Privacy Policy

Add Your Heading Text Here

Effective date: 16 March 2026

Last updated: 16 March 2026

1. Introduction

Welcome to chrisnicholson.co.za (“the Website”). We respect your privacy and are committed to protecting your personal information in accordance with applicable data protection laws, including the Protection of Personal Information Act, 4 of 2013 (“POPIA”) and, where applicable, the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit the Website, contact us, purchase products, or otherwise interact with us.

2. Who we are

The Website is operated by:

C R Nicholson

Sole trader / sole proprietor

15 Mount Argus Rd, Umgeni Heights, 4051, Durban, South Africa

Email: chris@chrisnicholson.co.za

Alternative email: chrisnic@iafrica.com

Telephone: +27 (0)83 991 1988 / 031 563 1707

For purposes of GDPR, we are the data controller.

For purposes of POPIA, we are the responsible party.

3. Scope of this policy

This policy applies to personal information collected through:

  • the Website,

  • the contact form and email communications,

  • ebook purchases and checkout processes,

  • newsletter or marketing sign-ups, if offered,

  • cookies and similar website technologies,

  • customer service and support communications.

4. The personal information we collect

Depending on how you use the Website, we may collect the following categories of personal information:

4.1 Information you provide directly

  • Full name

  • Email address

  • Telephone number

  • Postal or billing address

  • Order and transaction details

  • Messages or enquiries you send us

  • Information you submit through forms

4.2 Information collected automatically

When you browse the Website, we may automatically collect:

  • IP address

  • Browser type and version

  • Device information

  • Operating system

  • Referral source

  • Pages visited

  • Date and time of access

  • Website usage and navigation data

  • Cookie identifiers and similar technical data

4.3 Payment information

If you make a purchase, your card payment is processed by a third-party payment gateway. We do not store your full card details on the Website. Payment processing is handled through PayGate or another appointed payment processor.

4.4 Special personal information

We do not intentionally collect special or sensitive personal information unless:

  • you choose to provide it voluntarily,

  • it is necessary for a lawful purpose, and

  • we are permitted to process it under applicable law.

Please do not send sensitive personal information unless it is strictly necessary.

5. How we collect your information

We collect personal information:

  • when you complete a contact form,

  • when you email or call us,

  • when you place an order,

  • when you subscribe to updates or marketing communications,

  • through cookies and analytics tools,

  • through logs generated by the Website and hosting environment.

6. Why we process your personal information

We use your personal information for the following purposes:

  • to operate and maintain the Website,

  • to process and fulfil ebook orders,

  • to deliver digital products,

  • to communicate with you regarding your enquiry or order,

  • to provide customer service and support,

  • to keep accounting and business records,

  • to improve the Website, products, and user experience,

  • to detect, prevent, and investigate fraud, abuse, and security incidents,

  • to comply with legal and regulatory obligations,

  • to send marketing communications where permitted by law or where you have consented.

7. Legal bases for processing

7.1 Under GDPR

Where GDPR applies, we process personal data on one or more of the following legal bases:

  • Consent – where you have clearly agreed to specific processing, such as optional marketing cookies or newsletters.

  • Performance of a contract – where processing is necessary to fulfil your order or provide requested services.

  • Legal obligation – where we must comply with tax, accounting, legal, or regulatory requirements.

  • Legitimate interests – where processing is reasonably necessary for running and securing our business and Website, provided your rights do not override those interests.

7.2 Under POPIA

Where POPIA applies, we process personal information in line with the applicable lawful processing conditions, including accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.

8. Cookies and similar technologies

The Website may use cookies, pixels, tags, and similar technologies to:

  • enable core website functionality,

  • remember preferences,

  • support shopping cart and checkout functions,

  • understand website usage,

  • improve performance,

  • support security,

  • measure marketing effectiveness.

8.1 Types of cookies we may use

  • Strictly necessary cookies – required for site operation and cart/checkout functionality.

  • Analytics cookies – used to understand how visitors use the Website.

  • Preference cookies – used to remember your settings.

  • Marketing cookies – used only where applicable and, where required, with consent.

8.2 Cookie choices

You can control cookies through your browser settings and, where implemented, through our cookie banner or consent tool. Disabling certain cookies may affect website functionality.

Important: If the Website uses analytics, Meta Pixel, Google Ads, embedded social media, YouTube, reCAPTCHA, or a cookie banner plugin, those specific tools should be listed here before publication.

9. Direct marketing

We may send you marketing communications only where allowed by law. Under POPIA, direct marketing by electronic communication is regulated, and under GDPR marketing generally requires a valid lawful basis, often consent depending on context. 

You can opt out of marketing at any time by:

  • clicking the unsubscribe link in the message, or

  • contacting us using the details in this policy.

We will not continue sending marketing messages after you opt out, except for service-related communications necessary to fulfil a transaction or respond to a request.

10. Sharing your personal information

We may share your information with trusted third parties where necessary, including:

  • website hosting providers,

  • payment processors such as PayGate,

  • email service providers,

  • website maintenance or development providers,

  • analytics and security providers,

  • accountants, legal advisers, or auditors,

  • regulators, authorities, or law enforcement where required by law.

We require service providers to process personal information only on documented instructions and with appropriate security measures.

11. International transfers

Because some service providers may host or process data outside South Africa or outside your country of residence, your personal information may be transferred internationally.

Where GDPR applies and data is transferred outside the EEA/UK to a country not recognised as adequate, we will take appropriate safeguards, such as contractual protections or another lawful transfer mechanism.

Where POPIA applies, we will take reasonable steps to ensure any cross-border transfer complies with applicable requirements.

12. Data retention

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, including to satisfy legal, tax, accounting, fraud-prevention, and dispute-resolution requirements.

Typical retention periods may include:

  • Contact enquiries: up to 12–24 months after final correspondence

  • Customer order records: up to 5 years, or longer where required for tax, accounting, or legal purposes

  • Marketing records and consent logs: until you withdraw consent or object, plus a reasonable record-keeping period

  • Technical logs and analytics data: for the period reasonably necessary for security, maintenance, and reporting

Where data is no longer needed, we will delete, destroy, anonymise, or de-identify it where appropriate.

13. Your rights

13.1 Rights under GDPR

Where GDPR applies, you may have the right to:

  • access your personal data,

  • correct inaccurate data,

  • request deletion,

  • restrict processing,

  • object to processing,

  • request portability,

  • withdraw consent at any time where processing is based on consent,

  • lodge a complaint with a supervisory authority.

13.2 Rights under POPIA

Under POPIA, you may have the right to:

  • request access to your personal information,

  • request correction, deletion, or destruction of personal information,

  • object to certain processing,

  • withdraw consent where applicable,

  • complain to the South African Information Regulator.

You may exercise your rights by contacting us using the details in section 2.

14. How to complain

If you believe your personal information has been handled unlawfully, please contact us first so we can try to resolve the issue.

You may also lodge a complaint with the Information Regulator (South Africa):

The Information Regulator (South Africa)

Website: Information Regulator South Africa

General enquiries: inforeg@justice.gov.za / POPIAComplaints@inforegulator.org.za

If GDPR applies to your case, you may also complain to your local EU/EEA supervisory authority.

15. Security of your information

We take reasonable technical and organisational steps to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, and destruction.

These measures may include:

  • SSL/TLS encryption,

  • secure payment processing via third-party gateway,

  • restricted access to personal data,

  • password and system security controls,

  • website and server security measures,

  • regular maintenance and updates where reasonably possible.

No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

16. Data breaches

If we become aware of a security compromise involving your personal information, we will take steps required by applicable law, including investigating the incident and notifying affected persons and regulators where legally required. POPIA provides for notification where there are reasonable grounds to believe personal information has been accessed or acquired by an unauthorised person. 

17. Children’s privacy

This Website is not intentionally directed at children, and we do not knowingly collect personal information from children in a manner that would require parental authorisation under applicable law. If you believe a child has provided personal information without appropriate permission, please contact us so we can take appropriate action.

18. Third-party websites and services

The Website may contain links to third-party websites, book retailers, social platforms, embedded content, or payment tools. We are not responsible for the privacy practices of third-party websites or services. You should review their privacy policies separately.

19. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated revision date. Where required, we will take additional steps to notify you.

20. Contact us

If you have any questions about this Privacy Policy or how your personal information is handled, please contact:

C R Nicholson

15 Mount Argus Rd, Umgeni Heights, 4051, Durban, South Africa

Email: chris@chrisnicholson.co.za

Alternative email: chrisnic@iafrica.com

Telephone: +27 (0)83 991 1988 / 031 563 1707