Privacy policy

POPI ACT: ( Protection of Personal Information ) None of our clients’ information provided is available in the public domain, and sensitive information is protected at various levels. Any printed sensitive and historical documentation is kept within a dedicated vault within our premises, which was previously owned by a reputable law firm, and this built in vault room, with steel doors and multiple steel pins, is kept locked and secured with an alarm system when our staff leave the building.

We use this information only for the time frame and purposes it was provided by our clients, and not for any selling of information to third parties, for further gain. {For example, a repeat client uses us for their holidays, and we keep their personal information confidential/ and on file, to ensure we do not need to collect this information each time. } Online information and backups are kept within a cloud-based server and are accessible by password-protected permission only.

The purpose of the POPI act is to protect the personal information of clients and is set up to balance the right to privacy with other rights such as access to information. Personal information relates to an identifiable, natural or legal entity and includes, but is not entirely limited to:

• Contact information of a client – eg a mobile or landline telephone number, a personal or work email address etc. next of kin contact details when travelling etc.
• Private correspondence with a client relating to their trip planning or similar.
• Biometric information – blood group, PCR test results, or similar details
• Demographic information – age of the client, gender, race, date of birth, ethnicity, or similar.
• Opinions of and about a person or group, relating to specific communications received in good faith from a client
• History – employment previous or current, financial information relating to a transaction, medical history, as well as educational background
  The POPI Act applies to every business in South Africa that collects, uses, stores or destroys personal information in their day to day business activities.

The POPI Act applies to every business in South Africa that collects, uses, stores or destroys personal information in their day to day business activities.

Some of the key obligations from our company include:

To only collect information for a specific purpose, such as paying for your trip or completing a booking form with flight details, dietary requirements, special requests, net of kin information etc; to ensure that the information is applied for our needs ( eg passports to book flights, ccard details to deduct a deposit agreed upon in writing on your invoice, and with express permission in the future to use these details again for a further payment and are up to date; to have reasonable/ feasible security measures in place in our company in order to protect the information; to only keep the necessary information; and to allow the data subject to obtain or view his or her information on request. Legal processing of personal information Processing of the booking form, passports or flight details etc, are all examples of what involves anything that is done with personal information and includes the collection, use, storage, dissemination, modification or destruction of personal information (regardless of whether the processing is automatic).

We are required then to ensure that we comply:

• Accountability: We must ensure that the information processing principles are adhered to as set out in the POPI act
• Processing restriction: Processing must be done lawfully, and with your permission as the client, as well as any personal information may only be processed if it is sufficient, relevant and not excessive given the purpose for which it is processed.
• Specific purpose: Personal information must be collected for a specific and defined legal purpose in relation to a function or activity of the business concerned. eg as a travel agency, we use the flight details or passports, meal requests, or dates of birth, to plan and execute your holiday efficiently. We do not use this information after the trip is concluded to sell on to another marketing company, or misuse the information for further gain, beyond the agreed invoice amount, and the agreed purposes of collecting this information.
• Transparency: Any key details and information that must be provided to the data subject by the business, including the information collected, the name and address of the responsible party, the purpose for which the information is collected and whether the information provided by the data subject is voluntary or compulsory.
• Further processing restrictions: This is where the client’s personal information of a third party is received and transferred to another responsible party for processing, for example, a deposit secured for car rental or flight ticket purchases.
• Security measures: The business must protect the integrity of the personal information in its possession and under its control by ensuring that measures are in place to prevent loss of, damage to or unauthorised destruction of personal information.
• Data subject participation: A data subject has the right to request personal information that the business holds for free;
• or to update or destroy personal information that is incorrect, irrelevant, superfluous, misleading or unlawful; and/ or destroy a record of personal information that is unnecessary for the business to keep beyond the initial transaction.

Our business periodically sends out special offers and newsletters, and we provide clearly an opt-in and opt-out/unsubscribe option when contacting a data subject/ client for periodic marketing purposes. Our policy is to do so at a maximum rate of once every 4 weeks, and we are sensitive to not “spam’ the client on a highly repetitive basis, which might prove beyond the comfortable standards of acceptable frequency of contact for our updates and special offers. Our clients are more than welcome to request less communication or no communication, by unsubscribing from our newsletters.