Skip to content

Privacy Policy

POPI ACT: ( Protection of Personal Information ) None of our clients’ information provided is available in the public domain, and sensitive information is protected at various levels. Any printed sensitive and historical documentation is kept within a dedicated vault within our premises, which was previously owned by a reputable law firm, and this built in vault room, with steel doors and multiple steel pins, is kept locked and secured with an alarm system when our staff leave the building.

We use this information only for the time frame and purposes it was provided by our clients, and not for any selling of information to third parties, for further gain. {For example, a repeat client uses us for their holidays, and we keep their personal information confidential/ and on file, to ensure we do not need to collect this information each time. } Online information and backups are kept within a cloud-based server and are accessible by password-protected permission only.

The purpose of the POPI act is to protect the personal information of clients and is set up to balance the right to privacy with other rights such as access to information. Personal information relates to an identifiable, natural or legal entity and includes, but is not entirely limited to:

  • Contact information of a client – eg a mobile or landline telephone number, a personal or work email address etc. next of kin contact details when travelling etc.
  • Private correspondence with a client relating to their trip planning or similar.
  • Biometric information – blood group, PCR test results, or similar details
  • Demographic information – age of the client, gender, race, date of birth, ethnicity, or similar.
  • Opinions of and about a person or group, relating to specific communications received in good faith from a client
  • History – employment previous or current, financial information relating to a transaction, medical history, as well as educational background

The POPI Act applies to every business in South Africa that collects, uses, stores or destroys personal information in their day to day business activities.

Some of the key obligations from our company include:

To only collect information for a specific purpose, such as paying for your trip or completing a booking form with flight details, dietary requirements, special requests, net of kin information etc; to ensure that the information is applied for our needs ( eg passports to book flights, ccard details to deduct a deposit agreed upon in writing on your invoice, and with express permission in the future to use these details again for a further payment and are up to date; to have reasonable/ feasible security measures in place in our company in order to protect the information; to only keep the necessary information; and to allow the data subject to obtain or view his or her information on request. Legal processing of personal information Processing of the booking form, passports or flight details etc, are all examples of what involves anything that is done with personal information and includes the collection, use, storage, dissemination, modification or destruction of personal information (regardless of whether the processing is automatic).

We are required then to ensure that we comply:

  • Accountability: We must ensure that the information processing principles are adhered to as set out in the POPI act
  • Processing restriction: Processing must be done lawfully, and with your permission as the client, as well as any personal information may only be processed if it is sufficient, relevant and not excessive given the purpose for which it is processed.
  • Specific purpose: Personal information must be collected for a specific and defined legal purpose in relation to a function or activity of the business concerned. eg as a travel agency, we use the flight details or passports, meal requests, or dates of birth, to plan and execute your holiday efficiently. We do not use this information after the trip is concluded to sell on to another marketing company, or misuse the information for further gain, beyond the agreed invoice amount, and the agreed purposes of collecting this information.
  • Transparency: Any key details and information that must be provided to the data subject by the business, including the information collected, the name and address of the responsible party, the purpose for which the information is collected and whether the information provided by the data subject is voluntary or compulsory.
  • Further processing restrictions: This is where the client’s personal information of a third party is received and transferred to another responsible party for processing, for example, a deposit secured for car rental or flight ticket purchases.
  • Security measures: The business must protect the integrity of the personal information in its possession and under its control by ensuring that measures are in place to prevent loss of, damage to or unauthorised destruction of personal information.
  • Data subject participation: A data subject has the right to request personal information that the business holds for free;
  • or to update or destroy personal information that is incorrect, irrelevant, superfluous, misleading or unlawful; and/ or destroy a record of personal information that is unnecessary for the business to keep beyond the initial transaction.

Our business periodically sends out special offers and newsletters, and we provide clearly an opt-in and opt-out/unsubscribe option when contacting a data subject/ client for periodic marketing purposes. Our policy is to do so at a maximum rate of once every 4 weeks, and we are sensitive to not “spam’ the client on a highly repetitive basis, which might prove beyond the comfortable standards of acceptable frequency of contact for our updates and special offers. Our clients are more than welcome to request less communication or no communication, by unsubscribing from our newsletters. 


This privacy statement was last updated on March 24, 2022 and applies to citizens and legal permanent residents of South Africa.

In this privacy statement, we explain what we do with the data we obtain about you via We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. What if you don't provide us with your personal information?

If you don't provide us with your personal information, we may not be able to provide you with the information, products or assistance that you are seeking.

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Regulator South Africa:
P.O Box 31533,
Complaints email:[email protected]

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Adrian Lange
M5 Place, Hibiscus street, Durbanville, Cape Town, 7550, South Africa
South Africa
Email: moc.acirfairafastseb@nairda
Phone number: +27 (0) 21 976 0099

We have appointed a contact person for the organization’s policies and practices and to whom complaints or inquiries can be forwarded:
Adrian Lange
M5 Place, Hibiscus street, Durbanville, Cape Town, 7550, South Africa


Really Simple SSL

Really Simple SSL and Really Simple SSL add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find our privacy policy here.

Complianz | The Privacy Suite for WordPress

This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement.


Third parties

Hummingbird uses the Stackpath Content Delivery Network (CDN). Stackpath may store web log information of site visitors, including IPs, UA, referrer, Location and ISP info of site visitors for 7 days. Files and images served by the CDN may be stored and served from countries other than your own. Stackpath’s privacy policy can be found here.

WP Smush

Plugin: Smush

Smush sends images to the WPMU DEV servers to optimize them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers. Smush uses the Stackpath Content Delivery Network (CDN). Stackpath may store web log information of site visitors, including IPs, UA, referrer, Location and ISP info of site visitors for 7 days. Files and images served by the CDN may be stored and served from countries other than your own. Stackpath's privacy policy can be found here.


We collect information about visitors who comment on Sites that use our Akismet anti-spam service. The information we collect depends on how the User sets up Akismet for the Site, but typically includes the commenter's IP address, user agent, referrer, and Site URL (along with other information directly provided by the commenter such as their name, username, email address, and the comment itself).