Privacy Policy - A1Kynaston

A1 Kynaston Collection

THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT POLICY

The Protection of Personal Information (POPI) Act requires us to inform guests how we use and disclose their personal information obtained from them. We are committed to protecting our guests’ privacy and will ensure that the guest’s personal information is used appropriately, transparently and according to applicable law. Your right to privacy and security is very important to us.

We, A1 Kynaston, treat personal information obtained as private and confidential and are committed to providing you with secure access to our services.

This Privacy Policy tells you how we will process and protect your personal information. It should be read together with our Terms of Service, which outlines what services we provide, how we provide our services and what we do with your personal information. It is important that you read, understand and accept our Terms of Service if you would like to use our services. Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”.

South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information. Because of the sensitivity of some personal information, we ensure that the way we process your personal information complies fully with POPIA.

This Privacy Policy applies to any of your personal information that we collect and process through our website, a1kynaston.co.za, and or which you authorise us to collect from third parties.

You will see that some of the words listed in this Privacy Policy are in italics. Those words are defined in POPIA and those definitions apply to this Privacy Policy. For example, under POPIA, you are defined as a data subject. Our Privacy Policy terms may change from time to time. When we change them, the changes will be made on our website. Please ensure that you visit our website and regularly read this Privacy Policy. Although we do not promise to do so, we may give you notice of any changes we think are important.

1. Your rights under this Privacy Policy You have the right to have your personal information processed lawfully. Your rights include the right:

to be notified that your personal information is being collected or that your personal information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;
to find out whether we hold your personal information and to request access to your personal information;
to request us, where necessary, to correct, destroy or delete your personal information;
to object, on reasonable grounds, to the processing of your personal information.
to object to the processing of your personal information for purposes of direct marketing, including by way of unsolicited communications;
not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your personal information;
to submit a complaint to the Regulator if you believe that there has been interference with the protection of your personal information, or if you believe that an independent adjudicator who may be resolving your complaint against us, has not decided the matter correctly; and
to institute civil proceedings against us if you believe that we have interfered with the protection of your personal information.

2. Types of personal information collected and how we collect it.

We collect and process guests’ personal information mainly to provide our guests with access to the services and products of the providers with whom we have contractual agreements in place and to help us improve our services to our guests. The type of information we collect may depend on the need for which it is collected and will be processed for that specific purpose only. Where possible, we will inform the guest what information is required to be provided to us and what information is optional.

We collect and process your personal information mainly to provide you with access to our services and products (and all other activities and processes incidental thereto), to help us improve our offerings to you and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used (processed).

We will only collect information that we need for that specific purpose. Examples of the personal information that we collect are as follows (but it is not limited to the examples provided): Some of your information that we hold may include, your first and last name, identity number, email address, a home, postal or other physical address, other contact information, your title, gender, your credit card details. We collect information directly from you, where you provide us with your personal details, for example when you purchase a product or services from us or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.

3. How we use your information

Given our aim to provide you with ongoing accommodation services, we would like to use your information to keep you informed about other financial products and services which may be of particular interest to you. You may also give and withdraw consent and tell us what your communication preferences are. We do not and will not sell personal information to a third party. We may disclose your personal information to our service or product providers who are involved in the delivery of products or services to you.

We may share your personal information with, and obtain information about you from:

Third parties or services providers such as IT providers, Booking Agencies, Credit Card Merchants and Booking Program providers that enables us to operate as a guesthouse.

4. How consent is obtained By booking with us you hereby give us consent to obtain and keep your personal information as stated. We may also obtain your consent when you complete our disclaimer form allowing us to proceed with providing accommodation.

5. How we use your personal information

5.1 The personal information that we collect from you will be used to provide the following services:

- Accommodation and related services,
- To confirm and verify your identity for security purposes and update your details,
- For debt recovery,
- To conduct market or customer satisfaction research or for statistical analysis,
- Resolving complaints,
- For audit and record keeping purposes, and
- In connection with legal proceedings.

We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe, or which apply to us, or when it is otherwise allowed by law. We will only transfer your personal information outside the borders of South Africa with your consent and where the privacy legislation is of a high standard. We do not use your personal information for marketing purposes without your consent.

6. Retention, amendment, and destruction of personal information We only retain your personal information for a period necessary to achieve the purpose we collected it for, unless the longer retention of your personal information is required or authorised by law. Once we have achieved that purpose we will, as soon as reasonably practicable, destroy or delete the record of your personal information in accordance with the provisions of POPIA. We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an ongoing basis, continue to review our security and risk management controls and related processes to ensure that your personal information is secure.

Our risk management (security) policies and procedures cover:

Physical security,
Computer and network security,
Access to personal information,
Secure communications,
Retention and disposal of information,
Acceptable usage of personal information,
Monitoring access and usage of private information,
Investigating and reacting to security incidents.

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them (our confidentiality agreements) to ensure that personal information that we remain responsible for, is kept secure. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to. Personal Information is securely stored on administrative systems, computer systems, servers (in and outside South Africa), laptops, filing cabinets and one drive (cloud). Your personal information is stored for a minimum of five years after the cancellation or termination of the transaction or business relationship in accordance with applicable legislation. We will take reasonable steps to destroy or de-identify your personal information when the law no longer requires us to retain or keep it. It’s important that your personal information is up to date and accurate.

7. Transfer of personal information to third parties

7.1. For us to carry out our obligations in terms of the services concluded between ourselves and you, we may need to pass your personal information on to third parties, such as our product providers. This Privacy Policy records your consent to us passing your personal information onto those third parties.

7.2. We will ensure that your personal information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your personal information to a third party operator, we will ensure that the operator processes and protects your personal information using reasonable technical and organisational measures that are equal to or better than ours.

8. Where we store your personal information

8.1. We store your information on our computer system kept in our booking office.

9. Transborder transfer of personal information

9.1. We will not transfer any personal information collected from you outside the borders of South Africa.

9.2. In the event that we transfer or store your personal information outside South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your personal information is subject to a law, binding corporate rules or binding agreement which provides an adequate level of protection.

10. Information Security

10.1. We will secure the integrity and confidentiality of your personal information in our possession or under our control. We will do this by taking appropriate, reasonable technical and organisational measures to prevent loss of damage to or unauthorised destruction of your personal information; and unlawful access to or processing of your personal information.

10.2. While we will take every reasonable measure to protect your personal information, it is very important that you maintain control over your account and or information. You should prevent anyone from accessing your account or information by not disclosing your account details i.e. usernames, passwords or any information associated with your account.

Policy amendments

We may amend and/or update these standard terms and conditions at any time. Users are encouraged to frequently check our website for the purposes of familiarizing themselves with these standard terms and conditions, particularly in so far as they relate to the protection of personal information. Users acknowledge and agree that it is their responsibility to review these standard terms and conditions periodically and become aware of any amendments and/or updates.

11. The law governing this privacy policy. This privacy policy is governed by the laws of the Republic of South Africa. Any dispute arising out of this privacy policy will be resolved in a South African court. Every person whose personal information we process has the following rights:

You have the right to request copies of your personal information, subject to the terms and conditions described in our Promotion of Access to Information (“PAIA”) manual and our POPIA Policy which is available on request.
You have the right to request that we correct any information you believe is inaccurate, ∙ You have the right to request that we erase your personal information, under certain conditions,
You have the right to object to us processing your personal information, under certain conditions
You have the right to lodge a complaint with the Information Regulator whose contact details is in our PAIA Manual and POPIA Policy. If you wish to object to the processing of personal information or if you wish to request for correction or deletion of personal information, then please complete Form 1 or Form 2 at the end of this privacy notice.

12. How to contact us

12.1. If you have questions and/or comments about our privacy policy or need to protect any of your rights set out in this policy, please contact our information officer on email address a1kynaston@igen.co.za or telephone number 084 9003006.

12.2. Our physical address is 23 Chestnut Avenue, Wavecrest, Jeffreys Bay, Eastern Cape, South Africa.