Privacy Policy | The Supreme Lab

1. INTRODUCTION

The Supreme Lab Proprietary Limited ("Company", "we", "us", or "our") is committed to protecting the privacy and personal information of our clients, suppliers, employees, and other stakeholders. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) ("POPIA") and other applicable South African laws.
As a currency restoration company operating in South Africa, we handle personal information in the course of our business operations. We are committed to the principles of accountability, processing limitation, purpose specification, and transparency as required by POPIA.

2. RESPONSIBLE PARTY AND INFORMATION OFFICER

The Supreme Lab Proprietary Limited is the Responsible Party for purposes of POPIA. We have appointed an Information Officer who is responsible for ensuring compliance with POPIA and handling data subject requests.

Responsible Party: The Supreme Lab Inc.
Registration Number: 2011/890118/06
Information Officer: Derek Blake
Contact Email: thesupremelab@gmail.com
Contact Telephone: +27 73 114 8649
Physical Address: Head Office, Southdowns Ridge Office Park, John Vorster Dr, Irene, Centurion, 0062, South Africa

3. PERSONAL INFORMATION WE COLLECT

We collect and process the following categories of personal information, depending on your relationship with us:

3.1 Clients and Prospective Clients

Contact information (names, email addresses, telephone numbers, physical addresses)
Company registration details and VAT numbers (for corporate clients)
Financial information (banking details for payments, credit history)
Purchase history and product preferences
Communication records and correspondence
Safety Data Sheet (SDS) delivery confirmations and acknowledgements

3.2 Suppliers and Service Providers

Contact information of representatives
Company registration and tax details
Banking details for payment processing
Contract and performance information

3.3 Employees and Job Applicants

Identification information (ID numbers, passport details)
Contact and emergency contact information
Employment history, qualifications, and references
Banking details for payroll
Tax information and medical aid details
Health and safety training records (required for chemical handling compliance)

3.4 Website Visitors

IP addresses and browser information
Cookie data and usage analytics
Form submissions and inquiry details
Pages visited and time spent on site

4. HOW WE COLLECT PERSONAL INFORMATION

We collect personal information through the following methods:

Directly from you: When you provide information through forms, applications, contracts, correspondence, or verbal communications
Automatically: Through cookies and similar technologies when you visit our website
From third parties: Such as credit bureaus, background check providers, and public databases (only with lawful basis)
From business interactions: During the course of our commercial relationship, including sales transactions and service delivery
From regulatory requirements: Information required for compliance with occupational health and safety laws, chemical handling regulations, and other statutory obligations

5. PURPOSE OF PROCESSING

We process your personal information for the following specific, explicit, and lawful purposes:

5.1 Business Operations

Processing orders and delivering chemical products
Managing customer accounts and relationships
Processing payments and managing credit facilities
Providing customer support and responding to inquiries
Managing supplier and service provider relationships

5.2 Legal and Regulatory Compliance

Complying with the Occupational Health and Safety Act and Hazardous Chemical Agents Regulations
Maintaining Safety Data Sheet (SDS) delivery records and training documentation
Meeting tax, accounting, and financial reporting obligations
Complying with labour laws and employment equity requirements
Responding to lawful requests from regulatory authorities
Maintaining records as required by applicable legislation

5.3 Safety and Risk Management

Ensuring safe handling, storage, and distribution of chemical products
Conducting background checks and security assessments where necessary
Preventing fraud, theft, and unauthorized access to facilities
Monitoring compliance with safety protocols
Investigating incidents and accidents

5.4 Marketing and Business Development

Sending product information and promotional materials (with consent or where permitted by law)
Conducting market research and customer satisfaction surveys
Improving our products and services
Analysing business trends and market opportunities

6. LAWFUL BASIS FOR PROCESSING

We process personal information only when we have a lawful basis to do so under POPIA. The lawful bases we rely on include:

Consent: You have given us specific, informed, and voluntary consent to process your information for a stated purpose
Contractual necessity: Processing is necessary to enter into or perform a contract with you
Legal obligation: Processing is required to comply with South African law, including occupational health and safety regulations, tax laws, and chemical handling requirements
Legitimate interests: Processing is necessary for our legitimate business interests (such as fraud prevention, direct marketing to existing customers, and business operations), provided this does not override your privacy rights
Protection of legitimate interests: Processing is necessary to protect your vital interests or those of another person

7. DISCLOSURE OF PERSONAL INFORMATION

We may share your personal information with the following categories of third parties, only when necessary and with appropriate safeguards:

Service Providers and Operators: Third parties who provide services on our behalf, such as IT support, logistics, accounting, legal services, and payment processing. These parties are contractually bound to protect your information and may only use it for the specified purposes.
Business Partners: Chemical manufacturers, distributors, and other partners in our supply chain where disclosure is necessary to fulfill orders or provide services
Regulatory and Law Enforcement Authorities: Government agencies, regulators, and law enforcement when required by law or to protect our legal rights
Financial Institutions: Banks and credit providers for payment processing and credit assessments
Professional Advisors: Lawyers, auditors, and consultants who assist us with business operations
Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, personal information may be transferred to the acquiring entity

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

8. CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

In some cases, we may transfer personal information to recipients located outside South Africa, including:

International suppliers of chemical products
Cloud service providers with servers located abroad
International business partners and service providers

When we transfer personal information across borders, we ensure compliance with POPIA by implementing one or more of the following safeguards:

The recipient country has adequate data protection laws recognized by South African authorities
We have entered into binding agreements with the recipient requiring them to protect your information in accordance with POPIA standards
We have obtained your explicit consent for the cross-border transfer
The transfer is necessary for the performance of a contract or is in your vital interests

9. SECURITY SAFEGUARDS

We take the security of your personal information seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, destruction, or alteration. These measures include:

Physical security: Controlled access to our premises, locked filing cabinets, and secure storage facilities
Technical security: Encryption, firewalls, secure servers, password protection, and regular security updates
Organizational security: Access controls limiting information access to authorized personnel only, confidentiality agreements, and employee training on data protection
Monitoring and auditing: Regular security assessments, audit trails, and incident response procedures

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but will notify you and the Information Regulator of any data breach that poses a significant risk to your rights, as required by POPIA.

10. RETENTION OF PERSONAL INFORMATION

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and business requirements. Retention periods vary depending on the type of information and purpose:

Customer records: Retained for the duration of the business relationship plus 5 years after the relationship ends, or as required by tax and accounting laws
Employee records: Retained for the duration of employment plus 3 to 5 years after termination, or as required by labour and tax laws
Financial records: Retained for 5 years as required by the Income Tax Act
Safety and compliance records: Retained as required by the Occupational Health and Safety Act and related regulations (typically 5 years or longer for hazardous chemical records)
Marketing consent records: Retained until consent is withdrawn or for 1 year after the last interaction

After the retention period expires, personal information will be securely destroyed or anonymized in accordance with our data destruction policies.

11. YOUR RIGHTS AS A DATA SUBJECT

Under POPIA, you have the following rights regarding your personal information:

Right to access: You may request confirmation of whether we hold your personal information and request access to that information
Right to correction: You may request correction or updating of inaccurate, incomplete, or outdated personal information
Right to deletion (erasure): You may request deletion of your personal information where it is no longer necessary for the purpose collected, or where you withdraw consent (subject to legal retention requirements)
Right to object: You may object to the processing of your personal information on reasonable grounds relating to your particular situation (except where legislation permits such processing)
Right to object to direct marketing: You may object to the processing of your personal information for direct marketing purposes, including profiling for marketing. We will stop processing immediately upon receipt of your objection.
Right not to be subject to automated decisions: You may request not to be subject to decisions based solely on automated processing that significantly affects you
Right to complain: You may lodge a complaint with our Information Officer or with the Information Regulator if you believe your privacy rights have been violated

To exercise any of these rights, please contact our Information Officer using the contact details provided in Section 2. We will respond to your request within a reasonable time (generally within 30 days) and may require verification of your identity before processing your request.

12. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand user preferences. Cookies are small text files stored on your device when you visit our website.

12.1 Types of Cookies We Use

Essential cookies: Necessary for the website to function properly (e.g., security, network management)
Performance cookies: Collect information about how you use our website to help us improve its performance
Functionality cookies: Remember your preferences and personalize your experience
Marketing cookies: Track your online activity to deliver relevant advertisements (used only with your consent)

You can control cookie settings through your browser and may refuse or delete cookies. However, disabling cookies may affect the functionality of our website. By using our website without adjusting your browser settings, you consent to our use of essential cookies. For non-essential cookies, we will request your explicit consent through our cookie consent banner.

13. DIRECT MARKETING

We may use your contact information to send you marketing communications about our products, services, promotions, and industry news. We will only do so where:

You have given us explicit consent to receive marketing communications, or
We have an existing business relationship with you and are marketing similar products/services (unless you have opted out)

You have the right to object to direct marketing at any time. Every marketing communication we send will include a clear and easy way to opt out (such as an unsubscribe link in emails). You may also contact our Information Officer to update your marketing preferences. We will process your opt-out request immediately and stop sending marketing communications within a reasonable time.
Please note that even if you opt out of marketing communications, we may still send you transactional or service-related communications (such as order confirmations, safety notices, and account updates).

14. CHILDREN'S PRIVACY

Our services are not directed at children under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child without appropriate parental consent, we will take steps to delete that information as soon as reasonably possible. If you believe we have collected information from a child, please contact our Information Officer immediately.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational considerations. When we make material changes, we will notify you by:

Posting the updated policy on our website with a new effective date
Sending an email notification to registered customers (where appropriate)
Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.

16. CONTACT INFORMATION AND COMPLAINTS

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact our Information Officer:

Information Officer: Derek Blake
Email: thesupremelab@gmail.com
Telephone: +27 73 114 8649
Physical Address: Southdowns Ridge Office Park, John Vorster Dr, Irene, Centurion, 0062, South Africa

We will investigate and respond to all complaints within a reasonable timeframe. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator:

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, Johannesburg, 2017
Telephone: 010 023 5200
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg

17. CONSENT

Where we rely on your consent as the lawful basis for processing your personal information, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
To withdraw consent, please contact our Information Officer using the contact details in Section 16. We will confirm receipt of your withdrawal and cease processing your information for the relevant purpose, subject to any legal obligations to retain certain records.

18. ACKNOWLEDGEMENT

By providing your personal information to us, engaging with our services, or using our website, you acknowledge that:

You have read and understood this Privacy Policy
You understand how we collect, use, disclose, and protect your personal information
You consent to the processing of your personal information in accordance with this policy (where consent is the lawful basis)
You understand your rights as a data subject under POPIA and how to exercise them

19. LEGAL DISCLAIMER

This Privacy Policy should be read in conjunction with our Terms and Conditions of Business and any other agreements between you and The Supreme Lab Proprietary Limited. In the event of any conflict between this Privacy Policy and applicable law, the law shall prevail.
This Privacy Policy does not create any contractual or other legal rights in favor of any party or confer any benefits upon any party. It is a statement of our current practices and may be updated from time to time.
Nothing in this Privacy Policy limits our obligations or your rights under POPIA or any other applicable data protection legislation.

END OF PRIVACY POLICY
The Supreme Lab Proprietary Limited
Last Updated: 12 February 2026