Privacy Policy

1. Introduction

Ngoma Bush Lodge ("we," "us," or "our") is committed to protecting your privacy and complying with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or make a booking with us. By providing us with your personal information, you consent to the processing of your information in accordance with this policy.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our website or use our services.

This privacy policy is compliant with the Protection of Personal Information Act 4 of 2013 (POPIA).

2. Information We Collect

2.1 Personal Information: We may collect personal information that you voluntarily provide to us when you:

Make a reservation or booking
Contact us via email or phone
Subscribe to our newsletter
Fill out a contact form on our website
Participate in surveys or promotions

This information may include:

Full name
Email address
Phone number
Mailing address
Payment information
Date of birth (for special occasions)
Dietary requirements and preferences
Special requests or needs

2.2 Automatically Collected Information: When you visit our website, we may automatically collect certain information about your device, including:

IP address
Browser type and version
Operating system
Pages visited and time spent on pages
Referring website addresses

3. How We Use Your Information (Purpose of Processing)

In accordance with POPIA, we only process your personal information for specific, explicitly defined, and lawful purposes. We use the information we collect to:

Process and manage your bookings and reservations (contractual obligation)
Communicate with you about your stay (contractual obligation)
Respond to your inquiries and provide customer support (legitimate interest)
Send you booking confirmations and updates (contractual obligation)
Accommodate special requests and dietary requirements (contractual obligation and consent)
Process payments and prevent fraud (contractual obligation and legal requirement)
Send you marketing communications (with your explicit consent only)
Improve our website and services (legitimate interest)
Comply with legal obligations under South African law (legal requirement)
Analyze website usage and trends (legitimate interest)

Legal Basis for Processing: We process your personal information based on your consent, contractual necessity, legal obligations, and our legitimate business interests, in accordance with POPIA Section 11.

4. How We Share Your Information

In accordance with POPIA, we may share your information only in the following lawful circumstances:

4.1 Service Providers (Operators): We may share your information with third-party service providers who assist us in operating our business, such as payment processors, email service providers, and booking platforms. These operators are required to process your information only as instructed by us and in compliance with POPIA.

4.2 Legal Requirements: We may disclose your information if required to do so by South African law or in response to valid requests by public authorities, courts, or law enforcement agencies in accordance with POPIA Section 9.

4.3 Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent: We may share your information with your explicit consent for any other purpose.

We do not sell your personal information to third parties. We do not transfer personal information outside of South Africa without ensuring adequate protection measures are in place as required by POPIA Chapter 9.

5. Data Security

In accordance with POPIA, we implement appropriate, reasonable technical and organisational measures to secure the integrity and confidentiality of your personal information and to prevent:

Unauthorised or unlawful access to or processing of personal information
Accidental loss, destruction, or damage to personal information
Unlawful conduct with regard to personal information

Our security measures include encryption, secure servers, access controls, regular security assessments, and staff training on data protection.

However, please note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information in line with POPIA requirements, we cannot guarantee its absolute security.

In the event of a data breach that poses a real risk of harm to you, we will notify you and the Information Regulator as required by POPIA Section 22.

6. Data Retention

In accordance with POPIA Section 14, we retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by South African law.

Specifically:

Booking and payment information: Retained for 7 years after your stay (as required by South African tax and financial legislation)
Marketing communications: Retained until you withdraw consent or object to processing
Website analytics: Retained for 24 months
Email correspondence: Retained for 5 years for business record purposes

Once the retention period has expired, we will securely delete or destroy your personal information, unless retention is required or permitted by law.

7. Your Privacy Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the following rights as a data subject:

Right to Access: You can request confirmation of whether we hold your personal information and access to such information (POPIA Section 23)
Right to Correction: You can request that we correct, update, or complete any inaccurate or incomplete personal information (POPIA Section 24)
Right to Deletion/Destruction: You can request that we delete or destroy your personal information in certain circumstances (POPIA Section 24)
Right to Object: You can object to the processing of your personal information on reasonable grounds (POPIA Section 11(3))
Right to Restriction: You can request that we restrict the processing of your information in certain circumstances
Right to Data Portability: You can request a copy of your data in a structured, commonly used, machine-readable format
Right to Withdraw Consent: You can withdraw your consent to marketing communications or other processing activities at any time (POPIA Section 11(2))
Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe we have violated your privacy rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within a reasonable period, not exceeding 30 days.

Information Regulator of South Africa

If you are not satisfied with how we handle your personal information, you may lodge a complaint with:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Tel: +27 10 023 5200
Email: [email protected]
Website: www.justice.gov.za/inforeg

8. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small data files stored on your device.

Types of cookies we use:

Essential Cookies: Required for the website to function properly
Analytics Cookies: Help us understand how visitors use our website
Marketing Cookies: Used to deliver relevant advertisements

You can set your browser to refuse cookies, but this may limit your ability to use certain features of our website.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

10. Children's Privacy

Our services are not directed to children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

11. Transborder Information Flows (International Data Transfers)

In certain circumstances, your personal information may be transferred to, stored, or processed outside of South Africa. In accordance with POPIA Chapter 9, we will only transfer your information internationally if:

You have consented to the transfer; or
The transfer is necessary for the performance of our contract with you; or
The recipient country has laws providing an adequate level of protection similar to POPIA; or
The recipient is bound by appropriate data protection safeguards (such as standard contractual clauses); or
The transfer is legally required or permitted

Where we transfer your information outside South Africa, we will ensure that appropriate safeguards are in place to protect your information in accordance with POPIA requirements.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for operational reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Where required by POPIA, we will obtain your consent to any material changes that affect how we process your personal information.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our services after any modifications indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Ngoma Bush Lodge

Bushwillow Creek, Farm Glencoe Portion 48, Hoedspruit 1380, Limpopo, South Africa

+27 64 516 9828

[email protected]