Interest-Based Advertising Policy

1. INTRODUCTION

SANDTONER (PTY) LTD ("we", "us", or "our") operates in compliance with South Africa's Protection of Personal Information Act (POPIA) and international standards, including the EU General Data Protection Regulation (GDPR) and the Children's Online Privacy Protection Act (COPPA). This policy governs how we use your data to deliver interest-based advertising ("IBA") while ensuring transparency, user control, and legal compliance. By using our services, you consent to the practices outlined below.

2. Data Used for Interest-Based Advertising

2.1 Types of Information

We use non-directly identifiable data to tailor ads, including:

• Behavioral Data: Interactions such as videos watched, products browsed/purchased, searches performed, and styles engaged with.
• Technical Data: IP addresses, device type, browser information, and pseudonymized identifiers (e.g., hashed email addresses).
• Aggregated Demographics: Age range, province, or inferred interests (e.g., "sustainable fashion enthusiasts").

2.2 Prohibited Data

• We do not use directly identifiable information (e.g., name, email) for IBA unless explicit consent is obtained.

2.3 Technologies Employed

• Cookies: Track session activity and preferences.
• Pixels: Measure ad impressions and conversions.
• Device Fingerprinting: Analyze browser/device configurations for fraud prevention.

3. Third-Party Collaborations

3.1 Partner Categories

We collaborate with:

• Ad Networks: Google Ads, Meta Ads, TikTok Ads.
• Analytics Providers: Google Analytics, Adobe Analytics.
• Social Media Platforms: Facebook Pixel, Twitter Conversion Tracking.
• Brands & Agencies: Direct partnerships for localized campaigns.

3.2 Data Sharing Limitations

• Pseudonymization: Shared data (e.g., browsing patterns) is anonymized or pseudonymized.
• Contractual Safeguards: Third parties must adhere to Data Processing Agreements (DPAs) compliant with POPIA and GDPR.
• No Cross-Site Identification: Interactions on non-Sandtoner sites are not linked to your identity.

3.3 Third-Party Technologies

Partners may use their own cookies/pixels. For details, review their privacy policies or visit our Cookies Policy.

4. User Rights and Controls

4.1 Opt-Out Mechanisms

• Platform-Level Opt-Out:
  • Visit Sandtoner Ad Preferences Center to disable IBA. Ads will become generic but not disappear.
  • Use our Dynamic Preference Dashboard to adjust settings retroactively.
• Device/OS Controls:
  • iOS: Enable "Limit Ad Tracking" under Privacy Settings.
  • Android: Disable "Ads Personalization" in Google Settings.

4.2 Legal Rights (POPIA & GDPR)

• Right to Access: Request a report on data used for IBA.
• Right to Erasure: Demand deletion of behavioral profiles.
• Right to Object: Refuse profiling for marketing purposes.

4.3 Impact of Opting Out

Disabling IBA may reduce ad relevance but will not affect core platform functionality.

5. Data Retention and Security

5.1 Retention Periods

• Behavioral Data: Retained for 12 months, then anonymized.
• Technical Logs: Deleted after 6 months unless required for fraud investigations.

5.2 Security Measures

• Encryption: All data transmitted via HTTPS and stored with AES-256 encryption.
• Access Controls: Restricted to authorized personnel under role-based permissions.
• Audits: Annual third-party security audits aligned with ISO 27001.

5.3 Cross-Border Compliance

• EU Data Transfers: Governed by GDPR Standard Contractual Clauses (SCCs).
• Breach Notification: Users and regulators notified within 72 hours of confirmed incidents.

6. Protection of Minors

6.1 Age Restrictions

• We prohibit IBA targeting users under 13 years old (or 16 in GDPR jurisdictions).

6.2 Verification Mechanisms

• Age Gates: Account creation requires age confirmation.
• Parental Consent: Suspected minor accounts are suspended until parental consent is provided via verified email or documentation.

6.3 Data Deletion

• Underage profiles and associated data are purged within 48 hours of detection. Parents may contact our DPO for immediate action.

7. Contact Information

7.1 Data Protection Officer (DPO)

• Name: Shanke
• Email: dpo@sandtoner.com
• Address: Rivonia Boulevard and 9th Avenue Johannesburg Sandton Gauteng 2128
• Phone: +27829076662

7.2 Regulatory Complaints

Lodge complaints with the South African Information Regulator:

• Website: https://www.justice.gov.za/inforeg/
• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg

8. Policy Updates

Material changes (e.g., new third-party partners, expanded data uses) will be notified via email or website banners 30 days prior to implementation. Continued use implies acceptance.