Skip to main content
Sign in

GDPR Policy

GDPR Policy

Effective date: 26 October 2025

Controller Details

  • Company: Office Chair Outlet
  • E-mail: support@officechairoutlet.co.za
  • Company number (telephone): +27 72 777 2777
  • Postal address: Postnet Suite 42, Private Bag X 04, Menlopark, Pretoria, Gauteng, South Africa, 0102

1. Introduction

Office Chair Outlet (“we”, “us”, “our”) is committed to protecting your privacy and safeguarding personal data. This GDPR Policy explains how we collect, use, disclose and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) when we offer goods or services to, or monitor the behaviour of, individuals in the European Economic Area (“EEA”). This Policy supplements our Privacy Policy and applies to data subjects located in the EEA.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity & Contact Data: name, e-mail address, telephone number, billing and delivery addresses.
  • Order & Transaction Data: order history, payment method details (processed securely by our payment providers), invoices and refunds.
  • Technical Data: IP address, device and browser information, time zone, cookie identifiers, and interaction data relating to your use of our website.
  • Communications: enquiries, messages, reviews, warranty/returns correspondence and customer support interactions.

3. Purposes of Processing

We process personal data for the following purposes:

  • to accept, process and fulfil orders, including delivery logistics;
  • to provide customer service, returns, refunds and warranty support;
  • to operate, maintain and improve our website, products and services;
  • to prevent and investigate fraud and maintain security;
  • to send updates, offers and marketing communications where permitted (you may opt out at any time);
  • to comply with legal, tax and accounting obligations and to establish, exercise or defend legal claims.

4. Lawful Bases for Processing

Depending on the context, we rely on one or more of the following GDPR lawful bases:

  • Contract: processing necessary to perform a contract with you or take steps at your request before entering into a contract.
  • Legal obligation: compliance with applicable laws and regulations.
  • Legitimate interests: operating our business, improving services and securing our systems (balanced against your rights).
  • Consent: for specific activities such as certain direct marketing by electronic means; you may withdraw consent at any time.

5. Data Sharing & International Transfers

We do not sell personal data. We may share personal data with trusted service providers (e.g., payment processors, couriers and logistics partners, website hosting/IT and analytics providers) who act on our instructions and are subject to appropriate confidentiality and data protection obligations.

Where personal data is transferred outside the EEA, we implement safeguards required by the GDPR, such as adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms, together with supplementary measures where appropriate.

6. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction, having regard to the nature of the data and the risks of processing.

7. Your Rights (EEA Data Subjects)

Subject to conditions and applicable law, you have the right to:

  • Access your personal data and obtain a copy;
  • Rectify inaccurate or incomplete personal data;
  • Erase personal data in certain circumstances (“right to be forgotten”);
  • Restrict processing in certain circumstances;
  • Data portability in a structured, commonly used and machine-readable format;
  • Object to processing based on legitimate interests and to direct marketing at any time;
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal;
  • Lodge a complaint with your local data protection authority.

8. How to Exercise Your Rights

To exercise your rights or make a privacy request, please get in touch with us by email at support@officechairoutlet.co.za with the subject line “GDPR Data Request”. We may request information to verify your identity and will respond within the timeframes required by the GDPR.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined above, including satisfying legal, tax and accounting requirements and resolving disputes. After the applicable period, data is securely deleted or anonymised.

10. Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

11. Updates to This Policy

We may update this GDPR Policy from time to time. We will post any changes on our website with a new effective date. Your continued use of our services after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

If you have questions about this GDPR Policy or our privacy practices, please get in touch with us:
E-mail: support@officechairoutlet.co.za
Company number (telephone): +27 72 777 2777
Postal address: Postnet Suite 42, Private Bag X 04, Menlopark, Pretoria, Gauteng, South Africa, 0102

!