- Tracking on our website: Google Analytics, Meta Pixel, and TikTok Pixel are enabled
- Email marketing: Not currently running newsletters or bulk email marketing (may be introduced in future with proper consent and opt-out)
- WhatsApp: Used for bookings, orders, and customer support (manual and automated)
- Lead capture: Primarily word-of-mouth (no event/QR lead capture processes currently in use)
- Data storage: Project and operational data stored on internal servers hosted on EliteHost
- Subcontractors: No freelancers/contractors with routine access to client data; supplier/courier access may occur only to fulfil an order
- Retention: 3 years standard retention (subject to legal exceptions)
- CCTV/visitor logs: Not in use