Bespoke Inspirational Authentic Unforgettable
TCD DESTINATION MANAGEMENT COMPANY (PTY) LTD
PRIVACY & POPIA POLICIES
TCD Destination Management Company (Pty) Ltd t/a The Cape Discovered, South Africa Discovered and Southern Africa Discovered (the “Company”) is a boutique destination management company tailoring unique, personalised private touring and sightseeing experiences, with custom designed itineraries, and seamless implementation and management around our client's travel plans in Southern Africa. We also offer private excursions and tours, carefully planned to emphasise authentic local culture in a responsible way, with a professional and knowledgeable tourist guide / private driver.
The Company is committed to compliance with, and adheres to, the Protection of Personal Information Act, Act 4 of 2013 (“POPI” or “POPIA”). The purpose of the POPIA is to protect individuals from harm by protecting their personal information, to stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.
The POPIA requires the Company to:
Sufficiently inform individuals of the purpose for which their personal information will be collected and processed; and
Protect personal information from threats, whether internal or external, deliberate or accidental, to safeguard data subjects from harm, and ensure business continuation, minimise business damage and maximise business opportunities.
This policy and compliance framework establishes measures and standards for the protection and lawful processing of personal information within the Company and provides principles regarding the right of individuals to privacy and to reasonable safeguarding of their personal information. We undertake to take all reasonable steps to use personal information only in ways that are compatible with this policy. Any deviations from this policy or breach thereof or incidents that may relate to such a possibility must be reported to the Information Officer.
Details about the Information Regulator can be found at: https://www.justice.gov.za/inforeg/index.html
Consent means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.
Data Subject means the person to whom personal information relates (such as clients or employees) and their personal information.
Electronic communication means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.
Operator means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party (such as a lodge or activity provider);
Processing means any operation or activity or any set of operations concerning personal information.
Responsible Party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information (including the Company).
What Constitutes Personal Information or Data
Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
Information relating to race, gender, sex, pregnancy, marital status, national, ethic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
Information relating to the education or the medical, financial, criminal or employment history of the person;
Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other assignment to the person;
The biometric information of the person;
The personal opinions, views or preferences of the person;
Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
The views or opinions of another individual about the person; and
The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
The following Information Officer has been appointed:
Stephen Woodhead, Director
Mobile: +27 60 581 7299
The responsibilities of the Information Officer in terms of the POPIA are as follows:
The development, implementation and monitoring of this policy and compliance framework.
The encouragement of compliance with the conditions for the lawful processing of personal information.
Managing requests received pursuant to the POPIA.
Ensuring compliance the POPIA, including reporting data breaches to the regulator and data subjects.
The Company’s management, employees, business units and individuals directly associated with us have been made aware of their roles in protecting personal information and are responsible for adhering to this policy and for reporting any security breaches or incidents to the Information Officer.
Any service provider that provides services to the Company, including a provider of information technology or data storage services, must adhere the requirements of the POPIA to ensure adequate protection of personal information held by them on the Company’s behalf.
This policy is in effect for the Company and includes the following electronic platforms:
Facebook: The Cape and Southern Africa Discovered Destination Management, Tours & Safaris
The Cape Discovered Wine & Food Safaris
and email and other communications.
The Company is committed to complying with all applicable regulatory requirements related to the collection and processing of personal information and to the following core principles:
Accountability: The Company is responsible for personal information from the time of collection to deletion. The Company will develop and maintain reasonable protective measures against risks such as loss, unauthorised access, destruction, use, alteration or revelation of personal information.
Purpose Specification: The Company will only collect personal information for a legitimate and lawful purpose, retaining such information for only so long as is necessary to fulfil their purpose. The Company collects personal information from clients and service providers to enable it to represent them for the purpose of fulfilling our planning, destination management, and tour mandates.
Processing Limitation: The Company undertakes to collect the minimum personal information required for the purpose, with the proper consent and knowledge of the data subject, in a legal and reasonable way and to process such personal information obtained only for the purpose for which it was obtained in the first place. Processing of personal information obtained will not be undertaken in an insensitive or wrongful way that can intrude on the privacy of the data subject.
Further Processing Limitation: Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially. The Company undertakes not to provide any information to a third party without consent, except where it is necessary for the proper execution of the service as expected by the client.
Information Quality: In order to fulfil its mandate, the Company will ensure that accurate and sufficient information is on record and that it is updated when necessary. The Company undertakes not to request or to process information related to race or ethnicity, religious or philosophical beliefs, political preference, trade union membership, sexual certitude or criminal record.
Openness: The Company will clearly inform data subjects when information is collected on them, the reasons for collecting the information and the purpose for which it will be put.
Security Safeguards: The Company will ensure the security, integrity and confidentiality of personal information in its possession. The Company is committed to ensuring that information is only used for legitimate purposes with informed consent and only by authorised representatives of the Company.
Data Subject Participation: Data subjects can request details of any personal information collected on them at no cost and may also require the correction or deletion of personal information within the specifications of the POPI Act.
What Information is Collected
In order to provide our services, we may request client or service provider personal information including, but not limited to:
Names (and the names and personal information of the members of your group)
Mailing and residential addresses
Telephone numbers and other contact information such as Skype
ID / passport information
Dates of birth / ages
Financial and payment information such as credit card details
Health and wellness information (expanded as a result of COVID-19 and the Disaster Management Act, 2002 published on 17 March 2020)
Personal travel and related history and preferences
Emergency contacts’ contact information
If you enter a contest or other promotion, we may ask for your names, telephone numbers, addresses, email addresses, and personal preferences such as travel patterns and likes / dislikes so that we can administer the contest and notify winners.
The Information Provided
The information the Company receives depends upon individuals’ interaction with the Company directly, via the website or other social media platforms, and further direct follow up interaction that may occur. The Company uses the information provided (both online and offline) for responding to requests, customizing the material presented, facilitating all arrangements made on behalf of clients or third party service providers (such as providers of accommodation, transportation, activities, and meals), communication with clients and service providers, improvements to the contents of the Company’s website and social media platforms, and to improve service offerings.
The primary goal in collecting personal information is to provide high-quality, customized services and information and to provide clients with an efficient, personalized experience that best meets their needs.
If an individual chooses to identify themself by communicating with the Company, responding to communication from the Company, or completing an online form, Company representatives will have access to such information in order to establish contact and provide any services agreed upon. Website interaction and information submitted may be stored in a personally identifiable format and will be kept in the strictest confidence. Such information will only be used for internal purposes and will not be sold or disclosed to third parties without permission. However, necessary personal information may be shared with business partners to facilitate the services agreed upon. This might include ID / passport and personal credit card information provided to confirm reservations, financial information utilized to receive payment for services rendered, etc.
We maintain a strict "No-Spam" policy and will not sell or rent personal information to a third-party for such purposes.
The Company’s website and social media may contain links to other websites or other electronic platforms. Please check with those sites to determine their Privacy and POPI Policies. Please keep in mind that whenever you voluntarily disclose personal information online, for example through email, discussion forums, or elsewhere, that information can be collected and used by others. Ultimately, you are responsible for maintaining the privacy of your personal information.
This information enables the Company to run site usage tools and create statistics about the site. These statistics help us to better understand how the site is being used and what we can do to make it more useful to visitors.
Disclosure of Personal Information
The Company will disclose personal information when required to do so by law or in the good-faith belief that such action is necessary to:
Conform to the edicts of the law or comply with a legal process served on the Company.
Protect and defend the rights or property of the Company.
Co-operate with the investigation of purported unlawful activities to protect the safety of any individual or the general public.
For the purpose of carrying out credit checks on potential clients, where necessary.
Retention of personal information
We will only retain your personal information for as long as it is necessary to fulfil the purposes set out in this policy, unless:
retention of the data is required or authorised by law;
you have consented to the retention of the data; or
retention is necessary as part of your interactions with the Company.
Your personal information may be kept the form of physical or electronic records at our discretion.
Please keep your personal information accurate and up to date by informing the Company of any changes.
Transfer of personal information to another country
We will only transfer personal information to someone outside of South Africa if:
you have given your consent;
contractual requirement, i.e. the transfer is necessary to conclude a contract between you and the Company.
The Company is not responsible for, gives no warranties, nor makes any representations in respect of the privacy policies or practices of any third parties.
Availability and Revision
The Company reserves the right to change this policy from time to time without prior notice. Any updated policy will be posted on the Company’s website www.TheCapeDiscovered.com , www.SouthernAfricaDiscovered.com and www.SouthAfricaDiscovered.com
If you have any additional questions about the Company’s collection and storage of data, or require a copy of this policy, please contact the Information Officer.
Consent to the Collection and Retention of Personal Information
By using the Company’s website or Social Media profiles or initiating / responding to email or other forms of communication, submitting your personal information and making use of the Company’s services, you hereby confirm:
That you have read and understood this Privacy and POPI Policy;
That you consent to the Company collecting and using your personal information as specified above, including where necessary sharing such information with business partners for the purpose of providing any agreed upon services; and
That the information you have provided to the Company is true, correct and up to date.
Last Updated: 1 May 2021