Use of the www.hiddenafrica.com (hereinafter referred to as ‘Our Website’) is for personal use as well as transacting business with Hidden Africa Safari Co., Director Sean Hough (hereinafter referred to as ‘us’ or ‘we’ or ‘our’) and accordingly the right of privacy afforded as aforesaid and pertaining to such communications and data as well as any personal information conveyed during the course of such usage and transactions is limited and is subject to inter alia the Electronic Communications and Transactions Act, Act 25 of 2002 (‘ECTA’), the Promotion of Access to Information Act, Act number 2 of 2000 (‘PAIA’), the Consumer Protection Act, Act 68 of 2008 (‘CPA’) and the Protection of Personal Information Act, Act 4 of 2013 (‘POPIA’) and, in the case of residents of the European Community (‘the EC’), the General Data Protection Regulations of 2018 (‘the GDPR’)(the ECTA, PAIA, CPA, POPIA and GDPR will collective be referred to herein as ‘the Privacy Legislation’).
You are, by using Our Website (which includes e.g. when you create a profile, or send an enquiry.), deemed, in terms of the Privacy Legislation, to grant us ‘express voluntary specific and informed’ consent and permission to ‘process’ and ‘further process’ (as defined in the Privacy Legislation) your personal information and where applicable your special personal information (as defined in the Privacy Legislation) (collectively referred to herein as ‘your Information’) for the purposes of any personal use or business you may now or in future transact with us and to disclose your Information to any of the parties we engage to provide of such products and services to you in order to meet the requirements for the travel arrangements you have requested us to provide you with and/or arrange on your behalf (‘the Third Parties’).
The purpose of this Privacy Policy is to inform you how we will use your Information so that if you provide us with your consent, you will have been thus informed and be in a position to make such an ‘informed’ If any aspect of this Privacy Policy is not clear, feel free to contact us. However once you given us the ‘go ahead’ to process your Information, you will be deemed to have read, understand and agree to be bound by the content and import of this Privacy Policy and such ‘go ahead’ will be deemed to meet the stipulated ‘consent requirements’ .
Personal Information includes mainly perfunctory details such as your name, surname, address, identity and passport numbers, other contact detail whereas the Special Personal Information reflects more and also more subjective issues and sensitive details such as religious beliefs, race, political persuasion, sex life, health and biometric information. Most of your Information is crucial for us to provide you effectively with the services and/or products you have requested and if you were to refuse consent, which you are entitled to do, we will not be able to assist you (See ‘Rights’ below).
Note that the purpose of the Privacy Legislation is not only to protect your privacy but also to place you in control of your Information, even if you have given your consent.
Despite the fact that the Privacy Legislation is even more demanding when it comes to the processing of special personal information and that of children, we believe that any reservations you may have in that regard have been more adequately addressed.
If you are disclosing personal information about other persons (natural or juristic – the latter is not covered by GDPR) you will be deemed to have their permission and to have been duly authorized to do so and indemnify us against any actions by such third parties (Their and your personal information will be collectively referred to herein as ‘the/your Information’ and ‘you’ and ‘your’ will be deemed to include/refer to such other persons).
We will ensure the processing of all your Information complies with the Privacy Legislation and that it is adequate, relevant and not excessive.
Over and above the Privacy Legislation you have the protection of the PAIA – we will ensure that in processing your Information, we comply with the PAIA and that such disclosure is not, to the best of our knowledge, result in the unreasonable disclosure of your Information(section 34); will not to the best of our knowledge, cause harm to the third party’s commercial or financial interests (section 36); constitute an action for breach of a duty of confidence owed to the third party (section 37), or could reasonably be expected to endanger the life or physical safety of the third party (section 38).
The Regulation of Interception of Communications and Provision of Communications-related Information Act (70/2002) (‘RICA’) affords us certain rights to monitor inter alia electronic communications via our network. By using Our Website You consent to such interception within the ambit of RICA.
The primary reason we collect your Information is so that we can provide you with the services and/or products you have requested. And to meet the requirements for the travel arrangements you have requested us to provide you with and/or arrange on your behalf.
The secondary reason is so that we can (1) improve our service to you; (2) customize our service where requested, required or where it is appropriate to do so; (3) advise you of any changes (e.g. in your itinerary) or specials from time to time; (4) Analytics (Profiling): we do this ourselves or by utelizing the services of third parties. This entails using your Information to ascertain trading patterns. An example we may determine which websites you have come from/are going to; the browser you may be using; the identity of your device and your IP address. However identifying elements will be removed (or as provided for in the POPIA, ‘de-identified’) and encryption will be implemented to protect your Information (See also ‘Cookies’ below).
When we engage Third Parties in the service delivery process, we have to share your Information with them but it will only be to such Third Parties as have been disclosed to you and pertaining to the services and/or products you have requested. We will also ensure that such Third Parties are compliant with the Privacy Legislation or the equivalent in their country.
We mentioned above that you are at all times in control of your Information. This control you can exercise by virtue of the rights afforded you in the Privacy Legislation – We respect and will honour these rights – these RIGHTS are:
- Subject to certain exceptions (see ‘Exceptions’ below) we always have to obtain your Information from you personally
- We are not allowed to process your Information unless we have your ‘informed, specific and voluntary consent’
- We are obliged to advise you of the purpose for which we will be ‘processing’ and with whom we will be sharing your Information – this document endeavours to fulfill this obligation.
- We are obliged to advise you of the identity(ies) and contact details of the party(ies) who will be ‘processing’ your Information – we will provide you with such details: ours by referring you to ‘Contact Us’ and that of Third Parties in the documentation pertaining to the services and products to be provided in due course.
- You can call upon us at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof that we have done so.
- Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to ‘opt out’/’unsubscribe’
- You are entitled to enquire at any time about the steps we’ve taken to ensure that our safeguards pertaining to the protection of your Information meet the requirements of the Privacy Legislation (See ‘Security’ below).
- You may require of us to restrict the processing of your Information
- You can lodge complaints: with our Information Officer and/or with the POPIA Information Regulator
- You are entitled and we are obliged to inform you when our security has been breached (POPIA: ‘as soon as reasonably possible’ and GDPR: within 72 hours)
Exceptions
(ie. when we do not have to obtain your consent for ‘processing’)
- You (the ‘data subject’) have made your Information public;
- Your Information is a matter of public record, i.e. it is ‘in the public domain and under the control of a public body;’
- We are complying with an obligation imposed by law;
- It involves compliance with court proceedings
- It involves national security
- It is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult
- It is for use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards – a balance must be struck between your right to privacy and the freedom of expression
- You Information has been ‘de-identified’e. so that the identities of the parties cannot be determined (also sometimes referred to as ‘pseudonynimisation’)
- We are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed.
Storage
Your Information will not be stored longer than is reasonably required for us to complete the purposes for which is being processed
However we may retain your Information for longer periods if required for e.g. taxation purposes or if you have requested us to do and have provided us with the requisite consent. The latter may be the case when you are a repeat customer and retaining some of your personal preferences such as twin/double bed and meal preferences will assist us in providing you with a more efficient service for future bookings.
Direct Marketing (‘DM‘)
DM is defined as ‘approach(ing) a person, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the person’
‘Electronic communication’ is defined as ‘ communication by means of electronic transmission, including by telephone, fax, sms, wireless computer access, email or any similar technology or device’
DM may only be addressed to you if you are our customer, we’ve obtained your consent and it was obtained specifically or in the process of a sale of goods and/or services and at the time of the sale*
The DM must pertain to goods and/or services that originate from us and are similar to those in the previous sale*
Each DM must provide you with the opportunity to opt out/unsubscribe and doing so must be at our expense.
The purpose is not only to keep you informed but to link it to preferences
Note that DM does not mean or relate to your existing booking
We are furthermore required to only approach you with DM within the timeframes specified in the CPA.
Hotjar
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (eg how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices.This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Cookies
Cookies are used to achieve two goals. The first is to provide us with the capability to personalize information for certain segments of our customer base. Secondly, in some instances, cookies are used to allow us the opportunity to associate individual customers with their information profiles.
A cookie is a series of data characters that, when programmed into a website, is placed by the web server into the browser’s application folder on your computer. Once placed onto your machine, the cookie will allow the website to “recognize” you as a unique individual.
‘Yes’, cookies can be removed from your hard drive. Also, depending on what type of web browser and what browser version you are using, you may be able to change the properties on your cookie file so that cookies are not used or saved. Please check with your browser provider for more information on removing cookies.
You can also prevent your browser from accepting new cookies.
As with ‘processing’ we require your ‘consent’ prior to implementing Cookies on our website, unless doing so is strictly necessary for carrying out our basic functions in complying with the services we’ve undertaken to provide you with. You will be deemed to have given such ‘consent’ by using our website.
Security
We have carried out a data protection impact assessment which entailed a ‘systematic and extensive evaluation of our processes and current safeguards’
This assessment addressed amongst others how and when we process your Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
Based on the report by the experts who carried out this assessment, we have implemented ‘appropriate, reasonable and organizational measures‘ to (1) ‘ensure the integrity and confidentiality’ of the Information; (2) ‘prevent the loss of, damage to or unauthorized destruction or access to or processing’ of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis
These measures will meet the most stringent of ‘generally accepted information security practices’ and/or ‘specific industry or professional rules and regulations’
These measures include amongst others encryption; controlling privileges of users; destroying your Information when no longer required; regular audits; back-ups; emergency incident strategies.
We will carry out regular data protection impact assessments on an ongoing basis.
Amendments
Please note that we reserve the right to make amendments to this privacy policy from time to time.