Legal
Privacy & Cookie Policy
Last updated: June 2026
Starlit Design (“we”, “us”, “our”) respects your privacy. This policy explains what personal information we collect, why we collect it, how we look after it, and the rights you have. We process personal information in line with South Africa's Protection of Personal Information Act, 2013 (POPIA).
1. Who we are
Starlit Design is a brand and design studio based in Cape Town, South Africa, working with hotels and resorts worldwide. For the purposes of POPIA, we are the “responsible party” for the personal information collected through this website.
Information Officer: [ Name to confirm ]
Email: privacy@starlit.design
Address: [ Postal address to confirm ], Cape Town, South Africa
2. What information we collect
- Information you give us through the contact form: your name, phone number, email address and the message you send.
- Technical information collected automatically by our web server, such as your IP address, browser type, device and the pages you view, for security and to keep the site running.
- Cookie and consent preferences you set on this site (see section 7).
We do not knowingly collect special personal information or the personal information of children.
3. Why we use it and our lawful basis
- To respond to your enquiry and discuss a possible project (to take steps at your request).
- To operate, secure and improve the website (our legitimate interest in running the studio).
- To set non-essential cookies, only where you have given consent.
We will not use your information for a new, unrelated purpose without telling you first.
4. Who we share it with
We do not sell your personal information. We share it only with trusted service providers who help us run the studio and this site (for example, our website host and email provider), and only as far as they need it to provide that service. Some providers may process data outside South Africa; where they do, we take reasonable steps to ensure your information remains protected. We may also disclose information if the law requires it.
5. How long we keep it
We keep enquiry information for as long as needed to deal with your request and for a reasonable period afterwards for our records, then delete it. Server logs are kept for a short period for security.
6. How we protect it
We take appropriate, reasonable technical and organisational measures to protect personal information against loss, damage and unauthorised access. No website can be guaranteed completely secure, but we work to keep your information safe.
7. Cookies
Cookies are small files stored on your device. We ask for your consent before setting any non-essential cookies, using the banner shown on your first visit. You can accept or decline, and you can change your mind at any time by clearing your browser's site data. The cookies and similar storage we may use are:
- Essential — remembering your cookie choice so we don't ask again. These are always on because the site needs them to respect your decision.
- Functional — for team members, a sign-in cookie that shows internal feedback tools. Not used for visitors.
- Analytics (only if you accept) — should we add analytics in future, they will only run after you have given consent through the banner.
8. Your rights under POPIA
You have the right to:
- ask what personal information we hold about you and request a copy;
- ask us to correct or update information that is wrong or out of date;
- ask us to delete or destroy your information where appropriate;
- object to us processing your information; and
- withdraw consent you have given, at any time.
To exercise any of these rights, contact our Information Officer using the details in section 1.
9. Complaints
If you are unhappy with how we handle your personal information, please contact us first so we can try to put it right. You also have the right to complain to the regulator:
The Information Regulator (South Africa)
Website: inforegulator.org.za
Email: POPIAComplaints@inforegulator.org.za
10. Changes to this policy
We may update this policy from time to time. When we do, we will change the “last updated” date at the top of this page.
This policy is provided as a starting point and should be reviewed by the studio (and, ideally, a legal advisor) and the placeholder details completed before it is relied upon.