• The Constitution of South Africa (Act 108 of 1996) affords all its citizens the right to privacy in terms of section 14 (d).
• However your use of www.africanpathfinder.com (hereinafter referred to as ‘Our Website’) is for personal use as well as transacting business with AFRICAN PATHFINDER (hereinafter referred to as ‘us’ or ‘we’ or ‘our’) and accordingly the right of privacy afforded as aforesaid and pertaining to such communications and data as well as any personal information conveyed during the course of such usage and transactions is limited and is subject to inter alia the Electronic Communications and Transactions Act, Act 25 of 2002 (‘ECTA’), the Promotion of Access to Information Act, Act number 2 of 2000 (‘PAIA’), the Consumer Protection Act, Act 68 of 2008 (‘CPA’) and the Protection of Personal Information Act, Act 4 of 2013 [‘POPIA’]) and, in the case of residents of the European Community (‘the EC’), the General Data Protection Regulations of 2018 (‘the GDPR’)(the ECTA, PAIA, CPA, POPIA and GDPR will collective be referred to herein as ‘the Privacy Legislation’).
• You are, by using Our Website deemed, in terms of the Privacy Legislation to grant us ‘express voluntary specific and informed’ consent and permission to ‘process’ and ‘further process’ (as defined in the Privacy Legislation) your personal information and where applicable your special personal information (as defined in the Privacy Legislation) (collectively referred to herein as ‘your Information’) for the purposes of any personal use or business you may now or in future transact with us and to disclose your Information to any of the parties we engage to provide of such products and services to you in order to meet the requirements for the travel arrangements you have requested us to provide you with and/or arrange on your behalf (‘the Third Parties’).
• Personal Information includes mainly perfunctory details such as your name, surname, address, identity and passport numbers, other contact details (e.g. next of kin), special requests etc. Most of your Information is crucial for us to provide you effectively with the services and/or products you have requested and if you were to refuse consent, which you are entitled to do, we will not be able to assist you (See ‘Rights’ below).
• Note that the purpose of the Privacy Legislation is not only to protect your privacy but also to place you in control of your Information, even if you have given your consent.
• Despite the fact that the Privacy Legislation is even more demanding when it comes to the processing of special personal information and that of children, we believe that any reservations you may have in that regard have been more adequately addressed.
• If you are disclosing personal information about other persons (natural or juristic – the latter is not covered by GDPR) you will be deemed to have their permission and to have been duly authorized to do so and indemnify us against any actions by such third parties. (Their and your personal information will be collectively referred to herein as ‘the/your Information’ and ‘you’ and ‘your’ will be deemed to include/refer to such other persons).
• We will ensure the processing of all your Information complies with the Privacy Legislation and that it is adequate, relevant and not excessive.
• Over and above the Privacy Legislation you have the protection of the PAIA – we will ensure that in processing your Information, we comply with the PAIA and that such disclosure will not, to the best of our knowledge, result in the unreasonable disclosure of your Information(section 34); will not to the best of our knowledge, cause harm to the third party’s commercial or financial interests (section 36); constitute an action for breach of a duty of confidence owed to the third party (section 37), or could reasonably be expected to endanger the life or physical safety of the third party (section 38).
• The Regulation of Interception of Communications and Provision of Communications-related Information Act (70/2002) (‘RICA’) affords us certain rights to monitor inter alia electronic communications via our network. By using Our Website, you consent to such interception within the ambit of RICA.
• The primary reason we collect your Information is so that we can provide you with the services and/or products you have requested. And to meet the requirements for the travel arrangements you have requested us to provide you with and/or arrange on your behalf.
• The secondary reason is so that we can (1) improve our service to you; (2) customize our service where requested, required or where it is appropriate to do so; (3) advise you of any changes (e.g. in your itinerary) or specials from time to time; (4) Analytics (Profiling): we do this ourselves or by utilizing the services of third parties. This entails using your Information to ascertain trading patterns. An example we may determine which websites you have come from/are going to; the browser you may be using; the identity of your device and your IP address. However identifying elements will be removed (or as provided for in the POPIA, ‘de-identified’) and encryption will be implemented to protect your Information (See also ‘Cookies’ below).
• When we engage Third Parties in the service delivery process, we have to share your Information with them but it will only be to such Third Parties as have been disclosed to you and pertaining to the services and/or products you have requested. We will also ensure that such Third Parties are compliant with the Privacy Legislation or the equivalent in their country.
• We mentioned above that you are at all times in control of your Information. This control you can exercise by virtue of the rights afforded you in the Privacy Legislation – We respect and will honour these rights – these RIGHTS are:
o We are not allowed to process your Information unless we have your ‘informed, specific and voluntary consent’
o We are obliged to advise you of the purpose for which we will be ‘processing’ and with whom we will be sharing your Information – this document endeavours to fulfill this obligation.
o We are obliged to advise you of the identity(ies) and contact details of the party(ies) who will be ‘processing’ your Information – we will provide you with such details: ours by referring you to ‘Contact Us’ and that of Third Parties in the documentation pertaining to the services and products to be provided in due course.
o You can call upon us at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof that we have done so.
o Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to ‘opt out’/’unsubscribe’
o You are entitled to enquire at any time about the steps we’ve taken to ensure that our safeguards pertaining to the protection of your Information meet the requirements of the Privacy Legislation (See ‘Security’ below).
o You may require of us to restrict the processing of your Information
o You can lodge complaints: (1) via the relevant section of our website; (2) with our Information Officer and/or (3) with the POPIA Information Regulator
o You are entitled and we are obliged to inform you when our security has been breached (POPIA: ‘as soon as reasonably possible’ and GDPR: within 72 hours)
• EXCEPTIONS i.e. when we do not have to obtain your consent for ‘processing’:
o Your Information is a matter of public record, i.e. it is ‘in the public domain and under the control of a public body;’
o We are complying with an obligation imposed by law;
o It involves compliance with court proceedings
o It involves national security
o It is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult
o It is for use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards – a balance must be struck between your right to privacy and the freedom of expression
o You Information has been ‘de-identified’ i.e. so that the identities of the parties cannot be determined (also sometimes referred to as ‘pseudonynimisation’)
o We are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed.
• STORAGE – Your Information will not be stored longer than is reasonably required for us to complete the purposes for which is being processed. However, we may retain your Information for longer periods if required for e.g. taxation purposes or if you have requested us to do and have provided us with the requisite consent. The latter may be the case when you are a repeat customer and retaining some of your personal preferences such as twin/double bed and meal preferences will assist us in providing you with a more efficient service for future bookings.
• DIRECT MARKETING (‘DM’) is defined as ‘approach(ing) a person, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the person’
o DM may only be addressed to you if you are our customer, we’ve obtained your consent and it was obtained specifically or in the process of a sale of goods and/or services and at the time of the sale
o The DM must pertain to goods and/or services that originate from us and are similar to those in the previous sale
o Each DM must provide you with the opportunity to opt out/unsubscribe and doing so must be at our expense.
o The purpose is not only to keep you informed but to link it to preferences
o Note that DM does not mean or relate to your existing booking
o We are furthermore required to only approach you with DM within the timeframes specified in the CPA.
o A cookie is a series of data characters that, when programmed into a website, is placed by the web server into the browser’s application folder on your computer. Once placed onto your machine, the cookie will allow the website to “recognize” you as a unique individual.
o ‘Yes’, cookies can be removed from your hard drive. Also, depending on what type of web browser and what browser version you are using, you may be able to change the properties on your cookie file so that cookies are not used or saved. Please check with your browser provider for more information on removing cookies.
o You can also prevent your browser from accepting new cookies.
o As with ‘processing’ we require your ‘consent’ prior to implementing Cookies on our website, unless doing so is strictly necessary for carrying out our basic functions in complying with the services we’ve undertaken to provide you with. You will be deemed to have given such ‘consent’ by using our website but we will always provide you with an ‘Opt out’ option.
o This assessment addressed amongst others how and when we process your Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
o Based on the report by the experts who carried out this assessment, we have implemented ‘appropriate, reasonable and organizational measures’ to (1) ‘ensure the integrity and confidentiality’ of the Information; (2) ‘prevent the loss of, damage to or unauthorized destruction or access to or processing’ of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis
o These measures will meet the most stringent of ‘generally accepted information security practices’ and/or ‘specific industry or professional rules and regulations’
o These measures include amongst others encryption; controlling privileges of users; destroying your Information when no longer required; regular audits; back-ups; emergency incident strategies.
o We will carry out regular data protection impact assessments on an ongoing basis.