1.1. The Fountains Hotel processes personal information of individuals as part of our standard operating procedures when hosting guests at our separate hotel accommodation offerings.
1.2. We are obliged to process personal information in accordance with the provisions of the Protection of Personal Information Act, no. 4 of 2013 (‘the POPI Act’). This notice constitutes our policy statement to declare The Fountains Hotel’s commitment to comply with the POPI Act when processing personal information and special personal information, as defined in paragraphs 8.5 and 8.9 below.
- PURPOSE OF PROCESSING PERSONAL INFORMATION
2.1. We process personal information primarily to assist guests with bookings and ensure our hospitality operation is able to run smoothly. We also process personal information –
2.1.1. for personalised marketing purposes, if you are a former guest or if you elected to receive marketing material from us. Please note that you have a choice not to have their personal information used for marketing purposes.
2.1.2. to send newsletters to our guests and others who have elected to receive newsletters from us. Please note that guests have a choice not to receive newsletters from us.
2.1.3. to conduct guest satisfaction research.
2.1.4. for audit and record keeping purposes.
2.1.5. to deal with requests and enquiries about personal information held by us and to update this information, when advised by you.
2.1.6. should you apply for employment at any of or business branches, to process your application.
2.1.7. for the detection and prevention of fraud, crime, money laundering or other malpractices.
2.2. When you contact us by email, other means of electronic communication, telephone, post, or telefax, we collect, store, use and keep record of certain personal information that you disclose to us. This includes details such as your name, address, telefax number, mobile phone number and email communication data. By providing us with your personal information, you authorise us and associated entities or third parties (where applicable) to process such information as set out herein.
2.3. We do not intentionally collect or use personal information of children (persons under the age of 18 years), unless with express consent of a parent or guardian.
2.4. We do not process special personal Information about you unless –
2.4.1. it is necessary to establish, exercise or defend a right or obligation in law (eg we have to process information relating to your health as part of our screening processes when you access our premises, in order to comply with Covid-19 regulations and protocols).
2.4.2. we have obtained your consent to do so (eg should you apply for employment at our business, we require your permission to do a criminal record check to process information which relates to your criminal record, if any.
2.5. We are committed to process personal information and special personal information –
2.5.1. fairly and lawfully, for specific lawful purposes.
2.5.2. in accordance with any agreement we may have with you and in accordance with the legal standards applicable to such information or information categories.
2.5.3. which is accurate and kept up to date.
2.5.4. which is adequate, relevant and not excessive or misleading.
- SHARING OR TRANSFER OF PERSONAL INFORMATION
3.1. We undertake to use your personal Information only for the purpose for which the information is essential and not to share or further process your personal information without your consent.
3.2. Please note that in certain circumstances,
3.2.1. we must share personal information with third parties as part of the hospitality services we render to our clients. Subject to paragraph 3.2.4 below, we must inform you when we do so and will share only what is needed for those purposes. We aim to have agreements in place with our service providers to ensure that the personal information that we remain responsible for, is safeguarded by our service providers. Anyone to whom we pass on your personal information, will be required by us to treat your information with the same level of protection as we are obliged to do.
3.2.2. South African legislation allows for the disclosure of personal information to law enforcement or other agencies without your consent. In circumstances where we are required to disclose information because we are legally obliged to do so, we will first consider the legitimate interests of all concerned.
- RETENTION OF PERSONAL INFORMATION
4.1. We will retain your personal information for as long you permit us to do so and/or in accordance with the provisions of any applicable legislation.
- SAFEGUARDING OF PERSONAL INFORMATION
5.1. We are required to take reasonable measures to adequately protect all the personal information we hold and to avoid unauthorised access and use of such personal information. To comply with this requirement, we maintain reasonable industry-standard physical, electronic and procedural safeguards in respect of the personal information we collect, store, disclose and destruct.
5.2. Our written communication with guests and third parties occurs mostly via the internet. For this reason, we have implemented general accepted and up-to-date electronic communication safety measures. However, the internet is not entirely secure and therefore we cannot unconditionally guarantee the security of any information you provide to us via email, social media, or other communication platforms. Should you be particularly concerned about the safety of specific personal information you intend to send to us, you should liaise with your contact person at the hotel regarding the appropriate communication platform to be used.
5.3. In the unlikely event that an information security breach in respect of your personal information should occur, we will inform you thereof. We will also investigate the security breach and will take all reasonable measures to limit any possible damage which may arise from such breach.
- CHANGES TO THIS NOTICE
6.1. We may amend our personal information practices and review this notice from time to time. Amendments will be communicated as necessary and will appear on our website.
- DEFINITIONS OF TERMS USED IN THIS NOTICE
In this notice, the following terms and expressions, will have the meaning as assigned to them by the POPI Act:
7.1. Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our firm.
7.2. Data subject is an individual or juristic person to whom personal information relates.
7.3. Electronic communication means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.
7.4. Information security breach is any incident:
7.4.1. in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed or otherwise used or processed in an unauthorised manner; or
7.4.2. that results in the unauthorized access of information, applications, services, networks and/or devices by bypassing our firm’s security mechanisms.
7.5. Personal information is Information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –
7.5.1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
7.5.2. information relating to the education or the medical, financial, criminal or employment history of the person;
7.5.3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
7.5.4. the biometric information of the person;
7.5.5. the personal opinions, views or preferences of the person;
7.5.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
7.5.7. the views or opinions of another individual about the person; and
7.5.8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
7.6. Processing means any operation or activity or any set of operations of the responsible party, whether or not by automatic means, concerning personal information, including —
7.6.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of personal information;
7.6.2. dissemination of personal information by means of transmission, distribution or making available in any other form; and
7.6.3. merging, linking, as well as restriction, degradation, erasure or destruction of personal information.
7.7. Record means any recorded information regardless of form or medium, including any of the following:
7.7.1. writing on any material;
7.7.2. information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
7.7.3. label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
7.7.4. book, map, plan, graph or drawing; and
7.7.5. photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
7.8. Responsible party means The Fountains Hotel.