The Information We Collect

​

We can collect and process your personal information mainly to provide our services, process bookings, respond to inquiries, and improve your experience with us. This may include:

​

• Contact details such as your name, email address, phone number, and postal address.

• Booking information, including dates of stay, number of guests, special requests, and preferences (e.g., dietary requirements).

• Payment details, such as credit card information (processed securely via third-party payment gateways).

• Demographic information, such as age, nationality, or travel history, where relevant to our services.

• Website usage data, including IP address, browser type, and pages visited.

 

We collect information directly from you when you:

​

• Make a booking or inquiry via our website forms.

• Subscribe to our newsletter or marketing communications.

• Contact us via email, phone, or social media.

• Participate in surveys, promotions, or feedback requests.​

 

Where possible, we will inform you what information is required and what is optional. Sensitive personal information (e.g., health-related data for special needs) will only be collected with your explicit consent or as permitted by law.

Website usage information may also be collected using “cookies” (see our Cookies section below) to gather standard internet visitor usage information.

​

How We Use Your Information

​

We will use your personal information only for the purposes for which it was collected and as agreed with you, in line with POPIA's principles of lawful processing. These purposes include:

​

• Processing and confirming bookings, reservations, and payments.

• Communicating with you about your booking, updates, or inquiries.

• Sending marketing materials, newsletters, or promotional offers (with your opt-in consent).

• Improving our website and services through analysis of usage data.

• Complying with legal obligations, such as tax reporting or health and safety requirements.

• Detecting and preventing fraud, crime, or other malpractice.

• Conducting market research or customer satisfaction surveys (anonymized where possible).

• For audit, record-keeping, and statistical analysis purposes.

• In connection with legal proceedings, if necessary.

 

We process personal information based on grounds such as your consent, contractual necessity, or our legitimate interests (e.g., security and service improvement).

​

Disclosure of Information

​

We may disclose your personal information to our service providers who assist in delivering our services, such as:

​

• Payment processors for handling transactions.

• Booking software providers.

• Marketing or analytics partners.

• Third-party vendors for accommodations, tours, or transport.

 

We have agreements in place with these providers to ensure they comply with POPIA's privacy requirements and treat your information securely.

​

We may also disclose your information:

​

• Where required by law, court order, or regulatory authority (e.g., to government bodies for compliance).

• To protect our rights, property, or safety, or that of others.

• In the event of a business transfer, merger, or acquisition (with notice to you where required).

• ​

We do not sell, rent, or share your personal information with third parties for their own marketing purposes without your consent.

​

Transborder Flows of Personal Information

​

If we transfer your personal information outside South Africa, however unlikely (e.g., to international booking platforms or cloud services), we will ensure adequate protections are in place, such as binding corporate rules, standard contractual clauses, or equivalent safeguards as required by POPIA.

​

Information Security

​

We are legally obliged to provide adequate protection for the personal information we hold and to prevent unauthorized access, loss, or misuse. We implement reasonable technical and organizational measures, including:

​

• Encryption of sensitive data (e.g., payment details).

• Firewalls, access controls, and secure servers.

• Regular security audits and updates.

• Employee training on data protection.

 

Our security policies cover:

• Physical security of premises and data centers.

• Computer and network security.

• Access controls to personal information.

• Secure communications and data transmission.

• Retention and secure disposal of information.

• Monitoring for security incidents and prompt response.

 

When contracting with third parties, we require them to maintain equivalent security standards.

While we strive to protect your information, no system is 100% secure. In the event of a data breach, we will notify you and the Information Regulator as required by POPIA.

​

Retention of Information

​

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal requirements (e.g., tax records for 5 years), or resolve disputes. After this period, we securely delete or anonymize the data.

​

Cookies

​

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device. We use:

​

• Session cookies: Temporary, to maintain your session (e.g., for login).

• Persistent cookies: To remember preferences and analyze site usage.

• Third-party cookies: From analytics tools (e.g., Google Analytics) for traffic insights.

 

You can manage cookies via your browser settings. Disabling them may limit website functionality. For more details, see our Cookie Policy (if separate) or contact us.

​

Links to Third-Party Websites

​

Our website may contain links to external sites (e.g., social media or partners). We are not responsible for their privacy practices. Review their policies before providing information.

​

Your Rights as a Data Subject

​

Under POPIA, you have rights regarding your personal information, including:

​

• Access: Request details of the information we hold about you.

• Correction: Ask us to update or correct inaccurate information.

• Deletion: Request deletion where no longer needed (subject to legal obligations).

• Objection: Object to processing based on legitimate interests or for direct marketing.

• Restriction: Request restriction of processing in certain cases.

• Portability: Receive your data in a portable format (where applicable).

• Withdraw Consent: Revoke consent at any time (without affecting prior processing).

• Complaint: Lodge a complaint with the Information Regulator.

T

o exercise these rights, contact our Information Officer (details below). We may require proof of identity and may charge a reasonable fee for access requests. We will respond within a reasonable timeframe.

​

Definition of Personal Information

According to POPIA, “personal information” means information relating to an identifiable, living, natural person, or (where applicable) an identifiable juristic person. This includes, but is not limited to:

​

• Name, contact details, identity numbers.

• Financial information.

• Location data.

• Online identifiers (e.g., IP addresses).

• Special personal information (e.g., health, ethnicity) only with enhanced protections.

 

Changes to This Policy

​

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or website notice. Continued use of our website or services after changes indicates acceptance.

 

How to Contact Us

If you have queries about this notice, need further information, wish to exercise your rights, or lodge a complaint, please contact our Information Officer through the contact information provided in the Contact Us.

 

You also have the right to complain to the Information Regulator:

• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

• P.O Box: 31533, Braamfontein, Johannesburg, 2017

• Complaints Email: complaints.IR@justice.gov.za

• General Enquiries Email: inforeg@justice.gov.za

• Website: https://www.justice.gov.za/inforeg/

 

By using our website or services, you acknowledge that you have read and agree to this Privacy Policy.