Privacy Policy & POPI Compliance
Firmed Properties Pty Ltd T/A The Apollo Hotel Registration Number 1987/00491107
(“We”, “Us”, “Our”) take privacy, and the security of personal information, very seriously, and We are committed to ensuring that We safeguard the privacy and personal information of everyone We communicate with either personally with You or through Our Website and other electronic media whether by email or other electronic means, at all times and in the best way possible.
This privacy policy contains important information for You. It explains:
1.2.1 who We are;
1.2.2 Our Website;
1.2.3 what personal information We collect about You;
1.2.4 how, when and why We collect, store, use and share Your personal information;
1.2.5 how We keep Your personal information secure;
1.2.6 for how long We keep Your personal information;
1.2.7 Your rights in relation to Your personal information;
1.2.8 issues relating to marketing; and
1.2.9 how to contact Us or the relevant supervisory authorities should You have a complaint.
1.3 The Apollo Hotel, Registration Number 1987/00491107, is a Company registered in the Republic of South Africa and Our registered office is at The Apollo Hotel 158 Bram Fischer Drive Randburg Gauteng. Our contact telephone number is: +27 (0)11 787 5434. We own and operate the Website You can find www.apollohotel.co.za (the “Website). Our Information Officer for data protection purposes may be contacted at myles@apollohotel.co.za
1.4 When We collect, use and process personal information We are subject to the provisions of the Protection of Personal Information Act No. 4 of 2013 (“POPI Act”) and We are responsible as what is described as a ‘controller’ of that personal information for the purposes of those laws. In other words, We are primarily responsible for that personal information and are the ‘natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information’.
1.5 If You have any questions about the use to which We put Your personal information, please contact our Information Officer, whose contact details are set out in paragraph 1.3 above.
1.6 This policy relates to Your use of Our Website, telephonic and electronic reservation systems and electronic or other communications from Us. Please note that Our Website may link to other third-party websites and systems that may also gather information about You which could include your personal information. We make no representations or warranties about the data privacy practices of any third party and cannot accept responsibility for the data privacy practices of, or content displayed on third party websites and systems. Third-party websites and systems will operate in accordance with their own separate data privacy policies, and We have no control over any personal information that they may acquire, store and use. For data privacy information relating to these other third-party websites, You should consult their privacy policies as appropriate.
1.7 We are committed to preserving the privacy of Your personal information so that We can:
1.7.1 Deliver service of a high quality to clients;
1.7.2 At all times comply with the law and the various regulations that We are subject to;
1.7.3 Meet the expectations of clients, employees and third parties; and
1.7.4 protect Our reputation.
1.8 In this policy, please note the use of the following terms:
1.8.1 Personal information has the meaning given to it by the POPI Act and means any information relating to an identified or identifiable individual (known as a data subject);
1.8.2 Processing means any operation or actions performed on personal information; for example collection, recording, organisation, structuring, storing, altering, deleting or otherwise using personal information.
1.8.3 We, Us and Our refers to The Apollo Hotel & Conferencing Centre;
1.8.4 You and Your refers to any person who is accessing Our Website and whose personal information is processed and can include clients, guests, suppliers, business partners, prospective employees, third parties and visitors;
2 YOUR PERSONAL INFORMATION
2.1 Personal information is collected about You whenever You access Our Website, register with Us, contact Us, send Us feedback, purchase services via Our Website, post material to Our Website, complete forms on Our Website, take part in customer surveys, participate in competitions via Our Website, submit reviews to or via Our Website.
2.2 Personal information is collected either directly (for example when You register with Us, contact Us, purchase products or services from Us and / or our third party service providers, complete forms or submit reviews on or via Our Website) or indirectly (for example where You are browsing Our Website through the use of ‘Cookies’).
2.3 The personal information We receive and process is dependent on how You access Our Website, what You do while You are accessing it, and what You perceive the end result of accessing Our Website will be.
2.4 In general, the sorts of personal information that We can acquire, depending on the circumstances, include:
2.4.1 Your name, address, email, telephone number and other contact details and that of any minor travelling with You;
2.4.2 Your nationality;
2.4.3 Your identity, birth certificate or passport number or that of any minor travelling with You;
2.4.4 If You are a corporate entity then Your name, registration number, VAT number telephone number, address, contact person and their contact details;
2.4.5 Your bank account or other financial details;
2.4.6 details of any feedback You give Us, and this may be by phone, email, post or via social media;
2.4.7 Information about the services We provide to You;
2.4.8 Your account / profile details, such as username, login details;
2.4.9 Your IP address, the browser You use, Your operating system;
2.4.10 The pages of Our Website, or other resources on that Website, that You have accessed and when You accessed them; and
2.4.11 Details of any documents or other resources that You have downloaded from Our Website.
2.5 In general terms, We may use this personal information to:
2.5.1 Create and manage Your account / profile with Us;
2.5.2 Verify Your identity;
2.5.3 Comply with legislation which may be applicable to the services We render or Our business;
2.5.4 Provide goods and services to You;
2.5.5 Customise Our Website and its content to Your particular preferences;
2.5.6 Notify You of any changes to Our Website or to Our services that may affect You;
2.5.7 Improve Our services;
2.5.8 Receive Your reviews and respond to them.
2.6 Please note that it is important that the personal information We hold about You is accurate and current. Please keep Us informed if Your personal details change during Your relationship with Us.
2.7 Please note that Our Website is not intended for use by children under the age of 18 years of age, and We do not knowingly collect or use personal information relating to children.
2.8 You should not disclose the personal information of third parties to Us unless there is a lawful reason why We need to have that information;
2.8.2 You are permitted by the third party to disclose their personal information to Us or you are their parent, guardian or authorised employer or agent; and
2.8.3 You have brought this privacy policy to the attention of the third party. When you give Us the personal information of a third party, please provide a copy of this Privacy Policy to that person that they can also be made aware of the conditions under which their personal information is handled by Us.
We have no way of checking that You have complied with the requirements relating to the disclosure of third party’s personal information and therefore We will assume that You have done so and You shall be liable to the data subject if you breach this clause.
- 3 THE PURPOSES FOR WHICH YOUR INFORMATION IS USED
3.1 Data protection law requires that We only use Your personal information for the purposes for which it was acquired, or where We have a proper reason for using it. Those reasons may include the following:
3.1.1 Where You have given consent to the use of Your personal information for one or more specific purposes.
3.1.2 Where the use is necessary for the performance of a contract to which You are party, or in order to take steps at Your request prior to entering into a contract.
3.1.3 Where the use is necessary for compliance with a legal obligation that We are subject to.
3.1.4 Where the use is necessary in order to protect Your vital interests or those of another person.
3.1.5 Where the use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in Us.
3.1.6 Where the use is necessary for the purposes of Our legitimate interests or those of a third party, except where those interests are overridden by Your interests or fundamental rights and freedoms which require protection of personal information, in particular where You or the relevant person is a child.
3.2 The reasons set out above represent the general position as to the purposes for which data may be used. The specific position in relation to Your personal information, however, is that We may use it for the following purposes and as more fully detailed in Schedule A.
3.2.1 In order to supply goods and/or services to You through or via Our Website. This processing relies on the performance of a contract between Us and the steps needed to deliver those contractual services.
3.2.2 To verify or authenticate your personal information or that of any other person to whom we also render our services. This will help to prevent any loss or damage either to You, a third party, or to Us. This processing relies on factors related to Our legitimate interests in processing the personal information.
3.2.3 To preserve the confidentiality of commercially-sensitive information, and for Our legitimate interests or those of a third party in relation to the protection of Our, or another’s, intellectual property and other commercially-valuable information. This processing relies on Your consent where this has been given, or on factors related to Our legitimate interests in processing the personal information (in that We are seeking to monitor and improve Our Website and/or the services/products We provide).
3.2.4 In connection with credit control and credit reference checks in relation to the services We perform or the products We supply. This processing relies on Your consent where this has been given, on factors related to Our legitimate interests in processing the personal information (in that We are seeking to provide services as part of Our business, or the performance of a contract between Us, and the steps needed to deliver those contractual services).
3.2.5 To analyse the use made of Our Website. Here We may make use of Your IP address, where You are based, the type and version of the browser You use, details of Your operating system, how You came to Our Website (for example whether You were referred from another Website or from a search engine), how long You remained on Our Website, the number of pages on Our Website that You viewed, how You moved around Our Website, the links that You followed, and whether any of those links were used to leave Our Website. This processing relies on Your consent where this has been given, or on factors related to Our legitimate interests in processing the personal information (in that We are seeking to monitor and improve Our Website and/or the services/products We provide).
3.2.6 To improve the operation of Our Website and provide those services which You have requested Us to provide. This may include taking such security measures as are appropriate, backing up the personal information We hold, and contacting You. This processing relies on Your consent where this has been given, or on factors related to Our legitimate interests in processing the personal information (in that We are seeking to provide services as part of Our business, or the performance of a contract between Us, and the steps needed to deliver those contractual services).
3.2.7 In relation to information which You wish to include in, or position, Our Website (for example by submitting a review of Our services/products, supplying a blog post or the publishing of other information). This processing relies on Your consent where this has been given, or on factors related to Our legitimate interests in processing the personal information (in that We are seeking to provide services as part of Our business, or the performance of a contract between Us, and the steps needed to deliver those contractual services).
3.2.8 For dealing with an enquiry submitted by You to Us in connection with Our goods and/or services, or in relation to the supply of newsletters, email notifications, product data or general updates. This processing relies on Your consent where this has been given, or on factors related to Our legitimate interests in processing the personal information (in that We are seeking to provide services as part of Our business, or the performance of a contract between Us, and the steps needed to deliver those contractual services).
3.2.9 Where it is necessary for Us to do so in order to establish, exercise or defend a legal claim, whether in court proceedings or in an administrative or out-of-court procedure. This processing relies on factors related to Our legitimate interests in processing the personal information.
3.2.10 In connection with the compliance by Us with a legal obligation that We are subject to, or in order to protect Your, or Our, vital interests, or the vital interests of another natural person.
3.3 The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, and data concerning health, sex life or sexual orientation. We will only ever process information of that nature with Your explicit consent.
4 CONTACTING YOU
4.1 In addition to the general matters dealt with in paragraph 3.2 above, We may also need to send You updates concerning Our services, and about relevant developments in relation to You, Our services, or other related matters which might concern You, or be of interest to You. This may be by telephone, email or text, and may include information about the services We offer and information relating to changes in those services.
4.2 We regard ourselves as having a legitimate interest in processing Your personal information for these purposes, and We take the view that We do not require Your consent in order to do so. From time to time We undertake what are known as ‘legitimate interest assessments’ in order to balance Our interests in contacting You with Your interests in relation to Your personal information. Where We believe that consent is required, We will contact You specifically for this, and will do so in a clear and transparent manner.
4.3 Where You have agreed to Us doing so, We may also send You information about third party services in which You have expressed an interest, or which are relevant to any services that We have supplied.
4.4 Be assured that We treat Your personal information with the utmost respect and will never share it with others for marketing or promotional purposes. You have, at all times, the right to request that We do not contact You for any purpose other than providing Our services. We may, however, require that You confirm Your marketing preferences from time to time so that We can be sure that Your views remain the same, especially in relation to issues such as legal and regulatory updates.
- 5SHARING YOUR PERSONAL INFORMATION WITH OTHERS
5.1 Notwithstanding the fact that We will not share Your personal information for marketing purposes, it may be necessary for Us to share Your personal information with others in order to perform Our services for You, to comply with Our contractual obligations to You, to comply with Our legal or regulatory obligations to You, or to comply with any contractual, legal or regulatory obligations that We are subject to. These may include:
5.1.1 When sharing Your personal information, We will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. In doing so We impose contractual obligations on all providers of services to ensure that Your personal information is kept secure. We will only ever allow others to handle Your personal information if We are satisfied that the measures which they take to protect that personal information are satisfactory.
5.1.2 Please be aware that, from time to time, We may be required to disclose Your personal information to, and exchange information about You or relating to You with, government, law enforcement and regulatory bodies and agencies in order to comply with Our own legal and regulatory obligations.
5.1.3 We may also need to share some personal information with other parties, such as potential buyers of some or all of Our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
5.1.4 From time to time it may be necessary for Us to share data for statistical purposes. We will always take steps to try to ensure that information shared is anonymised but, where this is not possible, We will require that the recipient of the information keeps it confidential at all times.
5.2 Other than as set out above, and save where in our sole discretion it is necessary to protect Our legitimate interests, Your vital interests or the vital interests of another natural person, We will not share Your personal information with any other third party without Your consent.
6 HOW YOUR PERSONAL INFORMATION IS KEPT
- Your personal information will be kept secure at all times.
6.2 Some of Your personal information may be held in an electronic database on our server infrastructure and is secured using various methods, including application and physical firewalls.
6.3 We implement various security measures in order to prevent loss of, or unauthorised access to, Your personal information. In order to ensure this, We restrict access to Your personal information to those with a genuine business need to access it, and We have procedures in place to deal with any suspected data security breach. We will notify You and any applicable regulator of a suspected data security breach where We are legally required to do so.
6.4 Personal information that is processed by Us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.
.5 Where Your personal information is retained after We have finished providing Our services to You, or where the contract with You has ended in any other way, this will generally be for one of the following reasons:
6.5.1 So that We can respond to any questions, complaints or claims made by You or on Your behalf;
6.5.2 So that We are able to demonstrate that Your matter was dealt with adequately and that You were treated fairly; or
6.5.3 In order to comply with legal and regulatory requirements.
6.6 In general, We will retain Your personal information for only so long as is necessary for the various objectives and purposes contained in this policy. Please note, however, that different periods for keeping Your personal information will apply depending on the type of personal information being retained, the various legislation applicable to it and the purpose of its retention.
6.7 We will also retain Your personal information as follows:
6.7.1 So that We can inform You of updates concerning Our services, and about relevant developments in relation to You, Our services or other related matters which might concern You, or be of interest to You,
6.7.2 For such time as is necessary for compliance with a legal obligation that We are subject to, or in order to protect Your vital interests or the vital interests of another natural person.
6.8 We will delete and/or anonymise any personal information which it is no longer necessary for Us to retain.
8 YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
8.1 Data protection legislation gives You, the data subject, various rights in relation to Your personal information that We hold and process. Those rights are, in the main, set out the POPI Act. They are summarised as follows:
8.1.1 Right of access—the right to obtain from Us confirmation as to whether or not personal information concerning You is being processed, and, where that is the case, access to that personal information and various other information, including the purpose for the processing, with whom the personal information is shared, how long the personal information will be retained, and the existence of various other rights (see below).
8.1.2 Right to rectification—the right to obtain from Us, without unreasonable delay, the correcting of inaccurate personal information concerning You.
8.1.3 Right to erasure—sometimes referred to as the ‘right to be forgotten’, this is the right for You to request that, in certain circumstances, We delete personal information relating to You.
8.1.4 Right to restrict processing—the right to request that, in certain circumstances, We restrict the processing of Your personal information.
8.1.5 Right to personal information portability—the right, in certain circumstances, to receive that personal information which You have provided to Us in a structured, commonly used and machine-readable format, and the right to have that personal information transmitted to another controller.
8.1.6 Right to object—the right, in certain circumstances, to object to personal information being processed by Us and provided there is no legal obligation to process Your personal Information as provided in various legislation.
8.1.7 Right not to be subject to automated decision making—the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
8.2 Full details of these rights can be found in the POPI Act or by reference to guidance produced by the Information Regulator.
8.3 In the event that You wish to exercise any of these rights You may do so by:
8.3.1 Contacting Our Information Officer at myles@apollohotel.co.za or at any of the contact details We have provided in clause 1.3;
8.3.2 completing a form which We will supply to You for this purpose; or
8.3.3 Through a third-party who You have authorised in writing for this purpose.
10 KEEPING YOUR PERSONAL INFORMATION SECURE
10.1 In order to ensure that Your personal information is kept secure, and to prevent there being any breach of confidentiality, We have put in place security measures which are intended to prevent Your personal information from being accidentally lost or used, or accessed unlawfully. Access to Your personal information is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal information is processed.
10.2 In the event that there is a suspected data security breach You will be notified. Where relevant We will also inform the appropriate regulator (including the Information Regulator’s Office) of a suspected data security breach where We are legally required to do so.
11 MAKING A COMPLAINT
11.1 If You have any queries as to the acquisition, use, storage or disposal of any personal information relating to You please contact Our Information Officer, at myles@apollohotel.co.za.
11.2 Despite Our best efforts, inevitably sometimes things do go wrong. If You are unhappy with any aspect of the use and/or protection of Your personal information, You have the right to make a complaint to the Information Regulator’s Office, who may be contacted in writing at complaints.IR@justice.gov.za or telephone number: +27 (012) 406 4818.
12 CHANGES TO THIS PRIVACY POLICY
12.1 We may change or update this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on Our Website and will be effective from the date of posting. Where practical, and at Our discretion, we will endeavour to display a notice of the change on the Website.
Schedule A
CATEGORY OF PERSONAL INFORMATION | PURPOSE OF PROCESSING
| LAWFUL BASIS FOR PROCESSING
| VOLUNTARY / MANDATORY
|
Personal details such as full names, birth certificate, identity number or passport number including that of a minor | Authentication and verification of guests
| Compliance with legal obligation
| Mandatory |
Nationality
| Immigration reporting | Compliance with legal obligation | Mandatory |
Residential Address | To enable correspondence with the data subject | Compliance with legal obligation
| Mandatory |
Email Address | To enable correspondence with the data subject | For invoicing and receipt purposes and other communications related to services rendered | Mandatory |
Corporate Entity name, registration number, VAT number, contact person and contact details | To enable reservations and correspondence for and on behalf of a data subject
Rendering services to the Corporate Entity Receiving services from the Corporate Entity | Compliance obligation
For invoicing and receipt purposes and other communications related to services rendered | Mandatory |
Bank account or other financial details | To enable reservations to be paid or reserved
To pay service providers / suppliers | Legitimate interest to receive payment
To pay for services and / or goods received | Mandatory |
Proof of Payment | To verify payment received from guests or other parties who we may make payment to Us | Legitimate interest to receive and verify actual payment
| Mandatory for immediate reservation or pre-booking otherwise Voluntary |
Car Registration | To record vehicles parked overnight on hotel premises | Legitimate interest in safety and security | Voluntary |
Information collected through cookies and similar technologies | To conduct and store Website usage analytics, authentication purposes, statistical, identifying users for membership services, personalising the web browsing experience, security
To generate customer profiles to facilitate marketing initiatives | Consent | Vountary |
Contact history | To provide customer service and support
To train our staff | Performance of contract
Legitimate interests in dealing with complaints or claims | Voluntary |
Browser, device and Website usage information
| To improve the Website
To protect the Website against fraud To set default options for you, such as language and currency | Performance of contract
Legitimate interest in maintaining our Website | Mandatory |
Information from linked websites or accounts
| To enable you to log into the Website simply without having to create a specific account | Legitimate interest in providing high quality customer service | Voluntary |
Responses to surveys, competitions and promotions
| To run the survey, competition or promotion | Performance of contract
Legitimate interest in administering and/or improving our products and services generally | Voluntary |
Customer comments and product reviews
| To improve our products and services
Where relevant, to establish, exercise or defend legal claims | Performance of contract
Legitimate interest in dealing with complaints or claims and improving our products and/or services generally | Voluntary |