Data Protection

Last update: November 15th, 2021


Compliance with data protection regulations is very important to HARTMANN (hereinafter referred to as "we" or "us"). We would therefore like to inform you in the following about the processing of your personal data, in particular about the purposes of the respective data processing and the data categories processed, subdivided according to individual services or forms of use and about the rights to which you are entitled. With regard to the related terms, such as "personal data" or "processing", we refer to the relevant definitions in Section 1 of the Protection of Personal Information Act 4 of 2013 (PoPIA).

1. Responsible party and contact information

Responsible party:
HARTMANN South Africa
Unit 15 Northlands Production Park
Cnr. Newmarket Street and Epsom Avenue
Northriding, 2169
Phone: +27 (0) 11 704 7420
Fax: +27 (0) 86 611 3203
E-Mail: or

Do you have general questions or comments about this data protection declaration or specific questions about the processing of your data? We will gladly answer them. On request we will also correct, supplement or delete your personal data and we will comply with your further data subject rights.

2. Information we may collect from you

2.1. We will only process your personal information in accordance with and to the extent permitted by law and/or with your consent.

2.2. All personal information processed by us (whether collected by us or submitted to us by way of any of the submission interfaces available on the website), will only be processed for the purposes specified in this Policy.

2.3. We process the following categories of data:

2.3.1. Usage data (e.g., websites visited, services used, interest in content, access times);

2.3.2. meta/communication data (e.g., device information, IP addresses, browser type); and

2.3.3. location data (data indicating the location of an end user's end device).

3. Purpose for processing personal information

3.1. We process your information for the following purposes:

3.1.1. Provision of the online offer, its contents, and functions;

3.1.2. marketing, advertising, public relations, and market research;

3.1.3. security measures;

3.1.4. tracking (e.g., interest/behavioural profiling, use of cookies);

3.1.5. remarketing;

3.1.6. visitor action evaluation, interest-based and behaviour-based marketing, profiling (creation of user profiles);

3.1.7. version measurement (measurement of the effectiveness of marketing measures);

3.1.8. target group formation (determination of target groups relevant for marketing purposes or other output of content);

3.1.9. cross-device tracking (cross-device processing of user data for marketing purposes).

4. Cookies

4.1. We employ cookies on our website. You will find additional information on this subject in our Cookie Policy, which also sets out how to block the use of cookies and the use of data collected by cookies in anonymized or pseudonymized usage profiles.

5. Data retention, storage, and anonymization

5.1. Personal information stored by us will be deleted as soon as they are no longer required for their intended purpose and, in particular, there are no legal storage obligations to prevent deletion. If the personal data is not deleted because their processing is necessary for other and legally permissible purposes, the processing is restricted. This means that the personal data is blocked and not processed for other purposes.

5.2. Instead of deleting your personal data, we will, if necessary, make it anonymous in such a way that it is irreversibly impossible to retrieve it in the future.

6. Your rights

6.1. You have the right to be notified that personal information about you is being collected or processed and to have your personal information processed in accordance with the 8 lawful conditions of processing set out in PoPIA.

6.2. If we have collected personal information of you, you have the right to:

6.2.1. Withdraw, at any time, your consent to the processing of personal information, provided that such withdrawal will not affect –

6.2.2. The lawfulness of the processing of such information prior to such withdrawal; or

6.2.3. The processing of personal information, to the extent permitted by law.

6.2.4. Request, in writing, a description or record of any personal information about you that we may hold. Should you make such request, you will be required to provide us with sufficient evidence of your identity. We may refuse such request and/or withhold such personal information to the extent permitted by law;

6.2.5. Request the rectification of any such personal information which may be inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully. It is your responsibility to ensure that we have the correct and complete information about you on record;

6.2.6. Request deletion of your personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or where we are no longer authorised by law to retain such personal information about you;

6.2.7. Object to the processing of such personal information, on reasonable grounds pertaining to your particular situation, unless such processing is permitted by law. We would ask you to address a possible complaint to us first so that we may attempt to remedy the situation as quickly and effectively as possible;

6.2.8. Be notified of any access or acquisition of personal information by an unauthorised person;

6.2.9. Submit a complaint to the Information Regulator regarding any alleged interference with the protection of such personal information.

7. Security measures

7.1. We take appropriate, reasonable, technical, and organisational measures to prevent loss of, damage to, unauthorised destruction, or unlawful access or processing, of personal information to ensure a level of protection appropriate to the risk.

7.2. Such measures include safeguarding the confidentiality, integrity, and availability of the personal information.

7.3. Third party security measures include in particular IP masking (pseudonymization of your IP address).

7.4. Your attention is drawn to the fact that data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

8. Integration of third-party services and content

8.1. The Website may occasionally contain links to Third-Party Websites. If you click on the links to Third-Party Websites, you leave our website. We are not responsible for the content of Third-Party Websites or for the security of your Personal Information when you use them. Third-party service providers and Third-Party Websites may have their own privacy policies governing the storage and retention of Personal Information. They may also collect information that is not Personal Information, such as your IP address, browser specification or operating system.

8.2. This privacy policy does not govern Personal Information provided to, stored on, or used by third-party providers or Third-Party Websites. We recommend that when you enter a Third-Party Website you review its privacy policy as it relates to how that Website collects, processes, stores and protects your Personal Information.

9. Data Transfers to third countries

9.1. If we process personal data in a third country (i.e. outside the Republic of South Africa) or if this is done in the context of using the services of third parties or if personal data is disclosed or transferred to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or transfer personal data in a third country only if the special prerequisites of Section 72 of PoPIA. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognised establishment of a data protection level equivalent to that of the PoPIA or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses") in order to provide adequate levels of protection.

10. Cooperation with third parties and data processors

10.1 We will only disclose personal information to third parties or operators, on the basis of you having consented thereto, it being necessary for the performance of obligations, a legal obligation providing therefore, it being necessary in pursuit of a legitimate interest, or to the extent that it is permitted by law.

10.2 We remain responsible to you for the lawful processing of your personal information.

11. Comments and reports

11.1. We maintain blogs with the possibility of commentary in our online offer. For the comment function, in addition to your comment, information on the time of the creation of your comment, your e-mail address and, if you are not anonymous, the username you have chosen are stored. Comments remain in the blog as long as it is operated or you request its deletion.

11.2. If you write a comment, your IP address will be stored for 6 months on the basis of our legitimate interests in the sense of Section 12 of PoPIA in addition to the time of creation, and then deleted. This is done for our security, as far as in individual cases illegal contents are left behind in comments (e.g., insulting contents, forbidden political propaganda, etc.) which require clarification, in particular the determination of the identity of the author. We will delete comments with the aforementioned content immediately. Should the further storage of your IP address and the time of creation of the respective comment be necessary for evidence purposes, these (personal) data are excluded from deletion until the final clarification of the respective incident. This (personal) data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with PoPIA.

12. Newsletter

12.1. Content of the newsletter: We send e-mails and other (electronic) notifications with advertising information (hereinafter "newsletter") only with your consent or on the basis of a legal permission. If the contents of the newsletter are specifically rewritten within the scope of a registration for the newsletter, they are decisive for the consent. Furthermore, our newsletters contain information about our products, offers, promotions and our company.

12.2. Newsletters are sent by us or by a service provider where required.

12.3. Logging double opt-in and changes: The registration to our newsletter is done in a so-called Double-Opt-In-Procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your (personal) data stored by the shipping service provider are also logged.

12.4. According to its own information, the delivery service provider may use your (personal) data in pseudonymous form, i.e., without allocation to a user, to optimise and improve its own services, e.g., for technical optimisation of the delivery and presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use your (personal) data to write to you itself or to pass on your (personal) data to third parties.

12.5. Registration data: To subscribe to the newsletter, you only need to enter your e-mail address. Optionally we ask you - for personal contact - to enter your first and last name.

12.6. Performance measurement: The newsletters contain a so-called "web beacon". This is a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval are initially collected. This information is used in particular for the technical improvement of the services and to determine your reading habits. Statistical surveys also include determining whether the newsletters are opened when they are opened and which links are clicked. This information can be assigned to you for technical reasons.

12.7. The dispatch of the newsletter and the measurement of success are based on your consent in accordance with Section 11 of PoPIA in conjunction with the Consumer Protection Act 68 of 2008. The registration procedure is recorded on the basis of our legitimate interests in accordance with Section 11 of PoPIA and serves as proof of your consent to receive the newsletter.

12.8. Withdrawal: You can withdraw the receipt of our newsletter at any time. You will find a link to withdraw the receipt of our newsletter at the end of each newsletter. Your (personal) data will be deleted in case of a withdrawal.

13. Policy review
We reserve the sole and absolute right to revise this Privacy Policy at any time, and such revision shall take effect from the date of publication thereof on our website. You bear the responsibility to review this Privacy Policy each and every time you access, browse, or use this website.