Privacy Policy
Privacy Policy (POPIA)
1. Who we are
MainBay (Pty) Ltd (“MainBay”, “we”, “us”) operates the website mainbay.co.za (the “Platform”).
MainBay is an online retailer of vehicle parts and related products. We do not perform mechanical work, diagnostics, or installations.
2. What this policy covers
This Privacy Policy explains how we collect, use, share, and protect personal information when you:
Visit or use the Platform;
Place an order or make payment;
Contact us, request support, or interact with our marketing.
This policy applies alongside our Terms of Service, Returns & Refund Policy, and Cookie Policy.
3. Personal information we collect
3.1 Information you provide directly
Contact details: name, email address, phone number;
Billing and delivery details: addresses and order information;
Vehicle details (optional): make, model, year, and other non-sensitive vehicle information;
Optional technical details: engine code or VIN only if you voluntarily provide them when requesting assistance with part compatibility or customer support;
Communications: emails, messages, reviews, and support queries;
Optional uploads: images or documents you choose to submit (for example, photos of existing parts or vehicle documentation) to assist with support or compatibility checks.
MainBay does not require vehicle identification numbers (VINs), engine numbers, or registration numbers to place an order. Such information is provided solely at the customer’s discretion when requesting assistance.
3.2 Information collected automatically
Device and usage data: IP address, browser type, operating system, pages viewed, referral URLs;
Cookies and similar technologies (see our Cookie Policy).
3.3 Information received from third parties
Payment service providers: payment confirmation and fraud-prevention signals (we do not store full card details);
Courier and logistics partners: delivery and tracking information;
Analytics and advertising partners: aggregated and anonymised usage or performance data.
4. Why we process your information (POPIA purposes & lawful grounds)
We process personal information for the following purposes:
Purpose
Lawful basis
Processing orders, payments, deliveries, returns, and warranty claims
Contract
Communicating about orders, delivery updates, and account matters
Contract
Customer support, dispute handling, and record-keeping
Legitimate interests
Fraud prevention and platform security
Legitimate interests / Legal obligation
Improving platform performance and user experience
Legitimate interests
Sending marketing communications (where permitted)
Consent
You may withdraw consent for marketing at any time.
5. Who we share personal information with
We may share personal information with:
Service providers acting on our instructions, including:
Shopify (e-commerce hosting and infrastructure);
Payment gateways and fraud-prevention services;
Courier and logistics providers;
Email, SMS, and customer-support platforms;
Analytics and website performance tools.
Regulatory authorities or law enforcement where required by law or to protect our rights.
All third parties are required to process personal information lawfully and securely.
6. Cross-border transfers
Some service providers process personal information outside South Africa (for example, in the EU, UK, US, or Canada).
Where cross-border transfers occur, we use reputable providers and apply appropriate contractual, technical, and organisational safeguards in line with POPIA.
7. Data retention
We retain personal information only for as long as necessary, including:
Order and transaction records: generally up to 5 years, or longer where required by tax or accounting laws;
Warranty, return, and support records: for as long as reasonably required to resolve claims or disputes;
Marketing data: until you unsubscribe or withdraw consent.
Thereafter, information is securely deleted or de-identified.
8. Your rights under POPIA
You have the right to:
Access your personal information;
Request correction or deletion;
Object to certain processing;
Withdraw consent where processing is based on consent;
Request information about cross-border data transfers.
Requests can be made by contacting admin@mainbay.co.za.
9. Marketing communications
We only send marketing communications:
Where permitted by law; and
With consent where required.
You can opt out at any time via the unsubscribe link in our messages or by contacting us.
Transactional and service-related communications will still be sent where necessary.
10. Cookies & similar technologies
We use cookies and similar technologies for:
Core website functionality;
Analytics and performance measurement;
Advertising and remarketing (where enabled).
See our Cookie Policy for detailed information and choices.
11. Security
We implement administrative, technical, and organisational safeguards appropriate to the risk, including:
Encrypted connections;
Restricted access controls;
Monitoring and logging.
No system is completely secure. Please use strong, unique passwords and keep your login details confidential.
12. Children
The Platform is intended for individuals 18 years or older.
We do not knowingly collect personal information from minors without appropriate consent.
13. Third-party sites and tools
The Platform may link to or embed third-party services (such as maps, chat tools, or analytics).
Their privacy practices are governed by their own policies and not by this Privacy Policy.
14. Changes to this policy
We may update this Privacy Policy from time to time.
The version published on the Platform is the current version and applies to future use.
15. Contact
For privacy-related questions or requests, contact: