PRIVACY POLICY for Africa Travel Portfolio and Subsidiaries thereof

(Here forth known as ATP)

  • Personal Information Policy
    • ATP takes POPI and the protection of your personal information seriously: This Policy sets out how ATP will collect, use and protect (Collectively referred to as ‘processing’ as defined in POPI i.e. ‘collect, receive, record, collate, store, update, modify, retrieve, update, modify, disseminate, merge’) the personal information of travelers and those acting on their behalf who require information, services and/or goods from us. If you have any questions or comments arising from this policy, please contact ATP’s information officer at
    • What is personal information: The personal information that ATP is most involved in dealing with will be information relating to birth dates, identity numbers, passport numbers, occupation information, health information, travel destinations, travel and meal preferences, frequent flyer and other relevant memberships, personal and work email and contact details.
    • What is the purpose of the collection, use and disclosure (the processing) of your personal information: in order to provide you with modes of transportation and related travel services such as accommodation, meals, insurance, tours etc. which ATP sells to you and/or reserves on your behalf, it is necessary for us to collect, use and disclose your personal information in order to complete these and other transactions related to your requirements. More specifically, you will note that your information may be collected, used and/or disclosed in the obtaining of ancillary or additional services. Such instances will include:

      * Note that the use of the words “you” or “yours” for the purposes of this Policy shall be a reference to the individual communicating with ATP and/or concluding any agreement and each of those travelers/travel companions referred to or included in terms of such agreement. to provide you with advertisements of travel-related information and personalized communications;

      • to identify you and your preferences;
      • to make airline, accommodation, car, tour and other reservations;
      • to obtain relevant insurance products on your behalf;
      • to obtain payment approval, including credit care or other financial approval for payment;
      • to compile statistics and market research information;
      • to comply with the law; and/or
      • for a purpose that is ancillary to the above
      • Analytics (Profiling): we do this ourselves or by utilizing the services of third parties. This entails using your Information to ascertain trading patterns. An example we may determine which websites you have come from/are going to; the browser you may be using; the identity of your device and your IP address. However, identifying elements will be removed (or as provided for in the POPIA, ‘de-identified’) and encryption will be implemented to protect your Information
    • How your personal information will be processed: ATP will only collect your information for the purpose. We will collect information relating to any agreement concluded between yourself and ATP and the services and/or goods that you require from us in the following manner:

      (Hereafter referred to as ‘the purpose’)
      Your personal information will not be processed for a purpose other than what is identified (the purpose) above without obtaining your consent beforehand.

      • directly from you when you make a request of us for information and/or travel services or goods, which request you may make in writing or verbally;
      • from your agent, relative, employer, work colleague or other duly authorized representative who may seek or request our services and/or goods on your behalf;
      • from airlines or other service providers that provided you with services previously; from financial institutions, credit bureaus or similar entities;
      • from our own records relating to our previous supply of services or responses to your request for services;
      • from any automated services, including reservation systems, that were used to render services to you previously; and/or
      • from a relevant Department of Home Affairs or equivalent entity in another country.
    • To whom will your personal information be disclosed: The personal information that may be processed in terms of your agreement for services and/or goods with ATP may be disclosed to other travel service providers on whose behalf we act as intermediaries, other third parties referred to above in relation to the purpose or who are sources of your personal information, service providers who operate across the borders of this country (trans-border flow of information) where your personal information must be sent in order to provide you with the information and/or services and/or goods you have requested. In the event of another party/ies acquiring all of or a portion of ATP’s business, your personal information will be disclosed to that party but they will equally be obliged, as we are, to protect your personal information in terms of this policy and the law.
    • Consent and Permission to process your personal information: As the signatory on behalf of the Customer and each of the travelers included and referred to in terms of any agreement and any requests for services and/or goods from ATP, You are, deemed to grant ATP ‘express voluntary specific and informed’ consent and permission to ‘process’ and ‘further process’ (as defined in POPI) and enter into a record (manual and/or electronic) your personal information and where applicable your special personal information (as defined in POPI) (collectively referred to herein as ‘your Information’)   for the purposes of any personal use or business you may now or in future transact with us and to disclose your Information to any of the parties we engage to provide of such products and services (‘Third Party Providers’) to you in order to meet the requirements for the travel arrangements for you and to accept ATP’s Personal Information Policy as set out herein. Likewise, you will be deemed to have the permission of each, and every traveler in your group and to have been duly authorized to do so and indemnify us against any actions by such parties. The following will be deemed to be a restatement of your consent to the current or existing and future processing of your personal information:
      • should you fail to advise ATP that you do not agree with the policy and you wish to exclude all or some of the provisions of it, after you receive notification of this policy as contained herein;
      • Should you directly or indirectly through an agent or representative acting on your behalf, provide us with your personal information when you request information or services from ATP;
      • Should you verbally or in writing give your consent, be it by virtue of a previous consent given or in the circumstances of an application form or survey or like interaction with ATP.
    • Your rights regarding the processing of personal information: ATP draws to your attention the fact that in terms of POPI and other laws of the country, there are instances where your express consent is not necessary to permit the processing of your personal information, for example relating to police investigations, litigation or when your personal information is publicly available. Where you share personal information of your travel partners with ATP (i.e. all other travelers traveling with you or on whose behalf you are requesting services and/or goods from ATP in terms of your agreement with ATP) you hereby consent on their behalf to the collection, use and disclosure of their personal information in terms of this personal information policy and you warrant that you are authorized to give this consent on their behalf. In the case of giving personal information relating to children, you expressly warrant that you have obtained the consent of a person competent to give such consent on behalf of the child in question.

      To this end, you indemnify and hold ATP harmless in respect of any claims by any other person on whose behalf you have consented, should they claim that you were not so authorized. ATP will not be held responsible for any improper or unauthorized use of your personal information that is beyond its reasonable control.

      You may withdraw your consent to the processing of your personal information at any time, and should you wish to do so, you must provide ATP with reasonable notice to this effect. Please note that withdrawal of your consent is still subject to the terms and conditions of any contract that is in place. Should you wish to withdraw your consent but the withdrawal would then result in the interference of legal obligations, then such withdrawal will only be effective if ATP agrees to same in writing. ATP specifically draws to your attention that the withdrawal of your consent may result in it being unable to provide you with the requested information and/or services and/or goods.

      • In order to withdraw your consent, please contact the Information Officer at
      • A copy of this policy is available here:
      • Please ensure that if your personal information changes in any respect, you notify ATP so that their records may be updated. ATP will rely on you to ensure that your personal information is correct and accurate.
      • You have the right to access your personal information that ATP may have in its possession and you are entitled to request the identity of which third parties will receive and/or process your information for the purpose. Please note, however, that your request in this regard may be declined if: the information comes under legal privilege in the course of litigation, the disclosure to you of your personal information in the form it is processed may result in the disclosure of confidential or proprietary information, giving you access may cause a third party to refuse to provide similar information to ATP, the information was collected in furtherance of an investigation or legal dispute, instituted or being contemplated, the information as it is disclosed to you may result in the disclosure of another person’s information, the information contains an opinion about another person and that person has not consented, the disclosure is prohibited by law.
    • Requesting access and lodging of complaints:
      • Please submit any requests for access to your personal information in writing to ATP’s information office at You are to please provide enough detail regarding the information you require to allow ATP to identify what information you are seeking access to.
      • With any request for access to your personal information, ATP will require you to provide personal information in order to verify your identification and therefore your right to access the information.
      • There may be a reasonable charge for providing you with copies of the information you are requesting.
      • Please direct any request for your personal information, complaints regarding this policy, any aspect thereof or any of the procedures ATP uses to process information, to the Information Officer.
      • Should you feel that ATP has not dealt with any complaint you have filed to your satisfaction , you have the right to contact the office of the Information Regulator.
    • Cookies Policy
      • What are cookies? Cookies are harmless text files that web servers can store on your computer’s hard drive when you visit a website. They allow the server to recognize you when you revisit. There are two main types of cookies:
        • Transient (or per-session) cookies
          These only exist for the duration of your site visit and are deleted on exit. They recognize you as you move between pages, for example recording the items you add to an online shopping basket. These cookies also help maintain security.
        • Persistent (or permanent) cookies
          These stay on your machine until they expire or are deleted. Many are built with automatic deletion dates to help ensure your hard drive doesn’t get overloaded. These cookies often store and re-enter your login information, so you don’t need to remember membership details.
      • Cookies are used to achieve two goals. The first is to provide us with the capability to personalize information for certain segments of our customer base. Secondly, in some instances, cookies are used to allow us the opportunity to associate individual customers with their information profiles.
  • A cookie is a series of data characters that, when programmed into a website, is placed by the web server into the browser’s application folder on your computer. Once placed onto your machine, the cookie will allow the website to “recognize” you as a unique individual.
  • ‘Yes’, cookies can be removed from your hard drive. Also, depending on what type of web browser and what browser version you are using, you may be able to change the properties on your cookie file so that cookies are not used or saved. Please check with your browser provider for more information on removing cookies.
  • You can also prevent your browser from accepting new cookies.
  • As with ‘processing’ we require your ‘consent’ prior to implementing Cookies on our website, unless doing so is strictly necessary for carrying out our basic functions in complying with the services we’ve undertaken to provide you with. You will be deemed to have given such ‘consent’ by using our website but we will always provide you with an ‘Opt out’ option.
  • What are you doing with my data? These stay on your machine until they expire or are deleted. Many are built with automatic deletion dates to help ensure your hard drive doesn’t get overloaded. These cookies often store and re-enter your login information, so you don’t need to remember membership details.
    • Recommending things we think you’ll like, like holidays or destinations;
    • Notifying you about things you’ve told us you like, like a destination or holiday type;
    • We also use it for business, regulatory and legal purposes;
    • Dealing with any requests you make or content you submit;
    • Getting in touch if we need to tell you about something, like a change to our policies or issues with a service;
    • To provide you with advertisements of travel-related information and personalized communications;
    • To make airline, accommodation, car, tour and other reservations;
    • To obtain relevant insurance products on your behalf;
    • To obtain payment approval, including credit card or other financial approval for payment;
    • To compile statistics and market research information;
    • To comply with the law;
  1. Over and above the Privacy Legislation you have the protection of the PAIA – we will ensure that in processing your Information, we comply with the PAIA and that such disclosure is not, to the best of our knowledge, result in the unreasonable disclosure of your Information (section 34); will not to the best of our knowledge, cause harm to the third party’s commercial or financial interests (section 36); constitute an action for breach of a duty of confidence owed to the third party (section 37), or could reasonably be expected to endanger the life or physical safety of the third party (section 38).
  1. The Regulation of Interception of Communications and Provision of Communications-related Information Act (70/2002) (‘RICA’) affords us certain rights to monitor inter alia electronic communications via our network. By using Our Website, and any of our Subsidiary Websites, you consent to such interception within the ambit of RICA.
  1. Our Website, and Subsidiary Websites are linked to other websites. This privacy policy only applies to Our Website and Subsidiary Websites. It is your duty to read the privacy policies of any such other linked sites. We do not exercise any control over and do not provide any guarantees regarding such other websites.
  1. Note that the purpose of the Privacy Legislation is not only to protect your privacy but also to place you in control of your Information, even if you have given your consent. Hence you have the following rights:
  • Subject to certain exceptions (see ‘Exceptions’ below) we always must obtain your Information from you personally
    • EXCEPTIONS i.e. when we do not have to obtain your consent for ‘processing’:
  • You (the ‘data subject’) have made your Information public;
  • Your Information is a matter of public record, i.e. it is ‘in the public domain and under the control of a public body;’
  • We are complying with an obligation imposed by law;
  • It involves compliance with court proceedings;
  • It involves national security;
  • It is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult;
  • It is for use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards – a balance must be struck between your right to privacy and the freedom of expression;
  • You Information has been ‘de-identified’ i.e. so that the identities of the parties cannot be determined (also sometimes referred to as ‘pseudonynimisation’);
  • We are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed or to protect your legitimate interest;
  • We are not allowed to process your Information unless we have your ‘informed, specific and voluntary consent’.
  • We are obliged to advise you of the purpose for which we will be ‘processing’ and with whom we will be sharing your Information – this document endeavours to fulfil this obligation.
  • We are obliged to advise you of the identity(ies) and contact details of the party(ies) who will be ‘processing’ your Information – we will provide you with such details: ours by referring you to ‘Contact Us’ and that of Third-Party Providers in the documentation pertaining to the services and products to be provided in due course.
  • You can call upon us in writing at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof that we have done so.
  • Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to ‘opt out’/’unsubscribe’.
  • You are entitled to enquire at any time about the steps we’ve taken to ensure that our safeguards pertaining to the protection of your Information meet the requirements of the Privacy Legislation (See ‘Security’ below).
  • You may require of us to restrict the processing of your Information.
  • You can lodge complaints: (1) via the relevant section of our website; (2) with our Information Officer (see our website) and/or (3) with the POPIA Information Regulator.
  • You are entitled and we are obliged to inform you when our security has been breached (POPIA: ‘as soon as reasonably possible’ and GDPR: within 72 hours).
  • Your Information will not be stored longer than is reasonably required for us to complete the purposes for which is being processed.
  • However, we may retain your Information for longer periods if required for e.g. taxation purposes or if you have requested us to do and have provided us with the requisite consent. The latter may be the case when you are a repeat customer and retaining some of your personal preferences such as twin/double bed and meal preferences will assist us in providing you with a more efficient service for future bookings.


  • DM is defined as ‘approach(ing) a person, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the person’.
  • ‘Electronic communication’ is defined as ‘ communication by means of electronic transmission, including by telephone, fax, sms, wireless computer access, email or any similar technology or device’.
  • DM may only be addressed to you if you are our customer, we’ve obtained your consent and it was obtained specifically or in the process of a sale of goods and/or services and at the time of the sale*.
  • The DM must pertain to goods and/or services that originate from us and are similar to those in the previous sale*.
  • Each DM must provide you with the opportunity to opt out/unsubscribe and doing so must be at our expense.
  • The purpose is not only to keep you informed but to link it to preferences.
  • Note that DM does not mean or relate to your existing booking.

  • We are furthermore required to only approach you with DM within the timeframes specified in the CPA.
  • We have carried out a data protection impact assessment which entailed a ‘systematic and extensive evaluation of our processes and current safeguards’ .
  • This assessment addressed amongst others how and when we process your Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
  • Based on the report by the experts who carried out this assessment, we have implemented ‘appropriate, reasonable and organizational measures’ to (1) ‘ensure the integrity and confidentiality’ of the Information; (2) ‘prevent the loss of, damage to or unauthorized destruction or access to or processing’ of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis.
  • These measures will meet the most stringent of ‘generally accepted information security practices’ and/or ‘specific industry or professional rules and regulations’.
  • These measures include amongst others encryption; controlling privileges of users; destroying your Information when no longer required; regular audits; back-ups; emergency incident strategies.
  • We will carry out regular data protection impact assessments on an ongoing basis.
  • AMENDMENTS – Please note that we reserve the right to make amendments to this privacy policy from time to time. Each time an amendment is made it will be dated accordingly and reflected on our website.