Effective date: 01 July 2025
Our Commitment to Your Privacy
We are committed to protecting your privacy. This Privacy Policy explains how Bara Ventures (Pty) Ltd, trading as Strawtown, collects, uses, discloses, and safeguards your information when you visit our website https://strawtown.co, make a purchase, request a consultation, or use our services related to sustainable building materials and modular homes.
POPIA Compliance Statement: This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR) for our European operations. We are committed to processing your personal information in a lawful, fair, and transparent manner.
Information Officer: Our designated Information Officer is responsible for ensuring POPIA compliance and can be contacted at hello@strawtown.co with "POPIA - Information Officer" in the subject line.
Section 1 - Information We Collect
We may collect the following types of information:
Personal Information
Contact Details: Name, email address, phone number, postal address
Business Information: Company name, job title, industry role (architect, contractor, developer)
Billing and Shipping: Billing address, delivery address, payment information
Identity Verification: For high-value transactions and building permits
Project and Technical Information
Site Information: Property location, site photographs, access requirements, soil conditions
Building Specifications: Project plans, technical requirements, customisation preferences
Planning Documentation: Building permits, architectural drawings, engineering specifications
Installation Details: Delivery schedules, crane access, assembly requirements
Account and Transaction Data
Account Information: Username, password, order history, saved preferences
Purchase Information: Product specifications, pricing, payment methods, and delivery tracking
Communication Records: Consultation notes, technical support interactions, project updates
Technical and Usage Data
Website Analytics: IP address, browser type, operating system, pages visited, time spent
Device Information: Device type, screen resolution, referring websites
Cookies and Tracking: We use cookies to enhance user experience and analyse website performance
Marketing and Communication Preferences
Newsletter subscriptions: Industry updates, sustainability insights, product announcements
Marketing consent: Preferences for promotional materials, case studies, and technical resources
Section 2 - How We Use Your Information
We use the collected data to:
Core Business Operations
Process orders and quotations for straw panels and modular homes
Coordinate delivery and installation, including site surveys and logistics planning
Provide technical support and consultation services
Manage project timelines and communicate progress updates
Customer Service and Support
Respond to enquiries about products, specifications, and installation
Provide after-sales support, including warranty claims and maintenance guidance
Facilitate communication between customers, architects, and installation teams
Business Improvement
Enhance product development based on customer feedback and project requirements
Improve website functionality and user experience
Analyse market trends and customer preferences for sustainable building solutions
Legal and Regulatory Compliance
Maintain building code compliance documentation
Support planning applications and permit processes
Comply with construction industry regulations and safety requirements
Meet tax and financial reporting obligations
Marketing and Communication
Send project updates and delivery notifications
Share sustainability insights and industry best practices
Provide technical resources and installation guides
Offer promotional content (with your consent)
Section 3 - Sharing of Information
We do not sell or rent your personal information. However, we may share data with:
Service Providers and Partners
Payment processors: For secure transaction processing
Shipping and logistics companies: For delivery coordination and tracking
Installation contractors: For assembly and technical support services
Crane and delivery services: For Stack placement and site access
IT support providers: For website maintenance and data security
Professional Partners
Architects and engineers: For project coordination and technical specifications
Building material suppliers: For complementary products and integrated solutions
Local authorities: For building permit applications and compliance verification
Legal and Regulatory Requirements
Government authorities: When required by law or regulation
Legal advisors: For dispute resolution and compliance matters
Regulatory bodies: For industry certifications and safety compliance
Business Operations
International offices: Data may be shared between our South African and UK operations
Acquired companies: In the event of a merger, acquisition, or business restructuring
Section 4 - Data Security
We implement comprehensive security measures, including:
Technical Safeguards
Encryption: All sensitive data is encrypted in transit and at rest
Secure servers: Industry-standard hosting with regular security updates
Access controls: Multi-factor authentication and role-based access permissions
Regular security audits: Ongoing monitoring and vulnerability assessments
Operational Safeguards
Staff training: Regular privacy and security training for all employees
Data minimisation: We collect only the information necessary for our services
Retention policies: Data is retained only as long as necessary for business purposes
Incident response: Procedures for managing and reporting security breaches
However, no system is 100% secure, and we cannot guarantee absolute protection against all threats.
Section 5 - Data Breach Notification
Our Data Breach Response
If a data breach occurs, we are committed to transparency and compliance with POPIA requirements:
Immediate Response (Within 72 hours):
Assess the nature and severity of the breach
Contain the breach and prevent further data loss
Notify the Information Regulator of South Africa if required by law
Begin investigation into the cause and scope of the breach
Customer Notification:
High-risk breaches: We will notify affected individuals directly within 72 hours when the breach is likely to result in harm
Communication method: Email notification to your registered address, with backup postal notification if email fails
Information provided: Nature of breach, types of data involved, steps we are taking, and actions you can take to protect yourself
Your Rights After a Breach:
Right to be informed about any breach affecting your data
Right to submit complaints to the Information Regulator
Right to institute civil proceedings for damages
Reporting Suspected Breaches: If you suspect a data breach involving your information, contact us immediately at hello@strawtown.co with "URGENT - Data Breach Report" in the subject line.
Section 6 - International Data Transfers
As we operate in both South Africa and the United Kingdom, your information may be transferred between these jurisdictions. We ensure adequate protection through:
POPIA Cross-Border Transfer Compliance
Adequate Protection Measures:
Standard contractual clauses approved by the Information Regulator for international transfers
Adequacy decisions are applicable under GDPR for UK operations
Local data processing, where possible, to minimise cross-border transfers
Binding corporate rules between our South African and UK operations
Countries We Transfer Data To:
United Kingdom: For our London sales office operations (deemed adequate under GDPR)
European Union: For GDPR-compliant services and processors only
Your Rights for International Transfers:
Right to be informed when your data will be transferred internationally
Right to object to international transfers in specific circumstances
Right to receive information about adequate protection measures in place
Data Residency Options: We aim to process and store your data within South Africa. International transfers only occur when necessary for:
UK customer service and sales support
International shipping and logistics
Cloud services with adequate protection measures
Section 7 - Your Rights and Choices
Under POPIA, you have the following nine (9) data subject rights, and where applicable under GDPR, you have additional protections:
Your Nine Rights Under POPIA
Right to be notified that your personal information is being collected
Right to know whether we hold personal information about you
Right of access to your personal information and to receive a copy
Right to correct or update inaccurate or incomplete information
Right to object to the processing of your personal information
Right to object to direct marketing by unsolicited electronic communications
Right not to be subject to automated decision-making, including profiling
Right to submit a complaint to the Information Regulator
Right to institute civil proceedings for damages caused by non-compliance
How to Exercise Your Rights
Access and Control
Access your personal data and receive a copy of the information we hold
Correct or update inaccurate or incomplete information
Delete your data in certain circumstances (right to erasure)
Restrict processing where you have concerns about accuracy or legality
Communication and Marketing
Opt out of marketing communications while continuing to receive service updates
Object to direct marketing via electronic communications (emails, SMS)
Choose communication methods (email, post)
Update contact preferences for different types of communications
Data Portability and Objection
Request data portability in a structured, machine-readable format
Object to processing based on legitimate interests
Withdraw consent where processing is based on consent
Object to automated decision-making that affects you legally
Complaints and Legal Action
Submit complaints to the South African Information Regulator
Institute civil proceedings if you suffer damages from our non-compliance with POPIA
Technical Controls
Disable cookies via browser settings (may affect website functionality)
Manage tracking preferences through our cookie consent tool
To exercise any of these rights, contact our Information Officer at hello@strawtown.co with "Data Subject Rights Request" in the subject line, or use the contact details below.
Section 8 - Cookies and Tracking Technologies
POPIA Cookie Compliance: We obtain your explicit consent before using non-essential cookies, as required by POPIA.
Cookie Consent Management
Your Cookie Choices:
Essential cookies: Automatically enabled (required for website function)
Analytics cookies: Optional - you can opt in during your first visit
Marketing cookies: Optional - requires explicit consent
Third-party cookies: Optional - you control each category separately
How We Obtain Consent:
Cookie banner: First-time visitors see our cookie consent banner
Granular control: You can accept/reject different cookie categories
Easy withdrawal: Change your preferences anytime via our cookie settings
No pre-ticked boxes: All non-essential cookies require active consent
We use cookies and similar technologies for:
Essential Functionality (No Consent Required)
Website operation: Basic functionality, security, and error prevention
Shopping cart: Maintaining items and preferences during your visit
User authentication: Keeping you logged in to your account
Analytics and Performance (Consent Required)
Usage analytics: Understanding how visitors interact with our website
Performance monitoring: Identifying and resolving technical issues
A/B testing: Improving website design and user experience
Marketing and Personalisation (Explicit Consent Required)
Content personalisation: Showing relevant products and information
Advertising: Delivering targeted advertisements on other websites
Social media integration: Enabling social sharing and interactions
Managing Your Cookie Preferences:
You can control cookies through:
Our cookie consent tool: Available at strawtown.co/cookie-preferences
Browser settings: Though this may affect website functionality
Opt-out links: In marketing emails and on our website
Section 9 - Third-Party Links and Services
Our website may contain links to third-party websites, including:
Cookie Consent Management
Partner architects and contractors
Building material suppliers
Planning and permit authorities
Social media platforms
Industry publications and resources
We are not responsible for the privacy practices of these external sites and recommend that you review their privacy policies before providing any information.
Section 10 - Data Retention
We retain personal information for as long as necessary to:
Fulfil contractual obligations, including warranty periods
Comply with legal requirements for business records and tax purposes
Resolve disputes and enforce agreements
Support ongoing customer relationships and project maintenance
Specific retention periods vary by data type:
Transaction records: 7 years for tax and business purposes
Project documentation: Lifecycle of building plus 10 years
Marketing communications: Until you opt out or request deletion
Website analytics: Typically 26 months
Section 11 - Children's Privacy
Our website and services are not intended for use by children under 18 years of age. We do not knowingly collect personal data from individuals under the age of 18. Suppose we become aware that we have collected information from a child without parental consent. In that case, we will take prompt steps to delete such information.
Section 12 - Changes to This Policy
We may update this privacy policy from time to time to reflect:
Changes in our business practices
Updates to privacy laws and regulations
New technologies and services
Customer feedback and industry best practices
The latest version will always be posted on our website with the "Effective Date" at the top. Significant changes will be communicated via email or posted on the website.
Section 13 - Complaints and Regulatory Contact
Information Regulator South Africa
If you believe we have not handled your personal information correctly, you can complain to the Information Regulator:
Website: https://inforegulator.org.za
Email: complaints.IR@justice.gov.za
Phone: +27 12 406 4818
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Before contacting the regulator, we encourage you to reach out to us first at hello@strawtown.co so we can attempt to resolve your concern directly.
Section 14 - Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Contact:
Email: hello@strawtown.co
Subject Line for Data Requests: "POPIA - Data Subject Rights Request"
Subject Line for Information Officer: "POPIA - Information Officer"
Company Details: Bara Ventures (Pty) Ltd
Trading as: Strawtown
Email: hello@strawtown.co
Website: strawtown.co
Physical Address:
Strawtown, Belofte Land, Tierfontein, Western Cape, 7300, South Africa
Office:
45 Fish Eagle Place, Fish Eagle Park, Kommetjie, Cape Town, Western Cape, 7975, South Africa
For urgent privacy matters or to report a suspected data breach, please mark your communication as "URGENT - Data Protection" and we will respond within 72 hours.
This privacy policy was last updated on 01 July 2025, and complies with South Africa's Protection of Personal Information Act (POPIA) and, where applicable, the General Data Protection Regulation (GDPR). It is reviewed annually to ensure ongoing compliance and accuracy.
