This Privacy Policy explains how TUGA Creates (“we”, “us”, “our”) collects, uses, shares, and protects personal information when you visit our website, contact us, or use our services.
Last updated: 19 May 2026 (Africa/Johannesburg)
1) Scope & definitions
This policy applies to personal information we process about website visitors, prospective clients, clients, suppliers, and people who contact us.
- Personal information includes information relating to an identifiable, living natural person and, where applicable, an identifiable existing juristic person (as recognised in South Africa).
- Process means any operation concerning personal information, including collection, storage, use, sharing, and deletion.
- Operator / processor means a third party that processes personal information for us under contract and instruction.
We aim to comply with the South African Protection of Personal Information Act, 2013 (POPIA) and, where relevant, align our practices with widely recognised global privacy principles (including transparency, purpose limitation, data minimisation, and security safeguards).
2) What personal information we collect
Depending on how you interact with us, we may collect:
2.1 Information you provide directly
- Contact details: name, email address, phone number.
- Business details: company name, role/title, website URL, industry.
- Project details: goals, timelines, budgets (if you choose to share), and any information you include in messages or briefs.
- Billing information (for clients): invoicing details and records of services delivered.
2.2 Information collected automatically
- Device and usage data: browser type, device identifiers, operating system, pages viewed, clicks, approximate location (derived from IP), and timestamps.
- Technical logs: error logs and performance data to maintain and improve the website.
2.3 Special personal information
We do not intentionally request special personal information (such as health, biometrics, or religious beliefs). Please avoid including such information in your message. If you voluntarily include it, we will handle it with additional care and only use it for the purpose you provided it for, where lawful.
3) How we use personal information
We use personal information to:
- Respond to enquiries and provide quotes, proposals, and project recommendations.
- Provide services, including project delivery, support, maintenance, and communication.
- Operate, secure, and improve our website and services.
- Manage business operations, including invoicing, accounting, and recordkeeping.
- Send service-related communications (e.g., updates about your project, scheduling, or changes to agreed deliverables).
- Send marketing communications where permitted by law, and always with an option to opt out.
4) Lawful bases for processing (POPIA + global principles)
We process personal information only where we have a lawful reason to do so. Depending on the context, this includes:
- Consent: where you choose to provide information, subscribe, or agree to optional cookies/marketing.
- Contract: where processing is necessary to perform a contract with you or to take steps you request before entering into a contract (e.g., preparing a quote).
- Legal obligation: where we must keep records or comply with applicable laws.
- Legitimate interests: where processing is necessary for our legitimate business purposes (e.g., securing our systems, preventing fraud, improving services), balanced against your rights and expectations.
Under POPIA, we strive to ensure processing is adequate, relevant and not excessive, and that we are transparent about how information is handled.
5) Sharing personal information & operators
We may share personal information with:
- Service providers (operators/processors) that help us run our business (e.g., website hosting, email delivery, analytics, form handling, invoicing/accounting tools). They may process information on our behalf under appropriate contractual safeguards.
- Professional advisors (e.g., accountants, legal advisors) when necessary.
- Authorities where required by law or to protect rights, safety, and security.
We do not sell personal information.
6) International transfers
We may use service providers that store or process information in other countries. Where personal information is transferred outside South Africa, we will take reasonable steps to ensure it remains protected, including contractual commitments and security measures aligned with POPIA’s requirements for cross-border processing.
7) Cookies & analytics
Our website may use cookies and similar technologies to:
- Make the website work properly and remember preferences.
- Understand website usage (analytics) and improve performance.
- Measure marketing effectiveness where applicable.
You can usually manage cookies through your browser settings. Where we use optional cookies, we will request consent where required.
8) Security safeguards
We implement appropriate technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, encryption in transit where available, secure credential practices, and limiting access to those who need it.
No method of transmission or storage is completely secure. If you believe your personal information has been compromised, please contact us as soon as possible.
9) Retention
We keep personal information only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.
- Enquiry records: typically retained for a reasonable period to manage follow-ups and maintain business records.
- Client records: retained for the duration of the relationship and thereafter as required for legal, tax, and accounting obligations.
- Technical logs: retained for security and performance monitoring for a limited period.
10) Your rights
Subject to applicable law, you may have the right to:
- Request access to the personal information we hold about you.
- Request correction of inaccurate, outdated, incomplete, or misleading information.
- Object to certain processing (including direct marketing).
- Request deletion of personal information where we no longer have a lawful reason to keep it.
- Withdraw consent where processing is based on consent (this will not affect processing already performed).
- Lodge a complaint with the appropriate regulator.
To exercise your rights, please contact us using the details below. We may need to verify your identity before fulfilling a request.
11) Direct marketing
If we send marketing communications, you can opt out at any time using the unsubscribe link (where provided) or by contacting us. We will not send unsolicited marketing where prohibited by law.
12) Children’s privacy
Our services are not directed to children. If you believe a child has provided us with personal information, please contact us so we can take appropriate steps.
13) Complaints & the South African Information Regulator
If you are unhappy with how we handle personal information, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Regulator (South Africa).
INFORMATION REGULATOR (SOUTH AFRICA)
For the latest contact details and complaint procedures, please refer to the Information Regulator’s official website.
14) Contact us
For privacy-related questions or requests, contact:
15) Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date.