Privacy Notice – LEGO Certified Stores
tags, as close as possible to the opening tag. Creation Date: 03/18/2020 -->
FREE DELIVERY...... ALWAYS! No minimum spend! LEARN MORE

Privacy Notice

The Great Yellow Brick (Pty) Ltd Privacy Notice

In this document, references to "The Great Yellow Brick (Pty) Ltd", "we" or "the Group" or "GYBC" are to The Great Yellow Brick (Pty) Ltd and its subsidiary companies.  

We respect your privacy and will take reasonable measures to protect it. Should you decide to register as a user on the website, we may require you to provide us with personal information which includes but is not limited to -

  • your name and surname;
  • your email address;
  • your physical address;
  • your gender;
  • your mobile number; and
  • your date of birth.

Should your personal information change, please inform us and provide us with updates as soon as reasonably possible to enable us to update your details. You may choose to provide additional personal information to us, in which event you agree to provide accurate and current information, and not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.

We will not, without your express consent, use your personal information for any purpose other than as set out below:

  • in relation to the ordering, sale and delivery of goods;
  • to contact you regarding current or new product or services or any other goods offered by us or any of our divisions and/or partners;
  • to inform you of new features, special offers and promotional competitions offered by us or any of our divisions;
  • disclose your personal information to any third party only for the purposes as set out below:
    • to our employees and/or third party service providers who assist us to interact with you via our website, email or any other method, for the ordering of goods or when delivering goods to you and thus need to know your personal information in order to assist us to communicate with you properly and efficiently;
    • to law enforcement, government officials, fraud detection agencies or other third parties when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity or to investigate violations of these Terms and Conditions;
    • to our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services, etc). Our contracts dictate that these service providers may only use your information in connection with the services they perform for us and not for their own benefit;
    • to LEGO Group in order for them to liaise directly with you regarding any faulty goods you have purchased which requires their involvement.

We are entitled to use or disclose your personal information if such use or disclosure is required in order to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. In the event of a fraudulent online payment, GYBC is entitled to disclose relevant personal information for criminal investigation purposes or in line with any other legal obligation for disclosure of the personal information which may be required of it.

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: We also share your information with Marsello for our loyalty programme and with Lightspeed, who we use for our POS system.

We use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: You can also opt-out of Google Analytics here:

We also make use of Bloomreach which is a cloud-based e-commerce experience platform and B2B service specializing in marketing automation, product discovery, and content management systems.

We may place small text files called ‘cookies’ on your device when you visit our website. These files do not contain personal information, but they do contain a personal identifier allowing us to associate your personal information with a certain device.

These files serve a number of useful purposes for you, including:

  1. granting you access to age restricted content;
  2. tailoring our website’s functionality to you personally by letting us remember your preferences;
  3. improving how our website performs;
  4. allowing third parties to provide services to our website; and
  5. helping us deliver targeted advertising where appropriate in compliance with the applicable laws.

Your internet browser generally accepts cookies automatically, but you can often change this setting to stop accepting them. You can also delete cookies manually. However, no longer accepting cookies or deleting them will prevent you from accessing certain aspects of our website where cookies are necessary. Many websites use cookies and you can find out more about them at

We use the following cookies:

  • Session / Period cookies: They allow website owners to collect analytics data, remember language settings, and perform other useful functions that help provide a good user experience. These cookies expire when the browser is closed.
  • Permanent / Persistent cookies: Same as above, however, these remain in operation, even when you have closed the browser. They remember your login details and password, so you don’t have to type them in every time you use the site. These cookies have a pre-determined expiry date and will appear until the expiry date is reached.
  • Third-party cookies: are created by domains other than the one you are visiting directly, hence the name third-party. These are installed by third parties with the aim of collecting certain information to carry out various research into behaviour, demographics etc, such as advertisers.
  • Google analytics: This is tracking software from Google which we use to monitor how users interact with the website in order for us to improve its functionality and content.
  • Web-server software: Web-Server software delivers webpages to your browser. The web-server software will automatically collect your IP address whenever you connect to the website.

We will ensure that all of our employees, third party service providers, divisions and partners (including their employees and third party service providers) having access to your personal information are bound by appropriate and legally binding confidentiality obligations in relation to your personal information.

We will treat your personal information as strictly confidential, save where we are entitled to share it as set out in this Policy. We will take appropriate technical and organisational measures to ensure that your personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access and to provide you with access to your personal information to view and/or update personal details.

We will promptly notify you if we become aware of any unauthorised use, disclosure or processing of your personal information. We will provide you with reasonable evidence of our compliance with our obligations under this Policy on reasonable notice and request. Upon your written request we will promptly return or destroy any and all of your personal information in our possession or control, save for that which we are legally obliged to retain.

We will not retain your personal information longer than the period for which it was originally needed, unless we are required by law to do so or you consent to us retaining such information for a longer period.

GYBC undertakes never to sell or make your personal information available to any third party other than as provided for in this Policy.

Whilst we will do all things reasonably necessary to protect your rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence.

You have rights in connection with your personal information. You have many choices about how your information is collected, used, and shared.

In certain circumstances, by law, you have the right to: 

  • Request access to your information: You will be able to ask us what information we have about you as well as ask for a copy of this information. This should be done on request to There are some exemptions, which means you may not always receive all the information we process. When we can give you a copy it might be done at a certain fee, which will also be communicated to you at the time of your query.
  • Change or correct information: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Delete information: You can ask us to delete or remove personal information under certain circumstances.
  • Object to processing: You can do this where we are relying on your legitimate interest, public interest, or our legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes or where you have given your consent for the specific processing and you want to retract your consent. Retracting your consent does not invalidate the information we lawfully processed while we had your consent to do so.
  • Request the restriction of processing: You can ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.

Transborder information transfers:

The transfer of your personal information across South African borders is necessary in terms of our business scope and services. In the event of transferring your personal information cross border, we ensure that we take the necessary steps to ensure that the processing of personal information is done in accordance with the laws of the jurisdiction the information is transferred to. Further, that binding corporate rules or binding agreements are in place that provide for adequate levels of protection in accordance with the protection measures of POPIA.

We transfer information to the following country:

  • United States of America


If you have any queries or concerns about our use of your personal information, you can email us at

Our Information Officer: 

Hayley Greenstein

Shop L51C, Lower Level, Sandton City,
Corner Rivonia road & 5th Street, Sandton


The Information Regulator:

You have a right to lodge a complaint with the South African Information Regulator.

Their contact details are as follows:

JD House, 27 Stiemens Street,
Johannesburg, 2001

P.O Box 31533,
Johannesburg, 2017

Complaints email:

General enquiries email:


Document Links:

Form 02 - Request for Access to Record

Form 03 - Outcome of request and of fees payable