Skip to main content

1. Introduction

The purpose of our privacy policy is to inform you that we process personal information of data subjects from time to time. Therefore, we are obliged to comply with the Protection of Personal Information Act No. 4 of 2013 (“POPIA”) as well as the Promotion of Access to Information Act No. 2 of 2000 (“PAIA”).

In our policy, we will inform you of the type of personal information (data) that we collect (use, disclose and destroy), the reason why we collect, your rights to the data you give us and how you can participate in the process.

We strive to protect data subjects’ privacy and we are committed to using the data appropriately, transparently, securely and in accordance with applicable laws. In addition to this policy, THE NUT FARM has also developed a manual and made it available as prescribed under the PAIA Act. Where parties/requesters submit requests for information disclosure in terms of this policy, internal measures have been developed together with adequate systems to process requests for information or access thereto.

2. Definitions

  • “Processing” means collection, receipt, recording organisation, collation, storage, updating, modification, retrieval, alteration, consultation, or use; dissemination by means of transmission, distribution or making available in any form; merging, linking, erasure or destruction of information
  • “PAIA” means the Promotion of Access to Information Act No. 2 of 2000
  • “POPIA” means the Protection of Personal Information Act No 4 of 2013
  • “Information Regulator / Regulator” means the Information Regulator established in terms of the POPIA

3. Collection of Personal Information

We collect and process various information pertaining to data subjects. The information collected is based on need and it will be processed for that need/purpose only. Whenever possible, we will inform the relevant party of the information required (mandatory) and which information is deemed voluntary.

The data subject will be informed of the consequence(s) of failing to provide such personal information and any prejudice which may be incurred due to non-disclosure. For example, we may not be able to render services to a data subject in the absence of certain information which is required.

We will process information in a manner that is lawful and reasonable. Where consent is required for the processing of information, such consent will be obtained in the appropriate manner. Only in instances where we do not require consent or if such consent is impossible, will it not be required beforehand.

  • Information will be processed under the following circumstances:
  • When carrying out actions for the conclusion or performance of a contract.
  • When complying with an obligation imposed by law on us.
  • For the protection of a legitimate interest of the data subject.
  • Where necessary, for pursuing the legitimate interests of THE NUT FARM or of an
    authorised third party to whom the information is supplied.

Examples of the personal information we collect include, but is not limited to:

  • Identity numbers, email address, telephone number, location information, online
    identifier, or other assignment to the data subject;
  • Full names of the data subject for account purposes;
  • Banking and account information;
  • Additional contact information that may be required.

We will not process special personal information without complying with the specific provisions of the POPIA. Special information includes personal information concerning:

the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or biometric information of a data subject; or the criminal behaviour of a data subject, where such information relates to the alleged commission by a data subject of any offence committed or the disposal of such proceedings.

Collection of Client & Supplier information:

For purposes of this policy, clients include potential, past and existing clients, and guests. Suppliers include all vendors which contract with us, whether once off or recurring, in respect of products and services.

We collect and process clients, guests, and suppliers personal information, such as that mentioned below. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Further examples of personal information collected from clients and suppliers include, but is not limited to:

  • Identity / registration number
  • Full name and surname or full name of the legal entity
  • Residential, registered business address and postal address
  • Contact information
  • Banking details
  • Tax and/or VAT number
  • Details of the person responsible for the account
  • Medical information (Covid-19 symptom questionnaire)

We also collect and process clients’ and suppliers’ personal information for marketing purposes to ensure that our services remain relevant to our clients and guests. Use of client and supplier information: The client’s and/or supplier’s personal information will only be used for the purpose for which it was collected and as agreed. This may include, but not be limited to:

  • Providing products or services to clients
  • In connection with sending accounts and communication to a client in respect of
    services rendered or goods sold
  • Payment of suppliers and communication in respect of services rendered
  • Confirming, verifying, and updating client or supplier details
  • Conducting market or customer satisfaction research
  • For audit and record keeping purposes
  • In connection with legal proceedings
  • In connection with and to

Disclosure of personal information

We may share clients and suppliers personal information with authorised third parties as well as obtain information from such third parties for reasons set out above. We may also disclose clients and suppliers personal information where there is a duty or a right to disclose in terms of applicable legislation or where it may be necessary to protect the rights of the organisation, or it is in the interests of the data subject.

4. Safeguarding of Personal Information and Consent

We will review our security controls and processes on a regular basis to ensure that personal information is secure. We will take appropriate, adequate, and reasonable technical and organisational steps and measures to prevent loss or damage or unauthorised destruction of personal information, and unlawful access to or processing of personal information. This will be achieved by:

  • Regularly identifying internal and external risks
  • Establishing and maintaining appropriate safeguards
  • Regularly verifying these safeguards and their implementation
  • Updating the safeguards
  • Implementing generally accepted information security practices and procedures

Who we are

Our website address is:

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements