Privacy Policy
Privacy Policy
Effective Date: 7 June 2026 Version: v3 Document ID: hdcc-privacy-2026-06-07 Status: Active
1. Introduction
Welcome to Helderberg Dog Coaching Centre (HDCC). We are a dog coaching business based in Annandale Drive, Somerset West, Western Cape, South Africa, on the Seventh Day Adventist School premises. We specialise in Agility, Hoopers, Canine Conditioning and Fitness Coaching (CFT), Fundamentals courses, field rentals, and event hosting.
When you bring your dog to us, you trust us with more than just a booking. You trust us with your dog's health, behaviour history, and your personal details. This Privacy Policy explains, in plain language as required by the Consumer Protection Act (CPA) section 49, how we collect, use, and protect your personal information.
This policy is written to comply with the Protection of Personal Information Act, 2013 (POPIA), the Electronic Communications and Transactions Act, 2002 (ECTA), and the Consumer Protection Act, 2008 (CPA).
This policy applies to our website (https://helderbergdogcoaching.co.za and helderbergdogcoaching.com), our booking systems, our communications via WhatsApp, email, and SMS, and any physical interactions at the Site.
2. Responsible Party and Information Officer
Under POPIA, the "Responsible Party" is the person who decides why and how your personal information is processed.
- Responsible Party: Zelda Simon, sole owner of Helderberg Dog Coaching Centre.
- Information Officer: Zelda Simon (registered with the Information Regulator).
- Operational Email: helderbergdogcoachingcentre@gmail.com
- Legal Notices Email: legal-notices@helderbergdogcoaching.co.za (no-reply)
- Physical Address: Annandale Drive, Somerset West, Western Cape, South Africa.
If you have any question about your data, contact the Information Officer at the operational email above.
3. Personal Information We Collect
We only collect information we need to run our coaching, ensure safety, and manage bookings. We classify what we collect under POPIA section 1 categories:
3.1 Account Details (Section 1: "personal information")
- Full name, ID number, date of birth (with auto-calculated age), gender
- Cell phone number, email address
- Occupation, physical address, postal code
- Emergency contact name and number
- Physical disabilities or mobility limitations (collected to ensure we can adequately accommodate your needs — disclosure is optional)
3.2 Dog Information (Section 1: "personal information of the data subject" — your dog's info is YOUR personal information because it is tied to you)
- Registered name, call name, microchip number
- Vaccination acknowledgement
- Date of birth (with auto-calculated age)
- Breed (pure or cross + specifics)
- Sex (intact male, intact female, neutered male, spayed female + approximate spay date)
- Dog medical and behavioural information (special category — see Section 4):
- Training history and level
- Recall reliability
- Behaviour with other dogs and people, on and off lead
- General health
- Freight-trained, stake-trained
- Reactivity (human or dog)
- Bite history (sensitive — required for safety)
- Resource-guarding behaviour
3.3 Booking, Payment, and Attendance Data
- Sessions booked, attendance records
- Payment history (we do not store full card details — PayFast handles that)
- Subscription option and renewal status
- 5th-session bonus and make-up history
3.4 Technical Data
- IP address, device type, browser information
- Login timestamps and authentication events
3.5 Communications
- WhatsApp, email, and SMS correspondence with you
- Drawn-pad e-signature (captured at registration as a base64-encoded PNG)
3.6 Optional Google or Apple Sign-In
- If you sign in using Google or Apple, we receive your name, email address, and profile picture from that provider. We do not receive your password.
4. Special Category: Dog Medical Information
Dog medical and behavioural information (bite history, reactivity, health conditions, spay status) is treated as personal information of the data subject under POPIA section 1 because it is tied to you as the dog's owner.
We process this category of information under the lawful basis of:
- Consent (POPIA section 11(1)(a)): you give explicit consent at registration.
- Legitimate Interest (POPIA section 11(1)(f)): safety of you, your dog, our Coaches, and other clients and their dogs at the Site.
- Performance of a Contract (POPIA section 11(1)(b)): we cannot safely deliver coaching without it.
Purpose limitation (POPIA section 13): we use dog medical information only to:
- Assess training suitability and risk before accepting a booking.
- Inform safety decisions during sessions (e.g. group-class composition).
- Provide tailored coaching and conditioning recommendations.
- Maintain incident records (bite history, accident reports) for the statutory limitation period (7 years).
We do not use dog medical information for marketing, third-party sharing, or any purpose unrelated to coaching.
Retention (POPIA section 14): dog medical information is kept for the active relationship plus 7 years (the prescription period for common-law personal-injury claims). After that, records are securely deleted or anonymised.
5. Lawful Bases for Processing (POPIA section 11)
We rely on:
- Consent (s11(1)(a)) — you opt in at registration.
- Performance of a contract (s11(1)(b)) — we need your details to book your session, process payment, and deliver coaching.
- Legitimate interest (s11(1)(f)) — safety, fraud prevention, business operations.
- Legal obligation (s11(1)(c)) — tax records (SARS), incident logs.
6. How We Use Your Personal Information
- To manage your bookings, subscriptions, and payments.
- To communicate with you about your sessions, schedule changes, and safety alerts.
- To maintain health and behaviour records for the safety of everyone at the Site.
- To send transactional emails (receipts, confirmations, reminders, cancellation notices, policy-change notifications).
- To send marketing communications only if you have explicitly opted in (separate from your account creation).
7. The Drawn-Pad Signature
When you register, you sign these documents using a drawn-pad on screen. Your signature is captured as a base64-encoded PNG image.
Storage and use (POPIA section 14 — Security Safeguards):
- The signature image is encrypted at rest in our database.
- It is stored only to evidence your acknowledgement of the legal documents you signed.
- We do not use it for biometric matching, authentication, or any other purpose.
- It is not shared with any third party except where legally required.
- It is deleted when you close your account, except where retention is required to defend a legal claim under the 3-year general prescription period.
8. Who We Share Information With (Operators)
We do not sell your personal information. We do not share it for advertising purposes. We share data only with third-party Operators that help us run the business. Each is bound by a Data Processing Agreement.
| Operator | Purpose | Location | Cross-Border Safeguard |
|---|---|---|---|
| Resend | Transactional and policy-change email delivery | Ireland (EU) | Standard Contractual Clauses; equivalent protection under POPIA s72 |
| DigitalOcean | Website hosting and database storage | Amsterdam (NL, EU) | Standard Contractual Clauses; equivalent protection under POPIA s72 |
| Optional Google Sign-In (OAuth) | Global | Your consent; Google's Privacy Policy | |
| Apple | Optional Apple Sign-In (OAuth) | Global | Your consent; Apple's Privacy Policy |
| PayFast | Payment processing (PayFast or EFT via PayFast) | South Africa | PCI-DSS compliance; PayFast's privacy terms |
9. Cross-Border Transfers (POPIA section 72)
Some Operators (Resend, DigitalOcean) are located in the European Union. Under POPIA section 72, we ensure your data is protected even when transferred across borders by relying on:
- The recipient's contractual undertaking equivalent to POPIA.
- The European Union's General Data Protection Regulation (GDPR) — which the South African Information Regulator has accepted as providing adequate protection.
10. Retention Periods (POPIA section 14)
- Active client data: Active relationship + 5 years (SARS tax record requirement).
- Prospect data: 24 months from last contact.
- Marketing opt-in lists: Until you opt out.
- Incident records and bite history: 7 years (common-law prescription period).
- Drawn-pad signature: Active account + 3 years (general prescription).
- Communications (WhatsApp, email): 24 months from last interaction.
- Web access logs: 90 days.
After these periods, your data is securely deleted or fully anonymised.
11. Your Rights as a Data Subject (POPIA sections 23, 24, 25)
You have the right to:
- Access — ask what data we hold about you.
- Correction — fix incorrect or incomplete data.
- Deletion — ask us to delete your data, subject to legal retention requirements.
- Object — object to processing, including for direct marketing.
- Restriction — limit how we use your data while a dispute is resolved.
- Lodge a complaint with the Information Regulator if you believe we have violated your rights.
How to exercise these rights: email helderbergdogcoachingcentre@gmail.com. We will respond within 30 days.
12. Cookies and Tracking
- Essential cookies: required for the site to function (e.g., keeping you logged in).
- Functional cookies: used to remember your preferences.
- No advertising cookies. We do not track you across other websites. We do not run third-party advertising pixels.
You can manage or block cookies through your browser settings.
13. Children (POPIA sections 34, 35)
Our services are not directed at persons under 18 years of age.
If a minor (a child under 18) participates in our coaching, a parent or legal guardian must register on their behalf and provide explicit consent. The personal information of children is treated with special care.
14. Security Safeguards (POPIA section 19)
- Encryption in transit: TLS 1.3 on all website connections.
- Encryption at rest: all sensitive fields (including drawn-pad signatures) are encrypted in the database.
- Passwords: hashed using bcrypt with industry-standard cost factor.
- Access control: only Zelda Simon and a small number of authorised technical administrators have access to your data.
- Audit logs: we log who accesses sensitive records and when.
- Annual review: we review our security safeguards each year.
15. Data Breach Notification (POPIA section 22)
If we become aware of a data breach that compromises your personal information, we will notify you and the Information Regulator as soon as reasonably possible, in accordance with POPIA section 22. We will inform you of the nature of the breach and the steps we are taking to mitigate harm.
16. Direct Marketing (POPIA section 69, ECTA section 45)
We respect your inbox.
- Marketing messages (newsletters, class promotions) are sent only if you have given separate, explicit opt-in.
- Every marketing message has a clear, easy unsubscribe link.
- You can opt out at any time. Transactional messages (booking confirmations, policy changes) continue regardless.
17. Changes to This Policy
When we change this Privacy Policy we will:
- Send you an email from
legal-notices@helderbergdogcoaching.co.za(a no-reply address used only for legal notices) with a link to the updated policy and a summary of what changed. - Update the "Effective Date" and "Document ID" at the top.
- Give you a 30-day grace period during which you can object, opt out, or close your account without penalty.
Add legal-notices@helderbergdogcoaching.co.za and helderbergdogcoachingcentre@gmail.com to your safe-sender list so notifications reach your inbox.
18. Information Regulator Complaint
If you are not satisfied with our handling of your data, you may lodge a complaint with:
Information Regulator of South Africa JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Email: POPIAComplaints@inforegulator.org.za Website: https://inforegulator.org.za
19. Contact
Helderberg Dog Coaching Centre Information Officer: Zelda Simon Operational Email: helderbergdogcoachingcentre@gmail.com Legal Notices: legal-notices@helderbergdogcoaching.co.za (no-reply) Address: Annandale Drive, Somerset West, Western Cape, South Africa
Document ID: hdcc-privacy-2026-06-07 | Version: v3 | Effective: 7 June 2026
Helderberg Dog Coaching Centre · helderbergdogcoachingcentre@gmail.com · +27 72 602 3318
