A: PROTECTION OF PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF PERSONAL INFORMATION ACT 4 OF 2013

  1. PROTECTION OF PERSONAL INFORMATION ACT, 4 OF 2013 AFRIKA ZAMBEZI SAFARIS POPI POLICY 2023
  1. DEFINITIONS 
  1. Client means a natural or juristic person who has entered into an agreement with Afrika Zambezi Safaris (“AZS”) for the rendering of services by AZS;
  2. Consent means the voluntary, specific and informed expression of will; 
  3. Data Subject means the natural or juristic person to whom the Personal Information relates; 
  4. Direct Marketing means approaching a Data Subject personally for the purpose of selling them a product or service, or requesting a donation; 
  5. AZS means Afrika Zambezi Safaris with registration number __________________;
  6. POPI (hereinafter “POPI”) means the Protection of Personal Information Act, No. 4 of 2013; 
  7. Personal Information means information relating to an identifiable, living, natural person, or an identifiable, existing juristic person, as defined in POPI or in any other legislation with equivalent standing where applicable;
  8. Processing means inter alia an operation or activity, whether or not by automatic means, concerning Personal Information, as defined in POPI.
  1. INTRODUCTION

Afrika Zambezi Safaris (“AZS”) is a company of Tour operating services, safari planning and design tailor-made hosted itineraries for clients on safari holidays. AZS also conducts safari private guiding services and nonprivate escorted safari tour groups with experienced safari guides. AZS is obligated to comply with The Protection of Personal Information Act 4 of 2013.

POPI requires AZS to inform their clients as to the manner in which their personal information is stored, used, disclosed and destroyed. AZS guarantees its commitment to protecting its clients’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws.

The Policy sets out the manner in which AZS deals with their clients’ personal information as well as stipulates the purpose for which said information is used. The Policy is made available on the AZS website https://www.afrikazambezisafaris.com and by request from AZS offices at 659 Stanza Bopape Street, Arcadia, Pretoria.

  1. SCOPE OF THE POLICY

The Policy applies to all AZS employees, directors, shareholders, sub-contractors, associates, agents, Tour Operators and appointees. The provisions of the Policy are applicable to both on and off-site processing of personal information. 

  1. PERSONAL INFORMATION COLLECTED

Section 10 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.

AZS collects and processes clients’ personal information pertaining to the

clients’ holiday and vacation needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, AZS will inform the client as to the reason information is required and the information deemed optional. Examples of personal information belonging to clients that AZS collects includes, but is not limited to:

AZS also collects and processes the client’s personal information for marketing purposes in order to ensure that its products and services remain relevant to its clients and potential clients.

AZS aims to have agreements in place with all product suppliers and third-party service providers to ensure a mutual understanding with regard to the protection of the client’s personal information. AZS suppliers will be subject to the same regulations as applicable to AZS.

With the client’s consent, AZS may also supplement the information provided with information AZS receives from other providers in order to offer a more consistent and personalized experience in the client’s interaction with AZS.

For purposes of this Policy, clients include potential and existing clients.

  1. THE USAGE OF PERSONAL INFORMATION

The Client’s Personal Information will only be used for the purpose for which it was collected and as agreed. This may include:

  1. Tour operating services, safari planning and design tailor-made hosted itineraries for clients on safari holidays with us.
  1. Conduct safari private guiding services and nonprivate escorted safari tour groups with our experienced safari guides.
  1. Clients designed tailor-made safari hosted itineraries, sole travelers, family, honey moons or Fully Independent Travellers (FITs) permit clients staying at a luxury hotel, game lodges, bush safari Camps or mobile tented safaris
  1. Each client or guest is offered opportunities to be guided by our qualified endorsed safari Guides on a tour, game drive safaris, Boat excursions and walking safaris on foot with armed Safari guide.
  1. Our designed tailor-made hosted itineraries with our safari guides or any excursions traverses in any big game wildlife African national parks, game reserves or any river water systems in southern Africa  and East Africa’s safari destinations.
  1. Safari itineraries will cover tour subjects on historical museums, monuments, village tours for leisure enjoyment and anthropology learning.
  1. Providing products or services to clients and to carry out the transactions requested.
  1. Conducting credit reference searches or verification.
  1. Confirming, verifying and updating client details.
  1. For purposes of travelling history.
  1. For the detection and prevention of fraud, crime, money laundering or other malpractices.
  1. Conducting market or customer satisfaction research.
  1. For audit and record keeping purposes.
  1. In connection with legal proceedings.
  1. Providing AZS services to clients, to render the services requested and to maintain and constantly improve the relationship.
  1. Providing communication in respect of AZS and regulatory matters that may affect clients; and
  2. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.

According to section 11 of POPI, personal information may only be processed if certain conditions, listed below, are met along with supporting information for AZS processing of Personal Information: 

  1. The client consents to the processing: consent is obtained from clients during the introductory, appointment and needs analysis stage of the relationship;
  1. The necessity of processing: in order to conduct an accurate analysis of the client’s needs for purposes of travel and holiday needs or requirements, etcetera.
  1. Processing complies with an obligation imposed by law on the AZS;
  1. Processing protects a legitimate interest of the client: it is in the client’s best interest to have a full and proper needs analysis performed in order to provide them with an applicable and beneficial product or service.
  1. Processing is necessary for pursuing the legitimate interests of AZS or of a third party to whom information is supplied: in order to provide AZS clients with products and or services, both AZS and any of its product suppliers require certain personal information from the clients in order to make an expert decision on the unique and specific product and or service required.
  1. DISCLOSURE OF PERSONAL INFORMATION

AZS may disclose a client’s personal information to any of the AZS companies or subsidiaries, joint venture companies and or approved product or third-party service providers whose services or products clients elect to use. AZS has agreements in place to ensure compliance with confidentiality and privacy conditions.

AZS may also share client personal information with and obtain information about clients from third parties for the reasons already discussed above. AZS may also disclose a client’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary to protect AZS’s rights.

  1. SAFEGUARDING CLIENT INFORMATION

It is a requirement of POPI to adequately protect personal information. AZS will continuously review its security controls and processes to ensure that personal information is secure. The following procedures are in place to protect personal information:

The AZS legal office or information office whose details are available herein (legal@afrikazambezisafaris.com or info@afrikazambezisafaris.com) are reachable and they are responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI.

THIS POLICY has been put in place throughout AZS and training on this policy and the POPI Act has already taken place;

Each new employee will be required to sign an EMPLOYMENT CONTRACT containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;

Every employee currently employed by AZS will be required to sign an addendum to their EMPLOYMENT CONTRACTS containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI;

AZS product suppliers and other third-party service providers will be required to sign a SERVICE LEVEL AGREEMENT guaranteeing their commitment to the Protection of Personal Information; this is however an ongoing process that will be evaluated as needed.

All electronic files or data are BACKED UP on AZS Computer data base which is subject to the same privacy rules and conditions. 

AZS Information Technology (IT) Department is responsible for system security that protects third party access and physical threats. AZS Information Technology (IT) Department is responsible for Electronic Information Security.

CONSENT to process client information is obtained from clients (or a person who has been given authorisation from the client to provide the client’s personal information) during the introductory, appointment and needs analysis stage of the relationship.

  1. ACCESS AND CORRECTION OF PERSONAL INFORMATION

Clients have the right to access the personal information AZS holds about them. Clients also have the right to ask AZS to update, correct or delete their personal information on reasonable grounds. Once a client objects to the processing of their personal information, AZS may no longer process said personal information. AZS will take all reasonable steps to confirm its clients’ identity before providing details of their personal information or making changes to their personal information.

The details of AZS’s Information Officer and Head Office are as follows:

INFORMATION OFFICER DETAILS

NAME: Thandiwe Lusinga

TELEPHONE NUMBER: 065 284 2912

E-MAIL ADDRESS: legal@afrikazambezisafaris.com

DEPUTY INFORMATION OFFICER DETAILS

NAME: Obert Lusinga 

TELEPHONE NUMBER: +27 65 631 5005/+27 79 598 9207

E-MAIL ADDRESS: info@afrikazambezisafaris.com 

HEAD OFFICE DETAILS

TELEPHONE NUMBER: +27 65 631 5005

POSTAL ADDRESS: 659 Stanza Bopape Street, Arcadia, Pretoria

PHYSICAL ADDRESS: 659 Stanza Bopape Street, Arcadia, Pretoria 

EMAIL ADDRESS: info@afrikazambezisafaris.com

WEBSITE: https://www.afrikazambezisafaris.com

  1. AMENDMENTS TO THIS POLICY

Amendments to, or a review of this Policy, will take place on an ad hoc basis or at least once a year. Clients are advised to access AZS’S website periodically to keep abreast of any changes. Where material changes take place, clients will be notified directly or changes will be stipulated on the AZS website.

  1. AVAILABILITY OF THE MANUAL

This manual is made available in terms of Regulation Number R. 187 of 15 February 2002. 

  1. RECORDS THAT CANNOT BE FOUND

If AZS searches for a record and it is believed that the record either does not exist or cannot be found, the requester will be notified by way of an affidavit or affirmation. This will include the steps that were taken the attempt to locate the record.

  1. THE PRESCRIBED FORMS AND FEES

The prescribed forms and fees are available on the website of the Department of Justice and Constitutional Development at www.justice.gov.za under the forms section.

B: POLICY ON THE RETENTION & CONFIDENTIALITY OF DOCUMENTS, INFORMATION AND ELECTRONIC TRANSACTIONS

  1. PURPOSE
    1. To exercise effective control over the retention of documents and electronic transactions:
    2. As prescribed by legislation; and
    3. As dictated by business practice.
    4. Documents need to be retained in order to prove the existence of facts and to exercise rights the Company may have. Documents are also necessary for defending legal action, for establishing what was said or done in relation to business of the Company and to minimize the Company’s reputational risks.
    5. To ensure that the Company’s interests are protected and that the Company’s and clients’ rights to privacy and confidentiality are not breached.
    6. Queries may be referred to the Information Officer.
  1. SCOPE & DEFINITIONS
  1.  All documents and electronic transactions generated within and/or received by the Company.
  1. Definitions:
  1. Clients include, but are not limited to, shareholders, debtors, creditors as well as the affected personnel and/or departments related to a service division of the Company.
  2.  Confidential Information refers to all information or data disclosed to or obtained by the Company by any means whatsoever and shall include, but not be limited to:
  3.  financial information and records; and
  4. all other information including information relating to the structure, operations, processes, intentions, product information, know-how, trade secrets, market opportunities, customers and business affairs but excluding the exceptions listed in clause 4.1 hereunder.
  5. Constitution: Constitution of the Republic of South Africa Act, 108 of 1996.
  6.  Data refers to electronic representations of information in any form.
  7. Documents include books, records, security or accounts and any information that has been stored or recorded electronically, photographically, magnetically, mechanically, electro-mechanically or optically, or in any other form.
  8.  ECTA: Electronic Communications and Transactions Act, 25 of 2002.
  9. Electronic communication refers to a communication by means of data messages.
  10. Electronic signature refers to data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature.
  11. Electronic transactions include e-mails sent and received.
  12. PAIA: Promotion of Access to Information Act, 2 of 2000.
  1. ACCESS TO DOCUMENTS
  1. All Company and client information must be dealt with in the strictest confidence and may only be disclosed, without fear of redress, in the following circumstances:
  2. Where disclosure is under compulsion of law;
  3. Where there is a duty to the public to disclose;
  4. Where the interests of the Company require disclosure; and
  5. Where disclosure is made with the express or implied consent of the client.
  1. Disclosure to 3rd parties:
  1. All employees have a duty of confidentiality in relation to the Company and clients:
  2. Information on clients: 
  3. Our clients’ right to confidentiality is protected in the Constitution and in terms of ECTA. Information may be given to a 3rd party if the client has consented in writing to that person receiving the information.
  4.  Requests for company information:
  5. These are dealt with in terms of PAIA, which gives effect to the constitutional right of access to information held by the State or any person (natural and juristic) that is required for the exercise or protection of rights. Private bodies, like the Company, must however refuse access to records if disclosure would constitute an action for breach of the duty of secrecy owed to a third party.
  6. In terms hereof, requests must be made in writing on the prescribed form to the Information Officer. The requesting party has to state the reason for wanting the information and has to pay a prescribed fee.
  7. Confidential company and/or business information may not be disclosed to third parties as this could constitute industrial espionage. The affairs of the Company must be kept strictly confidential at all times.
  8. The Company views any contravention of this policy very seriously and employees who are guilty of contravening the policy will be subject to disciplinary procedures, which may lead to the dismissal of any guilty party.
  1. STORAGE OF DOCUMENTS
  2. HARD COPIES
    1. Documents are stored in an archive different location.
  1. Companies Act, No 71 of 2008

Copies of the documents mentioned below must be retained indefinitely:

  1. Consumer Protection Act, No 68 of 2008
  1. National Credit Act, No 34 of 2005

Regulation 55(1)(c) in respect of operations:

Regulation 55(1)(d) with regard to the Credit Bureau:

Regulation 55(1)(a) with regard to Debt Counsellors:

Regulation 56 with regard to section 170 of the Act:

Regulation 17(1) with regard to Credit Bureau information:

Documents with a required retention period of the earlier of 10 years or a rehabilitation order being granted:

Documents with a required retention period of 5 years:

Documents with a required retention period of the earlier of 5 years or until judgment is rescinded by a court or abandoned by the credit provider in terms of section 86 of the Magistrate’s Court Act No 32 of 1944:

Documents with a required retention period of 2 years:

Documents with a required retention period of 1.5 years:

Documents with a required retention period of 1 year:

Documents with an unlimited required retention period:

Documents required to be retained until a clearance certificate is issued:

  1. Tourism Act, No 3 of 2014 (read with its Regulations):
  1. Financial Intelligence Centre Act, No 38 of 2001:
  1. Compensation for Occupational Injuries and Diseases Act, No 130 of 1993:

Asbestos Regulations, 2001, regulation 16(1) requires a retention period of minimum 40 years for the documents mentioned below:

Hazardous Biological Agents Regulations, 2001, Regulations 9(1) and (2):

Noise – induced Hearing Loss Regulations, 2003, Regulation 11:

– All records of assessment and noise monitoring;

– All medical surveillance records, including the baseline audiogram of every employee.

Hazardous Chemical Substance Regulations, 1995, Regulation 9 requires a retention period of 30 years for the documents mentioned below:

– Records of assessments and air monitoring;

– Medical surveillance records.

  1. Basic Conditions of Employment Act, No 75 of 1997:

Section 29(4):

Section 31:

  1. Employment Equity Act, No 55 of 1998:

Section 26 and the General Administrative Regulations, 2009, Regulation 3(2) requires a retention period of 3 years for the documents mentioned below:

Section 21 and Regulations 4(10) and (11) require a retention period of 3 years for the report which is sent to the Director General as indicated in the Act.

  1. Labour Relations Act, No 66 of 1995:

Sections 53(4), 98(4) and 99 require a retention period of 3 years for the documents mentioned below:

Sections 99, 205(3), Schedule 8 of Section 5 and Schedule 3 of Section 8(a) require an indefinite retention period for the documents mentioned below:

  1. Unemployment Insurance Act, No 63 of 2002:

The Unemployment Insurance Act, applies to all employees and employers except:

Section 56(2)(c) requires a retention period of 5 years, from the date of submission, for the documents mentioned below:

  1. Tax Administration Act, No 28 of 2011:

Section 29 of the Tax Administration Act, states that records of documents must be retained to:

  1. Income Tax Act, No 58 of 1962:

Schedule 4, paragraph 14(1)(a)-(d) of the Income Tax Act requires a retention period of 5 years from the date of submission for documents pertaining to each employee that the employer shall keep:

Schedule 6, paragraph 14(a)-(d) requires a retention period of 5 years from the date of submission or 5 years from the end of the relevant tax year, depending on the type of transaction for documents pertaining to;

  1. Value Added Tax Act, No 89 of 1991:

Section 15(9), 16(2) and 55(1)(a) of the Value Added Tax Act and Interpretation Note 31, 30 March requires a retention period of 5 years from the date of submission of the return for the documents mentioned below:

  1. ELECTRONIC DATA STORAGE
  1. DESTRUCTION OF DOCUMENTS
error: