Our travellers are from many different countries - in recognition of this, we endeavour to process all data in accordance with principles of internationally accepted best practice, and compliance regulations. We regularly review our compliance with this policy and whenever we receive a formal complaint, we will contact the person who made the complaint to attempt to resolve his or her concerns.
Please note that by using our websites (as a user browsing the websites), you are consenting to our collection and use of your information as more fully set out in this policy. If you have any concerns about the use of your information, or the contents of this policy, please feel free to contact us.
Notice at Collection
The CCPA requires businesses to give consumers certain information in a “notice at collection”, listing the categories of personal information businesses collect about consumers, and the purposes for which this information is used.
The remainder of this page outlines the types of information that Go2Africa collects about our website users and clients, and how this information is used.
We distinguish in this policy between ‘personal data’ (data that is required to facilitate international travel), and 'non-personal data' (data regarding usage of the websites, and de-identified information extracted from the websites for analysis). We collect both personal and non-personal data through our websites and through third parties, either automatically, or by your providing this information to us during enquiring, signing up for our newsletter, or during the consultation phase to help us improve the informaiton we will be providing you with.
1. User Notifications:
1.1 Failure to provide requested information may impair our ability to provide professional advice when curating and sharing proposed travel itineraries.
1.2 You will need to ensure that your personal information submitted to us is accurate and up-to-date.
1.3 You are responsible for any third party information obtained, published or shared through the websites, and you consent to only use or share this third party data with the third party's consent.
2. Personal Data:
2.1 We collect and store the personal information that you may provide to us through our websites when you enquire with us, update or change your information with us, or make use of our services.
2.2 We also collect and store information in relation to your travel itinerary, travel preferences and particulars of those traveling with you, for example through communications, surveys and other data submitted by you.
2.3 Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. Go2Africa does not collect or store any credit card or account details.
3. Non-personal Data:
3.1 In addition to personal data, we also store non-personal data, which cannot be used to identify our users. The kinds of non-personal data that we collect includes de-identified data about usage of our websites.
How We Share Information
We use a number of external parties to assist us in processing personal data for the above purposes, and they may hold this personal data on their own servers for these purposes. We may share the information we obtain with:
- Service Providers. In connection with the operation and provision of our service we engage various third parties to provide services or handle transactions on our behalf, such as payment card processing, email distribution, list processing, postal mailing, cloud computing, analytics, digital content performance measurement, ad serving and managing sweepstakes, contests, promotions or events. These service providers use the information we provide to them as necessary or appropriate for the performance of their services.
- Advertisers, Advertising- and Marketing-Related Service Providers and Partners. We may provide your information to advertisers, advertising agencies, ad networks, ad exchanges, marketing businesses, technology vendors and other entities that create, deliver and assess advertising or marketing campaigns, including interest-based ads.
- Content Measurement Companies. We and third parties seek to measure the performance of our content. To achieve this we may include third-party measurement software in our services to enable market research or to measure digital and video content consumption.
- Social Media Platforms. If you interact with social media widgets, share content using social media share buttons, or access features of the Digital Services that contain content or features provided by Social Media Platforms, the relevant Social Media Platforms may collect information. We encourage you to review the privacy policies of the Social Media Platforms that you engage with as we are not responsible for their privacy practices.
- Business Partners. We may provide your information to business partners including, without limitation, joint marketing partners and content sponsors, for various purposes. For example, we may partner with a third party to offer products or services on a co-branded, co-sponsored or cross-promotional basis that involves the sharing of information.
If you would like access to a full list of our service providers please contact us. We are not responsible for, nor do we endorse the privacy practices of these external third parties.
Cookies and Similar Technologies
A cookie is a small piece of code that is installed in your web browser by a website that you visit. They help the website to remember information about your visit, and assist to make the website, and advertisements that you encounter while browsing, more relevant to you. We've provided some further detail on cookies below to try and clarify how and why we use them.
1. Technical cookies and cookies serving aggregated statistical purposes:
2. How can I manage the installation of cookies?
2.1 You can manage preferences for cookies directly from within your own browser and prevent websites from installing them. Through your browser preferences, it is also possible to delete cookies installed in the past. It is important to note that by disabling all cookies, the functioning of the websites may be compromised. You can find information about how to manage cookies in your browser using the following links: Mozilla Firefox, Apple Safari, Google Chrome and Microsoft Internet Explorer.
2.3 If you would like to go deeper into behavioural advertising and cookies, we find the website at Your Online Choices to be a helpful information source (particularly for users residing in the European Union). This service advises you on how to select your tracking preferences for most advertising tools.
Use of Non-Personal Data
We use your non-personal data for purposes like product improvement, internal reporting, analytics, performing statistical analyses of collective behaviour of our users, measuring demographics and interests, and for other legitimate business purposes. We will take all reasonable steps to properly de-identify all information that is stored and analysed as non-personal data. This non-personal data may also be shared with the current and future partners and service providers (since there is no prejudice to our users from the disclosure of this non-personal information).
Use of Personal Data
Except as set out in this policy or specifically agreed by you, we won't disclose your personal data that we receive through the websites. In general we will always aim to de-identify the information that we store (as non-personal information), but some information will need to still be attached to your name or email address (as personal information), for reasons listed below, and with the aim of supporting personalised and customised experiences and journeys. We work hard to ensure that access to a traveller’s information doesn't disadvantage or prejudice our travellers.
The ways in which (and the purposes for which) we use personal data are described in further detail below:
- Verifying identity.
- Contacting you for the purpose of:
- advising you on travel information and options,
- assisting you to complete your bookings and reservations with us, with the aim of keeping travellers informed and providing on-the-go support and information.
- other legitimate business purposes, and all communications with you for these purposes will be kept on record.
- For analytics purposes (and product improvement more generally), including:
- analysing client characteristics, demographics, activities and behaviours on our websites and applications allowing us to continually improve the design of our website and relevant applications for the benefit of you and other travellers,
- providing analytical information to all relevant personnel who are involved in assisting and supporting travellers, to enable them to optimise the traveller’s experience, or
- other legitimate business purposes.
- reporting internally on traveller choices and related matters.
- for behavioural marketing and remarketing to website users and travellers, and marketing to potential travellers with similar interests.
- recording, tracking and analysing activities on the websites.
- researching, developing and improving, as well as training.
- For disclosure:
- to personnel within Go2Africa and our third party contractors for business purposes, including but not limited to internally used software and systems providers, and courier companies for shipping of documentation and gifts;
- to government authorities in response to court orders, subpoena/summons or other legal processes, to establish or exercise a legal right, defend a claim, or as otherwise required by law;
- to investigate, prevent or take action in relation to any suspected illegal activities, or to protect our own rights and the rights of our service providers;
- to acquirers, assignees or other successor entities in connection with a sale, merger or reorganisation of all or substantially all of our equity, business or assets.
- For any other purpose:
- for which we receive your consent,
- that is in the public interest, or
- within the bounds of the laws of the South Africa
You agree that we may also share any of your personal data with the service provider that you and Go2Africa choose to use, and these service providers may use your personal data in accordance with their own privacy policies.
We may also disclose all your personal data between our associated Go2Africa companies, who shall have all the same rights as us in relation to such personal data, and shall comply with this policy in the processing of such information.
Rights afforded you in the Privacy legislation
We respect and will honour these rights:
- Subject to certain exceptions (see 'Exceptions' below) we always have to obtain your Information from you personally
- We are not allowed to process your Information unless we have your 'informed, specific and voluntary consent'
- We are obliged to advise you of the purpose for which we will be processing and Third Parties with whom we will be sharing your Information.
- You can call upon us at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof that we have done so.
- Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to 'opt out'/'unsubscribe'
- You are entitled to enquire at any time about the steps we've taken to ensure that our safeguards pertaining to the protection of your Information meet the requirements of the Privacy Legislation.
- You may require of us to restrict the processing of your Information
- You can lodge complaints: (1) via the relevant section of our website; (2) with our Information Officer (see our website) and/or (3) with the POPIA Information Regulator
- You are entitled and we are obliged to inform you when our security has been breached (POPIA: 'as soon as reasonably possible' and GDPR: within 72 hours)
You have a right to know what personal data is being stored, and processed, as well as the categories of recipients with whom it may be shared. You may contact us to learn about the contents and origin of this personal data, to verify its accuracy or to ask for this data to be supplemented, cancelled, updated or corrected, or for their transformation into an anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to us at email@example.com or on our contact page.
Our websites do not currently support “Do Not Track” (“DNT”) requests. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. To determine whether any of the third party services linked on our Website honour DNT requests, please read their privacy policies.
When we do not require your consent for ‘processing’:
- You (the 'data subject') have made your Information public;
- Your Information is a matter of public record, i.e. it is 'in the public domain and under the control of a public body;'
- We are complying with an obligation imposed by law;
- It involves compliance with court proceedings
- It involves national security
- It is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult
- It is for use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards - a balance must be struck between your right to privacy and the freedom of expression
- You Information has been 'de-identified'e. so that the identities of the parties cannot be determined (also sometimes referred to as 'pseudonynimisation')
- We are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed
- We have carried out a data protection impact assessment which entailed a 'systematic and extensive evaluation of our processes and current safeguards'. This assessment addressed amongst others how and when we process your Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
- Based on the report by the experts who carried out this assessment, we have implemented 'appropriate, reasonable and organizational measures' to (1) 'ensure the integrity and confidentiality' of the Information; (2) 'prevent the loss of, damage to or unauthorized destruction or access to or processing' of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis
- These measures :
- Will meet the most stringent of 'generally accepted information security practices' and/or 'specific industry or professional rules and regulations'
- Include amongst others encryption; controlling privileges of users; destroying your Information when no longer required; regular audits; back-ups; emergency incident strategies.
Methods of processing
We undertake to process your personal data in a reasonable manner and take appropriate, reasonable security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. All data processing shall be carried out by employees, consultants or third party service providers using computers and/or IT enabled tools, following standard organizational procedures and modes.
In some cases, personal and non-personal data may be accessible to certain types of persons involved with the operation of the websites (administration, sales, marketing, finance, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies to name a few) appointed, if necessary, by us as data processors.
All data collected through our websites is managed and processed primarily at our various operating offices, and in any other place where the parties involved with the processing are located. For further information on our servers and places where we process data, please contact us.
Due to the fact that we have travellers from all over the world, and hosting services have become more 'cloud-based' and international in recent years, we may send and store your personal data outside of the country in which you reside, and there will therefore be some cross-border transfer of this personal data. We are nevertheless committed to protecting the privacy and confidentiality of personal information when it is transferred, in accordance with this Policy and the data privacy requirements in the EU.
Your Information will not be stored longer than is reasonably required for us to complete the purposes for which is being processed. However we may retain your Information for longer periods if required for e.g. taxation purposes or if you have requested us to do and have provided us with the requisite consent. The latter may be the case when you are a repeat customer and retaining some of your personal preferences such as twin/double bed and meal preferences will assist us in providing you with a more efficient service for future bookings.
To learn more, please contact us
If you would like to inspect and review your records, you may submit a request through our contact page. Requests for access will receive a response within 45 days, although certain records may be excluded from records made available for inspection (within the bounds of the law and our confidentiality undertakings with third parties). You may also request amendment of records that you believe are inaccurate, misleading or in violation of your rights.
Your personal data may be used for legal purposes as reasonably determined by us, in court or in the stages leading to possible legal action. You also acknowledge that we may be required to reveal your personal data upon request of public authorities.
Additional information about Personal Data
In addition to the information contained in this policy, we may provide you with additional and contextual information concerning particular services or the collection and processing of personal data on request.
System Logs and Maintenance
For operation and maintenance purposes, our websites and any third party services may collect files that record interaction with the websites (System Logs) or use for this purpose other personal data (such as IP Address).
Changes to this Policy
We review our privacy practices from time to time, and carry out regular data protection impact assessments on an ongoing basis. We reserve the right to make changes to this policy at any time by giving notice through a website feature or by emailing you. We recommend that you check the contents of the policy whenever you have any new questions about privacy and our use of data, referring to the date of the last modification listed at the bottom of the policy.
If you object to any changes to the policy, you must cease using the websites and can request that we delete your personal data. Unless stated otherwise, the then-current policy applies to all data that we maintain.
Contacting us about this Policy
If you have any questions or comments about this policy, please use the contact us feature on our website, or email us at firstname.lastname@example.org.
The data controller for the purpose of this Policy is Go2Africa (Pty) Ltd (incorporated in South Africa) with registered address at Go2Africa House, 12A Portswood Road, V&A Waterfront, Cape Town, 8001, South Africa.
The relevant data controller will be charged with making decisions regarding the purposes and methods of processing of data in terms of this Policy.
Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under the European general data protection Regulation 2016/679 (“GDPR”), on the subject of cookies.
Date of last amendment: 7 July 2021