Effective date: 07/11/2025
Last updated: 07/11/2025

This Privacy Policy explains how Velden Botanicals SA and its affiliates (collectively, “Velden”, “we”, “us”, “our”) collect, use, disclose, and protect personal information when you visit velden.co.za (the “Site”), contact us, or use our services. We comply with applicable laws including POPIA (South Africa), GDPR/UK-GDPR (EU/UK), and CCPA/CPRA (California), to the extent they apply.

If you have questions, contact us at info@veldenbotanicals.com or Office 9A, Brickfield Canvas, 35 Brickfield Rd, Woodstock, Cape Town, 7925 .
1) Who we are (Controller)

• Controller: Velden Botanicals SA, Rue des Bains 35, Genève, 1205, Switzerland

• SA operating entity: Velden (Pty) Ltd, Office 9A, Brickfield Canvas, 35 Brickfield Rd, Woodstock, Cape Town, 7925 South Africa

• Data protection contact: Data Protection Lead at info@veldenbotanicals.com

2) What we collect
We collect information that you provide directly and information collected automatically.
A. Information you provide

• Contact details (name, email, phone, company, role, country)

• Enquiry and project details (messages, files you upload)

• Newsletter/marketing preferences

• Event registrations or webinar sign-ups

• Career applications (CV, cover letter)

B. Information collected automatically

• Device and usage data (IP address, browser, device type, pages viewed, timestamps, referring/exit pages)

• Cookies and similar technologies

C. Sensitive information
We do not intentionally collect special categories of data. Please avoid sharing health, biometric, or other sensitive information with us.
3) Why we use your information (Purposes & Legal Bases)
We use personal information to:

• Respond to enquiries and provide services (legitimate interests; contract where applicable)

• Operate and secure the Site (legitimate interests; legal obligations)

• Marketing & newsletters with consent where required; you can unsubscribe any time

• Analytics & improvement (legitimate interests; consent where required for cookies)

• Legal, compliance, and fraud prevention (legal obligations; legitimate interests)

For POPIA, our purpose is to provide information about our botanical ingredients and related services. For GDPR/UK-GDPR, the legal bases are: consent, performance of a contract, legitimate interests, and compliance with legal obligations.
4) Cookies & Tracking
We use cookies and similar technologies via integrated tools (e.g., Google Analytics, Meta Pixel, Hotjar)

• Manage consent in the cookie banner and your browser settings.

• For details, see our Cookie Settings link in the banner or footer.

5) Sharing your information
We share information with:

• Service providers / processors: website host (Wix.com Ltd.), analytics, email, CRM, file storage, security, and professional advisors.

• Business transfers: in case of merger, acquisition, or asset sale.

• Legal: to comply with law or protect rights, safety, and security.

We require processors to handle data under contract and only as instructed.
6) International transfers
Your information may be processed outside your country (including the EU/UK/US/Israel/South Africa/Switzerland). We use appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions where applicable.
7) How long we keep information (Retention)
We keep personal information only as long as necessary for the purposes described above, then delete or anonymise it. Typical periods:

• Enquiries: up to 24 months after last contact

• Contract/customer records: 7 years (tax/audit)

• Marketing contacts: until you unsubscribe or after 24 months of inactivity

8) Your privacy rights
Depending on your location, you may have the right to:

• Access, correct, or delete your information

• Port your data, or restrict/ object to processing

• Withdraw consent (for consent-based processing)

• Opt-out of marketing at any time

• California (CCPA/CPRA): know/access, delete, correct, and opt-out of “sale”/“sharing” and certain profiling

• South Africa (POPIA): access, correction, deletion, objection, lodge a complaint

To exercise rights, email info@veldenbotanicals.com. We may need to verify your identity.
Complaints:

• South Africa: Information Regulator (South Africa)

• EU/UK: your local supervisory authority
  We would appreciate the chance to address your concerns first.

9) Security
We implement administrative, technical, and physical safeguards appropriate to the risks (TLS encryption in transit, access controls, least-privilege). No method is 100% secure.
10) Children
Our Site is not intended for children under 16 (or lower age where permitted by local law). We do not knowingly collect children’s personal information.
11) Third-party links
Our Site may link to third-party sites or documents (e.g., PDFs, social networks). Those are governed by their own policies.
12) Changes to this Policy
We may update this Policy. We will post the new version with an updated “Last updated” date. Significant changes may also be notified by banner or email where appropriate.
13) Contact
Velden
Email: [info@veldenbotanicals.com]
Registered addresses: Velden Botanicals SA, Rue des Bains 35, Genève, 1205, Switzerland• Velden (Pty) Ltd, Office 9A, Brickfield Canvas, 35 Brickfield Rd, Woodstock, Cape Town, 7925 South Africa