Privacy Policy

Last updated: 9 April 2026

This Privacy Policy explains how The Godfathers Of Deep House SA and the legal entities operating the platform process personal information when you use the website, create an account, purchase music or merchandise, subscribe to membership access, submit booking or contact forms, or otherwise interact with the platform.

1. Scope

This policy applies to public browsing, registered user accounts, member access, artist access, commerce, bookings, contact forms, newsletters, support communications, and related platform operations connected to www.thegodfathers.co.za.

2. Information We Collect

Depending on how you use the platform, we may collect:

• identity and account data: name, email address, username, password hash, verification state, and role or membership status
• commerce data: cart contents, order records, billing details, shipping details, presentment currency, settlement currency, payment references, discount usage, and fulfillment status
• membership and access data: subscription plan, entitlement state, owned digital access, and access history necessary to deliver premium content
• contact and booking data: contact details, enquiry subject, booking details, venue, timing, budget, and communications submitted through forms
• technical and device data: IP address, browser, operating system, log events, approximate country signals, timezone or locale hints, and security telemetry
• preference data: cookie consent choice, storefront currency choice where allowed, and similar user preferences
• support and moderation data: message history, abuse-prevention records, and operational notes needed to handle requests lawfully and safely

3. How We Collect Information

We collect information directly from you, automatically from your use of the platform, and from service providers involved in payment processing, hosting, email delivery, mapping or shipping calculation, and fraud or runtime protection.

4. Why We Use Information

We use personal information to create and secure accounts, process purchases and memberships, calculate shipping where relevant, operate gated content, receive and respond to bookings and support requests, detect misuse, maintain operational analytics, and comply with legal obligations.

5. Legal Bases

Where GDPR or similar laws apply, we rely on one or more of the following legal bases: consent, performance of a contract, legitimate interests, compliance with legal obligations, and where applicable the establishment, exercise, or defense of legal claims. Under South African law, we process information in line with POPIA and related legislation, including conditions for lawful processing and data-subject rights.

6. Cookies, Regional Signals, and Currency Presentation

The platform uses essential cookies for login continuity, cart state, checkout safety, and security. Where you allow optional preferences, we may store currency preferences and related presentation choices. The platform may also use request headers, locale hints, timezone hints, or country hints to present regional currency information. This presentation logic does not by itself guarantee your bank or payment provider will settle in the same currency.

7. Payments and Financial Data

Card payments are processed through our payment service provider, currently Paystack, or another gateway we may lawfully appoint from time to time. We do not intentionally store full card numbers or card security codes on our platform. We do retain payment references, transaction status, settlement currency, and order records required to confirm payment, resolve disputes, and keep proper books.

8. Shipping, Delivery, and Address Data

Where an order requires shipping, we process billing and delivery information to quote delivery, fulfill orders, confirm delivery issues, and handle customer support. Shipping-related data may be shared with logistics or address-resolution providers to the extent needed to complete the order.

9. Memberships, Exclusive Access, and Media Rights

If you purchase a membership, release, or other gated entitlement, we process access-control information to determine whether you may stream, view, unlock, or otherwise access protected content. We also keep a record of the relevant entitlement so the platform can restore access where appropriate and investigate misuse or unauthorized sharing.

10. When We Share Information

We may share information with hosting, infrastructure, payment, email, security, shipping, customer-support, and compliance service providers where needed to operate the platform. We may also disclose information when required by law, to protect rights or safety, to investigate fraud or abuse, or as part of a lawful corporate restructuring. We do not currently sell personal information for money, and we do not intentionally run a public-facing system that exposes private control operations.

11. International Transfers

Because the platform serves users globally and may rely on service providers operating in more than one country, personal information may be processed outside South Africa. Where GDPR or similar laws apply, we take reasonable steps to ensure an appropriate transfer mechanism or other lawful safeguard is used where required.

12. How Long We Keep Information

We keep information for as long as it is reasonably required for the purpose for which it was collected, including account continuity, order history, tax and accounting records, anti-fraud controls, legal compliance, dispute handling, and platform security. Retention periods may differ by record type. We may delete, anonymise, or de-identify data when it is no longer needed, unless law requires longer retention.

13. Security

We use technical and organisational measures appropriate to the platform, including access controls, restricted control environments, authentication controls, secret management, and operational monitoring. No online platform can promise absolute security, and users should also protect their own credentials and devices.

14. Your Rights

Depending on where you live, you may have rights including access, correction, deletion, restriction, portability, objection to certain processing, withdrawal of consent, complaint to a regulator, and in some jurisdictions rights relating to automated decision-making or sensitive personal information.

South Africa: POPIA gives data subjects rights in relation to lawful processing, direct marketing, and complaints to the Information Regulator.
EEA / UK: GDPR rights may include access, rectification, erasure, restriction, portability, objection, and complaint rights.
California and certain US states: eligible residents may have rights to know, delete, correct, opt out of sale or sharing where applicable, limit sensitive personal information use where applicable, and receive non-discriminatory treatment for exercising rights.
Other jurisdictions: if mandatory local law gives you additional privacy rights, those rights apply to the extent required.

15. How To Exercise Rights

You may submit privacy or data-rights requests through the contact page or by emailing info@thegodfathers.co.za. We may need to verify your identity before acting, and we may decline or limit a request where the law allows or requires us to do so.

16. Children

The platform is not designed to invite unsupervised use by children for contracts or purchases that require legal capacity. If you are under the age of majority where you live, you should use the platform only with the permission and involvement of a parent or legal guardian.

17. Direct Marketing

Where you opt in or where law permits, we may send you updates about releases, events, exclusives, or storefront activity. You can unsubscribe from marketing emails through the unsubscribe link or by contacting us. Operational emails about accounts, orders, payments, security, and access are not marketing and may still be sent where needed.

18. Complaints

If you believe we have handled your information unlawfully, please contact us first so we can try to resolve the issue. If you are in South Africa, you may also contact the Information Regulator. If you are in the EEA or UK, you may complain to your local supervisory authority. If you are in California or another US state with privacy rights, you may also use the remedies made available under applicable law.