Effective date: 24 October 2025
Business: Uitzicht Guesthouse (Pty) Ltd (or sole proprietor/trading-as – update as applicable)
Trading name: Uitzicht Guesthouse
Motto: Luxury and Hospitality, perfectly combined
Physical location: Kimberley, Northern Cape, South Africa (N12 corridor)
Website: https://uitzichtguesthouse.co.za

1) Purpose of this Policy

This Privacy Policy explains how Uitzicht Guesthouse (“Uitzicht”, “we”, “us”) collects, uses, shares and safeguards Personal Information in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”). It also explains your rights and how to exercise them.

This Policy applies to:

• guests and prospective guests,
• website visitors and people who contact us,
• corporate clients and travel agents,
• suppliers and service providers,
• any person whose Personal Information we may process in connection with our hospitality operations.

2) Our Role & Contact Details

Responsible Party: Uitzicht Guesthouse
Information Officer (section 55 POPIA): Elmien van Zyl

• Email: info@uitzichtguesthouse.co.za
• Tel/WhatsApp: +27 82 810 5222
• Postal/Street: Kimberley, Northern Cape, South Africa (request full address via the above details)

The Information Officer is responsible for compliance, handling requests, maintaining this Policy and liaising with the Information Regulator.

3) Key Definitions (plain language)

• Personal Information: any information that identifies you (e.g., name, contact details, ID/passport, booking details, CCTV images).
• Special Personal Information: sensitive categories (e.g., health data, religious beliefs).
• Processing: anything done with Personal Information (collect, store, use, share, destroy).
• Data Subject: the person the Personal Information is about.
• Operator: a third party that processes information for us (e.g., channel manager, booking platforms, IT providers).

4) What Personal Information We Process

Depending on your relationship with us, we may process (as relevant):

Guests / Prospective Guests

• Identification & contact: names, title, ID/passport, nationality, date of birth, email, phone, address.
• Booking & stay details: arrival/departure dates, room preference, bedding setup (king/twin), number of occupants, payment details (masked/transaction references), invoice and VAT data, corporate rate details, loyalty/agent information.
• Check-in & indemnity forms: signatures, acknowledgements of house rules, deposits, liability and damages notices.
• Travel information required by law (e.g., guest register particulars; where applicable under immigration or municipal regulations).
• Preferences & communications: dietary needs, pillow/room requests, special occasions, marketing consents.
• Limited health information only where you volunteer it (e.g., allergies, accessibility needs) to provide safe service.
• CCTV images in common areas and external perimeters (safety and security).
• Wi-Fi connection logs (device MAC, timestamp, IP) to operate a lawful, secure network—not your content/browsing.

Website Visitors / Enquirers

• Form submissions and emails (name, contact details, message content).
• Basic analytics and cookies (see Section 10).

Suppliers / Service Providers

• Business contact details, banking details for payment, tax information, contracts and performance records.

5) How We Collect Personal Information

• Directly from you: online booking forms, email/phone, check-in documents, indemnity/house rules forms, on-site Wi-Fi sign-in, payments.
• Automatically: CCTV and access control systems; website cookies and logs; Wi-Fi logs.
• Third parties: channel manager and booking platforms (e.g., Semper and online travel agents), corporate clients arranging bookings, card processors/merchant banks, travel agents, and lawful public sources.

6) Why We Process Personal Information (Lawful Bases)

We process Personal Information on one or more POPIA grounds:

• Contract: to take steps at your request and to perform our accommodation contract (bookings, check-in, service delivery, invoicing, refunds, damages processing).
• Legal obligation: to keep guest registers or other records required by law (e.g., immigration/municipal or public-health requirements), to keep tax and accounting records (SARS record-keeping typically 5 years).
• Legitimate interests: to run and secure our business (CCTV for security, Wi-Fi security, fraud prevention, quality control, defending legal claims).
• Consent: where required (e.g., direct marketing by email/SMS to non-customers, processing any Special Personal Information like allergies). You may withdraw consent at any time.
• Public interest: in limited cases where necessary for safety and security.

7) Special Personal Information & Children

We avoid processing Special Personal Information unless necessary and lawful (e.g., you share allergy/medical info so we can accommodate your needs). We only process a child’s information with a competent person’s consent (parent/guardian) or as otherwise permitted by law and strictly for booking/stay purposes.

8) CCTV & On-Site Safety

We operate CCTV in shared areas and outside perimeters to protect guests, staff and property. Signage is displayed where practicable. Footage is accessed only by authorised personnel and trusted security/IT providers and retained for a standard 30–90 days (shorter or longer where storage limits or an incident requires retention).

9) Wi-Fi Usage

Guest Wi-Fi is provided for convenience. We may keep basic device and connection logs for up to 6 months for network security and legal compliance. By using the Wi-Fi you agree not to use it for unlawful activities. Content/browsing is not monitored.

10) Cookies & Website Analytics

Our website may use essential and analytics cookies to improve performance and understand usage. You can control cookies in your browser. Where required, we will display a cookie notice with options.

11) Sharing Your Information

We share Personal Information only as necessary and subject to confidentiality and POPIA-compliant safeguards:

• Operators: our channel manager (e.g., Semper), booking platforms, website/hosting/IT and email providers, payment processors/merchant banks, accountants/auditors, insurers, security/CCTV providers, and professional advisers.
• Corporate clients/travel agents: to confirm or manage bookings they arrange.
• Law enforcement/regulators/courts: when legally required or to protect our rights or the safety of any person.
• Business continuity: in mergers/restructures, information may be shared under strict confidentiality.

12) Cross-Border Transfers

Some Operators or booking platforms may store or process data outside South Africa. Where this occurs, we will ensure that the recipient is subject to a law, binding corporate rules, or agreements that provide an adequate level of protection in line with POPIA section 72, or we will obtain your consent where required.

13) Retention & Destruction

We keep Personal Information only as long as necessary for the purposes set out in this Policy or as required by law, then securely destroy or de-identify it. Typical periods:

• Guest registers / check-in forms: at least 12 months or as otherwise required by law (and longer if needed for claims).
• Financial & tax records (invoices, proofs): 5 years from the end of the relevant tax period.
• CCTV footage: 30–90 days unless needed for an investigation.
• Wi-Fi logs: up to 6 months.
• Marketing lists: until you unsubscribe or we are informed your address is invalid.

14) Security Measures

We use administrative, technical and physical safeguards appropriate to the sensitivity of the information, including access controls, passwords and encryption where reasonable, secure storage, staff confidentiality undertakings, and Operator contracts imposing POPIA-compliant security. No system is perfect; we will notify you and the Information Regulator of any data breach where required.

15) Direct Marketing

• Existing customers: we may market similar services to you on an opt-out basis, with a clear unsubscribe option in every message.
• New prospects: we will obtain opt-in consent before sending electronic marketing.
• We do not sell your information to third parties for their marketing.

16) Your POPIA Rights

You have the right to:

• be informed that we hold your data;
• access your Personal Information (PAIA/POPIA request);
• correct, update or delete information that is inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading or obtained unlawfully;
• object to certain processing (including direct marketing);
• withdraw consent where processing is based on consent; and
• complain to the Information Regulator (see Section 18).

How to lodge a request

Email the Information Officer (details in Section 2) with enough detail to identify you and the information requested. We may require verification of identity and use the prescribed forms/fees under POPIA/PAIA where applicable. Our PAIA Manual is available on request.

17) Third-Party Links

Our website may link to third-party sites (e.g., restaurants, attractions, booking platforms). Those sites have their own privacy policies; please review them. We are not responsible for their content or practices.

18) Questions & Complaints

Information Officer: Elmien van Zyl

• Email: info@uitzichtguesthouse.co.za
• Tel/WhatsApp: +27 82 810 5222

Information Regulator (South Africa):
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@inforegulator.org.za | Enquiries: inforeg@inforegulator.org.za
Website: https://inforegulator.org.za | Tel: +27 (0)10 023 5200

You may first raise concerns with us; if unresolved, you can approach the Information Regulator.

19) Updates to this Policy

We may update this Policy from time to time to reflect legal or operational changes. The latest version will be posted on our website with the effective date.