Skip to main content

Sylk Skin

Privacy Policy

SYLK Skin | Operated by Naturally Better (Pty) Ltd Effective Date: 12 May 2026 Last Updated: 12 May 2026


1. Introduction

This Privacy Policy (“Policy”) governs the collection, use, storage, disclosure and protection of your personal information by SYLK Skin, a trading name operated by Naturally Better (Pty) Ltd (“SYLK Skin”, “we”, “us”, or “our”), in connection with your use of our website located at www.sylk-skin.co.za (the “Website”) and any products or services we provide.

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Electronic Communications and Transactions Act 25 of 2002 (“ECT Act”), and any other applicable South African data protection legislation.

By accessing our Website, creating an account, making a purchase, or submitting your information to us in any way, you acknowledge that you have read, understood, and agree to the terms of this Policy.


2. Who We Are — The Responsible Party

In terms of POPIA, the Responsible Party — the entity that determines the purpose of and means for processing your personal information — is:

Trading Name: SYLK Skin 

Operated by: Naturally Better (Pty) Ltd 

Physical Address: 51 Fisant Road, Dinokeng Game Reserve, Hammanskraal, 0400

 Email: info@sylk-skin.co.za 

Telephone: +27 71 234 5678 

Website: www.sylk-skin.co.za


3. Information Officer

In compliance with section 55 of POPIA, we have appointed a designated Information Officer who is responsible for ensuring compliance with this Policy and with POPIA:

Information Officer: Karen Ritchie Email: karen@sylk-skin.co.za Telephone: +27 71 234 5678 Physical Address: 51 Fisant Road, Dinokeng Game Reserve, Hammanskraal, 0400

You may direct any questions, requests, or complaints relating to your personal information to the Information Officer using the contact details above.


4. Personal Information We Collect

We collect personal information that is adequate, relevant, and not excessive in relation to the purpose for which it is processed. The categories of personal information we collect include:

4.1 Identification and Contact Information – Full name – Email address – Telephone number – Delivery and billing address

4.2 Account Information – Username and password (encrypted) – Order history and preferences

4.3 Transaction and Payment Information – Purchase history, cart contents, and order details – Payment is processed exclusively through PayFast. SYLK Skin does not store, access, or retain your full payment card details. PayFast processes all payment data under their own privacy and security standards.

4.4 Communications Data – Messages, enquiries, or feedback you submit via our contact form, email, or other communication channels

4.5 Newsletter and Marketing Preferences – Email address and name when you voluntarily subscribe to our mailing list – Your opt-in consent record and date – Email engagement data (opens, clicks) processed via Klaviyo

4.6 Technical and Usage Data – IP address – Browser type and version – Device type and operating system – Pages visited, time spent, and navigation paths on our Website – Referring URL – Cookie identifiers (see Section 11 for full cookie details)

4.7 What We Do Not Collect We do not currently collect special personal information as defined in section 26 of POPIA, including information relating to health or medical conditions, race or ethnicity, religious or philosophical beliefs, political opinions, trade union membership, criminal records, biometric information, or information concerning a child’s personal information without verified parental consent.

Should this change in the future, we will update this Policy accordingly and obtain the necessary consents as required by law.


5. How We Collect Your Personal Information

We collect personal information through the following means:

  • Directly from you when you create an account, place an order, complete a form, subscribe to our newsletter, or contact us
  • Automatically through cookies and similar tracking technologies when you visit and interact with our Website (see Section 11)
  • From third-party analytics and marketing tools that we use to operate and improve our Website and communications
  • From third parties where you have consented to sharing your information, in accordance with applicable law

6. Lawful Basis for Processing

In terms of POPIA, we process your personal information only where one or more of the following lawful grounds apply:

  • Contract performance: Processing is necessary to fulfil an order you have placed, to manage your account, or to take steps at your request prior to entering into a contract.
  • Legitimate interests: Processing is necessary for our legitimate business interests, including improving our Website, preventing fraud, maintaining security, and communicating relevant product information — provided these interests are not overridden by your rights and interests.
  • Consent: Where you have given us express, informed consent to process your information for a specific purpose, such as subscribing to our newsletter or accepting non-essential cookies. You may withdraw your consent at any time without detriment (see Section 13).
  • Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject, including obligations under the ECT Act, tax legislation, and any applicable consumer protection laws.

7. How We Use Your Personal Information

We use the personal information we collect for the following purposes:

  • To process, fulfil, and deliver your orders, including communicating order status and shipping updates
  • To create and manage your customer account on our Website
  • To process payments securely via PayFast
  • To communicate with you in response to enquiries, complaints, or requests
  • To send you marketing communications, newsletters, special offers, and product updates via Klaviyo — only where you have subscribed and provided your express consent
  • To personalise your experience on our Website
  • To analyse Website traffic and user behaviour to improve our Website, products, and services using Google Analytics
  • To detect, prevent, and investigate fraud, security incidents, or unlawful activity
  • To comply with our legal and regulatory obligations
  • To enforce our Terms and Conditions and other agreements

We will not use your personal information for any purpose incompatible with those listed above without your prior consent.


8. Sharing of Personal Information with Third Parties

We do not sell, trade, or rent your personal information to third parties. We share your personal information only in the following circumstances and only to the extent necessary:

8.1 Service Providers (Operators)

We engage the following third-party service providers who process personal information on our behalf, pursuant to written agreements requiring them to maintain appropriate security and confidentiality:

Service Provider Purpose Relevant Data Shared
PayFast (DPO Pay S.A. (Pty) Ltd) Secure payment processing Name, email, billing address, transaction amount
The Courier Guy Order delivery within South Africa Name, delivery address, telephone number, order reference
Klaviyo, Inc. Email marketing and newsletter distribution Name, email address, marketing preferences
Google LLC (Google Analytics / Google Tag Manager) Website analytics and performance monitoring Anonymised or pseudonymised usage data, IP address
WooCommerce / Automattic Inc. E-commerce platform and website hosting infrastructure Account and order data

Each operator is required to process your personal information only for the purposes we specify, in accordance with POPIA and applicable international data protection standards.

8.2 Legal Disclosure

We may disclose your personal information if required to do so by law, court order, regulatory authority, or if we reasonably believe that disclosure is necessary to protect the rights, property, or safety of SYLK Skin, our customers, or the public.

8.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change by posting a prominent notice on our Website.


9. Cross-Border Transfers of Personal Information

Some of our third-party service providers, including Google LLC and Klaviyo, Inc., are based outside of South Africa and process personal information in jurisdictions that may not provide the same level of data protection as South Africa.

Where personal information is transferred outside of South Africa, we take appropriate steps to ensure that it is protected in a manner consistent with POPIA, including by:

  • Ensuring that the recipient country’s laws provide an adequate level of protection; or
  • Implementing appropriate contractual safeguards (such as standard contractual clauses) with the receiving party; or
  • Obtaining your consent to the transfer where required.

10. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.

The following retention periods apply:

Category Retention Period
Customer account and order data 5 years from date of last purchase or account activity
Transaction and payment records 5 years (in accordance with SARS record-keeping requirements)
Newsletter subscriber data Until you unsubscribe or withdraw consent, plus 12 months thereafter
Website usage and analytics data 26 months (in accordance with Google Analytics default retention)
Correspondence and communications 3 years from date of last communication

Upon expiry of the applicable retention period, we will securely delete, destroy, or de-identify your personal information in accordance with POPIA.


11. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your experience and to collect analytics data. A cookie is a small text file stored on your device by your browser.

11.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the Website to function, including session management, cart functionality, and security. These cannot be disabled.
  • Analytical/performance cookies: Used to understand how visitors interact with our Website (e.g., Google Analytics via Google Tag Manager). These are only set with your consent.
  • Marketing/functionality cookies: Used by platforms such as Klaviyo to track email engagement and serve relevant content. These are only set with your consent.

11.2 Managing Cookies

When you first visit our Website, you will be presented with a cookie consent notice. You may accept or decline non-essential cookies at that time.

You may also manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our Website. For guidance on managing cookies, visit www.allaboutcookies.org.


12. Security of Personal Information

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure Socket Layer (SSL/TLS) encryption for data transmitted via our Website
  • Encrypted password storage
  • Access controls limiting employee access to personal information on a need-to-know basis
  • Use of reputable and security-certified third-party service providers
  • Regular review of our security practices

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator and affected data subjects as required by section 22 of POPIA.


13. Your Rights as a Data Subject

In terms of POPIA, you have the following rights in relation to your personal information:

  • Right of access: You may request confirmation of whether we hold your personal information and request access to that information.
  • Right to correction: You may request that we correct or update inaccurate, incomplete, or outdated personal information.
  • Right to deletion: You may request that we delete your personal information where it is no longer necessary for the purposes for which it was collected, subject to any legal obligations that require us to retain it.
  • Right to object: You may object to the processing of your personal information where we rely on legitimate interests as our lawful basis, or where processing is used for direct marketing.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. To unsubscribe from our newsletter, click the “Unsubscribe” link in any marketing email.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator if you believe we have processed your personal information unlawfully or contrary to POPIA.

To exercise any of the above rights, please contact our Information Officer:

Karen Ritchie Email: karen@sylk-skin.co.za Telephone: +27 71 234 5678 Physical Address: 51 Fisant Road, Dinokeng Game Reserve, Hammanskraal, 0400

We will respond to your request within a reasonable time and in accordance with the timeframes prescribed by POPIA.

Information Regulator Contact Details: SALU Building, 316 Thabo Sehume Street, Pretoria, 0001 Email: inforeg@justice.gov.za Website: www.inforegulator.org.za


14. Children’s Privacy

Our Website and products are intended for persons aged 18 years and older. We do not knowingly collect personal information from children under the age of 18 without verifiable parental or guardian consent.

If you are under 18 years of age, you may not use this Website or provide us with any personal information without the consent and supervision of your parent or legal guardian.

If we become aware that we have inadvertently collected personal information from a child under the age of 18 without appropriate consent, we will take immediate steps to delete that information. If you believe we have collected such information, please contact us immediately.


15. Product Disclaimer

SYLK products are cosmetic skincare products intended to support skin comfort and hydration. They are not intended to diagnose, treat, cure, or prevent any disease.

Nothing on this Website or in any marketing communication constitutes medical advice. Customers with known skin conditions, allergies, or medical concerns should consult a qualified healthcare professional before using any of our products.


Our Website may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.


17. Changes to This Privacy Policy

We reserve the right to update or amend this Policy at any time. Any changes will be posted on this page with a revised “Last Updated” date. We encourage you to review this Policy periodically. Continued use of our Website after the posting of changes constitutes your acceptance of the updated Policy.

For material changes that affect your rights, we will notify you by email (where we hold your email address) or by a prominent notice on our Website prior to the change taking effect.


18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Information Officer:

Karen Ritchie — Information Officer SYLK Skin (Naturally Better (Pty) Ltd) 51 Fisant Road, Dinokeng Game Reserve, Hammanskraal, 0400 Email: karen@sylk-skin.co.za Telephone: +27 71 234 5678