100% lab-tested|1–3 day delivery across SA|Section 21 compliant|POPIA secure|Free shipping over R500|Cash on delivery available|Operator + doctor reviewed|100% lab-tested|1–3 day delivery across SA|Section 21 compliant|POPIA secure|Free shipping over R500|Cash on delivery available|Operator + doctor reviewed
CANNABUBEN
0

For customers

Privacy notice

Effective 15 April 2026

Draft — pending legal review

This document is a working template based on standard South African consumer-retail and Section 21 cannabis-supply practice. It will be reviewed and signed off by a POPIA- and consumer-law-qualified attorney before public launch.

This notice explains how Cannabuben (Pty) Ltd ("Cannabuben", "we", "us") collects, uses, and protects the personal information of customers, as required by the Protection of Personal Information Act, 2013 ("POPIA"). For the formal POPIA compliance manual see our POPIA Manual.

1. Who we are

Cannabuben is a South African online retailer of cannabis & wellness products, including prescription items that require SAHPRA Section 21 authorisation. We are the responsible party for the information described in this notice.

Legal entity
Cannabuben (Pty) Ltd
Registered address
To be confirmed prior to launch · South Africa
Information Officer
To be appointed under POPIA section 56 · privacy@cannabuben.co.za

2. What information we collect

Account information

  • Full name and email address
  • Phone number (for courier coordination)
  • Date of birth (for 18+ age verification)
  • South African ID number (optional, used for SAHPRA Section 21 application)

Order information

  • Shipping address and delivery notes
  • Items purchased, prices, order history
  • Payment reference (we do not store card numbers)

Clinical information (only when ordering Rx / Section 21 items)

  • Answers to our post-payment clinical screening form
  • SAHPRA Section 21 application details, once submitted on your behalf

Technical information

  • Authenticated session cookies
  • Device, browser, and IP address (security and audit)
  • No third-party advertising or analytics trackers are used

3. Why we collect it

  • To process and deliver your order
  • To review Rx orders and route them for HPCSA-practitioner authorisation where applicable
  • To file SAHPRA Section 21 applications on your behalf for scheduled products
  • To communicate order status, clinical-screening requests, and delivery updates
  • To maintain a good-faith audit trail for all cannabis-product orders

4. Lawful basis for processing

  • Performance of a contract for your order and its fulfilment (POPIA section 11(1)(b)).
  • Consent for clinical information, given via the screening-form consent checkbox (section 11(1)(a)).
  • Legal obligation for SAHPRA Section 21 records and tax-law retention (section 11(1)(c)).
  • Legitimate interest for security, fraud prevention, and audit logging (section 11(1)(f)).

5. Who we share your information with

  • The HPCSA-registered doctor assigned to review your Rx order (if applicable)
  • The South African Health Products Regulatory Authority (SAHPRA) for Section 21 applications
  • Licensed partner pharmacies for dispensing Section 21 medicines
  • Courier company delivering your order
  • PayFast (Pty) Ltd for payment processing
  • Email / transactional-messaging provider (operator under POPIA section 30)

We do not sell your information. We do not share it with marketers. Operators process information on our written instruction under signed operator agreements per POPIA.

6. How long we keep your information

  • Order and clinical records: 6 years from last interaction, per HPCSA records-management guidelines and tax-law retention.
  • Account information: until you request deletion, after which non-clinical data is removed. Clinical records remain under the HPCSA rule above.
  • Payment records: 5 years per the Tax Administration Act and FICA.

7. Your POPIA rights

You have the right to:

  • Be informed about the processing of your information (this notice)
  • Access the information we hold about you
  • Request correction of inaccurate information
  • Request deletion (subject to legal retention obligations)
  • Object to processing on legitimate-interest grounds
  • Lodge a complaint with the Information Regulator — inforegulator.org.za

8. Cross-border transfers

Where any operator stores or processes your information outside South Africa, we do so only where the recipient is subject to a law, binding corporate rules, or contract that provides a comparable level of protection (POPIA section 72).

9. Security safeguards

We apply technical and organisational measures appropriate to the sensitivity of the information: encryption in transit and at rest, row-level access control, audit logging, principle-of-least-privilege access for staff, and documented incident-response procedures.

10. Contact for data requests

For any access, correction, deletion, or objection request, write to privacy@cannabuben.co.za. We respond within 30 days. For formal requests under PAIA see our PAIA Manual.

11. Updates to this notice

We may update this notice. Material changes are communicated by email to account holders at least 14 days before they take effect. The current version is always available at this URL.

More disclosures: all legal documents.

Payment:VISAMCAMEXpayFastEFT
Shipping:COURIER GUYARAMEXFASTWAYFree over R500 · 1–3 days
Security:SSLPOPIA